summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStanislav Zaikin <stanislav.zaikin@46labs.com>2024-09-09 15:00:33 +0200
committerStanislav Zaikin <stanislav.zaikin@46labs.com>2024-09-24 14:17:38 +0200
commit43b6ff39aef2b35479e12b30e3fd4658ebfd364a (patch)
tree3a893ddfcd9f48e430c93246316e9dc6c812ef32
parent53239b45caa6cc2aefb260c9f49ab352c32a4207 (diff)
ipsec: cleanup tun protect on interface removal
when a protected tunnel gets deleted it's necessary to run a proper cleanup Type: fix Change-Id: I9d2c60ecbf97c4df299ac5c2228b036bf3478a56 Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
-rw-r--r--src/vnet/ipsec/ipsec_tun.c50
1 files changed, 39 insertions, 11 deletions
diff --git a/src/vnet/ipsec/ipsec_tun.c b/src/vnet/ipsec/ipsec_tun.c
index ecda291e985..5fb07b3ba09 100644
--- a/src/vnet/ipsec/ipsec_tun.c
+++ b/src/vnet/ipsec/ipsec_tun.c
@@ -23,6 +23,7 @@
#include <vnet/adj/adj_midchain.h>
#include <vnet/teib/teib.h>
#include <vnet/mpls/mpls.h>
+#include <vnet/interface.h>
/* instantiate the bihash functions */
#include <vppinfra/bihash_8_16.h>
@@ -704,22 +705,13 @@ out:
return (rv);
}
-int
-ipsec_tun_protect_del (u32 sw_if_index, const ip_address_t * nh)
+static int
+ipsec_tun_protect_del_by_idx (index_t itpi)
{
ipsec_tun_protect_t *itp;
ipsec_main_t *im;
- index_t itpi;
-
- ITP_DBG2 ("delete: %U/%U",
- format_vnet_sw_if_index_name, vnet_get_main (), sw_if_index,
- format_ip_address, nh);
im = &ipsec_main;
- if (NULL == nh)
- nh = &IP_ADDR_ALL_0;
-
- itpi = ipsec_tun_protect_find (sw_if_index, nh);
if (INDEX_INVALID == itpi)
return (VNET_API_ERROR_NO_SUCH_ENTRY);
@@ -736,6 +728,22 @@ ipsec_tun_protect_del (u32 sw_if_index, const ip_address_t * nh)
return (0);
}
+int
+ipsec_tun_protect_del (u32 sw_if_index, const ip_address_t *nh)
+{
+ index_t itpi;
+
+ ITP_DBG2 ("delete: %U/%U", format_vnet_sw_if_index_name, vnet_get_main (),
+ sw_if_index, format_ip_address, nh);
+
+ if (NULL == nh)
+ nh = &IP_ADDR_ALL_0;
+
+ itpi = ipsec_tun_protect_find (sw_if_index, nh);
+
+ return ipsec_tun_protect_del_by_idx (itpi);
+}
+
void
ipsec_tun_protect_walk (ipsec_tun_protect_walk_cb_t fn, void *ctx)
{
@@ -747,6 +755,26 @@ ipsec_tun_protect_walk (ipsec_tun_protect_walk_cb_t fn, void *ctx)
}
}
+walk_rc_t
+ipsec_tun_interface_cleanup (index_t itpi, void *ctx)
+{
+ ipsec_tun_protect_del_by_idx (itpi);
+ return WALK_CONTINUE;
+}
+
+static clib_error_t *
+ipsec_tun_interface_add_del (vnet_main_t *vnm, u32 sw_if_index, u32 is_add)
+{
+ if (is_add)
+ return 0;
+
+ ipsec_tun_protect_walk_itf (sw_if_index, ipsec_tun_interface_cleanup, 0);
+
+ return 0;
+}
+
+VNET_SW_INTERFACE_ADD_DEL_FUNCTION (ipsec_tun_interface_add_del);
+
void
ipsec_tun_protect_walk_itf (u32 sw_if_index,
ipsec_tun_protect_walk_cb_t fn, void *ctx)