ipsec: use id in ipsec_tunnel_protect_details

Type: fix

The data populated into an ipsec_tunnel_protect_details message includes
an outbound SA and a list of inbound SAs for a tunnel interface. These
are populated with SA indices. The values used by an API client
to refer to an SA in other messages is the SA id rather than the index.
Use the SA id instead of the index.

Change-Id: Ifaad32801092a7f87bd0dcf19de418d36613f8dd
Signed-off-by: Matthew Smith <mgsmith@netgate.com>

diff --git a/src/vnet/ipsec/ipsec_api.c b/src/vnet/ipsec/ipsec_api.c
index 177300a..ded6e70 100644 (file)
--- a/src/vnet/ipsec/ipsec_api.c
+++ b/src/vnet/ipsec/ipsec_api.c
@@ -178,7 +178,8 @@ send_ipsec_tunnel_protect_details (index_t itpi, void *arg)
   ipsec_dump_walk_ctx_t *ctx = arg;
   vl_api_ipsec_tunnel_protect_details_t *mp;
   ipsec_tun_protect_t *itp;
-  u32 sai, ii = 0;
+  u32 ii = 0;
+  ipsec_sa_t *sa;
 
   itp = ipsec_tun_protect_get (itpi);
 
@@ -190,12 +191,13 @@ send_ipsec_tunnel_protect_details (index_t itpi, void *arg)
   mp->tun.sw_if_index = htonl (itp->itp_sw_if_index);
   ip_address_encode2 (itp->itp_key, &mp->tun.nh);
 
-  mp->tun.sa_out = htonl (itp->itp_out_sa);
+  sa = ipsec_sa_get (itp->itp_out_sa);
+  mp->tun.sa_out = htonl (sa->id);
   mp->tun.n_sa_in = itp->itp_n_sa_in;
   /* *INDENT-OFF* */
-  FOR_EACH_IPSEC_PROTECT_INPUT_SAI(itp, sai,
+  FOR_EACH_IPSEC_PROTECT_INPUT_SA(itp, sa,
   ({
-    mp->tun.sa_in[ii++] = htonl (sai);
+    mp->tun.sa_in[ii++] = htonl (sa->id);
   }));
   /* *INDENT-ON* */