gerrit.fd Code Review - vpp.git/commit

author	Brian Russell <brian@graphiant.com>
	Mon, 22 Feb 2021 18:42:24 +0000 (18:42 +0000)
committer	Neale Ranns <neale@graphiant.com>
	Thu, 25 Feb 2021 09:13:28 +0000 (09:13 +0000)
commit	7a29a2d400bbc3740a6a98863f290aa654d5f724
tree	11df1d06c2ce717c741da0b3bb88ca4e0f9d5c11	tree \| snapshot
parent	0eaf4e6784efb2d058fe2f031578251b6bcc0aa8	commit \| diff

ipsec: enable input features on tunnels

Make the ipsec[46]-tun-input nodes siblings of device-input so that
input features can be enabled on them. Register ipsec-tun for feature
updates. When a feature is enabled on the device-input arc and the
ifindex is an IPSec tunnel, change the end node of the arc for that
ifindex to be the appropriate ESP decrypt node. Set a flag on the
tunnel to indicate that the feature arc should be started for packets
input on the tunnel.

Test input policing on ESP IPSec tunnels.

Type: improvement
Signed-off-by: Brian Russell <brian@graphiant.com>
Change-Id: I3b9f047e5e737f3ea4c58fc82cd3c15700b6f9f7

src/vnet/devices/devices.h		diff \| blob \| history
src/vnet/ipsec/ipsec_tun.c		diff \| blob \| history
src/vnet/ipsec/ipsec_tun.h		diff \| blob \| history
src/vnet/ipsec/ipsec_tun_in.c		diff \| blob \| history
test/template_ipsec.py		diff \| blob \| history
test/test_ipsec_tun_if_esp.py		diff \| blob \| history