#include <vnet/ipsec/ipsec.h>
#include <vnet/ipsec/esp.h>
#include <vnet/ipsec/ah.h>
+#include <vnet/ipsec/ipsec_tun.h>
ipsec_main_t ipsec_main;
esp_async_post_next_t esp_encrypt_async_next;
ipsec_main_t *im = &ipsec_main;
ipsec_sa_t *sa;
- /* lock all SAs before change im->async_mode */
- pool_foreach (sa, ipsec_sa_pool)
- {
- fib_node_lock (&sa->node);
- }
+ vnet_crypto_request_async_mode (is_enabled);
im->async_mode = is_enabled;
- /* change SA crypto op data before unlock them */
+ /* change SA crypto op data */
pool_foreach (sa, ipsec_sa_pool)
{
sa->crypto_op_data =
- is_enabled ? sa->async_op_data.data : sa->sync_op_data.data;
- fib_node_unlock (&sa->node);
+ (is_enabled ? sa->async_op_data.data : sa->sync_op_data.data);
}
}
VLIB_INIT_FUNCTION (ipsec_init);
+static clib_error_t *
+ipsec_config (vlib_main_t *vm, unformat_input_t *input)
+{
+ unformat_input_t sub_input;
+
+ while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (input, "ip4 %U", unformat_vlib_cli_sub_input, &sub_input))
+ {
+ uword table_size = ~0;
+ u32 n_buckets = ~0;
+
+ while (unformat_check_input (&sub_input) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (&sub_input, "num-buckets %u", &n_buckets))
+ ;
+ else
+ return clib_error_return (0, "unknown input `%U'",
+ format_unformat_error, &sub_input);
+ }
+
+ ipsec_tun_table_init (AF_IP4, table_size, n_buckets);
+ }
+ else if (unformat (input, "ip6 %U", unformat_vlib_cli_sub_input,
+ &sub_input))
+ {
+ uword table_size = ~0;
+ u32 n_buckets = ~0;
+
+ while (unformat_check_input (&sub_input) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (&sub_input, "num-buckets %u", &n_buckets))
+ ;
+ else
+ return clib_error_return (0, "unknown input `%U'",
+ format_unformat_error, &sub_input);
+ }
+
+ ipsec_tun_table_init (AF_IP6, table_size, n_buckets);
+ }
+ else
+ return clib_error_return (0, "unknown input `%U'",
+ format_unformat_error, input);
+ }
+
+ return 0;
+}
+
+VLIB_CONFIG_FUNCTION (ipsec_config, "ipsec");
+
/*
* fd.io coding-style-patch-verification: ON
*