From 48d32b43c534c9f52d37b047dbcbc30a8882b52a Mon Sep 17 00:00:00 2001 From: Matthew Smith Date: Thu, 2 Apr 2020 07:45:49 -0500 Subject: [PATCH] ipsec: provide stat index in sa details Type: improvement When IPsec SAs are dumped, include the index that can be used to find byte & packet counters for the SA in the stat segment. Removed the field total_data_size from the details since it was not being populated and put the stat index field in its place. Change-Id: If73efc230542a11944551b6e710b57b575450da3 Signed-off-by: Matthew Smith --- src/vat/api_format.c | 5 +++-- src/vnet/ipsec/ipsec.api | 6 +++--- src/vnet/ipsec/ipsec_api.c | 2 ++ 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/src/vat/api_format.c b/src/vat/api_format.c index 803daafac19..a84a67e75ba 100644 --- a/src/vat/api_format.c +++ b/src/vat/api_format.c @@ -13804,7 +13804,7 @@ vl_api_ipsec_sa_details_t_handler (vl_api_ipsec_sa_details_t * mp) "crypto_key %U integ_alg %u integ_key %U flags %x " "tunnel_src_addr %U tunnel_dst_addr %U " "salt %u seq_outbound %lu last_seq_inbound %lu " - "replay_window %lu\n", + "replay_window %lu stat_index %u\n", ntohl (mp->entry.sad_id), ntohl (mp->sw_if_index), ntohl (mp->entry.spi), @@ -13818,7 +13818,7 @@ vl_api_ipsec_sa_details_t_handler (vl_api_ipsec_sa_details_t * mp) &mp->entry.tunnel_dst, ntohl (mp->salt), clib_net_to_host_u64 (mp->seq_outbound), clib_net_to_host_u64 (mp->last_seq_inbound), - clib_net_to_host_u64 (mp->replay_window)); + clib_net_to_host_u64 (mp->replay_window), ntohl (mp->stat_index)); } #define vl_api_ipsec_sa_details_t_endian vl_noop_handler @@ -13866,6 +13866,7 @@ static void vl_api_ipsec_sa_details_t_handler_json vat_json_object_add_address (node, "dst", &mp->entry.tunnel_dst); vat_json_object_add_uint (node, "replay_window", clib_net_to_host_u64 (mp->replay_window)); + vat_json_object_add_uint (node, "stat_index", ntohl (mp->stat_index)); } static int diff --git a/src/vnet/ipsec/ipsec.api b/src/vnet/ipsec/ipsec.api index 3f8913fe26e..dee9144dda1 100644 --- a/src/vnet/ipsec/ipsec.api +++ b/src/vnet/ipsec/ipsec.api @@ -14,7 +14,7 @@ * limitations under the License. */ -option version = "3.0.1"; +option version = "3.0.2"; import "vnet/ipsec/ipsec_types.api"; import "vnet/interface_types.api"; @@ -414,7 +414,7 @@ define ipsec_sa_dump { @param last_seq - highest sequence number received inbound @param last_seq_hi - high 32 bits of highest ESN received inbound @param replay_window - bit map of seq nums received relative to last_seq if using anti-replay - @param total_data_size - total bytes sent or received + @param stat_index - index for the SA in the stats segment @ /net/ipsec/sa @param udp_encap - 1 if UDP encap enabled, 0 otherwise */ define ipsec_sa_details { @@ -427,7 +427,7 @@ define ipsec_sa_details { u64 last_seq_inbound; u64 replay_window; - u64 total_data_size; + u32 stat_index; }; /** \brief Set new SA on IPsec interface diff --git a/src/vnet/ipsec/ipsec_api.c b/src/vnet/ipsec/ipsec_api.c index ded6e70bb20..4a55a29c288 100644 --- a/src/vnet/ipsec/ipsec_api.c +++ b/src/vnet/ipsec/ipsec_api.c @@ -827,6 +827,8 @@ send_ipsec_sa_details (ipsec_sa_t * sa, void *arg) if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa)) mp->replay_window = clib_host_to_net_u64 (sa->replay_window); + mp->stat_index = clib_host_to_net_u32 (sa->stat_index); + vl_api_send_msg (ctx->reg, (u8 *) mp); return (WALK_CONTINUE); -- 2.16.6