}
int
-ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add,
- u8 udp_encap)
+ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add)
{
ipsec_main_t *im = &ipsec_main;
ipsec_sa_t *sa = 0;
pool_get (im->sad, sa);
clib_memcpy (sa, new_sa, sizeof (*sa));
sa_index = sa - im->sad;
- sa->udp_encap = udp_encap ? 1 : 0;
hash_set (im->sa_index_by_sa_id, sa->id, sa_index);
if (im->cb.add_del_sa_sess_cb)
{
u8 remote_integ_key[128];
u8 renumber;
u32 show_instance;
+ u8 udp_encap;
} ipsec_add_del_tunnel_args_t;
typedef struct
int ipsec_add_del_spd (vlib_main_t * vm, u32 spd_id, int is_add);
int ipsec_add_del_policy (vlib_main_t * vm, ipsec_policy_t * policy,
int is_add);
-int ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add,
- u8 udp_encap);
+int ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add);
int ipsec_set_sa_key (vlib_main_t * vm, ipsec_sa_t * sa_update);
u32 ipsec_get_sa_index_by_sa_id (u32 sa_id);
sa.use_esn = mp->use_extended_sequence_number;
sa.is_tunnel = mp->is_tunnel;
sa.is_tunnel_ip6 = mp->is_tunnel_ipv6;
+ sa.udp_encap = mp->udp_encap;
if (sa.is_tunnel_ip6)
{
clib_memcpy (&sa.tunnel_src_addr, mp->tunnel_src_address, 16);
goto out;
}
- rv = ipsec_add_del_sa (vm, &sa, mp->is_add, mp->udp_encap);
+ rv = ipsec_add_del_sa (vm, &sa, mp->is_add);
#else
rv = VNET_API_ERROR_UNIMPLEMENTED;
goto out;
sa.is_tunnel = 1;
sa.is_tunnel_ip6 = 1;
}
+ else if (unformat (line_input, "udp-encap"))
+ {
+ sa.udp_encap = 1;
+ }
else
{
error = clib_error_return (0, "parse error: '%U'",
goto done;
}
- ipsec_add_del_sa (vm, &sa, is_add, 0 /* enable nat traversal */ );
+ ipsec_add_del_sa (vm, &sa, is_add);
done:
unformat_free (line_input);
hi = vnet_get_hw_interface (im->vnet_main, t->hw_if_index);
vlib_cli_output(vm, " %s seq", hi->name);
sa = pool_elt_at_index(im->sad, t->output_sa_index);
- vlib_cli_output(vm, " seq %u seq-hi %u esn %u anti-replay %u",
- sa->seq, sa->seq_hi, sa->use_esn, sa->use_anti_replay);
+ vlib_cli_output(vm, " seq %u seq-hi %u esn %u anti-replay %u udp-encap %u",
+ sa->seq, sa->seq_hi, sa->use_esn, sa->use_anti_replay, sa->udp_encap);
vlib_cli_output(vm, " local-spi %u local-ip %U", sa->spi,
format_ip4_address, &sa->tunnel_src_addr.ip4);
vlib_cli_output(vm, " local-crypto %U %U",
a.renumber = 1;
else if (unformat (line_input, "del"))
a.is_add = 0;
+ else if (unformat (line_input, "udp-encap"))
+ a.udp_encap = 1;
else
{
error = clib_error_return (0, "unknown input `%U'",
/* *INDENT-OFF* */
VLIB_CLI_COMMAND (create_ipsec_tunnel_command, static) = {
.path = "create ipsec tunnel",
- .short_help = "create ipsec tunnel local-ip <addr> local-spi <spi> remote-ip <addr> remote-spi <spi> [instance <inst_num>]",
+ .short_help = "create ipsec tunnel local-ip <addr> local-spi <spi> remote-ip <addr> remote-spi <spi> [instance <inst_num>] [udp-encap]",
.function = create_ipsec_tunnel_command_fn,
};
/* *INDENT-ON* */
sa->use_esn = args->esn;
sa->use_anti_replay = args->anti_replay;
sa->integ_alg = args->integ_alg;
+ sa->udp_encap = args->udp_encap;
if (args->remote_integ_key_len <= sizeof (args->remote_integ_key))
{
sa->integ_key_len = args->remote_integ_key_len;
sa->use_esn = args->esn;
sa->use_anti_replay = args->anti_replay;
sa->integ_alg = args->integ_alg;
+ sa->udp_encap = args->udp_encap;
if (args->local_integ_key_len <= sizeof (args->local_integ_key))
{
sa->integ_key_len = args->local_integ_key_len;
Code Review / vpp.git / commitdiff