ipsec: Add/Del IPSec SA is not MP safe

[vpp.git] / src / vnet / ipsec / ipsec_api.c

diff --git a/src/vnet/ipsec/ipsec_api.c b/src/vnet/ipsec/ipsec_api.c
index 4a55a29..ef58f7a 100644 (file)
--- a/src/vnet/ipsec/ipsec_api.c
+++ b/src/vnet/ipsec/ipsec_api.c
@@ -374,7 +374,8 @@ static void vl_api_ipsec_sad_entry_add_del_t_handler
                                crypto_alg, &crypto_key,
                                integ_alg, &integ_key, flags,
                                0, mp->entry.salt, &tun_src, &tun_dst,
-                               &sa_index, IPSEC_UDP_PORT_NONE);
+                               &sa_index, htons (mp->entry.udp_src_port),
+                               htons (mp->entry.udp_dst_port));
   else
     rv = ipsec_sa_unlock_id (id);
 
@@ -665,7 +666,7 @@ vl_api_ipsec_tunnel_if_add_del_t_handler (vl_api_ipsec_tunnel_if_add_del_t *
                                  (flags | IPSEC_SA_FLAG_IS_INBOUND),
                                  ntohl (mp->tx_table_id),
                                  mp->salt, &remote_ip, &local_ip, NULL,
-                                 IPSEC_UDP_PORT_NONE);
+                                 IPSEC_UDP_PORT_NONE, IPSEC_UDP_PORT_NONE);
 
       if (rv)
        goto done;
@@ -680,7 +681,7 @@ vl_api_ipsec_tunnel_if_add_del_t_handler (vl_api_ipsec_tunnel_if_add_del_t *
                                  flags,
                                  ntohl (mp->tx_table_id),
                                  mp->salt, &local_ip, &remote_ip, NULL,
-                                 IPSEC_UDP_PORT_NONE);
+                                 IPSEC_UDP_PORT_NONE, IPSEC_UDP_PORT_NONE);
 
       if (rv)
        goto done;
@@ -816,6 +817,11 @@ send_ipsec_sa_details (ipsec_sa_t * sa, void *arg)
       ip_address_encode (&sa->tunnel_dst_addr, IP46_TYPE_ANY,
                         &mp->entry.tunnel_dst);
     }
+  if (ipsec_sa_is_set_UDP_ENCAP (sa))
+    {
+      mp->entry.udp_src_port = sa->udp_hdr.src_port;
+      mp->entry.udp_dst_port = sa->udp_hdr.dst_port;
+    }
 
   mp->seq_outbound = clib_host_to_net_u64 (((u64) sa->seq));
   mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->last_seq));
@@ -998,13 +1004,6 @@ ipsec_api_hookup (vlib_main_t * vm)
   foreach_vpe_api_msg;
 #undef _
 
-  /*
-   * Adding and deleting SAs is MP safe since when they are added/delete
-   * no traffic is using them
-   */
-  am->is_mp_safe[VL_API_IPSEC_SAD_ENTRY_ADD_DEL] = 1;
-  am->is_mp_safe[VL_API_IPSEC_SAD_ENTRY_ADD_DEL_REPLY] = 1;
-
   /*
    * Set up the (msg_name, crc, message-id) table
    */