summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/vnet/ipsec/ipsec.api2
-rw-r--r--src/vnet/ipsec/ipsec_api.c4
2 files changed, 6 insertions, 0 deletions
diff --git a/src/vnet/ipsec/ipsec.api b/src/vnet/ipsec/ipsec.api
index 12bdad0f9c3..ca310e7b590 100644
--- a/src/vnet/ipsec/ipsec.api
+++ b/src/vnet/ipsec/ipsec.api
@@ -233,6 +233,8 @@ enum ipsec_sad_flags
IPSEC_API_SAD_FLAG_IS_TUNNEL_V6 = 0x08,
/* enable UDP encapsulation for NAT traversal */
IPSEC_API_SAD_FLAG_UDP_ENCAP = 0x10,
+ /* IPsec SA is for inbound traffic */
+ IPSEC_API_SAD_FLAG_IS_INBOUND = 0x40,
};
enum ipsec_proto
diff --git a/src/vnet/ipsec/ipsec_api.c b/src/vnet/ipsec/ipsec_api.c
index 371e4fe4ed0..abebd5baea3 100644
--- a/src/vnet/ipsec/ipsec_api.c
+++ b/src/vnet/ipsec/ipsec_api.c
@@ -445,6 +445,8 @@ ipsec_sa_flags_decode (vl_api_ipsec_sad_flags_t in)
flags |= IPSEC_SA_FLAG_IS_TUNNEL_V6;
if (in & IPSEC_API_SAD_FLAG_UDP_ENCAP)
flags |= IPSEC_SA_FLAG_UDP_ENCAP;
+ if (in & IPSEC_API_SAD_FLAG_IS_INBOUND)
+ flags |= IPSEC_SA_FLAG_IS_INBOUND;
return (flags);
}
@@ -464,6 +466,8 @@ ipsec_sad_flags_encode (const ipsec_sa_t * sa)
flags |= IPSEC_API_SAD_FLAG_IS_TUNNEL_V6;
if (ipsec_sa_is_set_UDP_ENCAP (sa))
flags |= IPSEC_API_SAD_FLAG_UDP_ENCAP;
+ if (ipsec_sa_is_set_IS_INBOUND (sa))
+ flags |= IPSEC_API_SAD_FLAG_IS_INBOUND;
return clib_host_to_net_u32 (flags);
}