X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fipsec%2Fipsec_tun.c;fp=src%2Fvnet%2Fipsec%2Fipsec_tun.c;h=0b6ec0ea33ec8cdc202986ea88215e00b9224baf;hb=7a29a2d400bbc3740a6a98863f290aa654d5f724;hp=74340256f3840e3b18822bf8a23b84c13de32104;hpb=0eaf4e6784efb2d058fe2f031578251b6bcc0aa8;p=vpp.git diff --git a/src/vnet/ipsec/ipsec_tun.c b/src/vnet/ipsec/ipsec_tun.c index 74340256f38..0b6ec0ea33e 100644 --- a/src/vnet/ipsec/ipsec_tun.c +++ b/src/vnet/ipsec/ipsec_tun.c @@ -778,6 +778,49 @@ ipsec_tun_protect_walk_itf (u32 sw_if_index, fn (idi->id_itp, ctx); } +static void +ipsec_tun_feature_update (u32 sw_if_index, u8 arc_index, u8 is_enable, + void *data) +{ + ipsec_tun_protect_t *itp; + index_t itpi; + + if (arc_index != feature_main.device_input_feature_arc_index) + return; + + /* Only p2p tunnels supported */ + itpi = ipsec_tun_protect_find (sw_if_index, &IP_ADDR_ALL_0); + if (itpi == INDEX_INVALID) + return; + + itp = ipsec_tun_protect_get (itpi); + + if (is_enable) + { + u32 decrypt_tun = ip46_address_is_ip4 (&itp->itp_crypto.dst) ? + ipsec_main.esp4_decrypt_tun_node_index : + ipsec_main.esp6_decrypt_tun_node_index; + + vnet_feature_modify_end_node ( + feature_main.device_input_feature_arc_index, sw_if_index, decrypt_tun); + itp->itp_flags |= IPSEC_PROTECT_FEAT; + } + else + { + u32 eth_in = + vlib_get_node_by_name (vlib_get_main (), (u8 *) "ethernet-input") + ->index; + + vnet_feature_modify_end_node ( + feature_main.device_input_feature_arc_index, sw_if_index, eth_in); + itp->itp_flags &= ~IPSEC_PROTECT_FEAT; + } + + /* Propagate flag change into lookup entries */ + ipsec_tun_protect_rx_db_remove (&ipsec_main, itp); + ipsec_tun_protect_rx_db_add (&ipsec_main, itp); +} + static void ipsec_tun_protect_adj_delegate_adj_deleted (adj_delegate_t * ad) { @@ -929,6 +972,8 @@ ipsec_tunnel_protect_init (vlib_main_t *vm) teib_register (&ipsec_tun_teib_vft); + vnet_feature_register (ipsec_tun_feature_update, NULL); + return 0; }