X-Git-Url: https://gerrit.fd.io/r/gitweb?p=vpp.git;a=blobdiff_plain;f=src%2Fvnet%2Fipsec%2Fipsec_if.c;h=3054af16765ea7e9cc938381ea5bdb1310a99c61;hp=2640f25c011db27b63307b36ddfb4053a9d9aef9;hb=4c422f9;hpb=be5a5dd904d4d25857c53a4b5dee7951f724e3e2 diff --git a/src/vnet/ipsec/ipsec_if.c b/src/vnet/ipsec/ipsec_if.c index 2640f25c011..3054af16765 100644 --- a/src/vnet/ipsec/ipsec_if.c +++ b/src/vnet/ipsec/ipsec_if.c @@ -18,6 +18,7 @@ #include #include #include +#include #include #include @@ -170,33 +171,25 @@ ipsec_admin_up_down_function (vnet_main_t * vnm, u32 hw_if_index, u32 flags) if (flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP) { - ASSERT (im->cb.check_support_cb); - sa = pool_elt_at_index (im->sad, t->input_sa_index); - err = im->cb.check_support_cb (sa); + err = ipsec_check_support_cb (im, sa); if (err) return err; - if (im->cb.add_del_sa_sess_cb) - { - err = im->cb.add_del_sa_sess_cb (t->input_sa_index, 1); - if (err) - return err; - } + err = ipsec_add_del_sa_sess_cb (im, t->input_sa_index, 1); + if (err) + return err; sa = pool_elt_at_index (im->sad, t->output_sa_index); - err = im->cb.check_support_cb (sa); + err = ipsec_check_support_cb (im, sa); if (err) return err; - if (im->cb.add_del_sa_sess_cb) - { - err = im->cb.add_del_sa_sess_cb (t->output_sa_index, 1); - if (err) - return err; - } + err = ipsec_add_del_sa_sess_cb (im, t->output_sa_index, 1); + if (err) + return err; vnet_hw_interface_set_flags (vnm, hw_if_index, VNET_HW_INTERFACE_FLAG_LINK_UP); @@ -204,24 +197,14 @@ ipsec_admin_up_down_function (vnet_main_t * vnm, u32 hw_if_index, u32 flags) else { vnet_hw_interface_set_flags (vnm, hw_if_index, 0 /* down */ ); - sa = pool_elt_at_index (im->sad, t->input_sa_index); - - if (im->cb.add_del_sa_sess_cb) - { - err = im->cb.add_del_sa_sess_cb (t->input_sa_index, 0); - if (err) - return err; - } - + err = ipsec_add_del_sa_sess_cb (im, t->input_sa_index, 0); + if (err) + return err; sa = pool_elt_at_index (im->sad, t->output_sa_index); - - if (im->cb.add_del_sa_sess_cb) - { - err = im->cb.add_del_sa_sess_cb (t->output_sa_index, 0); - if (err) - return err; - } + err = ipsec_add_del_sa_sess_cb (im, t->output_sa_index, 0); + if (err) + return err; } return /* no error */ 0; @@ -280,6 +263,7 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm, ipsec_sa_t *sa; u32 dev_instance; u32 slot; + u32 tx_fib_index = ~0; u64 key = (u64) args->remote_ip.as_u32 << 32 | (u64) args->remote_spi; p = hash_get (im->ipsec_if_pool_index_by_key, key); @@ -290,8 +274,12 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm, if (p) return VNET_API_ERROR_INVALID_VALUE; + tx_fib_index = fib_table_find (FIB_PROTOCOL_IP4, args->tx_table_id); + if (tx_fib_index == ~((u32) 0)) + return VNET_API_ERROR_NO_SUCH_FIB; + pool_get_aligned (im->tunnel_interfaces, t, CLIB_CACHE_LINE_BYTES); - memset (t, 0, sizeof (*t)); + clib_memset (t, 0, sizeof (*t)); dev_instance = t - im->tunnel_interfaces; if (args->renumber) @@ -309,7 +297,7 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm, dev_instance); pool_get (im->sad, sa); - memset (sa, 0, sizeof (*sa)); + clib_memset (sa, 0, sizeof (*sa)); t->input_sa_index = sa - im->sad; sa->spi = args->remote_spi; sa->tunnel_src_addr.ip4.as_u32 = args->remote_ip.as_u32; @@ -319,6 +307,7 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm, sa->use_anti_replay = args->anti_replay; sa->integ_alg = args->integ_alg; sa->udp_encap = args->udp_encap; + sa->tx_fib_index = ~((u32) 0); /* Not used, but set for troubleshooting */ if (args->remote_integ_key_len <= sizeof (args->remote_integ_key)) { sa->integ_key_len = args->remote_integ_key_len; @@ -334,7 +323,7 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm, } pool_get (im->sad, sa); - memset (sa, 0, sizeof (*sa)); + clib_memset (sa, 0, sizeof (*sa)); t->output_sa_index = sa - im->sad; sa->spi = args->local_spi; sa->tunnel_src_addr.ip4.as_u32 = args->local_ip.as_u32; @@ -344,6 +333,7 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm, sa->use_anti_replay = args->anti_replay; sa->integ_alg = args->integ_alg; sa->udp_encap = args->udp_encap; + sa->tx_fib_index = tx_fib_index; if (args->local_integ_key_len <= sizeof (args->local_integ_key)) { sa->integ_key_len = args->local_integ_key_len; @@ -456,7 +446,7 @@ ipsec_add_del_ipsec_gre_tunnel (vnet_main_t * vnm, return VNET_API_ERROR_INVALID_VALUE; pool_get_aligned (im->tunnel_interfaces, t, CLIB_CACHE_LINE_BYTES); - memset (t, 0, sizeof (*t)); + clib_memset (t, 0, sizeof (*t)); t->input_sa_index = isa; t->output_sa_index = osa; @@ -596,15 +586,11 @@ ipsec_set_interface_sa (vnet_main_t * vnm, u32 hw_if_index, u32 sa_id, if (ipsec_get_sa_index_by_sa_id (old_sa->id) == old_sa_index) hash_unset (im->sa_index_by_sa_id, old_sa->id); - if (im->cb.add_del_sa_sess_cb) + if (!ipsec_add_del_sa_sess_cb (im, old_sa_index, 0)) { - clib_error_t *err; - - err = im->cb.add_del_sa_sess_cb (old_sa_index, 0); - if (err) - return VNET_API_ERROR_SYSCALL_ERROR_1; + clib_warning ("IPsec backend add/del callback returned error"); + return VNET_API_ERROR_SYSCALL_ERROR_1; } - pool_put (im->sad, old_sa); return 0;