diff options
Diffstat (limited to 'src/vnet/ipsec/ipsec_cli.c')
-rw-r--r-- | src/vnet/ipsec/ipsec_cli.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c index f96551429af..f0717e91dd1 100644 --- a/src/vnet/ipsec/ipsec_cli.c +++ b/src/vnet/ipsec/ipsec_cli.c @@ -19,6 +19,7 @@ #include <vnet/api_errno.h> #include <vnet/ip/ip.h> #include <vnet/interface.h> +#include <vnet/fib/fib.h> #include <vnet/ipsec/ipsec.h> @@ -80,6 +81,7 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm, clib_error_t *error = NULL; clib_memset (&sa, 0, sizeof (sa)); + sa.tx_fib_index = ~((u32) 0); /* Only supported for ipsec interfaces */ if (!unformat_user (input, unformat_line_input, line_input)) return 0; @@ -458,6 +460,7 @@ show_ipsec_command_fn (vlib_main_t * vm, vnet_hw_interface_t *hi; u8 *protocol = NULL; u8 *policy = NULL; + u32 tx_table_id; /* *INDENT-OFF* */ pool_foreach (sa, im->sad, ({ @@ -670,8 +673,11 @@ show_ipsec_command_fn (vlib_main_t * vm, hi = vnet_get_hw_interface (im->vnet_main, t->hw_if_index); vlib_cli_output(vm, " %s seq", hi->name); sa = pool_elt_at_index(im->sad, t->output_sa_index); - vlib_cli_output(vm, " seq %u seq-hi %u esn %u anti-replay %u udp-encap %u", - sa->seq, sa->seq_hi, sa->use_esn, sa->use_anti_replay, sa->udp_encap); + + tx_table_id = fib_table_get_table_id(sa->tx_fib_index, FIB_PROTOCOL_IP4); + + vlib_cli_output(vm, " seq %u seq-hi %u esn %u anti-replay %u udp-encap %u tx-table %u", + sa->seq, sa->seq_hi, sa->use_esn, sa->use_anti_replay, sa->udp_encap, tx_table_id); vlib_cli_output(vm, " local-spi %u local-ip %U", sa->spi, format_ip4_address, &sa->tunnel_src_addr.ip4); vlib_cli_output(vm, " local-crypto %U %U", @@ -910,6 +916,8 @@ create_ipsec_tunnel_command_fn (vlib_main_t * vm, a.is_add = 0; else if (unformat (line_input, "udp-encap")) a.udp_encap = 1; + else if (unformat (line_input, "tx-table %u", &a.tx_table_id)) + ; else { error = clib_error_return (0, "unknown input `%U'", @@ -952,7 +960,9 @@ done: /* *INDENT-OFF* */ VLIB_CLI_COMMAND (create_ipsec_tunnel_command, static) = { .path = "create ipsec tunnel", - .short_help = "create ipsec tunnel local-ip <addr> local-spi <spi> remote-ip <addr> remote-spi <spi> [instance <inst_num>] [udp-encap]", + .short_help = "create ipsec tunnel local-ip <addr> local-spi <spi> " + "remote-ip <addr> remote-spi <spi> [instance <inst_num>] [udp-encap] " + "[tx-table <table-id>]", .function = create_ipsec_tunnel_command_fn, }; /* *INDENT-ON* */ |