X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fipsec%2Fipsec.c;h=928cafd5e25a38dd00230f2d38bd432ffa2d904b;hb=4b089f27b3eda69be2fc8a9ef9f74d39cd00fc7f;hp=cd05c1bb9bfaaf7575ebc9330d7bed5c3b0a860d;hpb=ca514fda1125573d513215cb6ea7f22057a82d6b;p=vpp.git

diff --git a/src/vnet/ipsec/ipsec.c b/src/vnet/ipsec/ipsec.c
index cd05c1bb9bf..928cafd5e25 100644
--- a/src/vnet/ipsec/ipsec.c
+++ b/src/vnet/ipsec/ipsec.c
@@ -19,10 +19,13 @@
 #include <vnet/api_errno.h>
 #include <vnet/ip/ip.h>
 #include <vnet/interface.h>
+#include <vnet/udp/udp.h>
 
 #include <vnet/ipsec/ipsec.h>
 #include <vnet/ipsec/ikev2.h>
 #include <vnet/ipsec/esp.h>
+#include <vnet/ipsec/ah.h>
+
 
 ipsec_main_t ipsec_main;
 
@@ -365,13 +368,13 @@ ipsec_add_del_policy (vlib_main_t * vm, ipsec_policy_t * policy, int is_add)
                       if (vec_elt(spd->ipv4_inbound_policy_discard_and_bypass_indices, j) == i) {
                         vec_del1 (spd->ipv4_inbound_policy_discard_and_bypass_indices, j);
                         break;
+                      }
                     }
                   }
               }
           }
           pool_put (spd->policies, vp);
           break;
-        }
       }));
       /* *INDENT-ON* */
     }
@@ -410,7 +413,8 @@ ipsec_is_sa_used (u32 sa_index)
 }
 
 int
-ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add)
+ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add,
+		  u8 udp_encap)
 {
   ipsec_main_t *im = &ipsec_main;
   ipsec_sa_t *sa = 0;
@@ -449,6 +453,7 @@ ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add)
       pool_get (im->sad, sa);
       clib_memcpy (sa, new_sa, sizeof (*sa));
       sa_index = sa - im->sad;
+      sa->udp_encap = udp_encap ? 1 : 0;
       hash_set (im->sa_index_by_sa_id, sa->id, sa_index);
       if (im->cb.add_del_sa_sess_cb)
 	{
@@ -567,8 +572,18 @@ ipsec_init (vlib_main_t * vm)
   ASSERT (node);
   im->esp_decrypt_node_index = node->index;
 
+  node = vlib_get_node_by_name (vm, (u8 *) "ah-encrypt");
+  ASSERT (node);
+  im->ah_encrypt_node_index = node->index;
+
+  node = vlib_get_node_by_name (vm, (u8 *) "ah-decrypt");
+  ASSERT (node);
+  im->ah_decrypt_node_index = node->index;
+
   im->esp_encrypt_next_index = IPSEC_OUTPUT_NEXT_ESP_ENCRYPT;
   im->esp_decrypt_next_index = IPSEC_INPUT_NEXT_ESP_DECRYPT;
+  im->ah_encrypt_next_index = IPSEC_OUTPUT_NEXT_AH_ENCRYPT;
+  im->ah_decrypt_next_index = IPSEC_INPUT_NEXT_AH_DECRYPT;
 
   im->cb.check_support_cb = ipsec_check_support;
 
@@ -578,7 +593,7 @@ ipsec_init (vlib_main_t * vm)
   if ((error = vlib_call_init_function (vm, ipsec_tunnel_if_init)))
     return error;
 
-  esp_init ();
+  ipsec_proto_init ();
 
   if ((error = ikev2_init (vm)))
     return error;