Code Review
/
vpp.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
ipsec: ipsec-tun protect
[vpp.git]
/
src
/
vnet
/
ipsec
/
ipsec_sa.c
diff --git
a/src/vnet/ipsec/ipsec_sa.c
b/src/vnet/ipsec/ipsec_sa.c
index
e8a0159
..
afdecfe
100644
(file)
--- a/
src/vnet/ipsec/ipsec_sa.c
+++ b/
src/vnet/ipsec/ipsec_sa.c
@@
-17,6
+17,7
@@
#include <vnet/ipsec/esp.h>
#include <vnet/udp/udp.h>
#include <vnet/fib/fib_table.h>
#include <vnet/ipsec/esp.h>
#include <vnet/udp/udp.h>
#include <vnet/fib/fib_table.h>
+#include <vnet/ipsec/ipsec_tun.h>
/**
* @brief
/**
* @brief
@@
-292,7
+293,7
@@
ipsec_sa_del (u32 id)
{
clib_warning ("sa_id %u used in policy", sa->id);
/* sa used in policy */
{
clib_warning ("sa_id %u used in policy", sa->id);
/* sa used in policy */
- return VNET_API_ERROR_
SYSCALL_ERROR_1
;
+ return VNET_API_ERROR_
RSRC_IN_USE
;
}
hash_unset (im->sa_index_by_sa_id, sa->id);
err = ipsec_call_add_del_callbacks (im, sa, sa_index, 0);
}
hash_unset (im->sa_index_by_sa_id, sa->id);
err = ipsec_call_add_del_callbacks (im, sa, sa_index, 0);
@@
-313,12
+314,20
@@
ipsec_sa_del (u32 id)
return 0;
}
return 0;
}
+void
+ipsec_sa_clear (index_t sai)
+{
+ vlib_zero_combined_counter (&ipsec_sa_counters, sai);
+}
+
u8
ipsec_is_sa_used (u32 sa_index)
{
ipsec_main_t *im = &ipsec_main;
u8
ipsec_is_sa_used (u32 sa_index)
{
ipsec_main_t *im = &ipsec_main;
+ ipsec_tun_protect_t *itp;
ipsec_tunnel_if_t *t;
ipsec_policy_t *p;
ipsec_tunnel_if_t *t;
ipsec_policy_t *p;
+ u32 sai;
/* *INDENT-OFF* */
pool_foreach(p, im->policies, ({
/* *INDENT-OFF* */
pool_foreach(p, im->policies, ({
@@
-335,8
+344,20
@@
ipsec_is_sa_used (u32 sa_index)
if (t->output_sa_index == sa_index)
return 1;
}));
if (t->output_sa_index == sa_index)
return 1;
}));
+
+ /* *INDENT-OFF* */
+ pool_foreach(itp, ipsec_protect_pool, ({
+ FOR_EACH_IPSEC_PROTECT_INPUT_SAI(itp, sai,
+ ({
+ if (sai == sa_index)
+ return 1;
+ }));
+ if (itp->itp_out_sa == sa_index)
+ return 1;
+ }));
/* *INDENT-ON* */
/* *INDENT-ON* */
+
return 0;
}
return 0;
}
@@
-415,7
+436,7
@@
ipsec_sa_back_walk (fib_node_t * node, fib_node_back_walk_ctx_t * ctx)
}
/*
}
/*
- * Virtual function table registered by
MPLS GRE tunnel
s
+ * Virtual function table registered by
SA
s
* for participation in the FIB object graph.
*/
const static fib_node_vft_t ipsec_sa_vft = {
* for participation in the FIB object graph.
*/
const static fib_node_vft_t ipsec_sa_vft = {