X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fipsec%2Fipsec_if.c;h=a7372747797501b4eff8835c78c1459e4c3d75fb;hb=f1653e62fe41e3df429aadaaab22d0cc8aaa227a;hp=43997bc86c186a796c94ac606b60282d95f6028b;hpb=41afb33efe81a93ddf5879138802bf23602ccc81;p=vpp.git

diff --git a/src/vnet/ipsec/ipsec_if.c b/src/vnet/ipsec/ipsec_if.c
index 43997bc86c1..a7372747797 100644
--- a/src/vnet/ipsec/ipsec_if.c
+++ b/src/vnet/ipsec/ipsec_if.c
@@ -238,7 +238,8 @@ ipsec_tunnel_feature_set (ipsec_main_t * im, ipsec_tunnel_if_t * t, u8 enable)
   ipsec_sa_t *sa;
 
   sa = ipsec_sa_get (t->output_sa_index);
-  if (sa->crypto_alg == IPSEC_CRYPTO_ALG_NONE)
+  if (sa->crypto_alg == IPSEC_CRYPTO_ALG_NONE &&
+      sa->integ_alg == IPSEC_INTEG_ALG_NONE)
     {
       esp4_feature_index = im->esp4_no_crypto_tun_feature_index;
       esp6_feature_index = im->esp6_no_crypto_tun_feature_index;
@@ -267,12 +268,13 @@ ipsec_tunnel_feature_set (ipsec_main_t * im, ipsec_tunnel_if_t * t, u8 enable)
 int
 ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
 				  ipsec_add_del_tunnel_args_t * args,
-				  u32 * sw_if_index)
+				  u32 * sw_if_index_p)
 {
   ipsec_tunnel_if_t *t;
   ipsec_main_t *im = &ipsec_main;
   vnet_hw_interface_t *hi = NULL;
   u32 hw_if_index = ~0;
+  u32 sw_if_index = ~0;
   uword *p;
   u32 dev_instance;
   ipsec_key_t crypto_key, integ_key;
@@ -375,14 +377,8 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
 	hash_set_mem_alloc (&im->ipsec6_if_pool_index_by_key, &key6,
 			    t - im->tunnel_interfaces);
       else
-	{
-	  hash_set (im->ipsec4_if_pool_index_by_key, key4.as_u64,
-		    t - im->tunnel_interfaces);
-	  if (1 == hash_elts (im->ipsec4_if_pool_index_by_key))
-	    udp_register_dst_port (vlib_get_main (),
-				   UDP_DST_PORT_ipsec,
-				   ipsec4_if_input_node.index, 1);
-	}
+	hash_set (im->ipsec4_if_pool_index_by_key, key4.as_u64,
+		  t - im->tunnel_interfaces);
 
       hw_if_index = vnet_register_interface (vnm, ipsec_device_class.index,
 					     t - im->tunnel_interfaces,
@@ -390,6 +386,7 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
 					     t - im->tunnel_interfaces);
 
       hi = vnet_get_hw_interface (vnm, hw_if_index);
+      sw_if_index = hi->sw_if_index;
 
       t->hw_if_index = hw_if_index;
       t->sw_if_index = hi->sw_if_index;
@@ -425,6 +422,8 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
       ti = p[0];
       t = pool_elt_at_index (im->tunnel_interfaces, ti);
       hi = vnet_get_hw_interface (vnm, t->hw_if_index);
+      sw_if_index = hi->sw_if_index;
+
       vnet_sw_interface_set_flags (vnm, hi->sw_if_index, 0);	/* admin down */
 
       ipsec_tunnel_feature_set (im, t, 0);
@@ -433,11 +432,7 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
       if (is_ip6)
 	hash_unset_mem_free (&im->ipsec6_if_pool_index_by_key, &key6);
       else
-	{
-	  hash_unset (im->ipsec4_if_pool_index_by_key, key4.as_u64);
-	  if (0 == hash_elts (im->ipsec4_if_pool_index_by_key))
-	    udp_unregister_dst_port (vlib_get_main (), UDP_DST_PORT_ipsec, 1);
-	}
+	hash_unset (im->ipsec4_if_pool_index_by_key, key4.as_u64);
       hash_unset (im->ipsec_if_real_dev_by_show_dev, t->show_instance);
 
       im->ipsec_if_by_sw_if_index[t->sw_if_index] = ~0;
@@ -449,8 +444,8 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
       pool_put (im->tunnel_interfaces, t);
     }
 
-  if (sw_if_index)
-    *sw_if_index = hi->sw_if_index;
+  if (sw_if_index_p)
+    *sw_if_index_p = sw_if_index;
 
   return 0;
 }
@@ -588,6 +583,8 @@ ipsec_tunnel_if_init (vlib_main_t * vm)
   ipsec_add_feature ("ip6-output", "esp6-no-crypto",
 		     &im->esp6_no_crypto_tun_feature_index);
 
+  udp_register_dst_port (vlib_get_main (),
+			 UDP_DST_PORT_ipsec, ipsec4_if_input_node.index, 1);
   return 0;
 }