summaryrefslogtreecommitdiffstats
path: root/src/plugins/ikev2
diff options
context:
space:
mode:
authorMatthew Smith <mgsmith@netgate.com>2021-02-08 22:13:59 +0000
committerMatthew Smith <mgsmith@netgate.com>2021-02-09 04:18:37 +0000
commit751bb131ef504b64fe82f393df21dba95ca92e97 (patch)
tree46e567343cb71124297aacb1a0b405b95f392bab /src/plugins/ikev2
parenta8f4ebd08e6d7fddf6fca4f2ef7081321c51a451 (diff)
Revert "ipsec: Use the new tunnel API types to add flow label and TTL copy"
This reverts commit c7eaa711f3e25580687df0618e9ca80d3dc85e5f. Reason for revert: The jenkins job named 'vpp-merge-master-ubuntu1804-x86_64' had 2 IPv6 AH tests fail after the change was merged. Those 2 tests also failed the next time that job ran after an unrelated change was merged. Change-Id: I0e2c3ee895114029066c82624e79807af575b6c0 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Diffstat (limited to 'src/plugins/ikev2')
-rw-r--r--src/plugins/ikev2/ikev2.c60
1 files changed, 23 insertions, 37 deletions
diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c
index 0df7faa9bab..aa57deb0924 100644
--- a/src/plugins/ikev2/ikev2.c
+++ b/src/plugins/ikev2/ikev2.c
@@ -1823,8 +1823,8 @@ typedef struct
u32 remote_spi;
ipsec_crypto_alg_t encr_type;
ipsec_integ_alg_t integ_type;
- ip_address_t local_ip;
- ip_address_t remote_ip;
+ ip46_address_t local_ip;
+ ip46_address_t remote_ip;
ipsec_key_t loc_ckey, rem_ckey, loc_ikey, rem_ikey;
u8 is_rekey;
u32 old_remote_sa_id;
@@ -1839,32 +1839,12 @@ ikev2_add_tunnel_from_main (ikev2_add_ipsec_tunnel_args_t * a)
ikev2_main_t *km = &ikev2_main;
u32 sw_if_index;
int rv = 0;
- tunnel_t tun_in = {
- .t_flags = TUNNEL_FLAG_NONE,
- .t_encap_decap_flags = TUNNEL_ENCAP_DECAP_FLAG_NONE,
- .t_dscp = 0,
- .t_mode = TUNNEL_MODE_P2P,
- .t_table_id = 0,
- .t_hop_limit = 255,
- .t_src = a->local_ip,
- .t_dst = a->remote_ip,
- };
- tunnel_t tun_out = {
- .t_flags = TUNNEL_FLAG_NONE,
- .t_encap_decap_flags = TUNNEL_ENCAP_DECAP_FLAG_NONE,
- .t_dscp = 0,
- .t_mode = TUNNEL_MODE_P2P,
- .t_table_id = 0,
- .t_hop_limit = 255,
- .t_src = a->remote_ip,
- .t_dst = a->local_ip,
- };
if (~0 == a->sw_if_index)
{
/* no tunnel associated with the SA/profile - create a new one */
- rv = ipip_add_tunnel (IPIP_TRANSPORT_IP4, ~0, &ip_addr_46 (&a->local_ip),
- &ip_addr_46 (&a->remote_ip), 0,
+ rv = ipip_add_tunnel (IPIP_TRANSPORT_IP4, ~0,
+ &a->local_ip, &a->remote_ip, 0,
TUNNEL_ENCAP_DECAP_FLAG_NONE, IP_DSCP_CS0,
TUNNEL_MODE_P2P, &sw_if_index);
@@ -1903,18 +1883,24 @@ ikev2_add_tunnel_from_main (ikev2_add_ipsec_tunnel_args_t * a)
vec_add1 (sas_in, a->old_remote_sa_id);
}
- rv = ipsec_sa_add_and_lock (a->local_sa_id, a->local_spi, IPSEC_PROTOCOL_ESP,
- a->encr_type, &a->loc_ckey, a->integ_type,
- &a->loc_ikey, a->flags, a->salt_local,
- a->src_port, a->dst_port, &tun_out, NULL);
+ rv = ipsec_sa_add_and_lock (a->local_sa_id,
+ a->local_spi,
+ IPSEC_PROTOCOL_ESP, a->encr_type,
+ &a->loc_ckey, a->integ_type, &a->loc_ikey,
+ a->flags, 0, a->salt_local, &a->local_ip,
+ &a->remote_ip, TUNNEL_ENCAP_DECAP_FLAG_NONE,
+ IP_DSCP_CS0, NULL, a->src_port, a->dst_port);
if (rv)
goto err0;
- rv = ipsec_sa_add_and_lock (
- a->remote_sa_id, a->remote_spi, IPSEC_PROTOCOL_ESP, a->encr_type,
- &a->rem_ckey, a->integ_type, &a->rem_ikey,
- (a->flags | IPSEC_SA_FLAG_IS_INBOUND), a->salt_remote,
- a->ipsec_over_udp_port, a->ipsec_over_udp_port, &tun_in, NULL);
+ rv = ipsec_sa_add_and_lock (a->remote_sa_id, a->remote_spi,
+ IPSEC_PROTOCOL_ESP, a->encr_type, &a->rem_ckey,
+ a->integ_type, &a->rem_ikey,
+ (a->flags | IPSEC_SA_FLAG_IS_INBOUND), 0,
+ a->salt_remote, &a->remote_ip,
+ &a->local_ip, TUNNEL_ENCAP_DECAP_FLAG_NONE,
+ IP_DSCP_CS0, NULL,
+ a->ipsec_over_udp_port, a->ipsec_over_udp_port);
if (rv)
goto err1;
@@ -1958,16 +1944,16 @@ ikev2_create_tunnel_interface (vlib_main_t * vm,
if (sa->is_initiator)
{
- ip_address_copy (&a.local_ip, &sa->iaddr);
- ip_address_copy (&a.remote_ip, &sa->raddr);
+ ip_address_to_46 (&sa->iaddr, &a.local_ip);
+ ip_address_to_46 (&sa->raddr, &a.remote_ip);
proposals = child->r_proposals;
a.local_spi = child->r_proposals[0].spi;
a.remote_spi = child->i_proposals[0].spi;
}
else
{
- ip_address_copy (&a.local_ip, &sa->raddr);
- ip_address_copy (&a.remote_ip, &sa->iaddr);
+ ip_address_to_46 (&sa->raddr, &a.local_ip);
+ ip_address_to_46 (&sa->iaddr, &a.remote_ip);
proposals = child->i_proposals;
a.local_spi = child->i_proposals[0].spi;
a.remote_spi = child->r_proposals[0].spi;