X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fipsec%2Fipsec_if.c;h=3054af16765ea7e9cc938381ea5bdb1310a99c61;hb=4c422f9a3c9d5a4ecae3f4ef6bee16bb8ce35bb2;hp=e950a5e045576ba968f361a5dc27fbb3202cffa1;hpb=0e36bbfd1b058b4febe895bad3d254851194ad6c;p=vpp.git

diff --git a/src/vnet/ipsec/ipsec_if.c b/src/vnet/ipsec/ipsec_if.c
index e950a5e0455..3054af16765 100644
--- a/src/vnet/ipsec/ipsec_if.c
+++ b/src/vnet/ipsec/ipsec_if.c
@@ -18,6 +18,7 @@
 #include <vnet/vnet.h>
 #include <vnet/api_errno.h>
 #include <vnet/ip/ip.h>
+#include <vnet/fib/fib.h>
 
 #include <vnet/ipsec/ipsec.h>
 #include <vnet/ipsec/esp.h>
@@ -78,7 +79,7 @@ ipsec_if_tx_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
   vnet_interface_main_t *vim = &vnm->interface_main;
   u32 *from, *to_next = 0, next_index;
   u32 n_left_from, sw_if_index0, last_sw_if_index = ~0;
-  u32 thread_index = vlib_get_thread_index ();
+  u32 thread_index = vm->thread_index;
   u32 n_bytes = 0, n_packets = 0;
 
   from = vlib_frame_vector_args (from_frame);
@@ -108,7 +109,7 @@ ipsec_if_tx_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
 	  hi0 = vnet_get_sup_hw_interface (vnm, sw_if_index0);
 	  t0 = pool_elt_at_index (im->tunnel_interfaces, hi0->dev_instance);
 	  vnet_buffer (b0)->ipsec.sad_index = t0->output_sa_index;
-	  next0 = IPSEC_OUTPUT_NEXT_ESP_ENCRYPT;
+	  next0 = IPSEC_OUTPUT_NEXT_ESP4_ENCRYPT;
 
 	  len0 = vlib_buffer_length_in_chain (vm, b0);
 
@@ -170,33 +171,25 @@ ipsec_admin_up_down_function (vnet_main_t * vnm, u32 hw_if_index, u32 flags)
 
   if (flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP)
     {
-      ASSERT (im->cb.check_support_cb);
-
       sa = pool_elt_at_index (im->sad, t->input_sa_index);
 
-      err = im->cb.check_support_cb (sa);
+      err = ipsec_check_support_cb (im, sa);
       if (err)
 	return err;
 
-      if (im->cb.add_del_sa_sess_cb)
-	{
-	  err = im->cb.add_del_sa_sess_cb (t->input_sa_index, 1);
-	  if (err)
-	    return err;
-	}
+      err = ipsec_add_del_sa_sess_cb (im, t->input_sa_index, 1);
+      if (err)
+	return err;
 
       sa = pool_elt_at_index (im->sad, t->output_sa_index);
 
-      err = im->cb.check_support_cb (sa);
+      err = ipsec_check_support_cb (im, sa);
       if (err)
 	return err;
 
-      if (im->cb.add_del_sa_sess_cb)
-	{
-	  err = im->cb.add_del_sa_sess_cb (t->output_sa_index, 1);
-	  if (err)
-	    return err;
-	}
+      err = ipsec_add_del_sa_sess_cb (im, t->output_sa_index, 1);
+      if (err)
+	return err;
 
       vnet_hw_interface_set_flags (vnm, hw_if_index,
 				   VNET_HW_INTERFACE_FLAG_LINK_UP);
@@ -204,24 +197,14 @@ ipsec_admin_up_down_function (vnet_main_t * vnm, u32 hw_if_index, u32 flags)
   else
     {
       vnet_hw_interface_set_flags (vnm, hw_if_index, 0 /* down */ );
-
       sa = pool_elt_at_index (im->sad, t->input_sa_index);
-
-      if (im->cb.add_del_sa_sess_cb)
-	{
-	  err = im->cb.add_del_sa_sess_cb (t->input_sa_index, 0);
-	  if (err)
-	    return err;
-	}
-
+      err = ipsec_add_del_sa_sess_cb (im, t->input_sa_index, 0);
+      if (err)
+	return err;
       sa = pool_elt_at_index (im->sad, t->output_sa_index);
-
-      if (im->cb.add_del_sa_sess_cb)
-	{
-	  err = im->cb.add_del_sa_sess_cb (t->output_sa_index, 0);
-	  if (err)
-	    return err;
-	}
+      err = ipsec_add_del_sa_sess_cb (im, t->output_sa_index, 0);
+      if (err)
+	return err;
     }
 
   return /* no error */ 0;
@@ -280,6 +263,7 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
   ipsec_sa_t *sa;
   u32 dev_instance;
   u32 slot;
+  u32 tx_fib_index = ~0;
 
   u64 key = (u64) args->remote_ip.as_u32 << 32 | (u64) args->remote_spi;
   p = hash_get (im->ipsec_if_pool_index_by_key, key);
@@ -290,8 +274,12 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
       if (p)
 	return VNET_API_ERROR_INVALID_VALUE;
 
+      tx_fib_index = fib_table_find (FIB_PROTOCOL_IP4, args->tx_table_id);
+      if (tx_fib_index == ~((u32) 0))
+	return VNET_API_ERROR_NO_SUCH_FIB;
+
       pool_get_aligned (im->tunnel_interfaces, t, CLIB_CACHE_LINE_BYTES);
-      memset (t, 0, sizeof (*t));
+      clib_memset (t, 0, sizeof (*t));
 
       dev_instance = t - im->tunnel_interfaces;
       if (args->renumber)
@@ -309,7 +297,7 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
 		dev_instance);
 
       pool_get (im->sad, sa);
-      memset (sa, 0, sizeof (*sa));
+      clib_memset (sa, 0, sizeof (*sa));
       t->input_sa_index = sa - im->sad;
       sa->spi = args->remote_spi;
       sa->tunnel_src_addr.ip4.as_u32 = args->remote_ip.as_u32;
@@ -318,6 +306,8 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
       sa->use_esn = args->esn;
       sa->use_anti_replay = args->anti_replay;
       sa->integ_alg = args->integ_alg;
+      sa->udp_encap = args->udp_encap;
+      sa->tx_fib_index = ~((u32) 0);	/* Not used, but set for troubleshooting */
       if (args->remote_integ_key_len <= sizeof (args->remote_integ_key))
 	{
 	  sa->integ_key_len = args->remote_integ_key_len;
@@ -333,7 +323,7 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
 	}
 
       pool_get (im->sad, sa);
-      memset (sa, 0, sizeof (*sa));
+      clib_memset (sa, 0, sizeof (*sa));
       t->output_sa_index = sa - im->sad;
       sa->spi = args->local_spi;
       sa->tunnel_src_addr.ip4.as_u32 = args->local_ip.as_u32;
@@ -342,6 +332,8 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
       sa->use_esn = args->esn;
       sa->use_anti_replay = args->anti_replay;
       sa->integ_alg = args->integ_alg;
+      sa->udp_encap = args->udp_encap;
+      sa->tx_fib_index = tx_fib_index;
       if (args->local_integ_key_len <= sizeof (args->local_integ_key))
 	{
 	  sa->integ_key_len = args->local_integ_key_len;
@@ -367,10 +359,10 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
       hi = vnet_get_hw_interface (vnm, hw_if_index);
 
       slot = vlib_node_add_next_with_slot
-	(vnm->vlib_main, hi->tx_node_index, im->esp_encrypt_node_index,
-	 IPSEC_OUTPUT_NEXT_ESP_ENCRYPT);
+	(vnm->vlib_main, hi->tx_node_index, im->esp4_encrypt_node_index,
+	 IPSEC_OUTPUT_NEXT_ESP4_ENCRYPT);
 
-      ASSERT (slot == IPSEC_OUTPUT_NEXT_ESP_ENCRYPT);
+      ASSERT (slot == IPSEC_OUTPUT_NEXT_ESP4_ENCRYPT);
 
       t->hw_if_index = hw_if_index;
 
@@ -454,7 +446,7 @@ ipsec_add_del_ipsec_gre_tunnel (vnet_main_t * vnm,
 	return VNET_API_ERROR_INVALID_VALUE;
 
       pool_get_aligned (im->tunnel_interfaces, t, CLIB_CACHE_LINE_BYTES);
-      memset (t, 0, sizeof (*t));
+      clib_memset (t, 0, sizeof (*t));
 
       t->input_sa_index = isa;
       t->output_sa_index = osa;
@@ -594,15 +586,11 @@ ipsec_set_interface_sa (vnet_main_t * vnm, u32 hw_if_index, u32 sa_id,
   if (ipsec_get_sa_index_by_sa_id (old_sa->id) == old_sa_index)
     hash_unset (im->sa_index_by_sa_id, old_sa->id);
 
-  if (im->cb.add_del_sa_sess_cb)
+  if (!ipsec_add_del_sa_sess_cb (im, old_sa_index, 0))
     {
-      clib_error_t *err;
-
-      err = im->cb.add_del_sa_sess_cb (old_sa_index, 0);
-      if (err)
-	return VNET_API_ERROR_SYSCALL_ERROR_1;
+      clib_warning ("IPsec backend add/del callback returned error");
+      return VNET_API_ERROR_SYSCALL_ERROR_1;
     }
-
   pool_put (im->sad, old_sa);
 
   return 0;