return b - im->esp_backends;
}
+static walk_rc_t
+ipsec_sa_restack (ipsec_sa_t * sa, void *ctx)
+{
+ ipsec_sa_stack (sa);
+
+ return (WALK_CONTINUE);
+}
+
int
ipsec_select_ah_backend (ipsec_main_t * im, u32 backend_idx)
{
im->ah6_decrypt_node_index = b->ah6_decrypt_node_index;
im->ah6_encrypt_next_index = b->ah6_encrypt_next_index;
im->ah6_decrypt_next_index = b->ah6_decrypt_next_index;
+
+ ipsec_sa_walk (ipsec_sa_restack, NULL);
return 0;
}
im->esp6_decrypt_node_index = b->esp6_decrypt_node_index;
im->esp6_encrypt_next_index = b->esp6_encrypt_next_index;
im->esp6_decrypt_next_index = b->esp6_decrypt_next_index;
+
+ ipsec_sa_walk (ipsec_sa_restack, NULL);
return 0;
}
/**
* 'stack' (resolve the recursion for) the SA tunnel destination
*/
-static void
+void
ipsec_sa_stack (ipsec_sa_t * sa)
{
+ ipsec_main_t *im = &ipsec_main;
fib_forward_chain_type_t fct;
dpo_id_t tmp = DPO_INVALID;
- vlib_node_t *node;
fct = fib_forw_chain_type_from_fib_proto ((sa->is_tunnel_ip6 ?
FIB_PROTOCOL_IP6 :
fib_entry_contribute_forwarding (sa->fib_entry_index, fct, &tmp);
- node = vlib_get_node_by_name (vlib_get_main (),
- (sa->is_tunnel_ip6 ?
- (u8 *) "ah6-encrypt" :
- (u8 *) "ah4-encrypt"));
- dpo_stack_from_node (node->index, &sa->dpo[IPSEC_PROTOCOL_AH], &tmp);
-
- node = vlib_get_node_by_name (vlib_get_main (),
- (sa->is_tunnel_ip6 ?
- (u8 *) "esp6-encrypt" :
- (u8 *) "esp4-encrypt"));
- dpo_stack_from_node (node->index, &sa->dpo[IPSEC_PROTOCOL_ESP], &tmp);
+ dpo_stack_from_node ((sa->is_tunnel_ip6 ?
+ im->ah6_encrypt_node_index :
+ im->ah4_encrypt_node_index),
+ &sa->dpo[IPSEC_PROTOCOL_AH], &tmp);
+ dpo_stack_from_node ((sa->is_tunnel_ip6 ?
+ im->esp6_encrypt_node_index :
+ im->esp4_encrypt_node_index),
+ &sa->dpo[IPSEC_PROTOCOL_ESP], &tmp);
+ dpo_reset (&tmp);
}
int
return p[0];
}
+void
+ipsec_sa_walk (ipsec_sa_walk_cb_t cb, void *ctx)
+{
+ ipsec_main_t *im = &ipsec_main;
+ ipsec_sa_t *sa;
+
+ /* *INDENT-OFF* */
+ pool_foreach (sa, im->sad,
+ ({
+ if (WALK_CONTINUE != cb(sa, ctx))
+ break;
+ }));
+ /* *INDENT-ON* */
+}
+
/**
* Function definition to get a FIB node from its index
*/
const ip46_address_t * tunnel_dst_addr,
u32 * sa_index);
extern u32 ipsec_sa_del (u32 id);
+extern void ipsec_sa_stack (ipsec_sa_t * sa);
extern u8 ipsec_is_sa_used (u32 sa_index);
extern int ipsec_set_sa_key (u32 id,
const ipsec_key_t * ck, const ipsec_key_t * ik);
extern u32 ipsec_get_sa_index_by_sa_id (u32 sa_id);
+typedef walk_rc_t (*ipsec_sa_walk_cb_t) (ipsec_sa_t * sa, void *ctx);
+extern void ipsec_sa_walk (ipsec_sa_walk_cb_t cd, void *ctx);
+
extern u8 *format_ipsec_crypto_alg (u8 * s, va_list * args);
extern u8 *format_ipsec_integ_alg (u8 * s, va_list * args);
extern u8 *format_ipsec_sa (u8 * s, va_list * args);
Code Review / vpp.git / commitdiff