diff options
author | Matias Elo <matias.elo@nokia.com> | 2020-09-10 10:20:34 +0300 |
---|---|---|
committer | Petri Savolainen <petri.savolainen@nokia.com> | 2020-09-28 10:06:37 +0300 |
commit | 476f2e5ae999432858f80c701f7e9cacda76a1fa (patch) | |
tree | a14b067b0fd277cc7a2f4b9f2ed6c0826da0976f /example | |
parent | 6ab34287fa83d2f11b1424930edd7389014df6f7 (diff) |
example: ipsec_api: fix policy argument processing
The application supports adding either AH or ESP header, not both.
Signed-off-by: Matias Elo <matias.elo@nokia.com>
Reviewed-by: Janne Peltonen <janne.peltonen@nokia.com>
Diffstat (limited to 'example')
-rw-r--r-- | example/ipsec/odp_ipsec.c | 2 | ||||
-rw-r--r-- | example/ipsec/odp_ipsec_sp_db.c | 9 | ||||
-rw-r--r-- | example/ipsec/odp_ipsec_sp_db.h | 7 | ||||
-rw-r--r-- | example/ipsec_api/odp_ipsec.c | 4 | ||||
-rwxr-xr-x | example/ipsec_api/odp_ipsec_api_run_live.sh | 6 |
5 files changed, 17 insertions, 11 deletions
diff --git a/example/ipsec/odp_ipsec.c b/example/ipsec/odp_ipsec.c index e382bc0e5..c4f34cbfa 100644 --- a/example/ipsec/odp_ipsec.c +++ b/example/ipsec/odp_ipsec.c @@ -1538,7 +1538,7 @@ static void parse_args(int argc, char *argv[], appl_args_t *appl_args) break; case 'p': - rc = create_sp_db_entry(optarg); + rc = create_sp_db_entry(optarg, TRUE); break; case 'a': diff --git a/example/ipsec/odp_ipsec_sp_db.c b/example/ipsec/odp_ipsec_sp_db.c index 88ac55298..1e5820b47 100644 --- a/example/ipsec/odp_ipsec_sp_db.c +++ b/example/ipsec/odp_ipsec_sp_db.c @@ -43,7 +43,7 @@ void init_sp_db(void) memset(sp_db, 0, sizeof(*sp_db)); } -int create_sp_db_entry(char *input) +int create_sp_db_entry(char *input, odp_bool_t both_supported) { int pos = 0; char *local; @@ -108,6 +108,13 @@ int create_sp_db_entry(char *input) pos++; } + /* Check if enabling both AH and ESP protocols is supported */ + if (!both_supported && (entry->ah && entry->esp)) { + printf("ERROR: enabling both AH and ESP is not supported\n"); + free(local); + return -1; + } + /* Verify we parsed exactly the number of tokens we expected */ if (4 != pos) { printf("ERROR: \"%s\" contains %d tokens, expected 4\n", diff --git a/example/ipsec/odp_ipsec_sp_db.h b/example/ipsec/odp_ipsec_sp_db.h index ffb52eb87..878f3a7c4 100644 --- a/example/ipsec/odp_ipsec_sp_db.h +++ b/example/ipsec/odp_ipsec_sp_db.h @@ -43,13 +43,14 @@ void init_sp_db(void); /** * Create an SP DB entry * - * String is of the format "SrcSubNet:DstSubNet:(in|out):(ah|esp|both)" + * String is of the format "SrcSubNet:DstSubNet:(in|out):(ah|esp|[both])" * - * @param input Pointer to string describing SP + * @param input Pointer to a string describing SP + * @param both_supported Enabling both AH and ESP is supported * * @return 0 if successful else -1 */ -int create_sp_db_entry(char *input); +int create_sp_db_entry(char *input, odp_bool_t both_supported); /** * Display one SP DB entry diff --git a/example/ipsec_api/odp_ipsec.c b/example/ipsec_api/odp_ipsec.c index 3487b27b3..e6a3716be 100644 --- a/example/ipsec_api/odp_ipsec.c +++ b/example/ipsec_api/odp_ipsec.c @@ -1237,7 +1237,7 @@ static void parse_args(int argc, char *argv[], appl_args_t *appl_args) break; case 'p': - rc = create_sp_db_entry(optarg); + rc = create_sp_db_entry(optarg, FALSE); break; case 'a': @@ -1326,7 +1326,7 @@ static void usage(char *progname) "\n" "Routing / IPSec OPTIONS:\n" " -r, --route SubNet:Intf:NextHopMAC\n" - " -p, --policy SrcSubNet:DstSubNet:(in|out):(ah|esp|both)\n" + " -p, --policy SrcSubNet:DstSubNet:(in|out):(ah|esp)\n" " -e, --esp SrcIP:DstIP:(3des|null):SPI:Key192\n" " -a, --ah SrcIP:DstIP:(sha256|md5|null):SPI:Key(256|128)\n" "\n" diff --git a/example/ipsec_api/odp_ipsec_api_run_live.sh b/example/ipsec_api/odp_ipsec_api_run_live.sh index 4a455ba85..3af05d110 100755 --- a/example/ipsec_api/odp_ipsec_api_run_live.sh +++ b/example/ipsec_api/odp_ipsec_api_run_live.sh @@ -6,12 +6,10 @@ sudo ./odp_ipsec_api -i p7p1,p8p1 \ -r 192.168.111.2/32:p7p1:08.00.27.76.B5.E0 \ -r 192.168.222.2/32:p8p1:08.00.27.F5.8B.DB \ --p 192.168.111.0/24:192.168.222.0/24:out:both \ +-p 192.168.111.0/24:192.168.222.0/24:out:esp \ -e 192.168.111.2:192.168.222.2:\ 3des:201:656c8523255ccc23a66c1917aa0cf30991fce83532a4b224 \ --a 192.168.111.2:192.168.222.2:md5:200:a731649644c5dee92cbd9c2e7e188ee6 \ --p 192.168.222.0/24:192.168.111.0/24:in:both \ +-p 192.168.222.0/24:192.168.111.0/24:in:esp \ -e 192.168.222.2:192.168.111.2:\ 3des:301:c966199f24d095f3990a320d749056401e82b26570320292 \ --a 192.168.222.2:192.168.111.2:md5:300:27f6d123d7077b361662fc6e451f65d8 \ -c 2 "$@" |