#define _(s,v) vec_free(spd->policies[IPSEC_SPD_POLICY_##s]);
foreach_ipsec_spd_policy_type
#undef _
- pool_put (im->spds, spd);
+ if (im->ipv4_fp_spd_is_enabled)
+ {
+ ipsec_spd_fp_t *fp_spd = &spd->fp_spd;
+
+ clib_bihash_free_16_8 (&fp_spd->fp_ip4_lookup_hash);
+ }
+
+ if (im->ipv6_fp_spd_is_enabled)
+ {
+ ipsec_spd_fp_t *fp_spd = &spd->fp_spd;
+
+ clib_bihash_free_40_8 (&fp_spd->fp_ip6_lookup_hash);
+ }
+
+ pool_put (im->spds, spd);
}
- else /* create new SPD */
+ else /* create new SPD */
{
pool_get (im->spds, spd);
clib_memset (spd, 0, sizeof (*spd));
spd_index = spd - im->spds;
spd->id = spd_id;
hash_set (im->spd_index_by_spd_id, spd_id, spd_index);
+ if (im->ipv4_fp_spd_is_enabled)
+ {
+ ipsec_spd_fp_t *fp_spd = &spd->fp_spd;
+
+ clib_bihash_init_16_8 (
+ &fp_spd->fp_ip4_lookup_hash, "SPD_FP ip4 rules lookup bihash",
+ im->fp_lookup_hash_buckets,
+ im->fp_lookup_hash_buckets * IPSEC_FP_IP4_HASH_MEM_PER_BUCKET);
+ }
+ if (im->ipv6_fp_spd_is_enabled)
+ {
+ ipsec_spd_fp_t *fp_spd = &spd->fp_spd;
+
+ clib_bihash_init_40_8 (
+ &fp_spd->fp_ip6_lookup_hash, "SPD_FP ip6 rules lookup bihash",
+ im->fp_lookup_hash_buckets,
+ im->fp_lookup_hash_buckets * IPSEC_FP_IP6_HASH_MEM_PER_BUCKET);
+ fp_spd->fp_ip6_lookup_hash_initialized = 1;
+ }
}
return 0;
}
p = hash_get (im->spd_index_by_sw_if_index, sw_if_index);
if (p && is_add)
- return VNET_API_ERROR_SYSCALL_ERROR_1; /* spd already assigned */
+ return VNET_API_ERROR_SYSCALL_ERROR_2; /* spd already assigned */
if (is_add)
{
hash_unset (im->spd_index_by_sw_if_index, sw_if_index);
}
- clib_warning ("sw_if_index %u spd_id %u spd_index %u",
- sw_if_index, spd_id, spd_index);
-
/* enable IPsec on TX */
vnet_feature_enable_disable ("ip4-output", "ipsec4-output-feature",
sw_if_index, is_add, 0, 0);
Code Review / vpp.git / blobdiff