if (args->udp_encap)
flags |= IPSEC_SA_FLAG_UDP_ENCAP;
if (args->esn)
- flags |= IPSEC_SA_FLAG_USE_EXTENDED_SEQ_NUM;
+ flags |= IPSEC_SA_FLAG_USE_ESN;
if (args->anti_replay)
flags |= IPSEC_SA_FLAG_USE_ANTI_REPLAY;
&crypto_key,
args->integ_alg,
&integ_key,
- flags,
+ (flags | IPSEC_SA_FLAG_IS_INBOUND),
args->tx_table_id,
+ args->salt,
&args->remote_ip,
&args->local_ip, &t->input_sa_index);
&integ_key,
flags,
args->tx_table_id,
+ args->salt,
&args->local_ip,
&args->remote_ip, &t->output_sa_index);
t->hw_if_index = hw_if_index;
t->sw_if_index = hi->sw_if_index;
+ /* Standard default jumbo MTU. */
+ vnet_sw_interface_set_mtu (vnm, t->sw_if_index, 9000);
+
/* Add the new tunnel to the DB of tunnels per sw_if_index ... */
vec_validate_init_empty (im->ipsec_if_by_sw_if_index, t->sw_if_index,
~0);
int
ipsec_add_del_ipsec_gre_tunnel (vnet_main_t * vnm,
- ipsec_add_del_ipsec_gre_tunnel_args_t * args)
+ const ipsec_gre_tunnel_add_del_args_t * args)
{
ipsec_tunnel_if_t *t = 0;
ipsec_main_t *im = &ipsec_main;
p = hash_get (im->sa_index_by_sa_id, args->local_sa_id);
if (!p)
return VNET_API_ERROR_INVALID_VALUE;
- isa = p[0];
+ osa = p[0];
+ sa = pool_elt_at_index (im->sad, p[0]);
+ ipsec_sa_set_IS_GRE (sa);
p = hash_get (im->sa_index_by_sa_id, args->remote_sa_id);
if (!p)
return VNET_API_ERROR_INVALID_VALUE;
- osa = p[0];
+ isa = p[0];
sa = pool_elt_at_index (im->sad, p[0]);
+ ipsec_sa_set_IS_GRE (sa);
+ /* we form the key from the input/remote SA whose tunnel is srouce
+ * at the remote end */
if (ipsec_sa_is_set_IS_TUNNEL (sa))
{
- key.remote_ip = sa->tunnel_dst_addr.ip4.as_u32;
+ key.remote_ip = sa->tunnel_src_addr.ip4.as_u32;
key.spi = clib_host_to_net_u32 (sa->spi);
}
else
{
- key.remote_ip = args->remote_ip.as_u32;
+ key.remote_ip = args->src.as_u32;
key.spi = clib_host_to_net_u32 (sa->spi);
}