IPSEC: SPD counters in the stats sgement
- return the stats_index of each SPD in the create API call
- no ip_any in the API as this creates 2 SPD entries. client must add both v4 and v6 explicitly
- only one pool of SPD entries (rhter than one per-SPD) to support this
- no packets/bytes in the dump API. Polling the stats segment is much more efficient
(if the SA lifetime is based on packet/bytes)
- emit the policy index in the packet trace and CLI commands.
Change-Id: I7eaf52c9d0495fa24450facf55229941279b8569
Signed-off-by: Neale Ranns <nranns@cisco.com>
diff --git a/src/vnet/ipsec/ipsec_sa.c b/src/vnet/ipsec/ipsec_sa.c
index a76197b..d439b4d 100644
--- a/src/vnet/ipsec/ipsec_sa.c
+++ b/src/vnet/ipsec/ipsec_sa.c
@@ -86,19 +86,16 @@
ipsec_is_sa_used (u32 sa_index)
{
ipsec_main_t *im = &ipsec_main;
- ipsec_spd_t *spd;
- ipsec_policy_t *p;
ipsec_tunnel_if_t *t;
+ ipsec_policy_t *p;
/* *INDENT-OFF* */
- pool_foreach(spd, im->spds, ({
- pool_foreach(p, spd->policies, ({
- if (p->policy == IPSEC_POLICY_ACTION_PROTECT)
- {
- if (p->sa_index == sa_index)
- return 1;
- }
- }));
+ pool_foreach(p, im->policies, ({
+ if (p->policy == IPSEC_POLICY_ACTION_PROTECT)
+ {
+ if (p->sa_index == sa_index)
+ return 1;
+ }
}));
pool_foreach(t, im->tunnel_interfaces, ({