X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fipsec%2Fipsec_itf.c;h=f9c1d77a37dd174f12d45c8323fede7b958d618e;hb=9a9604b09f15691d7c4ddf29afd99a31e7e31eed;hp=ff06a579f2eff343c32ef88da7bc92e3d074a672;hpb=6ba4e41d33ffda2596d9d4b3a1d7fdd3c9a6b870;p=vpp.git diff --git a/src/vnet/ipsec/ipsec_itf.c b/src/vnet/ipsec/ipsec_itf.c index ff06a579f2e..f9c1d77a37d 100644 --- a/src/vnet/ipsec/ipsec_itf.c +++ b/src/vnet/ipsec/ipsec_itf.c @@ -20,6 +20,8 @@ #include #include #include +#include +#include /* bitmap of Allocated IPSEC_ITF instances */ static uword *ipsec_itf_instances; @@ -35,6 +37,12 @@ ipsec_itf_get (index_t ii) return (pool_elt_at_index (ipsec_itf_pool, ii)); } +u32 +ipsec_itf_count (void) +{ + return (pool_elts (ipsec_itf_pool)); +} + static ipsec_itf_t * ipsec_itf_find_by_sw_if_index (u32 sw_if_index) { @@ -69,20 +77,11 @@ ipsec_itf_adj_stack (adj_index_t ai, u32 sai) if (hw->flags & VNET_HW_INTERFACE_FLAG_LINK_UP) { const ipsec_sa_t *sa; + fib_prefix_t dst; sa = ipsec_sa_get (sai); - - /* *INDENT-OFF* */ - const fib_prefix_t dst = { - .fp_len = (ipsec_sa_is_set_IS_TUNNEL_V6(sa) ? 128 : 32), - .fp_proto = (ipsec_sa_is_set_IS_TUNNEL_V6(sa)? - FIB_PROTOCOL_IP6 : - FIB_PROTOCOL_IP4), - .fp_addr = sa->tunnel_dst_addr, - }; - /* *INDENT-ON* */ - - adj_midchain_delegate_stack (ai, sa->tx_fib_index, &dst); + ip_address_to_fib_prefix (&sa->tunnel.t_dst, &dst); + adj_midchain_delegate_stack (ai, sa->tunnel.t_fib_index, &dst); } else adj_midchain_delegate_unstack (ai); @@ -207,6 +206,7 @@ VNET_HW_INTERFACE_CLASS(ipsec_p2mp_hw_interface_class) = { .name = "IPSec", .build_rewrite = ipsec_itf_build_rewrite_i, .update_adjacency = ipsec_itf_update_adj, + .flags = VNET_HW_INTERFACE_CLASS_FLAG_NBMA, }; /* *INDENT-ON* */ @@ -275,6 +275,20 @@ ipsec_itf_instance_free (u32 instance) return 0; } +void +ipsec_itf_reset_tx_nodes (u32 sw_if_index) +{ + vnet_feature_modify_end_node ( + ip4_main.lookup_main.output_feature_arc_index, sw_if_index, + vlib_get_node_by_name (vlib_get_main (), (u8 *) "ip4-drop")->index); + vnet_feature_modify_end_node ( + ip6_main.lookup_main.output_feature_arc_index, sw_if_index, + vlib_get_node_by_name (vlib_get_main (), (u8 *) "ip6-drop")->index); + vnet_feature_modify_end_node ( + mpls_main.output_feature_arc_index, sw_if_index, + vlib_get_node_by_name (vlib_get_main (), (u8 *) "mpls-drop")->index); +} + int ipsec_itf_create (u32 user_instance, tunnel_mode_t mode, u32 * sw_if_indexp) { @@ -312,12 +326,14 @@ ipsec_itf_create (u32 user_instance, tunnel_mode_t mode, u32 * sw_if_indexp) t_idx); hi = vnet_get_hw_interface (vnm, hw_if_index); + vnet_sw_interface_set_mtu (vnm, hi->sw_if_index, 9000); vec_validate_init_empty (ipsec_itf_index_by_sw_if_index, hi->sw_if_index, INDEX_INVALID); ipsec_itf_index_by_sw_if_index[hi->sw_if_index] = t_idx; ipsec_itf->ii_sw_if_index = *sw_if_indexp = hi->sw_if_index; + ipsec_itf_reset_tx_nodes (hi->sw_if_index); return 0; } @@ -342,12 +358,26 @@ ipsec_itf_delete (u32 sw_if_index) if (ipsec_itf_instance_free (hw->dev_instance) < 0) return VNET_API_ERROR_INVALID_SW_IF_INDEX; + vnet_reset_interface_l3_output_node (vnm->vlib_main, sw_if_index); + vnet_delete_hw_interface (vnm, hw->hw_if_index); pool_put (ipsec_itf_pool, ipsec_itf); return 0; } +void +ipsec_itf_walk (ipsec_itf_walk_cb_t cb, void *ctx) +{ + ipsec_itf_t *itf; + + pool_foreach (itf, ipsec_itf_pool) + { + if (WALK_CONTINUE != cb (itf, ctx)) + break; + } +} + static clib_error_t * ipsec_itf_create_cli (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd) @@ -467,10 +497,10 @@ ipsec_interface_show (vlib_main_t * vm, index_t ii; /* *INDENT-OFF* */ - pool_foreach_index (ii, ipsec_itf_pool, - ({ + pool_foreach_index (ii, ipsec_itf_pool) + { vlib_cli_output (vm, "%U", format_ipsec_itf, ii); - })); + } /* *INDENT-ON* */ return NULL;