#include <vnet/ipsec/ipsec.h>
-#if DPDK_CRYPTO==1
-#define ESP_NODE "dpdk-esp-encrypt"
-#else
-#define ESP_NODE "esp-encrypt"
-#endif
-
#if WITH_LIBSSL > 0
-#define foreach_ipsec_output_next \
-_(DROP, "error-drop") \
-_(ESP_ENCRYPT, ESP_NODE)
-
-#define _(v, s) IPSEC_OUTPUT_NEXT_##v,
-typedef enum
-{
- foreach_ipsec_output_next
-#undef _
- IPSEC_OUTPUT_N_NEXT,
-} ipsec_output_next_t;
-
-
#define foreach_ipsec_output_error \
_(RX_PKTS, "IPSec pkts received") \
_(POLICY_DISCARD, "IPSec policy discard") \
_(POLICY_BYPASS, "IPSec policy bypass") \
_(ENCAPS_FAILED, "IPSec encapsulation failed")
-
typedef enum
{
#define _(sym,str) IPSEC_OUTPUT_ERROR_##sym,
{
if (p0->policy == IPSEC_POLICY_ACTION_PROTECT)
{
+ u32 sa_index = 0;
+ ipsec_sa_t *sa = 0;
nc_protect++;
- next_node_index = im->esp_encrypt_node_index;
+ sa_index = ipsec_get_sa_index_by_sa_id (p0->sa_id);
+ sa = pool_elt_at_index (im->sad, sa_index);
+ if (sa->protocol == IPSEC_PROTOCOL_ESP)
+ next_node_index = im->esp_encrypt_node_index;
+ else
+ next_node_index = im->ah_encrypt_node_index;
vnet_buffer (b0)->ipsec.sad_index = p0->sa_index;
vlib_buffer_advance (b0, iph_offset);
p0->counter.packets++;
Code Review / vpp.git / blobdiff