IPSEC: SPD counters in the stats sgement

- return the stats_index of each SPD in the create API call
- no ip_any in the API as this creates 2 SPD entries. client must add both v4 and v6 explicitly
- only one pool of SPD entries (rhter than one per-SPD) to support this
- no packets/bytes in the dump API. Polling the stats segment is much more efficient
  (if the SA lifetime is based on packet/bytes)
- emit the policy index in the packet trace and CLI commands.

Change-Id: I7eaf52c9d0495fa24450facf55229941279b8569
Signed-off-by: Neale Ranns <nranns@cisco.com>

1 files changed, 9 insertions, 4 deletions

diff --git a/src/vnet/ipsec/ipsec_spd_policy.h b/src/vnet/ipsec/ipsec_spd_policy.h
index fee059e0e56..40fad342978 100644
--- a/src/vnet/ipsec/ipsec_spd_policy.h
+++ b/src/vnet/ipsec/ipsec_spd_policy.h
@@ -43,6 +43,12 @@ typedef struct
 } port_range_t;
 
 /**
+ * @brief
+ * Policy packet & bytes counters
+ */
+extern vlib_combined_counter_main_t ipsec_spd_policy_counters;
+
+/**
  * @brief A Secruity Policy. An entry in an SPD
  */
 typedef struct ipsec_policy_t_
@@ -63,17 +69,16 @@ typedef struct ipsec_policy_t_
   ipsec_policy_action_t policy;
   u32 sa_id;
   u32 sa_index;
-
-  // Counter
-  vlib_counter_t counter;
 } ipsec_policy_t;
 
 /**
  * @brief Add/Delete a SPD
  */
 extern int ipsec_add_del_policy (vlib_main_t * vm,
-				 ipsec_policy_t * policy, int is_add);
+				 ipsec_policy_t * policy,
+				 int is_add, u32 * stat_index);
 
+extern u8 *format_ipsec_policy (u8 * s, va_list * args);
 extern u8 *format_ipsec_policy_action (u8 * s, va_list * args);
 extern uword unformat_ipsec_policy_action (unformat_input_t * input,
 					   va_list * args);