From 717de096c4d715eab6b783aaa28f26a9114925da Mon Sep 17 00:00:00 2001 From: Radu Nicolau Date: Fri, 3 Aug 2018 10:37:24 +0100 Subject: [PATCH] ipsec: add udp-encap option to debug cli commands Change-Id: I3195afd952f6783da87224d7ceb9df13ddd39459 Signed-off-by: Radu Nicolau --- src/vnet/ipsec/ipsec.c | 4 +--- src/vnet/ipsec/ipsec.h | 4 ++-- src/vnet/ipsec/ipsec_api.c | 3 ++- src/vnet/ipsec/ipsec_cli.c | 14 ++++++++++---- src/vnet/ipsec/ipsec_if.c | 2 ++ 5 files changed, 17 insertions(+), 10 deletions(-) diff --git a/src/vnet/ipsec/ipsec.c b/src/vnet/ipsec/ipsec.c index 73b51012880..d15bfec1b9e 100644 --- a/src/vnet/ipsec/ipsec.c +++ b/src/vnet/ipsec/ipsec.c @@ -411,8 +411,7 @@ ipsec_is_sa_used (u32 sa_index) } int -ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add, - u8 udp_encap) +ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add) { ipsec_main_t *im = &ipsec_main; ipsec_sa_t *sa = 0; @@ -451,7 +450,6 @@ ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add, pool_get (im->sad, sa); clib_memcpy (sa, new_sa, sizeof (*sa)); sa_index = sa - im->sad; - sa->udp_encap = udp_encap ? 1 : 0; hash_set (im->sa_index_by_sa_id, sa->id, sa_index); if (im->cb.add_del_sa_sess_cb) { diff --git a/src/vnet/ipsec/ipsec.h b/src/vnet/ipsec/ipsec.h index 4d066c381ba..07944a1d227 100644 --- a/src/vnet/ipsec/ipsec.h +++ b/src/vnet/ipsec/ipsec.h @@ -174,6 +174,7 @@ typedef struct u8 remote_integ_key[128]; u8 renumber; u32 show_instance; + u8 udp_encap; } ipsec_add_del_tunnel_args_t; typedef struct @@ -321,8 +322,7 @@ int ipsec_set_interface_spd (vlib_main_t * vm, u32 sw_if_index, u32 spd_id, int ipsec_add_del_spd (vlib_main_t * vm, u32 spd_id, int is_add); int ipsec_add_del_policy (vlib_main_t * vm, ipsec_policy_t * policy, int is_add); -int ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add, - u8 udp_encap); +int ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add); int ipsec_set_sa_key (vlib_main_t * vm, ipsec_sa_t * sa_update); u32 ipsec_get_sa_index_by_sa_id (u32 sa_id); diff --git a/src/vnet/ipsec/ipsec_api.c b/src/vnet/ipsec/ipsec_api.c index 8ea47b7ebe1..c4284b91478 100644 --- a/src/vnet/ipsec/ipsec_api.c +++ b/src/vnet/ipsec/ipsec_api.c @@ -219,6 +219,7 @@ static void vl_api_ipsec_sad_add_del_entry_t_handler sa.use_esn = mp->use_extended_sequence_number; sa.is_tunnel = mp->is_tunnel; sa.is_tunnel_ip6 = mp->is_tunnel_ipv6; + sa.udp_encap = mp->udp_encap; if (sa.is_tunnel_ip6) { clib_memcpy (&sa.tunnel_src_addr, mp->tunnel_src_address, 16); @@ -240,7 +241,7 @@ static void vl_api_ipsec_sad_add_del_entry_t_handler goto out; } - rv = ipsec_add_del_sa (vm, &sa, mp->is_add, mp->udp_encap); + rv = ipsec_add_del_sa (vm, &sa, mp->is_add); #else rv = VNET_API_ERROR_UNIMPLEMENTED; goto out; diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c index 6a97b7bc8d9..5603fae368a 100644 --- a/src/vnet/ipsec/ipsec_cli.c +++ b/src/vnet/ipsec/ipsec_cli.c @@ -148,6 +148,10 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm, sa.is_tunnel = 1; sa.is_tunnel_ip6 = 1; } + else if (unformat (line_input, "udp-encap")) + { + sa.udp_encap = 1; + } else { error = clib_error_return (0, "parse error: '%U'", @@ -176,7 +180,7 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm, goto done; } - ipsec_add_del_sa (vm, &sa, is_add, 0 /* enable nat traversal */ ); + ipsec_add_del_sa (vm, &sa, is_add); done: unformat_free (line_input); @@ -665,8 +669,8 @@ show_ipsec_command_fn (vlib_main_t * vm, hi = vnet_get_hw_interface (im->vnet_main, t->hw_if_index); vlib_cli_output(vm, " %s seq", hi->name); sa = pool_elt_at_index(im->sad, t->output_sa_index); - vlib_cli_output(vm, " seq %u seq-hi %u esn %u anti-replay %u", - sa->seq, sa->seq_hi, sa->use_esn, sa->use_anti_replay); + vlib_cli_output(vm, " seq %u seq-hi %u esn %u anti-replay %u udp-encap %u", + sa->seq, sa->seq_hi, sa->use_esn, sa->use_anti_replay, sa->udp_encap); vlib_cli_output(vm, " local-spi %u local-ip %U", sa->spi, format_ip4_address, &sa->tunnel_src_addr.ip4); vlib_cli_output(vm, " local-crypto %U %U", @@ -766,6 +770,8 @@ create_ipsec_tunnel_command_fn (vlib_main_t * vm, a.renumber = 1; else if (unformat (line_input, "del")) a.is_add = 0; + else if (unformat (line_input, "udp-encap")) + a.udp_encap = 1; else { error = clib_error_return (0, "unknown input `%U'", @@ -808,7 +814,7 @@ done: /* *INDENT-OFF* */ VLIB_CLI_COMMAND (create_ipsec_tunnel_command, static) = { .path = "create ipsec tunnel", - .short_help = "create ipsec tunnel local-ip local-spi remote-ip remote-spi [instance ]", + .short_help = "create ipsec tunnel local-ip local-spi remote-ip remote-spi [instance ] [udp-encap]", .function = create_ipsec_tunnel_command_fn, }; /* *INDENT-ON* */ diff --git a/src/vnet/ipsec/ipsec_if.c b/src/vnet/ipsec/ipsec_if.c index 82c2394e5cc..cb7e89a68e6 100644 --- a/src/vnet/ipsec/ipsec_if.c +++ b/src/vnet/ipsec/ipsec_if.c @@ -318,6 +318,7 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm, sa->use_esn = args->esn; sa->use_anti_replay = args->anti_replay; sa->integ_alg = args->integ_alg; + sa->udp_encap = args->udp_encap; if (args->remote_integ_key_len <= sizeof (args->remote_integ_key)) { sa->integ_key_len = args->remote_integ_key_len; @@ -342,6 +343,7 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm, sa->use_esn = args->esn; sa->use_anti_replay = args->anti_replay; sa->integ_alg = args->integ_alg; + sa->udp_encap = args->udp_encap; if (args->local_integ_key_len <= sizeof (args->local_integ_key)) { sa->integ_key_len = args->local_integ_key_len; -- 2.16.6