X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fipsec%2Fipsec_api.c;h=ffc7f59fb8cbc550154bfe3457708cc6a65525bc;hb=bdc0e6b7;hp=361bddbc8d04461a53ac93ce5d59db6deaa84d60;hpb=e86a8edd3c14fb41ace2a12efd17bc7772bf623f;p=vpp.git diff --git a/src/vnet/ipsec/ipsec_api.c b/src/vnet/ipsec/ipsec_api.c index 361bddbc8d0..ffc7f59fb8c 100644 --- a/src/vnet/ipsec/ipsec_api.c +++ b/src/vnet/ipsec/ipsec_api.c @@ -194,8 +194,7 @@ static void vl_api_ipsec_sad_add_del_entry_t_handler sa.spi = ntohl (mp->spi); sa.protocol = mp->protocol; /* check for unsupported crypto-alg */ - if (mp->crypto_algorithm < IPSEC_CRYPTO_ALG_AES_CBC_128 || - mp->crypto_algorithm >= IPSEC_CRYPTO_N_ALG) + if (mp->crypto_algorithm >= IPSEC_CRYPTO_N_ALG) { clib_warning ("unsupported crypto-alg: '%U'", format_ipsec_crypto_alg, mp->crypto_algorithm); @@ -220,6 +219,7 @@ static void vl_api_ipsec_sad_add_del_entry_t_handler sa.use_esn = mp->use_extended_sequence_number; sa.is_tunnel = mp->is_tunnel; sa.is_tunnel_ip6 = mp->is_tunnel_ipv6; + sa.udp_encap = mp->udp_encap; if (sa.is_tunnel_ip6) { clib_memcpy (&sa.tunnel_src_addr, mp->tunnel_src_address, 16); @@ -252,7 +252,8 @@ out: } static void -send_ipsec_spd_details (ipsec_policy_t * p, svm_queue_t * q, u32 context) +send_ipsec_spd_details (ipsec_policy_t * p, vl_api_registration_t * reg, + u32 context) { vl_api_ipsec_spd_details_t *mp; @@ -289,21 +290,21 @@ send_ipsec_spd_details (ipsec_policy_t * p, svm_queue_t * q, u32 context) mp->bytes = clib_host_to_net_u64 (p->counter.bytes); mp->packets = clib_host_to_net_u64 (p->counter.packets); - vl_msg_api_send_shmem (q, (u8 *) & mp); + vl_api_send_msg (reg, (u8 *) mp); } static void vl_api_ipsec_spd_dump_t_handler (vl_api_ipsec_spd_dump_t * mp) { - svm_queue_t *q; + vl_api_registration_t *reg; ipsec_main_t *im = &ipsec_main; ipsec_policy_t *policy; ipsec_spd_t *spd; uword *p; u32 spd_index; #if WITH_LIBSSL > 0 - q = vl_api_client_index_to_input_queue (mp->client_index); - if (q == 0) + reg = vl_api_client_index_to_registration (mp->client_index); + if (!reg) return; p = hash_get (im->spd_index_by_spd_id, ntohl (mp->spd_id)); @@ -317,7 +318,7 @@ vl_api_ipsec_spd_dump_t_handler (vl_api_ipsec_spd_dump_t * mp) pool_foreach (policy, spd->policies, ({ if (mp->sa_id == ~(0) || ntohl (mp->sa_id) == policy->sa_id) - send_ipsec_spd_details (policy, q, + send_ipsec_spd_details (policy, reg, mp->context);} )); /* *INDENT-ON* */ @@ -384,6 +385,8 @@ vl_api_ipsec_tunnel_if_add_del_t_handler (vl_api_ipsec_tunnel_if_add_del_t * mp->local_integ_key_len); memcpy (&tun.remote_integ_key, &mp->remote_integ_key, mp->remote_integ_key_len); + tun.renumber = mp->renumber; + tun.show_instance = ntohl (mp->show_instance); rv = ipsec_add_del_tunnel_if_internal (vnm, &tun, &sw_if_index); @@ -399,7 +402,7 @@ vl_api_ipsec_tunnel_if_add_del_t_handler (vl_api_ipsec_tunnel_if_add_del_t * } static void -send_ipsec_sa_details (ipsec_sa_t * sa, svm_queue_t * q, +send_ipsec_sa_details (ipsec_sa_t * sa, vl_api_registration_t * reg, u32 context, u32 sw_if_index) { vl_api_ipsec_sa_details_t *mp; @@ -454,15 +457,16 @@ send_ipsec_sa_details (ipsec_sa_t * sa, svm_queue_t * q, if (sa->use_anti_replay) mp->replay_window = clib_host_to_net_u64 (sa->replay_window); mp->total_data_size = clib_host_to_net_u64 (sa->total_data_size); + mp->udp_encap = sa->udp_encap; - vl_msg_api_send_shmem (q, (u8 *) & mp); + vl_api_send_msg (reg, (u8 *) mp); } static void vl_api_ipsec_sa_dump_t_handler (vl_api_ipsec_sa_dump_t * mp) { - svm_queue_t *q; + vl_api_registration_t *reg; ipsec_main_t *im = &ipsec_main; vnet_main_t *vnm = im->vnet_main; ipsec_sa_t *sa; @@ -470,8 +474,8 @@ vl_api_ipsec_sa_dump_t_handler (vl_api_ipsec_sa_dump_t * mp) u32 *sa_index_to_tun_if_index = 0; #if WITH_LIBSSL > 0 - q = vl_api_client_index_to_input_queue (mp->client_index); - if (q == 0 || pool_elts (im->sad) == 0) + reg = vl_api_client_index_to_registration (mp->client_index); + if (!reg || pool_elts (im->sad) == 0) return; vec_validate_init_empty (sa_index_to_tun_if_index, vec_len (im->sad) - 1, @@ -492,7 +496,7 @@ vl_api_ipsec_sa_dump_t_handler (vl_api_ipsec_sa_dump_t * mp) pool_foreach (sa, im->sad, ({ if (mp->sa_id == ~(0) || ntohl (mp->sa_id) == sa->id) - send_ipsec_sa_details (sa, q, mp->context, + send_ipsec_sa_details (sa, reg, mp->context, sa_index_to_tun_if_index[sa - im->sad]); })); /* *INDENT-ON* */ @@ -523,7 +527,7 @@ vl_api_ipsec_tunnel_if_set_key_t_handler (vl_api_ipsec_tunnel_if_set_key_t * case IPSEC_IF_SET_KEY_TYPE_LOCAL_CRYPTO: case IPSEC_IF_SET_KEY_TYPE_REMOTE_CRYPTO: if (mp->alg < IPSEC_CRYPTO_ALG_AES_CBC_128 || - mp->alg > IPSEC_CRYPTO_N_ALG) + mp->alg >= IPSEC_CRYPTO_N_ALG) { rv = VNET_API_ERROR_UNIMPLEMENTED; goto out; @@ -531,7 +535,7 @@ vl_api_ipsec_tunnel_if_set_key_t_handler (vl_api_ipsec_tunnel_if_set_key_t * break; case IPSEC_IF_SET_KEY_TYPE_LOCAL_INTEG: case IPSEC_IF_SET_KEY_TYPE_REMOTE_INTEG: - if (mp->alg > IPSEC_INTEG_N_ALG) + if (mp->alg >= IPSEC_INTEG_N_ALG) { rv = VNET_API_ERROR_UNIMPLEMENTED; goto out; @@ -885,7 +889,7 @@ static void /* * ipsec_api_hookup * Add vpe's API message handlers to the table. - * vlib has alread mapped shared memory and + * vlib has already mapped shared memory and * added the client registration handlers. * See .../vlib-api/vlibmemory/memclnt_vlib.c:memclnt_process() */