aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/ip
diff options
context:
space:
mode:
authorNeale Ranns <nranns@cisco.com>2019-03-22 08:12:48 +0000
committerDamjan Marion <dmarion@me.com>2019-03-28 08:16:37 +0000
commit25edf14369b27ab3dfcda14b69dc53148c9ccf7e (patch)
tree38de7ee1fe1d6f8c846153b50c2d6330c1615e85 /src/vnet/ip
parent8feeaff56fa9a4fbdfc06131f28a1060ffd9645d (diff)
IPSEC: run encrpyt as a feautre on the tunnel
Change-Id: I6527e3fd8bbbca2d5f728621fc66b3856b39d505 Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'src/vnet/ip')
-rw-r--r--src/vnet/ip/ip4_forward.c27
-rw-r--r--src/vnet/ip/ip6_forward.c29
2 files changed, 42 insertions, 14 deletions
diff --git a/src/vnet/ip/ip4_forward.c b/src/vnet/ip/ip4_forward.c
index 981dfe3c91f..985db21d6b0 100644
--- a/src/vnet/ip/ip4_forward.c
+++ b/src/vnet/ip/ip4_forward.c
@@ -55,6 +55,7 @@
#include <vnet/mfib/mfib_table.h> /* for mFIB table and entry creation */
#include <vnet/ip/ip4_forward.h>
+#include <vnet/interface_output.h>
/** @brief IPv4 lookup node.
@node ip4-lookup
@@ -2336,7 +2337,11 @@ ip4_rewrite_inline_with_gso (vlib_main_t * vm,
{
b[1]->error = error_node->errors[error1];
}
-
+ if (is_midchain)
+ {
+ calc_checksums (vm, b[0]);
+ calc_checksums (vm, b[1]);
+ }
/* Guess we are only writing on simple Ethernet header. */
vnet_rewrite_two_headers (adj0[0], adj1[0],
ip0, ip1, sizeof (ethernet_header_t));
@@ -2359,10 +2364,12 @@ ip4_rewrite_inline_with_gso (vlib_main_t * vm,
if (is_midchain)
{
- adj0->sub_type.midchain.fixup_func
- (vm, adj0, b[0], adj0->sub_type.midchain.fixup_data);
- adj1->sub_type.midchain.fixup_func
- (vm, adj1, b[1], adj1->sub_type.midchain.fixup_data);
+ if (adj0->sub_type.midchain.fixup_func)
+ adj0->sub_type.midchain.fixup_func
+ (vm, adj0, b[0], adj0->sub_type.midchain.fixup_data);
+ if (adj1->sub_type.midchain.fixup_func)
+ adj1->sub_type.midchain.fixup_func
+ (vm, adj1, b[1], adj1->sub_type.midchain.fixup_data);
}
if (is_mcast)
@@ -2447,7 +2454,10 @@ ip4_rewrite_inline_with_gso (vlib_main_t * vm,
{
b[0]->error = error_node->errors[error0];
}
-
+ if (is_midchain)
+ {
+ calc_checksums (vm, b[0]);
+ }
/* Guess we are only writing on simple Ethernet header. */
vnet_rewrite_one_header (adj0[0], ip0, sizeof (ethernet_header_t));
@@ -2459,8 +2469,9 @@ ip4_rewrite_inline_with_gso (vlib_main_t * vm,
if (is_midchain)
{
- adj0->sub_type.midchain.fixup_func
- (vm, adj0, b[0], adj0->sub_type.midchain.fixup_data);
+ if (adj0->sub_type.midchain.fixup_func)
+ adj0->sub_type.midchain.fixup_func
+ (vm, adj0, b[0], adj0->sub_type.midchain.fixup_data);
}
if (is_mcast)
diff --git a/src/vnet/ip/ip6_forward.c b/src/vnet/ip/ip6_forward.c
index 858dd73a712..511fc9329e8 100644
--- a/src/vnet/ip/ip6_forward.c
+++ b/src/vnet/ip/ip6_forward.c
@@ -54,6 +54,7 @@
#include <vppinfra/bihash_template.c>
#endif
#include <vnet/ip/ip6_forward.h>
+#include <vnet/interface_output.h>
/* Flag used by IOAM code. Classifier sets it pop-hop-by-hop checks it */
#define OI_DECAP 0x80000000
@@ -1831,16 +1832,26 @@ ip6_rewrite_inline_with_gso (vlib_main_t * vm,
p1->error = error_node->errors[error1];
}
+ if (is_midchain)
+ {
+ /* before we paint on the next header, update the L4
+ * checksums if required, since there's no offload on a tunnel */
+ calc_checksums (vm, p0);
+ calc_checksums (vm, p1);
+ }
+
/* Guess we are only writing on simple Ethernet header. */
vnet_rewrite_two_headers (adj0[0], adj1[0],
ip0, ip1, sizeof (ethernet_header_t));
if (is_midchain)
{
- adj0->sub_type.midchain.fixup_func
- (vm, adj0, p0, adj0->sub_type.midchain.fixup_data);
- adj1->sub_type.midchain.fixup_func
- (vm, adj1, p1, adj1->sub_type.midchain.fixup_data);
+ if (adj0->sub_type.midchain.fixup_func)
+ adj0->sub_type.midchain.fixup_func
+ (vm, adj0, p0, adj0->sub_type.midchain.fixup_data);
+ if (adj1->sub_type.midchain.fixup_func)
+ adj1->sub_type.midchain.fixup_func
+ (vm, adj1, p1, adj1->sub_type.midchain.fixup_data);
}
if (is_mcast)
{
@@ -1919,6 +1930,11 @@ ip6_rewrite_inline_with_gso (vlib_main_t * vm,
p0->flags &= ~VNET_BUFFER_F_LOCALLY_ORIGINATED;
}
+ if (is_midchain)
+ {
+ calc_checksums (vm, p0);
+ }
+
/* Guess we are only writing on simple Ethernet header. */
vnet_rewrite_one_header (adj0[0], ip0, sizeof (ethernet_header_t));
@@ -1969,8 +1985,9 @@ ip6_rewrite_inline_with_gso (vlib_main_t * vm,
if (is_midchain)
{
- adj0->sub_type.midchain.fixup_func
- (vm, adj0, p0, adj0->sub_type.midchain.fixup_data);
+ if (adj0->sub_type.midchain.fixup_func)
+ adj0->sub_type.midchain.fixup_func
+ (vm, adj0, p0, adj0->sub_type.midchain.fixup_data);
}
if (is_mcast)
{