crypto_alg, &crypto_key,
integ_alg, &integ_key, flags,
0, mp->entry.salt, &tun_src, &tun_dst,
- &sa_index, IPSEC_UDP_PORT_NONE);
+ &sa_index, htons (mp->entry.udp_src_port),
+ htons (mp->entry.udp_dst_port));
else
rv = ipsec_sa_unlock_id (id);
(flags | IPSEC_SA_FLAG_IS_INBOUND),
ntohl (mp->tx_table_id),
mp->salt, &remote_ip, &local_ip, NULL,
- IPSEC_UDP_PORT_NONE);
+ IPSEC_UDP_PORT_NONE, IPSEC_UDP_PORT_NONE);
if (rv)
goto done;
flags,
ntohl (mp->tx_table_id),
mp->salt, &local_ip, &remote_ip, NULL,
- IPSEC_UDP_PORT_NONE);
+ IPSEC_UDP_PORT_NONE, IPSEC_UDP_PORT_NONE);
if (rv)
goto done;
ip_address_encode (&sa->tunnel_dst_addr, IP46_TYPE_ANY,
&mp->entry.tunnel_dst);
}
+ if (ipsec_sa_is_set_UDP_ENCAP (sa))
+ {
+ mp->entry.udp_src_port = sa->udp_hdr.src_port;
+ mp->entry.udp_dst_port = sa->udp_hdr.dst_port;
+ }
mp->seq_outbound = clib_host_to_net_u64 (((u64) sa->seq));
mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->last_seq));
if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
mp->replay_window = clib_host_to_net_u64 (sa->replay_window);
+ mp->stat_index = clib_host_to_net_u32 (sa->stat_index);
+
vl_api_send_msg (ctx->reg, (u8 *) mp);
return (WALK_CONTINUE);
foreach_vpe_api_msg;
#undef _
- /*
- * Adding and deleting SAs is MP safe since when they are added/delete
- * no traffic is using them
- */
- am->is_mp_safe[VL_API_IPSEC_SAD_ENTRY_ADD_DEL] = 1;
- am->is_mp_safe[VL_API_IPSEC_SAD_ENTRY_ADD_DEL_REPLY] = 1;
-
/*
* Set up the (msg_name, crc, message-id) table
*/