X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fipsec%2Fipsec_sa.c;h=fc8520d5ebbe5772b14a133cb34702af4910f9fe;hb=eba31ecebed1a7d168da17194cab7a8955761f2b;hp=f20d941fd6895ec32933834524cd58a2d85f18e3;hpb=8d7c502002636da1cb7c71a87757f328e7c2c4fd;p=vpp.git

diff --git a/src/vnet/ipsec/ipsec_sa.c b/src/vnet/ipsec/ipsec_sa.c
index f20d941fd68..fc8520d5ebb 100644
--- a/src/vnet/ipsec/ipsec_sa.c
+++ b/src/vnet/ipsec/ipsec_sa.c
@@ -16,6 +16,16 @@
 #include <vnet/ipsec/ipsec.h>
 #include <vnet/fib/fib_table.h>
 
+/**
+ * @brief
+ * SA packet & bytes counters
+ */
+vlib_combined_counter_main_t ipsec_sa_counters = {
+  .name = "SA",
+  .stat_segment_name = "/net/ipsec/sa",
+};
+
+
 static clib_error_t *
 ipsec_call_add_del_callbacks (ipsec_main_t * im, ipsec_sa_t * sa,
 			      u32 sa_index, int is_add)
@@ -54,12 +64,12 @@ ipsec_mk_key (ipsec_key_t * key, const u8 * data, u8 len)
 /**
  * 'stack' (resolve the recursion for) the SA tunnel destination
  */
-static void
+void
 ipsec_sa_stack (ipsec_sa_t * sa)
 {
+  ipsec_main_t *im = &ipsec_main;
   fib_forward_chain_type_t fct;
   dpo_id_t tmp = DPO_INVALID;
-  vlib_node_t *node;
 
   fct = fib_forw_chain_type_from_fib_proto ((sa->is_tunnel_ip6 ?
 					     FIB_PROTOCOL_IP6 :
@@ -67,17 +77,15 @@ ipsec_sa_stack (ipsec_sa_t * sa)
 
   fib_entry_contribute_forwarding (sa->fib_entry_index, fct, &tmp);
 
-  node = vlib_get_node_by_name (vlib_get_main (),
-				(sa->is_tunnel_ip6 ?
-				 (u8 *) "ah6-encrypt" :
-				 (u8 *) "ah4-encrypt"));
-  dpo_stack_from_node (node->index, &sa->dpo[IPSEC_PROTOCOL_AH], &tmp);
-
-  node = vlib_get_node_by_name (vlib_get_main (),
-				(sa->is_tunnel_ip6 ?
-				 (u8 *) "esp6-encrypt" :
-				 (u8 *) "esp4-encrypt"));
-  dpo_stack_from_node (node->index, &sa->dpo[IPSEC_PROTOCOL_ESP], &tmp);
+  dpo_stack_from_node ((sa->is_tunnel_ip6 ?
+			im->ah6_encrypt_node_index :
+			im->ah4_encrypt_node_index),
+		       &sa->dpo[IPSEC_PROTOCOL_AH], &tmp);
+  dpo_stack_from_node ((sa->is_tunnel_ip6 ?
+			im->esp6_encrypt_node_index :
+			im->esp4_encrypt_node_index),
+		       &sa->dpo[IPSEC_PROTOCOL_ESP], &tmp);
+  dpo_reset (&tmp);
 }
 
 int
@@ -108,8 +116,12 @@ ipsec_sa_add (u32 id,
   fib_node_init (&sa->node, FIB_NODE_TYPE_IPSEC_SA);
   sa_index = sa - im->sad;
 
+  vlib_validate_combined_counter (&ipsec_sa_counters, sa_index);
+  vlib_zero_combined_counter (&ipsec_sa_counters, sa_index);
+
   sa->id = id;
   sa->spi = spi;
+  sa->stat_index = sa_index;
   sa->protocol = proto;
   sa->crypto_alg = crypto_alg;
   clib_memcpy (&sa->crypto_key, ck, sizeof (sa->crypto_key));
@@ -274,7 +286,10 @@ ipsec_set_sa_key (u32 id, const ipsec_key_t * ck, const ipsec_key_t * ik)
     {
       err = ipsec_call_add_del_callbacks (im, sa, sa_index, 0);
       if (err)
-	return VNET_API_ERROR_SYSCALL_ERROR_1;
+	{
+	  clib_error_free (err);
+	  return VNET_API_ERROR_SYSCALL_ERROR_1;
+	}
     }
 
   return 0;
@@ -291,6 +306,21 @@ ipsec_get_sa_index_by_sa_id (u32 sa_id)
   return p[0];
 }
 
+void
+ipsec_sa_walk (ipsec_sa_walk_cb_t cb, void *ctx)
+{
+  ipsec_main_t *im = &ipsec_main;
+  ipsec_sa_t *sa;
+
+  /* *INDENT-OFF* */
+  pool_foreach (sa, im->sad,
+  ({
+    if (WALK_CONTINUE != cb(sa, ctx))
+      break;
+  }));
+  /* *INDENT-ON* */
+}
+
 /**
  * Function definition to get a FIB node from its index
  */