#include <vnet/ip/ip.h>
#include <vnet/ipsec/ipsec.h>
-#if DPDK_CRYPTO==1
-#include <vnet/devices/dpdk/ipsec/esp.h>
-#else
#include <vnet/ipsec/esp.h>
-#endif
-
-#if DPDK_CRYPTO==0
-/* dummy function */
-static int
-add_del_sa_sess (u32 sa_index, u8 is_add)
-{
- return 0;
-}
-#endif
void vl_api_rpc_call_main_thread (void *fp, u8 * data, u32 data_length);
return frame->n_vectors;
}
+static clib_error_t *
+ipsec_admin_up_down_function (vnet_main_t * vnm, u32 hw_if_index, u32 flags)
+{
+ ipsec_main_t *im = &ipsec_main;
+ clib_error_t *err = 0;
+ ipsec_tunnel_if_t *t;
+ vnet_hw_interface_t *hi;
+ ipsec_sa_t *sa;
+
+ hi = vnet_get_hw_interface (vnm, hw_if_index);
+ if (flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP)
+ {
+ t = pool_elt_at_index (im->tunnel_interfaces, hi->hw_instance);
+ ASSERT (im->cb.check_support_cb);
+ sa = pool_elt_at_index (im->sad, t->input_sa_index);
+ err = im->cb.check_support_cb (sa);
+ if (err)
+ return err;
+
+ sa = pool_elt_at_index (im->sad, t->output_sa_index);
+ err = im->cb.check_support_cb (sa);
+ if (err)
+ return err;
+
+ vnet_hw_interface_set_flags (vnm, hw_if_index,
+ VNET_HW_INTERFACE_FLAG_LINK_UP);
+ }
+ else
+ vnet_hw_interface_set_flags (vnm, hw_if_index, 0 /* down */ );
+
+ return /* no error */ 0;
+}
+
/* *INDENT-OFF* */
VNET_DEVICE_CLASS (ipsec_device_class, static) =
{
.format_device_name = format_ipsec_name,
.format_tx_trace = format_ipsec_if_output_trace,
.tx_function = dummy_interface_tx,
+ .admin_up_down_function = ipsec_admin_up_down_function,
};
/* *INDENT-ON* */
};
/* *INDENT-ON* */
-static int
-ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
- ipsec_add_del_tunnel_args_t * args);
-
static int
ipsec_add_del_tunnel_if_rpc_callback (ipsec_add_del_tunnel_args_t * a)
{
vnet_main_t *vnm = vnet_get_main ();
- ASSERT (os_get_cpu_number () == 0);
+ ASSERT (vlib_get_thread_index () == 0);
- return ipsec_add_del_tunnel_if_internal (vnm, a);
+ return ipsec_add_del_tunnel_if_internal (vnm, a, NULL);
}
int
int
ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
- ipsec_add_del_tunnel_args_t * args)
+ ipsec_add_del_tunnel_args_t * args,
+ u32 * sw_if_index)
{
ipsec_tunnel_if_t *t;
ipsec_main_t *im = &ipsec_main;
- vnet_hw_interface_t *hi;
+ vnet_hw_interface_t *hi = NULL;
u32 hw_if_index = ~0;
uword *p;
ipsec_sa_t *sa;
args->remote_crypto_key_len);
}
- add_del_sa_sess (t->input_sa_index, args->is_add);
+ if (im->cb.add_del_sa_sess_cb &&
+ im->cb.add_del_sa_sess_cb (t->input_sa_index, args->is_add) < 0)
+ return VNET_API_ERROR_SYSCALL_ERROR_1;
pool_get (im->sad, sa);
memset (sa, 0, sizeof (*sa));
args->local_crypto_key_len);
}
- add_del_sa_sess (t->output_sa_index, args->is_add);
+ if (im->cb.add_del_sa_sess_cb &&
+ im->cb.add_del_sa_sess_cb (t->output_sa_index, args->is_add) < 0)
+ return VNET_API_ERROR_SYSCALL_ERROR_1;
hash_set (im->ipsec_if_pool_index_by_key, key,
t - im->tunnel_interfaces);
t - im->tunnel_interfaces,
ipsec_hw_class.index,
t - im->tunnel_interfaces);
-
- hi = vnet_get_hw_interface (vnm, hw_if_index);
- hi->output_node_index = ipsec_if_output_node.index;
}
+
+ hi = vnet_get_hw_interface (vnm, hw_if_index);
+ hi->output_node_index = ipsec_if_output_node.index;
t->hw_if_index = hw_if_index;
/*1st interface, register protocol */
ip4_register_protocol (IP_PROTOCOL_IPSEC_ESP,
ipsec_if_input_node.index);
- return hw_if_index;
}
else
{
/* delete input and output SA */
sa = pool_elt_at_index (im->sad, t->input_sa_index);
- if (add_del_sa_sess (t->input_sa_index, args->is_add) < 0)
+ if (im->cb.add_del_sa_sess_cb &&
+ im->cb.add_del_sa_sess_cb (t->input_sa_index, args->is_add) < 0)
return VNET_API_ERROR_SYSCALL_ERROR_1;
pool_put (im->sad, sa);
sa = pool_elt_at_index (im->sad, t->output_sa_index);
- if (add_del_sa_sess (t->output_sa_index, args->is_add) < 0)
+ if (im->cb.add_del_sa_sess_cb &&
+ im->cb.add_del_sa_sess_cb (t->output_sa_index, args->is_add) < 0)
return VNET_API_ERROR_SYSCALL_ERROR_1;
pool_put (im->sad, sa);
hash_unset (im->ipsec_if_pool_index_by_key, key);
pool_put (im->tunnel_interfaces, t);
}
+
+ if (sw_if_index)
+ *sw_if_index = hi->sw_if_index;
+
return 0;
}
sa->crypto_key_len = vec_len (key);
clib_memcpy (sa->crypto_key, key, vec_len (key));
- if (add_del_sa_sess (t->input_sa_index, 0) < 0)
+ if (im->cb.add_del_sa_sess_cb &&
+ im->cb.add_del_sa_sess_cb (t->output_sa_index, 0) < 0)
return VNET_API_ERROR_SYSCALL_ERROR_1;
}
else if (type == IPSEC_IF_SET_KEY_TYPE_LOCAL_INTEG)
sa->integ_key_len = vec_len (key);
clib_memcpy (sa->integ_key, key, vec_len (key));
- if (add_del_sa_sess (t->output_sa_index, 0) < 0)
+ if (im->cb.add_del_sa_sess_cb &&
+ im->cb.add_del_sa_sess_cb (t->output_sa_index, 0) < 0)
return VNET_API_ERROR_SYSCALL_ERROR_1;
}
else if (type == IPSEC_IF_SET_KEY_TYPE_REMOTE_CRYPTO)
sa->crypto_key_len = vec_len (key);
clib_memcpy (sa->crypto_key, key, vec_len (key));
- if (add_del_sa_sess (t->input_sa_index, 0) < 0)
+ if (im->cb.add_del_sa_sess_cb &&
+ im->cb.add_del_sa_sess_cb (t->input_sa_index, 0) < 0)
return VNET_API_ERROR_SYSCALL_ERROR_1;
}
else if (type == IPSEC_IF_SET_KEY_TYPE_REMOTE_INTEG)
sa->integ_key_len = vec_len (key);
clib_memcpy (sa->integ_key, key, vec_len (key));
- if (add_del_sa_sess (t->output_sa_index, 0) < 0)
+ if (im->cb.add_del_sa_sess_cb &&
+ im->cb.add_del_sa_sess_cb (t->input_sa_index, 0) < 0)
return VNET_API_ERROR_SYSCALL_ERROR_1;
}
else