Code Review / vpp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
ip: add support for buffer offload metadata in ip midchain
[vpp.git] / src / vnet / ipsec / ipsec_tun.c
diff --git a/src/vnet/ipsec/ipsec_tun.c b/src/vnet/ipsec/ipsec_tun.c
index ef84d13..ecda291 100644 (file)
--- a/src/vnet/ipsec/ipsec_tun.c
+++ b/src/vnet/ipsec/ipsec_tun.c
@@ -101,14 +101,12 @@ ipsec_tun_register_nodes (ip_address_family_t af)
   if (0 == ipsec_tun_node_regs[af]++)
     {
       if (AF_IP4 == af)
-       {
-         ipsec_register_udp_port (UDP_DST_PORT_ipsec);
-         ip4_register_protocol (IP_PROTOCOL_IPSEC_ESP,
-                                ipsec4_tun_input_node.index);
-       }
+       ip4_register_protocol (IP_PROTOCOL_IPSEC_ESP,
+                              ipsec4_tun_input_node.index);
       else
        ip6_register_protocol (IP_PROTOCOL_IPSEC_ESP,
                               ipsec6_tun_input_node.index);
+      ipsec_register_udp_port (UDP_DST_PORT_ipsec, (AF_IP4 == af));
     }
 }
 
@@ -119,12 +117,10 @@ ipsec_tun_unregister_nodes (ip_address_family_t af)
   if (0 == --ipsec_tun_node_regs[af])
     {
       if (AF_IP4 == af)
-       {
-         ipsec_unregister_udp_port (UDP_DST_PORT_ipsec);
-         ip4_unregister_protocol (IP_PROTOCOL_IPSEC_ESP);
-       }
+       ip4_unregister_protocol (IP_PROTOCOL_IPSEC_ESP);
       else
        ip6_unregister_protocol (IP_PROTOCOL_IPSEC_ESP);
+      ipsec_unregister_udp_port (UDP_DST_PORT_ipsec, (AF_IP4 == af));
     }
 }
 
@@ -175,12 +171,6 @@ ipsec_tun_protect_get_adj_next (vnet_link_t linkt,
   return (next);
 }
 
-static void
-ipsec_tun_reset_tx_nodes (u32 sw_if_index)
-{
-  vnet_reset_interface_l3_output_node (vlib_get_main (), sw_if_index);
-}
-
 static void
 ipsec_tun_setup_tx_nodes (u32 sw_if_index, const ipsec_tun_protect_t *itp)
 {
@@ -246,7 +236,6 @@ ipsec_tun_protect_rx_db_add (ipsec_main_t * im,
   if (ip46_address_is_zero (&itp->itp_crypto.dst))
     return;
 
-  /* *INDENT-OFF* */
   FOR_EACH_IPSEC_PROTECT_INPUT_SAI(itp, sai,
   ({
       sa = ipsec_sa_get (sai);
@@ -301,7 +290,6 @@ ipsec_tun_protect_rx_db_add (ipsec_main_t * im,
          ipsec_tun_register_nodes (AF_IP6);
        }
   }))
-  /* *INDENT-ON* */
 }
 
 static adj_walk_rc_t
@@ -381,7 +369,6 @@ ipsec_tun_protect_rx_db_remove (ipsec_main_t * im,
 {
   const ipsec_sa_t *sa;
 
-  /* *INDENT-OFF* */
   FOR_EACH_IPSEC_PROTECT_INPUT_SA(itp, sa,
   ({
     if (ip46_address_is_ip4 (&itp->itp_crypto.dst))
@@ -415,7 +402,6 @@ ipsec_tun_protect_rx_db_remove (ipsec_main_t * im,
           }
       }
   }));
-  /* *INDENT-ON* */
 }
 
 static adj_walk_rc_t
@@ -444,7 +430,7 @@ ipsec_tun_protect_tx_db_remove (ipsec_tun_protect_t * itp)
 
   if (vnet_sw_interface_is_p2p (vnet_get_main (), itp->itp_sw_if_index))
     {
-      ipsec_tun_reset_tx_nodes (itp->itp_sw_if_index);
+      ipsec_itf_reset_tx_nodes (itp->itp_sw_if_index);
       idi->id_itp = INDEX_INVALID;
 
       FOR_EACH_FIB_IP_PROTOCOL (nh_proto)
@@ -460,7 +446,7 @@ ipsec_tun_protect_tx_db_remove (ipsec_tun_protect_t * itp)
 
       if (0 == hash_elts (idi->id_hash))
        {
-         ipsec_tun_reset_tx_nodes (itp->itp_sw_if_index);
+         ipsec_itf_reset_tx_nodes (itp->itp_sw_if_index);
          hash_free (idi->id_hash);
          idi->id_hash = NULL;
        }
@@ -474,7 +460,6 @@ ipsec_tun_protect_set_crypto_addr (ipsec_tun_protect_t * itp)
 {
   ipsec_sa_t *sa;
 
-  /* *INDENT-OFF* */
   FOR_EACH_IPSEC_PROTECT_INPUT_SA(itp, sa,
   ({
     if (ipsec_sa_is_set_IS_TUNNEL (sa))
@@ -494,7 +479,6 @@ ipsec_tun_protect_set_crypto_addr (ipsec_tun_protect_t * itp)
         itp->itp_flags &= ~IPSEC_PROTECT_ENCAPED;
       }
   }));
-  /* *INDENT-ON* */
 }
 
 static void
@@ -514,13 +498,11 @@ ipsec_tun_protect_config (ipsec_main_t * im,
   if (itp->itp_flags & IPSEC_PROTECT_ITF)
     ipsec_sa_set_NO_ALGO_NO_DROP (ipsec_sa_get (itp->itp_out_sa));
 
-  /* *INDENT-OFF* */
   FOR_EACH_IPSEC_PROTECT_INPUT_SAI(itp, sai,
   ({
     ipsec_sa_lock(sai);
   }));
   ipsec_tun_protect_set_crypto_addr(itp);
-  /* *INDENT-ON* */
 
   /*
    * add to the DB against each SA
@@ -537,7 +519,6 @@ ipsec_tun_protect_unconfig (ipsec_main_t * im, ipsec_tun_protect_t * itp)
   ipsec_sa_t *sa;
   index_t sai;
 
-  /* *INDENT-OFF* */
   FOR_EACH_IPSEC_PROTECT_INPUT_SA(itp, sa,
   ({
     ipsec_sa_unset_IS_PROTECT (sa);
@@ -553,7 +534,6 @@ ipsec_tun_protect_unconfig (ipsec_main_t * im, ipsec_tun_protect_t * itp)
   ({
     ipsec_sa_unlock(sai);
   }));
-  /* *INDENT-ON* */
   ITP_DBG (itp, "unconfigured");
 }
 
@@ -761,12 +741,10 @@ ipsec_tun_protect_walk (ipsec_tun_protect_walk_cb_t fn, void *ctx)
 {
   index_t itpi;
 
-  /* *INDENT-OFF* */
   pool_foreach_index (itpi, ipsec_tun_protect_pool)
    {
     fn (itpi, ctx);
   }
-  /* *INDENT-ON* */
 }
 
 void
@@ -782,12 +760,10 @@ ipsec_tun_protect_walk_itf (u32 sw_if_index,
 
   idi = &itp_db.id_itf[sw_if_index];
 
-  /* *INDENT-OFF* */
   hash_foreach(key, itpi, idi->id_hash,
   ({
     fn (itpi, ctx);
   }));
-  /* *INDENT-ON* */
   if (INDEX_INVALID != idi->id_itp)
     fn (idi->id_itp, ctx);
 }
Vector Packet Processing