ipsec_sa_t *sa;
sa = ipsec_sa_get (t->output_sa_index);
- if (sa->crypto_alg == IPSEC_CRYPTO_ALG_NONE)
+ if (sa->crypto_alg == IPSEC_CRYPTO_ALG_NONE &&
+ sa->integ_alg == IPSEC_INTEG_ALG_NONE)
{
esp4_feature_index = im->esp4_no_crypto_tun_feature_index;
esp6_feature_index = im->esp6_no_crypto_tun_feature_index;
if (!is_ip6)
{
- key4.remote_ip = args->remote_ip.ip4.as_u32;
+ key4.remote_ip.as_u32 = args->remote_ip.ip4.as_u32;
key4.spi = clib_host_to_net_u32 (args->remote_spi);
p = hash_get (im->ipsec4_if_pool_index_by_key, key4.as_u64);
}
hash_unset_mem_free (&im->ipsec6_if_pool_index_by_key, &key6);
else
hash_unset (im->ipsec4_if_pool_index_by_key, key4.as_u64);
-
hash_unset (im->ipsec_if_real_dev_by_show_dev, t->show_instance);
+
im->ipsec_if_by_sw_if_index[t->sw_if_index] = ~0;
/* delete input and output SA */
ipsec4_tunnel_key_t key;
/* unset old inbound hash entry. packets should stop arriving */
- key.remote_ip = old_sa->tunnel_src_addr.ip4.as_u32;
+ key.remote_ip.as_u32 = old_sa->tunnel_src_addr.ip4.as_u32;
key.spi = clib_host_to_net_u32 (old_sa->spi);
p = hash_get (im->ipsec4_if_pool_index_by_key, key.as_u64);
/* set new inbound SA, then set new hash entry */
t->input_sa_index = sa_index;
- key.remote_ip = sa->tunnel_src_addr.ip4.as_u32;
+ key.remote_ip.as_u32 = sa->tunnel_src_addr.ip4.as_u32;
key.spi = clib_host_to_net_u32 (sa->spi);
hash_set (im->ipsec4_if_pool_index_by_key, key.as_u64,
sizeof (uword));
im->ipsec_if_real_dev_by_show_dev = hash_create (0, sizeof (uword));
- udp_register_dst_port (vm, UDP_DST_PORT_ipsec, ipsec4_if_input_node.index,
- 1);
-
/* set up feature nodes to drop outbound packets with no crypto alg set */
ipsec_add_feature ("ip4-output", "esp4-no-crypto",
&im->esp4_no_crypto_tun_feature_index);
ipsec_add_feature ("ip6-output", "esp6-no-crypto",
&im->esp6_no_crypto_tun_feature_index);
+ udp_register_dst_port (vlib_get_main (),
+ UDP_DST_PORT_ipsec, ipsec4_if_input_node.index, 1);
return 0;
}