ipsec: use id in ipsec_tunnel_protect_details

Type: fix

The data populated into an ipsec_tunnel_protect_details message includes
an outbound SA and a list of inbound SAs for a tunnel interface. These
are populated with SA indices. The values used by an API client
to refer to an SA in other messages is the SA id rather than the index.
Use the SA id instead of the index.

Change-Id: Ifaad32801092a7f87bd0dcf19de418d36613f8dd
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
(cherry picked from commit 5cee0bca5d0f01d3f26e90dee79780382e843d04)

1 files changed, 6 insertions, 4 deletions

diff --git a/src/vnet/ipsec/ipsec_api.c b/src/vnet/ipsec/ipsec_api.c
index 5dfd6707a01..9e968a32039 100644
--- a/src/vnet/ipsec/ipsec_api.c
+++ b/src/vnet/ipsec/ipsec_api.c
@@ -171,7 +171,8 @@ send_ipsec_tunnel_protect_details (index_t itpi, void *arg)
   ipsec_tunnel_protect_walk_ctx_t *ctx = arg;
   vl_api_ipsec_tunnel_protect_details_t *mp;
   ipsec_tun_protect_t *itp;
-  u32 sai, ii = 0;
+  u32 ii = 0;
+  ipsec_sa_t *sa;
 
   itp = ipsec_tun_protect_get (itpi);
 
@@ -183,12 +184,13 @@ send_ipsec_tunnel_protect_details (index_t itpi, void *arg)
 
   mp->tun.sw_if_index = htonl (itp->itp_sw_if_index);
 
-  mp->tun.sa_out = htonl (itp->itp_out_sa);
+  sa = ipsec_sa_get (itp->itp_out_sa);
+  mp->tun.sa_out = htonl (sa->id);
   mp->tun.n_sa_in = itp->itp_n_sa_in;
   /* *INDENT-OFF* */
-  FOR_EACH_IPSEC_PROTECT_INPUT_SAI(itp, sai,
+  FOR_EACH_IPSEC_PROTECT_INPUT_SA(itp, sa,
   ({
-    mp->tun.sa_in[ii++] = htonl (sai);
+    mp->tun.sa_in[ii++] = htonl (sa->id);
   }));
   /* *INDENT-ON* */