X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fipsec%2Fipsec_itf.c;h=f9c1d77a37dd174f12d45c8323fede7b958d618e;hb=116392b1742e86440c6a194170c1c9bca1314fe1;hp=5f04fcf0a0478a7db04ed426fb6335d0f5f4fa85;hpb=9ec846c2684b69f47505d73ea9f873b793a11558;p=vpp.git

diff --git a/src/vnet/ipsec/ipsec_itf.c b/src/vnet/ipsec/ipsec_itf.c
index 5f04fcf0a04..f9c1d77a37d 100644
--- a/src/vnet/ipsec/ipsec_itf.c
+++ b/src/vnet/ipsec/ipsec_itf.c
@@ -21,6 +21,7 @@
 #include <vnet/ipsec/ipsec.h>
 #include <vnet/adj/adj_midchain.h>
 #include <vnet/ethernet/mac_address.h>
+#include <vnet/mpls/mpls.h>
 
 /* bitmap of Allocated IPSEC_ITF instances */
 static uword *ipsec_itf_instances;
@@ -36,6 +37,12 @@ ipsec_itf_get (index_t ii)
   return (pool_elt_at_index (ipsec_itf_pool, ii));
 }
 
+u32
+ipsec_itf_count (void)
+{
+  return (pool_elts (ipsec_itf_pool));
+}
+
 static ipsec_itf_t *
 ipsec_itf_find_by_sw_if_index (u32 sw_if_index)
 {
@@ -268,6 +275,20 @@ ipsec_itf_instance_free (u32 instance)
   return 0;
 }
 
+void
+ipsec_itf_reset_tx_nodes (u32 sw_if_index)
+{
+  vnet_feature_modify_end_node (
+    ip4_main.lookup_main.output_feature_arc_index, sw_if_index,
+    vlib_get_node_by_name (vlib_get_main (), (u8 *) "ip4-drop")->index);
+  vnet_feature_modify_end_node (
+    ip6_main.lookup_main.output_feature_arc_index, sw_if_index,
+    vlib_get_node_by_name (vlib_get_main (), (u8 *) "ip6-drop")->index);
+  vnet_feature_modify_end_node (
+    mpls_main.output_feature_arc_index, sw_if_index,
+    vlib_get_node_by_name (vlib_get_main (), (u8 *) "mpls-drop")->index);
+}
+
 int
 ipsec_itf_create (u32 user_instance, tunnel_mode_t mode, u32 * sw_if_indexp)
 {
@@ -305,12 +326,14 @@ ipsec_itf_create (u32 user_instance, tunnel_mode_t mode, u32 * sw_if_indexp)
 					 t_idx);
 
   hi = vnet_get_hw_interface (vnm, hw_if_index);
+  vnet_sw_interface_set_mtu (vnm, hi->sw_if_index, 9000);
 
   vec_validate_init_empty (ipsec_itf_index_by_sw_if_index, hi->sw_if_index,
 			   INDEX_INVALID);
   ipsec_itf_index_by_sw_if_index[hi->sw_if_index] = t_idx;
 
   ipsec_itf->ii_sw_if_index = *sw_if_indexp = hi->sw_if_index;
+  ipsec_itf_reset_tx_nodes (hi->sw_if_index);
 
   return 0;
 }
@@ -335,12 +358,26 @@ ipsec_itf_delete (u32 sw_if_index)
   if (ipsec_itf_instance_free (hw->dev_instance) < 0)
     return VNET_API_ERROR_INVALID_SW_IF_INDEX;
 
+  vnet_reset_interface_l3_output_node (vnm->vlib_main, sw_if_index);
+
   vnet_delete_hw_interface (vnm, hw->hw_if_index);
   pool_put (ipsec_itf_pool, ipsec_itf);
 
   return 0;
 }
 
+void
+ipsec_itf_walk (ipsec_itf_walk_cb_t cb, void *ctx)
+{
+  ipsec_itf_t *itf;
+
+  pool_foreach (itf, ipsec_itf_pool)
+    {
+      if (WALK_CONTINUE != cb (itf, ctx))
+	break;
+    }
+}
+
 static clib_error_t *
 ipsec_itf_create_cli (vlib_main_t * vm,
 		      unformat_input_t * input, vlib_cli_command_t * cmd)