summaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec/ipsec_cli.c
diff options
context:
space:
mode:
authorNeale Ranns <nranns@cisco.com>2019-12-16 00:53:11 +0000
committerDamjan Marion <dmarion@me.com>2020-02-21 09:54:19 +0000
commit282872127bbeee6ae59ab3f885c09bad601ee0cc (patch)
tree4f1ef8243b194ca8bf6f1acd62ba4a7d688d371e /src/vnet/ipsec/ipsec_cli.c
parentd057625d499525625d60d2207665eaeb755e380e (diff)
ipsec: IPSec protection for multi-point tunnel interfaces
Type: feature Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Iaba2ab11bfaa1c8db4023434e3043ac39500f938
Diffstat (limited to 'src/vnet/ipsec/ipsec_cli.c')
-rw-r--r--src/vnet/ipsec/ipsec_cli.c12
1 files changed, 9 insertions, 3 deletions
diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c
index b054155a45e..1ab8bd99db3 100644
--- a/src/vnet/ipsec/ipsec_cli.c
+++ b/src/vnet/ipsec/ipsec_cli.c
@@ -391,7 +391,7 @@ ipsec_spd_bindings_show_all (vlib_main_t * vm, ipsec_main_t * im)
static walk_rc_t
ipsec_tun_protect_show_one (index_t itpi, void *ctx)
{
- vlib_cli_output (ctx, "%U", format_ipsec_tun_protect, itpi);
+ vlib_cli_output (ctx, "%U", format_ipsec_tun_protect_index, itpi);
return (WALK_CONTINUE);
}
@@ -728,6 +728,7 @@ create_ipsec_tunnel_command_fn (vlib_main_t * vm,
unformat_input_t _line_input, *line_input = &_line_input;
ip46_address_t local_ip = ip46_address_initializer;
ip46_address_t remote_ip = ip46_address_initializer;
+ ip_address_t nh = IP_ADDRESS_V4_ALL_0S;
ipsec_crypto_alg_t crypto_alg;
ipsec_integ_alg_t integ_alg;
ipsec_sa_flags_t flags;
@@ -808,6 +809,8 @@ create_ipsec_tunnel_command_fn (vlib_main_t * vm,
;
else if (unformat (line_input, "del"))
is_add = 0;
+ else if (unformat (line_input, "nh &U", unformat_ip_address, &nh))
+ ;
else
{
error = clib_error_return (0, "unknown input `%U'",
@@ -858,7 +861,7 @@ create_ipsec_tunnel_command_fn (vlib_main_t * vm,
clib_host_to_net_u32 (salt), &remote_ip,
&local_ip, NULL);
rv |=
- ipsec_tun_protect_update_one (sw_if_index,
+ ipsec_tun_protect_update_one (sw_if_index, &nh,
ipsec_tun_mk_local_sa_id (sw_if_index),
ipsec_tun_mk_remote_sa_id
(sw_if_index));
@@ -902,6 +905,7 @@ ipsec_tun_protect_cmd (vlib_main_t * vm,
{
unformat_input_t _line_input, *line_input = &_line_input;
u32 sw_if_index, is_del, sa_in, sa_out, *sa_ins = NULL;
+ ip_address_t peer = { };
vnet_main_t *vnm;
is_del = 0;
@@ -924,13 +928,15 @@ ipsec_tun_protect_cmd (vlib_main_t * vm,
else if (unformat (line_input, "%U",
unformat_vnet_sw_interface, vnm, &sw_if_index))
;
+ else if (unformat (line_input, "%U", unformat_ip_address, &peer))
+ ;
else
return (clib_error_return (0, "unknown input '%U'",
format_unformat_error, line_input));
}
if (!is_del)
- ipsec_tun_protect_update (sw_if_index, sa_out, sa_ins);
+ ipsec_tun_protect_update (sw_if_index, &peer, sa_out, sa_ins);
unformat_free (line_input);
return NULL;