summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeale Ranns <neale@graphiant.com>2021-02-25 08:53:15 +0000
committerBeno�t Ganne <bganne@cisco.com>2021-02-25 10:07:08 +0000
commit28a0b0197e9894ce835ded5c641fd2a032cf673e (patch)
treeebb63305487b59d6be0f2e9630d680b4d7dab05d
parent8b4d0dd5ba8ea42063b0700f39c2165486b8c9a0 (diff)
ikev2: Use the IPSec functions for UDP port management
Type: refactor IKEv2 registers the IPSec node as the port handler, so it can use the IPSec functions to do that. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: If398dde0a8eb0407eba3ede62a3d5a8c12fe68a7
-rw-r--r--src/plugins/ikev2/ikev2.c45
-rw-r--r--src/plugins/ikev2/ikev2_priv.h3
2 files changed, 2 insertions, 46 deletions
diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c
index d5dd013e0a5..aaebf625ab2 100644
--- a/src/plugins/ikev2/ikev2.c
+++ b/src/plugins/ikev2/ikev2.c
@@ -3723,27 +3723,7 @@ ikev2_set_local_key (vlib_main_t * vm, u8 * file)
static_always_inline vnet_api_error_t
ikev2_register_udp_port (ikev2_profile_t * p, u16 port)
{
- ikev2_main_t *km = &ikev2_main;
- udp_dst_port_info_t *pi;
-
- uword *v = hash_get (km->udp_ports, port);
- pi = udp_get_dst_port_info (&udp_main, port, UDP_IP4);
-
- if (v)
- {
- /* IKE already uses this port, only increment reference counter */
- ASSERT (pi);
- v[0]++;
- }
- else
- {
- if (pi)
- return VNET_API_ERROR_UDP_PORT_TAKEN;
-
- udp_register_dst_port (km->vlib_main, port,
- ipsec4_tun_input_node.index, 1);
- hash_set (km->udp_ports, port, 1);
- }
+ ipsec_register_udp_port (port);
p->ipsec_over_udp_port = port;
return 0;
}
@@ -3751,24 +3731,10 @@ ikev2_register_udp_port (ikev2_profile_t * p, u16 port)
static_always_inline void
ikev2_unregister_udp_port (ikev2_profile_t * p)
{
- ikev2_main_t *km = &ikev2_main;
- uword *v;
-
if (p->ipsec_over_udp_port == IPSEC_UDP_PORT_NONE)
return;
- v = hash_get (km->udp_ports, p->ipsec_over_udp_port);
- if (!v)
- return;
-
- v[0]--;
-
- if (v[0] == 0)
- {
- udp_unregister_dst_port (km->vlib_main, p->ipsec_over_udp_port, 1);
- hash_unset (km->udp_ports, p->ipsec_over_udp_port);
- }
-
+ ipsec_unregister_udp_port (p->ipsec_over_udp_port);
p->ipsec_over_udp_port = IPSEC_UDP_PORT_NONE;
}
@@ -4171,9 +4137,7 @@ ikev2_set_profile_ipsec_udp_port (vlib_main_t * vm, u8 * name, u16 port,
u8 is_set)
{
ikev2_profile_t *p = ikev2_profile_index_by_name (name);
- ikev2_main_t *km = &ikev2_main;
vnet_api_error_t rv = 0;
- uword *v;
if (!p)
return VNET_API_ERROR_INVALID_VALUE;
@@ -4187,10 +4151,6 @@ ikev2_set_profile_ipsec_udp_port (vlib_main_t * vm, u8 * name, u16 port,
}
else
{
- v = hash_get (km->udp_ports, port);
- if (!v)
- return VNET_API_ERROR_IKE_NO_PORT;
-
if (p->ipsec_over_udp_port == IPSEC_UDP_PORT_NONE)
return VNET_API_ERROR_INVALID_VALUE;
@@ -4761,7 +4721,6 @@ ikev2_init (vlib_main_t * vm)
km->sa_by_ispi = hash_create (0, sizeof (uword));
km->sw_if_indices = hash_create (0, 0);
- km->udp_ports = hash_create (0, sizeof (uword));
udp_register_dst_port (vm, IKEV2_PORT, ikev2_node_ip4.index, 1);
udp_register_dst_port (vm, IKEV2_PORT, ikev2_node_ip6.index, 0);
diff --git a/src/plugins/ikev2/ikev2_priv.h b/src/plugins/ikev2/ikev2_priv.h
index 95c4df4b987..ea630b86de4 100644
--- a/src/plugins/ikev2/ikev2_priv.h
+++ b/src/plugins/ikev2/ikev2_priv.h
@@ -518,9 +518,6 @@ typedef struct
/* logging level */
ikev2_log_level_t log_level;
- /* custom ipsec-over-udp ports managed by ike */
- uword *udp_ports;
-
/* how often a liveness check will be performed */
u32 liveness_period;