vnet_feature_enable_disable ("ip6-output", "ipsec-output-ip6", sw_if_index,
is_add, 0, 0);
+ config.spd_index = spd_index;
+
/* enable IPsec on RX */
vnet_feature_enable_disable ("ip4-unicast", "ipsec-input-ip4", sw_if_index,
is_add, &config, sizeof (config));
static int
ipsec_spd_entry_sort (void *a1, void *a2)
{
- ipsec_main_t *im = &ipsec_main;
u32 *id1 = a1;
u32 *id2 = a2;
- ipsec_spd_t *spd;
+ ipsec_spd_t *spd = ipsec_main.spd_to_sort;
ipsec_policy_t *p1, *p2;
- /* *INDENT-OFF* */
- pool_foreach (spd, im->spds, ({
- p1 = pool_elt_at_index(spd->policies, *id1);
- p2 = pool_elt_at_index(spd->policies, *id2);
- if (p1 && p2)
- return p2->priority - p1->priority;
- }));
- /* *INDENT-ON* */
+ p1 = pool_elt_at_index (spd->policies, *id1);
+ p2 = pool_elt_at_index (spd->policies, *id2);
+ if (p1 && p2)
+ return p2->priority - p1->priority;
return 0;
}
clib_memcpy (vp, policy, sizeof (*vp));
policy_index = vp - spd->policies;
+ ipsec_main.spd_to_sort = spd;
+
if (policy->is_outbound)
{
if (policy->is_ipv6)
}
}
+ ipsec_main.spd_to_sort = NULL;
}
else
{
}
int
-ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add,
- u8 udp_encap)
+ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add)
{
ipsec_main_t *im = &ipsec_main;
ipsec_sa_t *sa = 0;
pool_get (im->sad, sa);
clib_memcpy (sa, new_sa, sizeof (*sa));
sa_index = sa - im->sad;
- sa->udp_encap = udp_encap ? 1 : 0;
hash_set (im->sa_index_by_sa_id, sa->id, sa_index);
if (im->cb.add_del_sa_sess_cb)
{