Code Review
/
vpp.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
ipsec: support UDP encap/decap for NAT traversal
[vpp.git]
/
src
/
vnet
/
ipsec
/
ipsec.c
diff --git
a/src/vnet/ipsec/ipsec.c
b/src/vnet/ipsec/ipsec.c
index
ab3c83b
..
928cafd
100644
(file)
--- a/
src/vnet/ipsec/ipsec.c
+++ b/
src/vnet/ipsec/ipsec.c
@@
-19,12
+19,14
@@
#include <vnet/api_errno.h>
#include <vnet/ip/ip.h>
#include <vnet/interface.h>
#include <vnet/api_errno.h>
#include <vnet/ip/ip.h>
#include <vnet/interface.h>
+#include <vnet/udp/udp.h>
#include <vnet/ipsec/ipsec.h>
#include <vnet/ipsec/ikev2.h>
#include <vnet/ipsec/esp.h>
#include <vnet/ipsec/ah.h>
#include <vnet/ipsec/ipsec.h>
#include <vnet/ipsec/ikev2.h>
#include <vnet/ipsec/esp.h>
#include <vnet/ipsec/ah.h>
+
ipsec_main_t ipsec_main;
u32
ipsec_main_t ipsec_main;
u32
@@
-366,13
+368,13
@@
ipsec_add_del_policy (vlib_main_t * vm, ipsec_policy_t * policy, int is_add)
if (vec_elt(spd->ipv4_inbound_policy_discard_and_bypass_indices, j) == i) {
vec_del1 (spd->ipv4_inbound_policy_discard_and_bypass_indices, j);
break;
if (vec_elt(spd->ipv4_inbound_policy_discard_and_bypass_indices, j) == i) {
vec_del1 (spd->ipv4_inbound_policy_discard_and_bypass_indices, j);
break;
+ }
}
}
}
}
pool_put (spd->policies, vp);
break;
}
}
}
}
pool_put (spd->policies, vp);
break;
- }
}));
/* *INDENT-ON* */
}
}));
/* *INDENT-ON* */
}
@@
-411,7
+413,8
@@
ipsec_is_sa_used (u32 sa_index)
}
int
}
int
-ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add)
+ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add,
+ u8 udp_encap)
{
ipsec_main_t *im = &ipsec_main;
ipsec_sa_t *sa = 0;
{
ipsec_main_t *im = &ipsec_main;
ipsec_sa_t *sa = 0;
@@
-450,6
+453,7
@@
ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add)
pool_get (im->sad, sa);
clib_memcpy (sa, new_sa, sizeof (*sa));
sa_index = sa - im->sad;
pool_get (im->sad, sa);
clib_memcpy (sa, new_sa, sizeof (*sa));
sa_index = sa - im->sad;
+ sa->udp_encap = udp_encap ? 1 : 0;
hash_set (im->sa_index_by_sa_id, sa->id, sa_index);
if (im->cb.add_del_sa_sess_cb)
{
hash_set (im->sa_index_by_sa_id, sa->id, sa_index);
if (im->cb.add_del_sa_sess_cb)
{