IPSEC: tunnel fragmentation

[vpp.git] / src / vnet / ipsec / ipsec_if.c

diff --git a/src/vnet/ipsec/ipsec_if.c b/src/vnet/ipsec/ipsec_if.c
index 304c52e..17f28a0 100644 (file)
--- a/src/vnet/ipsec/ipsec_if.c
+++ b/src/vnet/ipsec/ipsec_if.c
@@ -69,11 +69,15 @@ ipsec_if_tunnel_stack (adj_index_t ai)
 
       sa = ipsec_sa_get (it->output_sa_index);
 
+      /* *INDENT-OFF* */
       fib_prefix_t pfx = {
        .fp_addr = sa->tunnel_dst_addr,
-       .fp_len = (sa->is_tunnel_ip6 ? 128 : 32),
-       .fp_proto = (sa->is_tunnel_ip6 ? FIB_PROTOCOL_IP6 : FIB_PROTOCOL_IP4),
+       .fp_len = (ipsec_sa_is_set_IS_TUNNEL_V6(sa) ? 128 : 32),
+       .fp_proto = (ipsec_sa_is_set_IS_TUNNEL_V6(sa) ?
+                     FIB_PROTOCOL_IP6 :
+                     FIB_PROTOCOL_IP4),
       };
+      /* *INDENT-ON* */
 
       adj_midchain_delegate_stack (ai, sa->tx_fib_index, &pfx);
     }
@@ -286,7 +290,7 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
       if (args->udp_encap)
        flags |= IPSEC_SA_FLAG_UDP_ENCAP;
       if (args->esn)
-       flags |= IPSEC_SA_FLAG_USE_EXTENDED_SEQ_NUM;
+       flags |= IPSEC_SA_FLAG_USE_ESN;
       if (args->anti_replay)
        flags |= IPSEC_SA_FLAG_USE_ANTI_REPLAY;
 
@@ -348,6 +352,9 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
       t->hw_if_index = hw_if_index;
       t->sw_if_index = hi->sw_if_index;
 
+      /* Standard default jumbo MTU. */
+      vnet_sw_interface_set_mtu (vnm, t->sw_if_index, 9000);
+
       /* Add the new tunnel to the DB of tunnels per sw_if_index ... */
       vec_validate_init_empty (im->ipsec_if_by_sw_if_index, t->sw_if_index,
                               ~0);