From a09c1ff5b6ae535932b4fc9477ffc4e39748ca62 Mon Sep 17 00:00:00 2001 From: Neale Ranns Date: Mon, 4 Feb 2019 01:10:30 -0800 Subject: IPSEC: SPD counters in the stats sgement - return the stats_index of each SPD in the create API call - no ip_any in the API as this creates 2 SPD entries. client must add both v4 and v6 explicitly - only one pool of SPD entries (rhter than one per-SPD) to support this - no packets/bytes in the dump API. Polling the stats segment is much more efficient (if the SA lifetime is based on packet/bytes) - emit the policy index in the packet trace and CLI commands. Change-Id: I7eaf52c9d0495fa24450facf55229941279b8569 Signed-off-by: Neale Ranns --- src/vnet/ipsec/ipsec_sa.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) (limited to 'src/vnet/ipsec/ipsec_sa.c') diff --git a/src/vnet/ipsec/ipsec_sa.c b/src/vnet/ipsec/ipsec_sa.c index a76197b9f50..d439b4d46d3 100644 --- a/src/vnet/ipsec/ipsec_sa.c +++ b/src/vnet/ipsec/ipsec_sa.c @@ -86,19 +86,16 @@ u8 ipsec_is_sa_used (u32 sa_index) { ipsec_main_t *im = &ipsec_main; - ipsec_spd_t *spd; - ipsec_policy_t *p; ipsec_tunnel_if_t *t; + ipsec_policy_t *p; /* *INDENT-OFF* */ - pool_foreach(spd, im->spds, ({ - pool_foreach(p, spd->policies, ({ - if (p->policy == IPSEC_POLICY_ACTION_PROTECT) - { - if (p->sa_index == sa_index) - return 1; - } - })); + pool_foreach(p, im->policies, ({ + if (p->policy == IPSEC_POLICY_ACTION_PROTECT) + { + if (p->sa_index == sa_index) + return 1; + } })); pool_foreach(t, im->tunnel_interfaces, ({ -- cgit 1.2.3-korg