diff options
| author |   Neale Ranns <nranns@cisco.com> | 2019-03-04 13:44:42 +0000 |
|---|---|---|
| committer |   Damjan Marion <dmarion@me.com> | 2019-03-04 15:32:08 +0000 |
| commit | fd06084a9e86c5f67c4b1dc37e78a95a9bacf2a4 (patch) | |
| tree | 105fe55ebbb6ea0e3171154782b0c5c660f7ddb1 /src/vnet | |
| parent | c919982a0f877fc29099c925f64099288821420c (diff) | |
IPSEC: script to bounce IPSEC traffic through a pipe to test encrypt and decrpyt
Change-Id: I262a9412951b5df616920a8fad16c61eae96d0cc
Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'src/vnet')
| -rw-r--r-- | src/vnet/ipsec/ipsec_cli.c | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c index 22fbcdf9599..ee2e870c343 100644 --- a/src/vnet/ipsec/ipsec_cli.c +++ b/src/vnet/ipsec/ipsec_cli.c @@ -619,6 +619,7 @@ create_ipsec_tunnel_command_fn (vlib_main_t * vm, u8 ipv4_set = 0; u8 ipv6_set = 0; clib_error_t *error = NULL; + ipsec_key_t rck, lck, lik, rik; clib_memset (&a, 0, sizeof (a)); a.is_add = 1; @@ -659,6 +660,28 @@ create_ipsec_tunnel_command_fn (vlib_main_t * vm, a.anti_replay = 1; else if (unformat (line_input, "tx-table %u", &a.tx_table_id)) ; + else + if (unformat + (line_input, "local-crypto-key %U", unformat_ipsec_key, &lck)) + ; + else + if (unformat + (line_input, "remote-crypto-key %U", unformat_ipsec_key, &rck)) + ; + else if (unformat (line_input, "crypto-alg %U", + unformat_ipsec_crypto_alg, &a.crypto_alg)) + ; + else + if (unformat + (line_input, "local-integ-key %U", unformat_ipsec_key, &lik)) + ; + else + if (unformat + (line_input, "rmote-integ-key %U", unformat_ipsec_key, &rik)) + ; + else if (unformat (line_input, "integ-alg %U", + unformat_ipsec_integ_alg, &a.integ_alg)) + ; else if (unformat (line_input, "del")) a.is_add = 0; else @@ -681,6 +704,16 @@ create_ipsec_tunnel_command_fn (vlib_main_t * vm, if (ipv4_set && ipv6_set) return clib_error_return (0, "both IPv4 and IPv6 addresses specified"); + clib_memcpy (a.local_crypto_key, lck.data, lck.len); + a.local_crypto_key_len = lck.len; + clib_memcpy (a.remote_crypto_key, rck.data, rck.len); + a.remote_crypto_key_len = rck.len; + + clib_memcpy (a.local_integ_key, lck.data, lck.len); + a.local_integ_key_len = lck.len; + clib_memcpy (a.remote_integ_key, rck.data, rck.len); + a.remote_integ_key_len = rck.len; + rv = ipsec_add_del_tunnel_if (&a); switch (rv) |