summaryrefslogtreecommitdiffstats
path: root/src/vnet/devices
diff options
context:
space:
mode:
authorBrian Russell <brian@graphiant.com>2021-02-22 18:42:24 +0000
committerNeale Ranns <neale@graphiant.com>2021-02-25 09:13:28 +0000
commit7a29a2d400bbc3740a6a98863f290aa654d5f724 (patch)
tree11df1d06c2ce717c741da0b3bb88ca4e0f9d5c11 /src/vnet/devices
parent0eaf4e6784efb2d058fe2f031578251b6bcc0aa8 (diff)
ipsec: enable input features on tunnels
Make the ipsec[46]-tun-input nodes siblings of device-input so that input features can be enabled on them. Register ipsec-tun for feature updates. When a feature is enabled on the device-input arc and the ifindex is an IPSec tunnel, change the end node of the arc for that ifindex to be the appropriate ESP decrypt node. Set a flag on the tunnel to indicate that the feature arc should be started for packets input on the tunnel. Test input policing on ESP IPSec tunnels. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: I3b9f047e5e737f3ea4c58fc82cd3c15700b6f9f7
Diffstat (limited to 'src/vnet/devices')
-rw-r--r--src/vnet/devices/devices.h26
1 files changed, 18 insertions, 8 deletions
diff --git a/src/vnet/devices/devices.h b/src/vnet/devices/devices.h
index a14c1966e44..e54c7a29130 100644
--- a/src/vnet/devices/devices.h
+++ b/src/vnet/devices/devices.h
@@ -27,17 +27,27 @@ typedef enum
VNET_DEVICE_INPUT_NEXT_MPLS_INPUT,
VNET_DEVICE_INPUT_NEXT_ETHERNET_INPUT,
VNET_DEVICE_INPUT_NEXT_DROP,
+
+ /* For tunnels */
+ VNET_DEVICE_INPUT_NEXT_IP4_DROP,
+ VNET_DEVICE_INPUT_NEXT_IP6_DROP,
+ VNET_DEVICE_INPUT_NEXT_PUNT,
+
VNET_DEVICE_INPUT_N_NEXT_NODES,
} vnet_device_input_next_t;
-#define VNET_DEVICE_INPUT_NEXT_NODES { \
- [VNET_DEVICE_INPUT_NEXT_DROP] = "error-drop", \
- [VNET_DEVICE_INPUT_NEXT_ETHERNET_INPUT] = "ethernet-input", \
- [VNET_DEVICE_INPUT_NEXT_IP4_NCS_INPUT] = "ip4-input-no-checksum", \
- [VNET_DEVICE_INPUT_NEXT_IP4_INPUT] = "ip4-input", \
- [VNET_DEVICE_INPUT_NEXT_IP6_INPUT] = "ip6-input", \
- [VNET_DEVICE_INPUT_NEXT_MPLS_INPUT] = "mpls-input", \
-}
+#define VNET_DEVICE_INPUT_NEXT_NODES \
+ { \
+ [VNET_DEVICE_INPUT_NEXT_DROP] = "error-drop", \
+ [VNET_DEVICE_INPUT_NEXT_ETHERNET_INPUT] = "ethernet-input", \
+ [VNET_DEVICE_INPUT_NEXT_IP4_NCS_INPUT] = "ip4-input-no-checksum", \
+ [VNET_DEVICE_INPUT_NEXT_IP4_INPUT] = "ip4-input", \
+ [VNET_DEVICE_INPUT_NEXT_IP6_INPUT] = "ip6-input", \
+ [VNET_DEVICE_INPUT_NEXT_MPLS_INPUT] = "mpls-input", \
+ [VNET_DEVICE_INPUT_NEXT_IP4_DROP] = "ip4-drop", \
+ [VNET_DEVICE_INPUT_NEXT_IP6_DROP] = "ip6-drop", \
+ [VNET_DEVICE_INPUT_NEXT_PUNT] = "punt-dispatch", \
+ }
typedef struct
{