ipsec: Reference count the SAs

[vpp.git] / src / vnet / lisp-cp / control.c

diff --git a/src/vnet/lisp-cp/control.c b/src/vnet/lisp-cp/control.c
index 340217c..774eae7 100644 (file)
--- a/src/vnet/lisp-cp/control.c
+++ b/src/vnet/lisp-cp/control.c
@@ -2297,6 +2297,9 @@ vnet_lisp_enable_disable (u8 is_enable)
        }
     }
 
+  if (is_enable)
+    vnet_lisp_create_retry_process (lcm);
+
   /* update global flag */
   lcm->is_enabled = is_enable;
 
@@ -2725,6 +2728,22 @@ build_map_register_record_list (lisp_cp_main_t * lcm)
   return recs;
 }
 
+static vnet_crypto_alg_t
+lisp_key_type_to_crypto_alg (lisp_key_type_t key_id)
+{
+  switch (key_id)
+    {
+    case HMAC_SHA_1_96:
+      return VNET_CRYPTO_ALG_HMAC_SHA1;
+    case HMAC_SHA_256_128:
+      return VNET_CRYPTO_ALG_HMAC_SHA256;
+    default:
+      clib_warning ("unsupported encryption key type: %d!", key_id);
+      break;
+    }
+  return VNET_CRYPTO_ALG_NONE;
+}
+
 static vnet_crypto_op_id_t
 lisp_key_type_to_crypto_op (lisp_key_type_t key_id)
 {
@@ -2750,17 +2769,23 @@ update_map_register_auth_data (map_register_hdr_t * map_reg_hdr,
   MREG_KEY_ID (map_reg_hdr) = clib_host_to_net_u16 (key_id);
   MREG_AUTH_DATA_LEN (map_reg_hdr) = clib_host_to_net_u16 (auth_data_len);
   vnet_crypto_op_t _op, *op = &_op;
+  vnet_crypto_key_index_t ki;
 
   vnet_crypto_op_init (op, lisp_key_type_to_crypto_op (key_id));
-  op->key = key;
-  op->key_len = vec_len (key);
   op->len = msg_len;
   op->digest = MREG_DATA (map_reg_hdr);
   op->src = (u8 *) map_reg_hdr;
   op->digest_len = 0;
   op->iv = 0;
 
+  ki = vnet_crypto_key_add (lcm->vlib_main,
+                           lisp_key_type_to_crypto_alg (key_id), key,
+                           vec_len (key));
+
+  op->key_index = ki;
+
   vnet_crypto_process_ops (lcm->vlib_main, op, 1);
+  vnet_crypto_key_del (lcm->vlib_main, ki);
 
   return 0;
 }
@@ -3926,6 +3951,7 @@ is_auth_data_valid (map_notify_hdr_t * h, u32 msg_len,
   u16 auth_data_len;
   int result;
   vnet_crypto_op_t _op, *op = &_op;
+  vnet_crypto_key_index_t ki;
   u8 out[EVP_MAX_MD_SIZE] = { 0, };
 
   auth_data_len = auth_data_len_by_key_id (key_id);
@@ -3943,15 +3969,20 @@ is_auth_data_valid (map_notify_hdr_t * h, u32 msg_len,
   clib_memset (MNOTIFY_DATA (h), 0, auth_data_len);
 
   vnet_crypto_op_init (op, lisp_key_type_to_crypto_op (key_id));
-  op->key = key;
-  op->key_len = vec_len (key);
   op->len = msg_len;
   op->digest = out;
   op->src = (u8 *) h;
   op->digest_len = 0;
   op->iv = 0;
 
+  ki = vnet_crypto_key_add (lcm->vlib_main,
+                           lisp_key_type_to_crypto_alg (key_id), key,
+                           vec_len (key));
+
+  op->key_index = ki;
+
   vnet_crypto_process_ops (lcm->vlib_main, op, 1);
+  vnet_crypto_key_del (lcm->vlib_main, ki);
 
   result = memcmp (out, auth_data, auth_data_len);
 
@@ -4329,7 +4360,7 @@ parse_map_reply (vlib_buffer_t * b)
   a->is_rloc_probe = MREP_RLOC_PROBE (mrep_hdr);
   if (!vlib_buffer_has_space (b, sizeof (*mrep_hdr)))
     {
-      clib_mem_free (a);
+      map_records_arg_free (a);
       return 0;
     }
   vlib_buffer_pull (b, sizeof (*mrep_hdr));
@@ -4875,14 +4906,17 @@ vnet_lisp_stats_enable_disable_state (void)
   return lcm->flags & LISP_FLAG_STATS_ENABLED;
 }
 
-/* *INDENT-OFF* */
-VLIB_REGISTER_NODE (lisp_retry_service_node,static) = {
-    .function = send_map_resolver_service,
-    .type = VLIB_NODE_TYPE_PROCESS,
-    .name = "lisp-retry-service",
-    .process_log2_n_stack_bytes = 16,
-};
-/* *INDENT-ON* */
+void
+vnet_lisp_create_retry_process (lisp_cp_main_t * lcm)
+{
+  if (lcm->retry_service_index)
+    return;
+
+  lcm->retry_service_index = vlib_process_create (vlib_get_main (),
+                                                 "lisp-retry-service",
+                                                 send_map_resolver_service,
+                                                 16 /* stack_bytes */ );
+}
 
 u32
 vnet_lisp_set_transport_protocol (u8 protocol)