example: ipsec_api: fix policy argument processing

The application supports adding either AH or ESP header, not both.

Signed-off-by: Matias Elo <matias.elo@nokia.com>
Reviewed-by: Janne Peltonen <janne.peltonen@nokia.com>

5 files changed, 17 insertions, 11 deletions

diff --git a/example/ipsec/odp_ipsec.c b/example/ipsec/odp_ipsec.c
index e382bc0e5..c4f34cbfa 100644
--- a/example/ipsec/odp_ipsec.c
+++ b/example/ipsec/odp_ipsec.c
@@ -1538,7 +1538,7 @@ static void parse_args(int argc, char *argv[], appl_args_t *appl_args)
 			break;
 
 		case 'p':
-			rc = create_sp_db_entry(optarg);
+			rc = create_sp_db_entry(optarg, TRUE);
 			break;
 
 		case 'a':
diff --git a/example/ipsec/odp_ipsec_sp_db.c b/example/ipsec/odp_ipsec_sp_db.c
index 88ac55298..1e5820b47 100644
--- a/example/ipsec/odp_ipsec_sp_db.c
+++ b/example/ipsec/odp_ipsec_sp_db.c
@@ -43,7 +43,7 @@ void init_sp_db(void)
 	memset(sp_db, 0, sizeof(*sp_db));
 }
 
-int create_sp_db_entry(char *input)
+int create_sp_db_entry(char *input, odp_bool_t both_supported)
 {
 	int pos = 0;
 	char *local;
@@ -108,6 +108,13 @@ int create_sp_db_entry(char *input)
 		pos++;
 	}
 
+	/* Check if enabling both AH and ESP protocols is supported */
+	if (!both_supported && (entry->ah && entry->esp)) {
+		printf("ERROR: enabling both AH and ESP is not supported\n");
+		free(local);
+		return -1;
+	}
+
 	/* Verify we parsed exactly the number of tokens we expected */
 	if (4 != pos) {
 		printf("ERROR: \"%s\" contains %d tokens, expected 4\n",
diff --git a/example/ipsec/odp_ipsec_sp_db.h b/example/ipsec/odp_ipsec_sp_db.h
index ffb52eb87..878f3a7c4 100644
--- a/example/ipsec/odp_ipsec_sp_db.h
+++ b/example/ipsec/odp_ipsec_sp_db.h
@@ -43,13 +43,14 @@ void init_sp_db(void);
 /**
  * Create an SP DB entry
  *
- * String is of the format "SrcSubNet:DstSubNet:(in|out):(ah|esp|both)"
+ * String is of the format "SrcSubNet:DstSubNet:(in|out):(ah|esp|[both])"
  *
- * @param input  Pointer to string describing SP
+ * @param input          Pointer to a string describing SP
+ * @param both_supported Enabling both AH and ESP is supported
  *
  * @return 0 if successful else -1
  */
-int create_sp_db_entry(char *input);
+int create_sp_db_entry(char *input, odp_bool_t both_supported);
 
 /**
  * Display one SP DB entry
diff --git a/example/ipsec_api/odp_ipsec.c b/example/ipsec_api/odp_ipsec.c
index 3487b27b3..e6a3716be 100644
--- a/example/ipsec_api/odp_ipsec.c
+++ b/example/ipsec_api/odp_ipsec.c
@@ -1237,7 +1237,7 @@ static void parse_args(int argc, char *argv[], appl_args_t *appl_args)
 			break;
 
 		case 'p':
-			rc = create_sp_db_entry(optarg);
+			rc = create_sp_db_entry(optarg, FALSE);
 			break;
 
 		case 'a':
@@ -1326,7 +1326,7 @@ static void usage(char *progname)
 	       "\n"
 	       "Routing / IPSec OPTIONS:\n"
 	       " -r, --route SubNet:Intf:NextHopMAC\n"
-	       " -p, --policy SrcSubNet:DstSubNet:(in|out):(ah|esp|both)\n"
+	       " -p, --policy SrcSubNet:DstSubNet:(in|out):(ah|esp)\n"
 	       " -e, --esp SrcIP:DstIP:(3des|null):SPI:Key192\n"
 	       " -a, --ah SrcIP:DstIP:(sha256|md5|null):SPI:Key(256|128)\n"
 	       "\n"
diff --git a/example/ipsec_api/odp_ipsec_api_run_live.sh b/example/ipsec_api/odp_ipsec_api_run_live.sh
index 4a455ba85..3af05d110 100755
--- a/example/ipsec_api/odp_ipsec_api_run_live.sh
+++ b/example/ipsec_api/odp_ipsec_api_run_live.sh
@@ -6,12 +6,10 @@
 sudo ./odp_ipsec_api -i p7p1,p8p1 \
 -r 192.168.111.2/32:p7p1:08.00.27.76.B5.E0 \
 -r 192.168.222.2/32:p8p1:08.00.27.F5.8B.DB \
--p 192.168.111.0/24:192.168.222.0/24:out:both \
+-p 192.168.111.0/24:192.168.222.0/24:out:esp \
 -e 192.168.111.2:192.168.222.2:\
 3des:201:656c8523255ccc23a66c1917aa0cf30991fce83532a4b224 \
--a 192.168.111.2:192.168.222.2:md5:200:a731649644c5dee92cbd9c2e7e188ee6 \
--p 192.168.222.0/24:192.168.111.0/24:in:both \
+-p 192.168.222.0/24:192.168.111.0/24:in:esp \
 -e 192.168.222.2:192.168.111.2:\
 3des:301:c966199f24d095f3990a320d749056401e82b26570320292 \
--a 192.168.222.2:192.168.111.2:md5:300:27f6d123d7077b361662fc6e451f65d8 \
 -c 2 "$@"