IPSEC: SPD counters in the stats sgement
- return the stats_index of each SPD in the create API call
- no ip_any in the API as this creates 2 SPD entries. client must add both v4 and v6 explicitly
- only one pool of SPD entries (rhter than one per-SPD) to support this
- no packets/bytes in the dump API. Polling the stats segment is much more efficient
(if the SA lifetime is based on packet/bytes)
- emit the policy index in the packet trace and CLI commands.
Change-Id: I7eaf52c9d0495fa24450facf55229941279b8569
Signed-off-by: Neale Ranns <nranns@cisco.com>
diff --git a/src/vnet/ipsec/ipsec_spd_policy.h b/src/vnet/ipsec/ipsec_spd_policy.h
index fee059e..40fad34 100644
--- a/src/vnet/ipsec/ipsec_spd_policy.h
+++ b/src/vnet/ipsec/ipsec_spd_policy.h
@@ -43,6 +43,12 @@
} port_range_t;
/**
+ * @brief
+ * Policy packet & bytes counters
+ */
+extern vlib_combined_counter_main_t ipsec_spd_policy_counters;
+
+/**
* @brief A Secruity Policy. An entry in an SPD
*/
typedef struct ipsec_policy_t_
@@ -63,17 +69,16 @@
ipsec_policy_action_t policy;
u32 sa_id;
u32 sa_index;
-
- // Counter
- vlib_counter_t counter;
} ipsec_policy_t;
/**
* @brief Add/Delete a SPD
*/
extern int ipsec_add_del_policy (vlib_main_t * vm,
- ipsec_policy_t * policy, int is_add);
+ ipsec_policy_t * policy,
+ int is_add, u32 * stat_index);
+extern u8 *format_ipsec_policy (u8 * s, va_list * args);
extern u8 *format_ipsec_policy_action (u8 * s, va_list * args);
extern uword unformat_ipsec_policy_action (unformat_input_t * input,
va_list * args);