From 53dd08c59eac0c2fe2f7c38ec242c57bfc3ea0ad Mon Sep 17 00:00:00 2001 From: Neale Ranns Date: Thu, 24 Jun 2021 15:41:03 +0000 Subject: [PATCH] ipsec: Derive the TUNNEL_V6 flag from the configured address types Type: improvement There's no need for the user to set the TUNNEL_V6 flag, it can be derived from the tunnel's address type. Signed-off-by: Neale Ranns Change-Id: I073073dc970b8a3f2b2645bc697fc00db1adbb47 --- src/vnet/ipsec/ipsec_sa.c | 4 ++++ src/vnet/ipsec/ipsec_types.api | 5 ++++- test/vpp_ipsec.py | 2 -- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/src/vnet/ipsec/ipsec_sa.c b/src/vnet/ipsec/ipsec_sa.c index b1e337470ab..b5d58d0c053 100644 --- a/src/vnet/ipsec/ipsec_sa.c +++ b/src/vnet/ipsec/ipsec_sa.c @@ -270,6 +270,10 @@ ipsec_sa_add_and_lock (u32 id, u32 spi, ipsec_protocol_t proto, return VNET_API_ERROR_SYSCALL_ERROR_1; } + if (ipsec_sa_is_set_IS_TUNNEL (sa) && + AF_IP6 == ip_addr_version (&tun->t_src)) + ipsec_sa_set_IS_TUNNEL_V6 (sa); + if (ipsec_sa_is_set_IS_TUNNEL (sa) && !ipsec_sa_is_set_IS_INBOUND (sa)) { sa->tunnel_flags = sa->tunnel.t_encap_decap_flags; diff --git a/src/vnet/ipsec/ipsec_types.api b/src/vnet/ipsec/ipsec_types.api index 9fa7e058cbf..ed04f470fd2 100644 --- a/src/vnet/ipsec/ipsec_types.api +++ b/src/vnet/ipsec/ipsec_types.api @@ -68,7 +68,10 @@ enum ipsec_sad_flags /* IPsec tunnel mode if non-zero, else transport mode */ IPSEC_API_SAD_FLAG_IS_TUNNEL = 0x04, /* IPsec tunnel mode is IPv6 if non-zero, - * else IPv4 tunnel only valid if is_tunnel is non-zero */ + * else IPv4 tunnel only valid if is_tunnel is non-zero + * DEPRECATED - the user does not need to set this it is + * derived from the tunnel's address types. + */ IPSEC_API_SAD_FLAG_IS_TUNNEL_V6 = 0x08, /* enable UDP encapsulation for NAT traversal */ IPSEC_API_SAD_FLAG_UDP_ENCAP = 0x10, diff --git a/test/vpp_ipsec.py b/test/vpp_ipsec.py index 57e5f02696c..f9b7bc43752 100644 --- a/test/vpp_ipsec.py +++ b/test/vpp_ipsec.py @@ -217,8 +217,6 @@ class VppIpsecSA(VppObject): if (tun_src): self.tun_src = ip_address(text_type(tun_src)) self.flags = self.flags | e.IPSEC_API_SAD_FLAG_IS_TUNNEL - if (self.tun_src.version == 6): - self.flags = self.flags | e.IPSEC_API_SAD_FLAG_IS_TUNNEL_V6 if (tun_dst): self.tun_dst = ip_address(text_type(tun_dst)) self.udp_src = udp_src -- 2.16.6