ipsec: bind an SA to a worker

[vpp.git] / src / vnet / ipsec / ipsec.c

diff --git a/src/vnet/ipsec/ipsec.c b/src/vnet/ipsec/ipsec.c
index 4caae48..0f4f282 100644 (file)
--- a/src/vnet/ipsec/ipsec.c
+++ b/src/vnet/ipsec/ipsec.c
@@ -122,7 +122,7 @@ ipsec_add_node (vlib_main_t * vm, const char *node_name,
   *out_next_index = vlib_node_add_next (vm, prev_node->index, node->index);
 }
 
-static void
+void
 ipsec_add_feature (const char *arc_name,
                   const char *node_name, u32 * out_feature_index)
 {
@@ -206,11 +206,6 @@ ipsec_rsc_in_use (ipsec_main_t * im)
                              "%d SA entries configured",
                              pool_elts (im->sad));
 
-  if (pool_elts (im->tunnel_interfaces))
-    return clib_error_return (0,
-                             "%d tunnel-interface entries configured",
-                             pool_elts (im->tunnel_interfaces));
-
   return (NULL);
 }
 
@@ -315,11 +310,15 @@ ipsec_init (vlib_main_t * vm)
   if ((error = vlib_call_init_function (vm, ipsec_cli_init)))
     return error;
 
-  if ((error = vlib_call_init_function (vm, ipsec_tunnel_if_init)))
-    return error;
-
   vec_validate (im->crypto_algs, IPSEC_CRYPTO_N_ALG - 1);
 
+  a = im->crypto_algs + IPSEC_CRYPTO_ALG_NONE;
+  a->enc_op_id = VNET_CRYPTO_OP_NONE;
+  a->dec_op_id = VNET_CRYPTO_OP_NONE;
+  a->alg = VNET_CRYPTO_ALG_NONE;
+  a->iv_size = 0;
+  a->block_size = 1;
+
   a = im->crypto_algs + IPSEC_CRYPTO_ALG_DES_CBC;
   a->enc_op_id = VNET_CRYPTO_OP_DES_CBC_ENC;
   a->dec_op_id = VNET_CRYPTO_OP_DES_CBC_DEC;
@@ -374,6 +373,11 @@ ipsec_init (vlib_main_t * vm)
   vec_validate (im->integ_algs, IPSEC_INTEG_N_ALG - 1);
   ipsec_main_integ_alg_t *i;
 
+  i = &im->integ_algs[IPSEC_INTEG_ALG_MD5_96];
+  i->op_id = VNET_CRYPTO_OP_MD5_HMAC;
+  i->alg = VNET_CRYPTO_ALG_HMAC_MD5;
+  i->icv_size = 12;
+
   i = &im->integ_algs[IPSEC_INTEG_ALG_SHA1_96];
   i->op_id = VNET_CRYPTO_OP_SHA1_HMAC;
   i->alg = VNET_CRYPTO_ALG_HMAC_SHA1;
@@ -401,6 +405,32 @@ ipsec_init (vlib_main_t * vm)
 
   vec_validate_aligned (im->ptd, vlib_num_workers (), CLIB_CACHE_LINE_BYTES);
 
+  im->ah4_enc_fq_index =
+    vlib_frame_queue_main_init (ah4_encrypt_node.index, 0);
+  im->ah4_dec_fq_index =
+    vlib_frame_queue_main_init (ah4_decrypt_node.index, 0);
+  im->ah6_enc_fq_index =
+    vlib_frame_queue_main_init (ah6_encrypt_node.index, 0);
+  im->ah6_dec_fq_index =
+    vlib_frame_queue_main_init (ah6_decrypt_node.index, 0);
+
+  im->esp4_enc_fq_index =
+    vlib_frame_queue_main_init (esp4_encrypt_node.index, 0);
+  im->esp4_dec_fq_index =
+    vlib_frame_queue_main_init (esp4_decrypt_node.index, 0);
+  im->esp6_enc_fq_index =
+    vlib_frame_queue_main_init (esp6_encrypt_node.index, 0);
+  im->esp6_dec_fq_index =
+    vlib_frame_queue_main_init (esp6_decrypt_node.index, 0);
+  im->esp4_enc_tun_fq_index =
+    vlib_frame_queue_main_init (esp4_encrypt_tun_node.index, 0);
+  im->esp6_enc_tun_fq_index =
+    vlib_frame_queue_main_init (esp6_encrypt_tun_node.index, 0);
+  im->esp4_dec_tun_fq_index =
+    vlib_frame_queue_main_init (esp4_decrypt_tun_node.index, 0);
+  im->esp6_dec_tun_fq_index =
+    vlib_frame_queue_main_init (esp6_decrypt_tun_node.index, 0);
+
   return 0;
 }