diff options
| author |   Neale Ranns <nranns@cisco.com> | 2019-02-04 01:10:30 -0800 |
|---|---|---|
| committer |   Dave Barach <openvpp@barachs.net> | 2019-02-05 14:59:44 +0000 |
| commit | a09c1ff5b6ae535932b4fc9477ffc4e39748ca62 (patch) | |
| tree | e7162669c6224358f28e5614c782e2ba73a08e6c /src/vnet/ipsec/ipsec_format.c | |
| parent | 3117ad8aa50afba68b2fa2c7f2b6f91eeb5a555e (diff) | |
IPSEC: SPD counters in the stats sgement
- return the stats_index of each SPD in the create API call
- no ip_any in the API as this creates 2 SPD entries. client must add both v4 and v6 explicitly
- only one pool of SPD entries (rhter than one per-SPD) to support this
- no packets/bytes in the dump API. Polling the stats segment is much more efficient
(if the SA lifetime is based on packet/bytes)
- emit the policy index in the packet trace and CLI commands.
Change-Id: I7eaf52c9d0495fa24450facf55229941279b8569
Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'src/vnet/ipsec/ipsec_format.c')
| -rw-r--r-- | src/vnet/ipsec/ipsec_format.c | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/src/vnet/ipsec/ipsec_format.c b/src/vnet/ipsec/ipsec_format.c index 38aed79a155..cbd67239680 100644 --- a/src/vnet/ipsec/ipsec_format.c +++ b/src/vnet/ipsec/ipsec_format.c @@ -132,6 +132,82 @@ format_ipsec_replay_window (u8 * s, va_list * args) return s; } +u8 * +format_ipsec_policy (u8 * s, va_list * args) +{ + u32 pi = va_arg (*args, u32); + ipsec_main_t *im = &ipsec_main; + ipsec_policy_t *p; + vlib_counter_t counts; + + p = pool_elt_at_index (im->policies, pi); + + s = format (s, " [%d] priority %d action %U protocol ", + pi, p->priority, format_ipsec_policy_action, p->policy); + if (p->protocol) + { + s = format (s, "%U", format_ip_protocol, p->protocol); + } + else + { + s = format (s, "any"); + } + if (p->policy == IPSEC_POLICY_ACTION_PROTECT) + { + s = format (s, " sa %u", p->sa_id); + } + if (p->is_ipv6) + { + s = format (s, "\n local addr range %U - %U port range %u - %u", + format_ip6_address, &p->laddr.start.ip6, + format_ip6_address, &p->laddr.stop.ip6, + p->lport.start, p->lport.stop); + s = format (s, "\n remote addr range %U - %U port range %u - %u", + format_ip6_address, &p->raddr.start.ip6, + format_ip6_address, &p->raddr.stop.ip6, + p->rport.start, p->rport.stop); + } + else + { + s = format (s, "\n local addr range %U - %U port range %u - %u", + format_ip4_address, &p->laddr.start.ip4, + format_ip4_address, &p->laddr.stop.ip4, + p->lport.start, p->lport.stop); + s = format (s, "\n remote addr range %U - %U port range %u - %u", + format_ip4_address, &p->raddr.start.ip4, + format_ip4_address, &p->raddr.stop.ip4, + p->rport.start, p->rport.stop); + } + vlib_get_combined_counter (&ipsec_spd_policy_counters, pi, &counts); + s = format (s, "\n packets %u bytes %u", counts.packets, counts.bytes); + + return (s); +} + +u8 * +format_ipsec_spd (u8 * s, va_list * args) +{ + u32 si = va_arg (*args, u32); + ipsec_main_t *im = &ipsec_main; + ipsec_spd_t *spd; + u32 *i; + + spd = pool_elt_at_index (im->spds, si); + + s = format (s, "spd %u", spd->id); + +#define _(v, n) \ + s = format (s, "\n %s:", n); \ + vec_foreach(i, spd->policies[IPSEC_SPD_POLICY_##v]) \ + { \ + s = format (s, "\n %U", format_ipsec_policy, *i); \ + } + foreach_ipsec_spd_policy_type; +#undef _ + + return (s); +} + /* * fd.io coding-style-patch-verification: ON * |