From a09c1ff5b6ae535932b4fc9477ffc4e39748ca62 Mon Sep 17 00:00:00 2001
From: Neale Ranns <nranns@cisco.com>
Date: Mon, 4 Feb 2019 01:10:30 -0800
Subject: IPSEC: SPD counters in the stats sgement

- return the stats_index of each SPD in the create API call
- no ip_any in the API as this creates 2 SPD entries. client must add both v4 and v6 explicitly
- only one pool of SPD entries (rhter than one per-SPD) to support this
- no packets/bytes in the dump API. Polling the stats segment is much more efficient
  (if the SA lifetime is based on packet/bytes)
- emit the policy index in the packet trace and CLI commands.

Change-Id: I7eaf52c9d0495fa24450facf55229941279b8569
Signed-off-by: Neale Ranns <nranns@cisco.com>
---
 src/vnet/ipsec/ipsec.h | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src/vnet/ipsec/ipsec.h')

diff --git a/src/vnet/ipsec/ipsec.h b/src/vnet/ipsec/ipsec.h
index fd709675b8e..ed14a5bcbe1 100644
--- a/src/vnet/ipsec/ipsec.h
+++ b/src/vnet/ipsec/ipsec.h
@@ -119,7 +119,10 @@ typedef struct
 {
   /* pool of tunnel instances */
   ipsec_spd_t *spds;
+  /* Pool of security associations */
   ipsec_sa_t *sad;
+  /* pool of policies */
+  ipsec_policy_t *policies;
 
   /* pool of tunnel interfaces */
   ipsec_tunnel_if_t *tunnel_interfaces;
@@ -175,9 +178,6 @@ typedef struct
   u32 ah_default_backend;
   /* index of default esp backend */
   u32 esp_default_backend;
-
-  /* helper for sort function */
-  ipsec_spd_t *spd_to_sort;
 } ipsec_main_t;
 
 extern ipsec_main_t ipsec_main;
-- 
cgit 1.2.3-korg