diff options
author | Matthew Smith <mgsmith@netgate.com> | 2021-02-08 22:13:59 +0000 |
---|---|---|
committer | Matthew Smith <mgsmith@netgate.com> | 2021-02-09 04:18:37 +0000 |
commit | 751bb131ef504b64fe82f393df21dba95ca92e97 (patch) | |
tree | 46e567343cb71124297aacb1a0b405b95f392bab /src/plugins/ikev2 | |
parent | a8f4ebd08e6d7fddf6fca4f2ef7081321c51a451 (diff) |
Revert "ipsec: Use the new tunnel API types to add flow label and TTL copy"
This reverts commit c7eaa711f3e25580687df0618e9ca80d3dc85e5f.
Reason for revert: The jenkins job named 'vpp-merge-master-ubuntu1804-x86_64' had 2 IPv6 AH tests fail after the change was merged. Those 2 tests also failed the next time that job ran after an unrelated change was merged.
Change-Id: I0e2c3ee895114029066c82624e79807af575b6c0
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Diffstat (limited to 'src/plugins/ikev2')
-rw-r--r-- | src/plugins/ikev2/ikev2.c | 60 |
1 files changed, 23 insertions, 37 deletions
diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c index 0df7faa9bab..aa57deb0924 100644 --- a/src/plugins/ikev2/ikev2.c +++ b/src/plugins/ikev2/ikev2.c @@ -1823,8 +1823,8 @@ typedef struct u32 remote_spi; ipsec_crypto_alg_t encr_type; ipsec_integ_alg_t integ_type; - ip_address_t local_ip; - ip_address_t remote_ip; + ip46_address_t local_ip; + ip46_address_t remote_ip; ipsec_key_t loc_ckey, rem_ckey, loc_ikey, rem_ikey; u8 is_rekey; u32 old_remote_sa_id; @@ -1839,32 +1839,12 @@ ikev2_add_tunnel_from_main (ikev2_add_ipsec_tunnel_args_t * a) ikev2_main_t *km = &ikev2_main; u32 sw_if_index; int rv = 0; - tunnel_t tun_in = { - .t_flags = TUNNEL_FLAG_NONE, - .t_encap_decap_flags = TUNNEL_ENCAP_DECAP_FLAG_NONE, - .t_dscp = 0, - .t_mode = TUNNEL_MODE_P2P, - .t_table_id = 0, - .t_hop_limit = 255, - .t_src = a->local_ip, - .t_dst = a->remote_ip, - }; - tunnel_t tun_out = { - .t_flags = TUNNEL_FLAG_NONE, - .t_encap_decap_flags = TUNNEL_ENCAP_DECAP_FLAG_NONE, - .t_dscp = 0, - .t_mode = TUNNEL_MODE_P2P, - .t_table_id = 0, - .t_hop_limit = 255, - .t_src = a->remote_ip, - .t_dst = a->local_ip, - }; if (~0 == a->sw_if_index) { /* no tunnel associated with the SA/profile - create a new one */ - rv = ipip_add_tunnel (IPIP_TRANSPORT_IP4, ~0, &ip_addr_46 (&a->local_ip), - &ip_addr_46 (&a->remote_ip), 0, + rv = ipip_add_tunnel (IPIP_TRANSPORT_IP4, ~0, + &a->local_ip, &a->remote_ip, 0, TUNNEL_ENCAP_DECAP_FLAG_NONE, IP_DSCP_CS0, TUNNEL_MODE_P2P, &sw_if_index); @@ -1903,18 +1883,24 @@ ikev2_add_tunnel_from_main (ikev2_add_ipsec_tunnel_args_t * a) vec_add1 (sas_in, a->old_remote_sa_id); } - rv = ipsec_sa_add_and_lock (a->local_sa_id, a->local_spi, IPSEC_PROTOCOL_ESP, - a->encr_type, &a->loc_ckey, a->integ_type, - &a->loc_ikey, a->flags, a->salt_local, - a->src_port, a->dst_port, &tun_out, NULL); + rv = ipsec_sa_add_and_lock (a->local_sa_id, + a->local_spi, + IPSEC_PROTOCOL_ESP, a->encr_type, + &a->loc_ckey, a->integ_type, &a->loc_ikey, + a->flags, 0, a->salt_local, &a->local_ip, + &a->remote_ip, TUNNEL_ENCAP_DECAP_FLAG_NONE, + IP_DSCP_CS0, NULL, a->src_port, a->dst_port); if (rv) goto err0; - rv = ipsec_sa_add_and_lock ( - a->remote_sa_id, a->remote_spi, IPSEC_PROTOCOL_ESP, a->encr_type, - &a->rem_ckey, a->integ_type, &a->rem_ikey, - (a->flags | IPSEC_SA_FLAG_IS_INBOUND), a->salt_remote, - a->ipsec_over_udp_port, a->ipsec_over_udp_port, &tun_in, NULL); + rv = ipsec_sa_add_and_lock (a->remote_sa_id, a->remote_spi, + IPSEC_PROTOCOL_ESP, a->encr_type, &a->rem_ckey, + a->integ_type, &a->rem_ikey, + (a->flags | IPSEC_SA_FLAG_IS_INBOUND), 0, + a->salt_remote, &a->remote_ip, + &a->local_ip, TUNNEL_ENCAP_DECAP_FLAG_NONE, + IP_DSCP_CS0, NULL, + a->ipsec_over_udp_port, a->ipsec_over_udp_port); if (rv) goto err1; @@ -1958,16 +1944,16 @@ ikev2_create_tunnel_interface (vlib_main_t * vm, if (sa->is_initiator) { - ip_address_copy (&a.local_ip, &sa->iaddr); - ip_address_copy (&a.remote_ip, &sa->raddr); + ip_address_to_46 (&sa->iaddr, &a.local_ip); + ip_address_to_46 (&sa->raddr, &a.remote_ip); proposals = child->r_proposals; a.local_spi = child->r_proposals[0].spi; a.remote_spi = child->i_proposals[0].spi; } else { - ip_address_copy (&a.local_ip, &sa->raddr); - ip_address_copy (&a.remote_ip, &sa->iaddr); + ip_address_to_46 (&sa->raddr, &a.local_ip); + ip_address_to_46 (&sa->iaddr, &a.remote_ip); proposals = child->i_proposals; a.local_spi = child->i_proposals[0].spi; a.remote_spi = child->r_proposals[0].spi; |