ipsec: cli: add missing flags for SA add

author Christian Hopps <chopps@labn.net>

Fri, 17 Jul 2020 13:53:18 +0000 (09:53 -0400)

committer Neale Ranns <nranns@cisco.com>

Fri, 4 Sep 2020 11:40:45 +0000 (11:40 +0000)
author Christian Hopps <chopps@labn.net>
Fri, 17 Jul 2020 13:53:18 +0000 (09:53 -0400)
committer Neale Ranns <nranns@cisco.com>
Fri, 4 Sep 2020 11:40:45 +0000 (11:40 +0000)
diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c

index 01d4b75..0d1ab03 100644 (file)
--- a/src/vnet/ipsec/ipsec_cli.c
+++ b/src/vnet/ipsec/ipsec_cli.c
@@ -144,6 +144,12 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm,
        else if (unformat (line_input, "tunnel-dst %U",
                          unformat_ip46_address, &tun_dst, IP46_TYPE_ANY))
         ;
+      else if (unformat (line_input, "inbound"))
+       flags |= IPSEC_SA_FLAG_IS_INBOUND;
+      else if (unformat (line_input, "use-anti-replay"))
+       flags |= IPSEC_SA_FLAG_USE_ANTI_REPLAY;
+      else if (unformat (line_input, "use-esn"))
+       flags |= IPSEC_SA_FLAG_USE_ESN;
        else if (unformat (line_input, "udp-encap"))
         flags |= IPSEC_SA_FLAG_UDP_ENCAP;
        else
@@ -153,6 +159,12 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm,
           goto done;
         }
      }
+  if ((flags & IPSEC_SA_FLAG_IS_INBOUND)
+      && !(flags & IPSEC_SA_FLAG_IS_TUNNEL))
+    {
+      error = clib_error_return (0, "inbound specified on non-tunnel SA");
+      goto done;
+    }
  
    if (!(m_args & 1))
      {
author	Christian Hopps <chopps@labn.net>
	Fri, 17 Jul 2020 13:53:18 +0000 (09:53 -0400)
committer	Neale Ranns <nranns@cisco.com>
	Fri, 4 Sep 2020 11:40:45 +0000 (11:40 +0000)