Add new lisp API - Show pitr

[vpp.git] / vnet / vnet / ipsec / ipsec_output.c

diff --git a/vnet/vnet/ipsec/ipsec_output.c b/vnet/vnet/ipsec/ipsec_output.c
index ac5968b..ca82a24 100644 (file)
--- a/vnet/vnet/ipsec/ipsec_output.c
+++ b/vnet/vnet/ipsec/ipsec_output.c
@@ -21,6 +21,7 @@
 
 #include <vnet/ipsec/ipsec.h>
 
+#if IPSEC > 0
 
 #define foreach_ipsec_output_next                \
 _(DROP, "error-drop")                            \
@@ -57,7 +58,7 @@ static char * ipsec_output_error_strings[] = {
 #undef _
 };
 
-vlib_node_registration_t ipsec_output_node;
+static vlib_node_registration_t ipsec_output_node;
 
 typedef struct {
   u32 spd_id;
@@ -146,8 +147,8 @@ ip6_addr_match_range (ip6_address_t * a, ip6_address_t * la, ip6_address_t * ua)
 
 always_inline ipsec_policy_t *
 ipsec_output_ip6_policy_match (ipsec_spd_t * spd,
-                               ip6_address_t * sa,
-                               ip6_address_t * da,
+                               ip6_address_t * la,
+                               ip6_address_t * ra,
                                u16 lp,
                                u16 rp,
                                u8 pr)
@@ -161,10 +162,10 @@ ipsec_output_ip6_policy_match (ipsec_spd_t * spd,
       if (PREDICT_FALSE(p->protocol && (p->protocol != pr)))
         continue;
 
-      if (!ip6_addr_match_range(sa, &p->raddr.start.ip6, &p->raddr.stop.ip6))
+      if (!ip6_addr_match_range(ra, &p->raddr.start.ip6, &p->raddr.stop.ip6))
         continue;
 
-      if (!ip6_addr_match_range(da, &p->laddr.start.ip6, &p->laddr.stop.ip6))
+      if (!ip6_addr_match_range(la, &p->laddr.start.ip6, &p->laddr.stop.ip6))
         continue;
 
       if (PREDICT_FALSE((pr != IP_PROTOCOL_TCP) && (pr != IP_PROTOCOL_UDP)))
@@ -385,7 +386,7 @@ dispatch0:
   return from_frame->n_vectors;
 }
 
-VLIB_REGISTER_NODE (ipsec_output_node) = {
+VLIB_REGISTER_NODE (ipsec_output_node,static) = {
   .function = ipsec_output_node_fn,
   .name = "ipsec-output",
   .vector_size = sizeof (u32),
@@ -403,3 +404,25 @@ VLIB_REGISTER_NODE (ipsec_output_node) = {
 #undef _
   },
 };
+
+VLIB_NODE_FUNCTION_MULTIARCH (ipsec_output_node, ipsec_output_node_fn)
+
+#else /* IPSEC > 1 */
+
+/* Dummy ipsec output node, in case when IPSec is disabled */
+
+static uword
+ipsec_output_node_fn (vlib_main_t * vm,
+                 vlib_node_runtime_t * node,
+                 vlib_frame_t * frame)
+{
+  clib_warning ("IPSec disabled");
+  return 0;
+}
+
+VLIB_REGISTER_NODE (ipsec_output_node) = {
+  .vector_size = sizeof (u32),
+  .function = ipsec_output_node_fn,
+  .name = "ipsec-output",
+};
+#endif