sw_if_index, spd_id, spd_index);
/* enable IPsec on TX */
- vnet_feature_enable_disable ("ip4-output", "ipsec-output-ip4", sw_if_index,
+ vnet_feature_enable_disable ("ip4-output", "ipsec4-output", sw_if_index,
is_add, 0, 0);
- vnet_feature_enable_disable ("ip6-output", "ipsec-output-ip6", sw_if_index,
+ vnet_feature_enable_disable ("ip6-output", "ipsec6-output", sw_if_index,
is_add, 0, 0);
+ config.spd_index = spd_index;
+
/* enable IPsec on RX */
- vnet_feature_enable_disable ("ip4-unicast", "ipsec-input-ip4", sw_if_index,
+ vnet_feature_enable_disable ("ip4-unicast", "ipsec4-input", sw_if_index,
is_add, &config, sizeof (config));
- vnet_feature_enable_disable ("ip6-unicast", "ipsec-input-ip6", sw_if_index,
+ vnet_feature_enable_disable ("ip6-unicast", "ipsec6-input", sw_if_index,
is_add, &config, sizeof (config));
return 0;
else /* create new SPD */
{
pool_get (im->spds, spd);
- memset (spd, 0, sizeof (*spd));
+ clib_memset (spd, 0, sizeof (*spd));
spd_index = spd - im->spds;
spd->id = spd_id;
hash_set (im->spd_index_by_spd_id, spd_id, spd_index);
static int
ipsec_spd_entry_sort (void *a1, void *a2)
{
- ipsec_main_t *im = &ipsec_main;
u32 *id1 = a1;
u32 *id2 = a2;
- ipsec_spd_t *spd;
+ ipsec_spd_t *spd = ipsec_main.spd_to_sort;
ipsec_policy_t *p1, *p2;
- /* *INDENT-OFF* */
- pool_foreach (spd, im->spds, ({
- p1 = pool_elt_at_index(spd->policies, *id1);
- p2 = pool_elt_at_index(spd->policies, *id2);
- if (p1 && p2)
- return p2->priority - p1->priority;
- }));
- /* *INDENT-ON* */
+ p1 = pool_elt_at_index (spd->policies, *id1);
+ p2 = pool_elt_at_index (spd->policies, *id2);
+ if (p1 && p2)
+ return p2->priority - p1->priority;
return 0;
}
clib_memcpy (vp, policy, sizeof (*vp));
policy_index = vp - spd->policies;
+ ipsec_main.spd_to_sort = spd;
+
if (policy->is_outbound)
{
if (policy->is_ipv6)
}
}
+ ipsec_main.spd_to_sort = NULL;
}
else
{
}
int
-ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add,
- u8 udp_encap)
+ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add)
{
ipsec_main_t *im = &ipsec_main;
ipsec_sa_t *sa = 0;
pool_get (im->sad, sa);
clib_memcpy (sa, new_sa, sizeof (*sa));
sa_index = sa - im->sad;
- sa->udp_encap = udp_encap ? 1 : 0;
hash_set (im->sa_index_by_sa_id, sa->id, sa_index);
if (im->cb.add_del_sa_sess_cb)
{
ipsec_rand_seed ();
- memset (im, 0, sizeof (im[0]));
+ clib_memset (im, 0, sizeof (im[0]));
im->vnet_main = vnet_get_main ();
im->vlib_main = vm;
ASSERT (node);
im->error_drop_node_index = node->index;
- node = vlib_get_node_by_name (vm, (u8 *) "esp-encrypt");
+ node = vlib_get_node_by_name (vm, (u8 *) "esp4-encrypt");
+ ASSERT (node);
+ im->esp4_encrypt_node_index = node->index;
+
+ node = vlib_get_node_by_name (vm, (u8 *) "esp4-decrypt");
+ ASSERT (node);
+ im->esp4_decrypt_node_index = node->index;
+
+ node = vlib_get_node_by_name (vm, (u8 *) "ah4-encrypt");
+ ASSERT (node);
+ im->ah4_encrypt_node_index = node->index;
+
+ node = vlib_get_node_by_name (vm, (u8 *) "ah4-decrypt");
+ ASSERT (node);
+ im->ah4_decrypt_node_index = node->index;
+
+ im->esp4_encrypt_next_index = IPSEC_OUTPUT_NEXT_ESP4_ENCRYPT;
+ im->esp4_decrypt_next_index = IPSEC_INPUT_NEXT_ESP4_DECRYPT;
+ im->ah4_encrypt_next_index = IPSEC_OUTPUT_NEXT_AH4_ENCRYPT;
+ im->ah4_decrypt_next_index = IPSEC_INPUT_NEXT_AH4_DECRYPT;
+
+ node = vlib_get_node_by_name (vm, (u8 *) "esp6-encrypt");
ASSERT (node);
- im->esp_encrypt_node_index = node->index;
+ im->esp6_encrypt_node_index = node->index;
- node = vlib_get_node_by_name (vm, (u8 *) "esp-decrypt");
+ node = vlib_get_node_by_name (vm, (u8 *) "esp6-decrypt");
ASSERT (node);
- im->esp_decrypt_node_index = node->index;
+ im->esp6_decrypt_node_index = node->index;
- node = vlib_get_node_by_name (vm, (u8 *) "ah-encrypt");
+ node = vlib_get_node_by_name (vm, (u8 *) "ah6-encrypt");
ASSERT (node);
- im->ah_encrypt_node_index = node->index;
+ im->ah6_encrypt_node_index = node->index;
- node = vlib_get_node_by_name (vm, (u8 *) "ah-decrypt");
+ node = vlib_get_node_by_name (vm, (u8 *) "ah6-decrypt");
ASSERT (node);
- im->ah_decrypt_node_index = node->index;
+ im->ah6_decrypt_node_index = node->index;
- im->esp_encrypt_next_index = IPSEC_OUTPUT_NEXT_ESP_ENCRYPT;
- im->esp_decrypt_next_index = IPSEC_INPUT_NEXT_ESP_DECRYPT;
- im->ah_encrypt_next_index = IPSEC_OUTPUT_NEXT_AH_ENCRYPT;
- im->ah_decrypt_next_index = IPSEC_INPUT_NEXT_AH_DECRYPT;
+ im->esp6_encrypt_next_index = IPSEC_OUTPUT_NEXT_ESP6_ENCRYPT;
+ im->esp6_decrypt_next_index = IPSEC_INPUT_NEXT_ESP6_DECRYPT;
+ im->ah6_encrypt_next_index = IPSEC_OUTPUT_NEXT_AH6_ENCRYPT;
+ im->ah6_decrypt_next_index = IPSEC_INPUT_NEXT_AH6_DECRYPT;
im->cb.check_support_cb = ipsec_check_support;
Code Review / vpp.git / blobdiff