ipsec_sa_t *sa;
sa = ipsec_sa_get (t->output_sa_index);
- if (sa->crypto_alg == IPSEC_CRYPTO_ALG_NONE)
+ if (sa->crypto_alg == IPSEC_CRYPTO_ALG_NONE &&
+ sa->integ_alg == IPSEC_INTEG_ALG_NONE)
{
esp4_feature_index = im->esp4_no_crypto_tun_feature_index;
esp6_feature_index = im->esp6_no_crypto_tun_feature_index;
int
ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
ipsec_add_del_tunnel_args_t * args,
- u32 * sw_if_index)
+ u32 * sw_if_index_p)
{
ipsec_tunnel_if_t *t;
ipsec_main_t *im = &ipsec_main;
vnet_hw_interface_t *hi = NULL;
u32 hw_if_index = ~0;
+ u32 sw_if_index = ~0;
uword *p;
u32 dev_instance;
ipsec_key_t crypto_key, integ_key;
hash_set_mem_alloc (&im->ipsec6_if_pool_index_by_key, &key6,
t - im->tunnel_interfaces);
else
- {
- hash_set (im->ipsec4_if_pool_index_by_key, key4.as_u64,
- t - im->tunnel_interfaces);
- if (1 == hash_elts (im->ipsec4_if_pool_index_by_key))
- udp_register_dst_port (vlib_get_main (),
- UDP_DST_PORT_ipsec,
- ipsec4_if_input_node.index, 1);
- }
+ hash_set (im->ipsec4_if_pool_index_by_key, key4.as_u64,
+ t - im->tunnel_interfaces);
hw_if_index = vnet_register_interface (vnm, ipsec_device_class.index,
t - im->tunnel_interfaces,
t - im->tunnel_interfaces);
hi = vnet_get_hw_interface (vnm, hw_if_index);
+ sw_if_index = hi->sw_if_index;
t->hw_if_index = hw_if_index;
t->sw_if_index = hi->sw_if_index;
ti = p[0];
t = pool_elt_at_index (im->tunnel_interfaces, ti);
hi = vnet_get_hw_interface (vnm, t->hw_if_index);
+ sw_if_index = hi->sw_if_index;
+
vnet_sw_interface_set_flags (vnm, hi->sw_if_index, 0); /* admin down */
ipsec_tunnel_feature_set (im, t, 0);
if (is_ip6)
hash_unset_mem_free (&im->ipsec6_if_pool_index_by_key, &key6);
else
- {
- hash_unset (im->ipsec4_if_pool_index_by_key, key4.as_u64);
- if (0 == hash_elts (im->ipsec4_if_pool_index_by_key))
- udp_unregister_dst_port (vlib_get_main (), UDP_DST_PORT_ipsec, 1);
- }
+ hash_unset (im->ipsec4_if_pool_index_by_key, key4.as_u64);
hash_unset (im->ipsec_if_real_dev_by_show_dev, t->show_instance);
im->ipsec_if_by_sw_if_index[t->sw_if_index] = ~0;
pool_put (im->tunnel_interfaces, t);
}
- if (sw_if_index)
- *sw_if_index = hi->sw_if_index;
+ if (sw_if_index_p)
+ *sw_if_index_p = sw_if_index;
return 0;
}
ipsec_add_feature ("ip6-output", "esp6-no-crypto",
&im->esp6_no_crypto_tun_feature_index);
+ udp_register_dst_port (vlib_get_main (),
+ UDP_DST_PORT_ipsec, ipsec4_if_input_node.index, 1);
return 0;
}