sw_if_index, spd_id, spd_index);
/* enable IPsec on TX */
- vnet_feature_enable_disable ("ip4-output", "ipsec4-output", sw_if_index,
- is_add, 0, 0);
- vnet_feature_enable_disable ("ip6-output", "ipsec6-output", sw_if_index,
- is_add, 0, 0);
+ vnet_feature_enable_disable ("ip4-output", "ipsec4-output-feature",
+ sw_if_index, is_add, 0, 0);
+ vnet_feature_enable_disable ("ip6-output", "ipsec6-output-feature",
+ sw_if_index, is_add, 0, 0);
config.spd_index = spd_index;
/* enable IPsec on RX */
- vnet_feature_enable_disable ("ip4-unicast", "ipsec4-input", sw_if_index,
- is_add, &config, sizeof (config));
- vnet_feature_enable_disable ("ip6-unicast", "ipsec6-input", sw_if_index,
- is_add, &config, sizeof (config));
+ vnet_feature_enable_disable ("ip4-unicast", "ipsec4-input-feature",
+ sw_if_index, is_add, &config, sizeof (config));
+ vnet_feature_enable_disable ("ip6-unicast", "ipsec6-input-feature",
+ sw_if_index, is_add, &config, sizeof (config));
return 0;
}
ipsec_check_support_cb (ipsec_main_t * im, ipsec_sa_t * sa)
{
clib_error_t *error = 0;
- ipsec_ah_backend_t *ah =
- pool_elt_at_index (im->ah_backends, im->ah_current_backend);
- ASSERT (ah->check_support_cb);
- error = ah->check_support_cb (sa);
- if (error)
- return error;
- ipsec_esp_backend_t *esp =
- pool_elt_at_index (im->esp_backends, im->esp_current_backend);
- ASSERT (esp->check_support_cb);
- error = esp->check_support_cb (sa);
+
+ if (PREDICT_FALSE (sa->protocol == IPSEC_PROTOCOL_AH))
+ {
+ ipsec_ah_backend_t *ah =
+ pool_elt_at_index (im->ah_backends, im->ah_current_backend);
+ ASSERT (ah->check_support_cb);
+ error = ah->check_support_cb (sa);
+ }
+ else
+ {
+ ipsec_esp_backend_t *esp =
+ pool_elt_at_index (im->esp_backends, im->esp_current_backend);
+ ASSERT (esp->check_support_cb);
+ error = esp->check_support_cb (sa);
+ }
return error;
}
pool_get (im->ah_backends, b);
b->name = format (NULL, "%s", name);
- ipsec_add_node (vm, ah4_encrypt_node_name, "ipsec4-output",
+ ipsec_add_node (vm, ah4_encrypt_node_name, "ipsec4-output-feature",
&b->ah4_encrypt_node_index, &b->ah4_encrypt_next_index);
- ipsec_add_node (vm, ah4_decrypt_node_name, "ipsec4-input",
+ ipsec_add_node (vm, ah4_decrypt_node_name, "ipsec4-input-feature",
&b->ah4_decrypt_node_index, &b->ah4_decrypt_next_index);
- ipsec_add_node (vm, ah6_encrypt_node_name, "ipsec6-output",
+ ipsec_add_node (vm, ah6_encrypt_node_name, "ipsec6-output-feature",
&b->ah6_encrypt_node_index, &b->ah6_encrypt_next_index);
- ipsec_add_node (vm, ah6_decrypt_node_name, "ipsec6-input",
+ ipsec_add_node (vm, ah6_decrypt_node_name, "ipsec6-input-feature",
&b->ah6_decrypt_node_index, &b->ah6_decrypt_next_index);
b->check_support_cb = ah_check_support_cb;
pool_get (im->esp_backends, b);
b->name = format (NULL, "%s", name);
- ipsec_add_node (vm, esp4_encrypt_node_name, "ipsec4-output",
+ ipsec_add_node (vm, esp4_encrypt_node_name, "ipsec4-output-feature",
&b->esp4_encrypt_node_index, &b->esp4_encrypt_next_index);
- ipsec_add_node (vm, esp4_decrypt_node_name, "ipsec4-input",
+ ipsec_add_node (vm, esp4_decrypt_node_name, "ipsec4-input-feature",
&b->esp4_decrypt_node_index, &b->esp4_decrypt_next_index);
- ipsec_add_node (vm, esp6_encrypt_node_name, "ipsec6-output",
+ ipsec_add_node (vm, esp6_encrypt_node_name, "ipsec6-output-feature",
&b->esp6_encrypt_node_index, &b->esp6_encrypt_next_index);
- ipsec_add_node (vm, esp6_decrypt_node_name, "ipsec6-input",
+ ipsec_add_node (vm, esp6_decrypt_node_name, "ipsec6-input-feature",
&b->esp6_decrypt_node_index, &b->esp6_decrypt_next_index);
b->check_support_cb = esp_check_support_cb;