ipsec_sa_t *sa;
sa = ipsec_sa_get (t->output_sa_index);
- if (sa->crypto_alg == IPSEC_CRYPTO_ALG_NONE)
+ if (sa->crypto_alg == IPSEC_CRYPTO_ALG_NONE &&
+ sa->integ_alg == IPSEC_INTEG_ALG_NONE)
{
esp4_feature_index = im->esp4_no_crypto_tun_feature_index;
esp6_feature_index = im->esp6_no_crypto_tun_feature_index;
int
ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
ipsec_add_del_tunnel_args_t * args,
- u32 * sw_if_index)
+ u32 * sw_if_index_p)
{
ipsec_tunnel_if_t *t;
ipsec_main_t *im = &ipsec_main;
vnet_hw_interface_t *hi = NULL;
u32 hw_if_index = ~0;
+ u32 sw_if_index = ~0;
uword *p;
u32 dev_instance;
ipsec_key_t crypto_key, integ_key;
if (!is_ip6)
{
- key4.remote_ip = args->remote_ip.ip4.as_u32;
+ key4.remote_ip.as_u32 = args->remote_ip.ip4.as_u32;
key4.spi = clib_host_to_net_u32 (args->remote_spi);
p = hash_get (im->ipsec4_if_pool_index_by_key, key4.as_u64);
}
t - im->tunnel_interfaces);
hi = vnet_get_hw_interface (vnm, hw_if_index);
+ sw_if_index = hi->sw_if_index;
t->hw_if_index = hw_if_index;
t->sw_if_index = hi->sw_if_index;
ti = p[0];
t = pool_elt_at_index (im->tunnel_interfaces, ti);
hi = vnet_get_hw_interface (vnm, t->hw_if_index);
+ sw_if_index = hi->sw_if_index;
+
vnet_sw_interface_set_flags (vnm, hi->sw_if_index, 0); /* admin down */
ipsec_tunnel_feature_set (im, t, 0);
hash_unset_mem_free (&im->ipsec6_if_pool_index_by_key, &key6);
else
hash_unset (im->ipsec4_if_pool_index_by_key, key4.as_u64);
-
hash_unset (im->ipsec_if_real_dev_by_show_dev, t->show_instance);
+
im->ipsec_if_by_sw_if_index[t->sw_if_index] = ~0;
/* delete input and output SA */
pool_put (im->tunnel_interfaces, t);
}
- if (sw_if_index)
- *sw_if_index = hi->sw_if_index;
+ if (sw_if_index_p)
+ *sw_if_index_p = sw_if_index;
return 0;
}
ipsec4_tunnel_key_t key;
/* unset old inbound hash entry. packets should stop arriving */
- key.remote_ip = old_sa->tunnel_src_addr.ip4.as_u32;
+ key.remote_ip.as_u32 = old_sa->tunnel_src_addr.ip4.as_u32;
key.spi = clib_host_to_net_u32 (old_sa->spi);
p = hash_get (im->ipsec4_if_pool_index_by_key, key.as_u64);
/* set new inbound SA, then set new hash entry */
t->input_sa_index = sa_index;
- key.remote_ip = sa->tunnel_src_addr.ip4.as_u32;
+ key.remote_ip.as_u32 = sa->tunnel_src_addr.ip4.as_u32;
key.spi = clib_host_to_net_u32 (sa->spi);
hash_set (im->ipsec4_if_pool_index_by_key, key.as_u64,
sizeof (uword));
im->ipsec_if_real_dev_by_show_dev = hash_create (0, sizeof (uword));
- udp_register_dst_port (vm, UDP_DST_PORT_ipsec, ipsec4_if_input_node.index,
- 1);
-
/* set up feature nodes to drop outbound packets with no crypto alg set */
ipsec_add_feature ("ip4-output", "esp4-no-crypto",
&im->esp4_no_crypto_tun_feature_index);
ipsec_add_feature ("ip6-output", "esp6-no-crypto",
&im->esp6_no_crypto_tun_feature_index);
+ udp_register_dst_port (vlib_get_main (),
+ UDP_DST_PORT_ipsec, ipsec4_if_input_node.index, 1);
return 0;
}
Code Review / vpp.git / blobdiff