diff options
author | Christian Hopps <chopps@labn.net> | 2020-07-17 09:53:18 -0400 |
---|---|---|
committer | Neale Ranns <nranns@cisco.com> | 2020-09-04 11:40:45 +0000 |
commit | 99975388a2106e65965a7661ac21a34af288aa7b (patch) | |
tree | 7180dee063b2bf8ef5e9c4a0110a15ffd249f10f | |
parent | 5e52417a2aa3b2063a811c6a9f293a79d73bcb43 (diff) |
ipsec: cli: add missing flags for SA add
Add missing cli options for setting IPsec SA flags, inbound,
use-anti-replay, and use-esn.
Type: fix
Change-Id: Ia7a91b4b0a12be9e4dd0e684be3e04d8ccafb9d4
Signed-off-by: Christian Hopps <chopps@labn.net>
-rw-r--r-- | src/vnet/ipsec/ipsec_cli.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c index 01d4b759d27..0d1ab033aec 100644 --- a/src/vnet/ipsec/ipsec_cli.c +++ b/src/vnet/ipsec/ipsec_cli.c @@ -144,6 +144,12 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm, else if (unformat (line_input, "tunnel-dst %U", unformat_ip46_address, &tun_dst, IP46_TYPE_ANY)) ; + else if (unformat (line_input, "inbound")) + flags |= IPSEC_SA_FLAG_IS_INBOUND; + else if (unformat (line_input, "use-anti-replay")) + flags |= IPSEC_SA_FLAG_USE_ANTI_REPLAY; + else if (unformat (line_input, "use-esn")) + flags |= IPSEC_SA_FLAG_USE_ESN; else if (unformat (line_input, "udp-encap")) flags |= IPSEC_SA_FLAG_UDP_ENCAP; else @@ -153,6 +159,12 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm, goto done; } } + if ((flags & IPSEC_SA_FLAG_IS_INBOUND) + && !(flags & IPSEC_SA_FLAG_IS_TUNNEL)) + { + error = clib_error_return (0, "inbound specified on non-tunnel SA"); + goto done; + } if (!(m_args & 1)) { |