Code Review / vpp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
ipsec: move startup config to common file
[vpp.git] / src / vnet / ipsec / ipsec.c
diff --git a/src/vnet/ipsec/ipsec.c b/src/vnet/ipsec/ipsec.c
index 45ae5ac..d154b51 100644 (file)
--- a/src/vnet/ipsec/ipsec.c
+++ b/src/vnet/ipsec/ipsec.c
@@ -24,6 +24,7 @@
 #include <vnet/ipsec/ipsec.h>
 #include <vnet/ipsec/esp.h>
 #include <vnet/ipsec/ah.h>
+#include <vnet/ipsec/ipsec_tun.h>
 
 ipsec_main_t ipsec_main;
 esp_async_post_next_t esp_encrypt_async_next;
@@ -329,20 +330,15 @@ ipsec_set_async_mode (u32 is_enabled)
   ipsec_main_t *im = &ipsec_main;
   ipsec_sa_t *sa;
 
-  /* lock all SAs before change im->async_mode */
-  pool_foreach (sa, ipsec_sa_pool)
-    {
-      fib_node_lock (&sa->node);
-    }
+  vnet_crypto_request_async_mode (is_enabled);
 
   im->async_mode = is_enabled;
 
-  /* change SA crypto op data before unlock them */
+  /* change SA crypto op data */
   pool_foreach (sa, ipsec_sa_pool)
     {
       sa->crypto_op_data =
-       is_enabled ? sa->async_op_data.data : sa->sync_op_data.data;
-      fib_node_unlock (&sa->node);
+       (is_enabled ? sa->async_op_data.data : sa->sync_op_data.data);
     }
 }
 
@@ -554,6 +550,56 @@ ipsec_init (vlib_main_t * vm)
 
 VLIB_INIT_FUNCTION (ipsec_init);
 
+static clib_error_t *
+ipsec_config (vlib_main_t *vm, unformat_input_t *input)
+{
+  unformat_input_t sub_input;
+
+  while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
+    {
+      if (unformat (input, "ip4 %U", unformat_vlib_cli_sub_input, &sub_input))
+       {
+         uword table_size = ~0;
+         u32 n_buckets = ~0;
+
+         while (unformat_check_input (&sub_input) != UNFORMAT_END_OF_INPUT)
+           {
+             if (unformat (&sub_input, "num-buckets %u", &n_buckets))
+               ;
+             else
+               return clib_error_return (0, "unknown input `%U'",
+                                         format_unformat_error, &sub_input);
+           }
+
+         ipsec_tun_table_init (AF_IP4, table_size, n_buckets);
+       }
+      else if (unformat (input, "ip6 %U", unformat_vlib_cli_sub_input,
+                        &sub_input))
+       {
+         uword table_size = ~0;
+         u32 n_buckets = ~0;
+
+         while (unformat_check_input (&sub_input) != UNFORMAT_END_OF_INPUT)
+           {
+             if (unformat (&sub_input, "num-buckets %u", &n_buckets))
+               ;
+             else
+               return clib_error_return (0, "unknown input `%U'",
+                                         format_unformat_error, &sub_input);
+           }
+
+         ipsec_tun_table_init (AF_IP6, table_size, n_buckets);
+       }
+      else
+       return clib_error_return (0, "unknown input `%U'",
+                                 format_unformat_error, input);
+    }
+
+  return 0;
+}
+
+VLIB_CONFIG_FUNCTION (ipsec_config, "ipsec");
+
 /*
  * fd.io coding-style-patch-verification: ON
  *
Vector Packet Processing