summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristian Hopps <chopps@labn.net>2020-07-17 09:53:18 -0400
committerNeale Ranns <nranns@cisco.com>2020-09-04 11:40:45 +0000
commit99975388a2106e65965a7661ac21a34af288aa7b (patch)
tree7180dee063b2bf8ef5e9c4a0110a15ffd249f10f
parent5e52417a2aa3b2063a811c6a9f293a79d73bcb43 (diff)
ipsec: cli: add missing flags for SA add
Add missing cli options for setting IPsec SA flags, inbound, use-anti-replay, and use-esn. Type: fix Change-Id: Ia7a91b4b0a12be9e4dd0e684be3e04d8ccafb9d4 Signed-off-by: Christian Hopps <chopps@labn.net>
-rw-r--r--src/vnet/ipsec/ipsec_cli.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c
index 01d4b759d27..0d1ab033aec 100644
--- a/src/vnet/ipsec/ipsec_cli.c
+++ b/src/vnet/ipsec/ipsec_cli.c
@@ -144,6 +144,12 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm,
else if (unformat (line_input, "tunnel-dst %U",
unformat_ip46_address, &tun_dst, IP46_TYPE_ANY))
;
+ else if (unformat (line_input, "inbound"))
+ flags |= IPSEC_SA_FLAG_IS_INBOUND;
+ else if (unformat (line_input, "use-anti-replay"))
+ flags |= IPSEC_SA_FLAG_USE_ANTI_REPLAY;
+ else if (unformat (line_input, "use-esn"))
+ flags |= IPSEC_SA_FLAG_USE_ESN;
else if (unformat (line_input, "udp-encap"))
flags |= IPSEC_SA_FLAG_UDP_ENCAP;
else
@@ -153,6 +159,12 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm,
goto done;
}
}
+ if ((flags & IPSEC_SA_FLAG_IS_INBOUND)
+ && !(flags & IPSEC_SA_FLAG_IS_TUNNEL))
+ {
+ error = clib_error_return (0, "inbound specified on non-tunnel SA");
+ goto done;
+ }
if (!(m_args & 1))
{