24 .stat_segment_name =
"/net/ipsec/policy",
108 IPSEC_SPD_POLICY_IP6_OUTBOUND : IPSEC_SPD_POLICY_IP4_OUTBOUND);
115 case IPSEC_POLICY_ACTION_PROTECT:
117 IPSEC_SPD_POLICY_IP6_INBOUND_PROTECT :
118 IPSEC_SPD_POLICY_IP4_INBOUND_PROTECT);
120 case IPSEC_POLICY_ACTION_BYPASS:
122 IPSEC_SPD_POLICY_IP6_INBOUND_BYPASS :
123 IPSEC_SPD_POLICY_IP4_INBOUND_BYPASS);
125 case IPSEC_POLICY_ACTION_DISCARD:
126 case IPSEC_POLICY_ACTION_RESOLVE:
148 return VNET_API_ERROR_SYSCALL_ERROR_1;
153 return VNET_API_ERROR_SYSCALL_ERROR_1;
159 if (policy->
policy == IPSEC_POLICY_ACTION_PROTECT)
164 return VNET_API_ERROR_SYSCALL_ERROR_1;
181 *stat_index = policy_index;
#define vec_foreach_index(var, v)
Iterate over vector indices.
void vlib_validate_combined_counter(vlib_combined_counter_main_t *cm, u32 index)
validate a combined counter
enum ipsec_spd_policy_t_ ipsec_spd_policy_type_t
ip46_address_range_t laddr
int ipsec_policy_mk_type(bool is_outbound, bool is_ipv6, ipsec_policy_action_t action, ipsec_spd_policy_type_t *type)
u32 index_t
A Data-Path Object is an object that represents actions that are applied to packets are they are swit...
#define vec_add1(V, E)
Add 1 element to end of vector (unspecified alignment).
vl_api_ipsec_spd_action_t policy
A Secruity Policy Database.
#define pool_get(P, E)
Allocate an object E from a pool P (unspecified alignment).
#define clib_memcpy(d, s, n)
static int ipsec_policy_is_equal(ipsec_policy_t *p1, ipsec_policy_t *p2)
vl_api_fib_path_type_t type
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
static void vlib_zero_combined_counter(vlib_combined_counter_main_t *cm, u32 index)
Clear a combined counter Clears the set of per-thread counters.
index_t ipsec_sa_find_and_lock(u32 id)
int ipsec_add_del_policy(vlib_main_t *vm, ipsec_policy_t *policy, int is_add, u32 *stat_index)
Add/Delete a SPD.
#define pool_put(P, E)
Free an object E in pool P.
ipsec_spd_policy_type_t type
#define vec_del1(v, i)
Delete the element at index I.
uword * spd_index_by_spd_id
static int ipsec_spd_entry_sort(void *a1, void *a2)
ipsec_policy_action_t policy
void ipsec_sa_unlock(index_t sai)
ipsec_policy_t * policies
u32 * policies[IPSEC_SPD_POLICY_N_TYPES]
vectors for each of the policy types
ip46_address_range_t raddr
#define INDEX_INVALID
Invalid index - used when no index is known blazoned capitals INVALID speak volumes where ~0 does not...
#define vec_sort_with_function(vec, f)
Sort a vector using the supplied element comparison function.
char * name
The counter collection's name.
A collection of combined counters.