blob: 2e012db1f6436bceaf38dff16b8e08d3acfd8d12 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
# ipsec in reqid 1
ip ipsec-ip4 ipsec-input
[ xfrm load in 0 reqid => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# ipsec in spnum 0 reqid 1
ip ipsec-ip4 ipsec-input
[ xfrm load in 0 reqid => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# ipsec out reqid 0xffffffff
ip ipsec-ip4 ipsec-input
[ xfrm load out 0 reqid => reg 1 ]
[ cmp eq reg 1 0xffffffff ]
# ipsec out spi 1-561
inet ipsec-inet ipsec-post
[ xfrm load out 0 spi => reg 1 ]
[ range eq reg 1 0x00000001 0x00000231 ]
# ipsec in spnum 2 ip saddr { 1.2.3.4, 10.6.0.0/16 }
__set%d ipsec-ip4 7 size 5
__set%d ipsec-ip4 0
element 00000000 flags 1 element 01020304 element 01020305 flags 1 element 0a060000 element 0a070000 flags 1
ip ipsec-ip4 ipsec-input
[ xfrm load in 2 saddr4 => reg 1 ]
[ lookup reg 1 set __set%d ]
# ipsec in ip6 daddr dead::beef
ip ipsec-ip4 ipsec-forw
[ xfrm load in 0 daddr6 => reg 1 ]
[ cmp eq reg 1 0xdead0000 0x00000000 0x00000000 0x0000beef ]
# ipsec out ip6 saddr dead::feed
ip ipsec-ip4 ipsec-forw
[ xfrm load out 0 saddr6 => reg 1 ]
[ cmp eq reg 1 0xdead0000 0x00000000 0x00000000 0x0000feed ]
# counter ipsec out ip daddr 192.168.1.2
ip ipsec-ip4 ipsec-forw
[ counter pkts 0 bytes 0 ]
[ xfrm load out 0 daddr4 => reg 1 ]
[ cmp eq reg 1 0xc0a80102 ]
|
