diff options
| author |   Neale Ranns <nranns@cisco.com> | 2019-02-04 01:10:30 -0800 |
|---|---|---|
| committer |   Dave Barach <openvpp@barachs.net> | 2019-02-05 14:59:44 +0000 |
| commit | a09c1ff5b6ae535932b4fc9477ffc4e39748ca62 (patch) | |
| tree | e7162669c6224358f28e5614c782e2ba73a08e6c /src/vnet/ipsec/ipsec.api | |
| parent | 3117ad8aa50afba68b2fa2c7f2b6f91eeb5a555e (diff) | |
IPSEC: SPD counters in the stats sgement
- return the stats_index of each SPD in the create API call
- no ip_any in the API as this creates 2 SPD entries. client must add both v4 and v6 explicitly
- only one pool of SPD entries (rhter than one per-SPD) to support this
- no packets/bytes in the dump API. Polling the stats segment is much more efficient
(if the SA lifetime is based on packet/bytes)
- emit the policy index in the packet trace and CLI commands.
Change-Id: I7eaf52c9d0495fa24450facf55229941279b8569
Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'src/vnet/ipsec/ipsec.api')
| -rw-r--r-- | src/vnet/ipsec/ipsec.api | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/src/vnet/ipsec/ipsec.api b/src/vnet/ipsec/ipsec.api index 92c39acefd6..54cc76bb9d6 100644 --- a/src/vnet/ipsec/ipsec.api +++ b/src/vnet/ipsec/ipsec.api @@ -96,7 +96,6 @@ typedef ipsec_spd_entry u8 protocol; // Selector - u8 is_ip_any; vl_api_address_t remote_address_start; vl_api_address_t remote_address_stop; vl_api_address_t local_address_start; @@ -115,7 +114,7 @@ typedef ipsec_spd_entry @param is_add - add SPD if non-zero, else delete @param entry - Description of the entry to add/dell */ -autoreply define ipsec_spd_entry_add_del +define ipsec_spd_entry_add_del { u32 client_index; u32 context; @@ -123,6 +122,19 @@ autoreply define ipsec_spd_entry_add_del vl_api_ipsec_spd_entry_t entry; }; +/** \brief IPsec: Reply Add/delete Security Policy Database entry + + @param context - sender context, to match reply w/ request + @param retval - success/fail rutrun code + @param stat_index - An index for the policy in the stats segment @ /net/ipec/policy +*/ +define ipsec_spd_entry_add_del_reply +{ + u32 context; + i32 retval; + u32 stat_index; +}; + /** \brief Dump IPsec all SPD IDs @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request @@ -165,8 +177,6 @@ define ipsec_spd_dump { define ipsec_spd_details { u32 context; vl_api_ipsec_spd_entry_t entry; - u64 bytes; - u64 packets; }; /* |