#include <vnet/api_errno.h>
#include <vnet/ip/ip.h>
#include <vnet/interface.h>
+#include <vnet/udp/udp.h>
#include <vnet/ipsec/ipsec.h>
#include <vnet/ipsec/ikev2.h>
#include <vnet/ipsec/esp.h>
+#include <vnet/ipsec/ah.h>
+
ipsec_main_t ipsec_main;
if (vec_elt(spd->ipv4_inbound_policy_discard_and_bypass_indices, j) == i) {
vec_del1 (spd->ipv4_inbound_policy_discard_and_bypass_indices, j);
break;
+ }
}
}
}
}
pool_put (spd->policies, vp);
break;
- }
}));
/* *INDENT-ON* */
}
}
int
-ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add)
+ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add,
+ u8 udp_encap)
{
ipsec_main_t *im = &ipsec_main;
ipsec_sa_t *sa = 0;
pool_get (im->sad, sa);
clib_memcpy (sa, new_sa, sizeof (*sa));
sa_index = sa - im->sad;
+ sa->udp_encap = udp_encap ? 1 : 0;
hash_set (im->sa_index_by_sa_id, sa->id, sa_index);
if (im->cb.add_del_sa_sess_cb)
{
ASSERT (node);
im->esp_decrypt_node_index = node->index;
+ node = vlib_get_node_by_name (vm, (u8 *) "ah-encrypt");
+ ASSERT (node);
+ im->ah_encrypt_node_index = node->index;
+
+ node = vlib_get_node_by_name (vm, (u8 *) "ah-decrypt");
+ ASSERT (node);
+ im->ah_decrypt_node_index = node->index;
+
im->esp_encrypt_next_index = IPSEC_OUTPUT_NEXT_ESP_ENCRYPT;
im->esp_decrypt_next_index = IPSEC_INPUT_NEXT_ESP_DECRYPT;
+ im->ah_encrypt_next_index = IPSEC_OUTPUT_NEXT_AH_ENCRYPT;
+ im->ah_decrypt_next_index = IPSEC_INPUT_NEXT_AH_DECRYPT;
im->cb.check_support_cb = ipsec_check_support;
if ((error = vlib_call_init_function (vm, ipsec_tunnel_if_init)))
return error;
- esp_init ();
+ ipsec_proto_init ();
if ((error = ikev2_init (vm)))
return error;