diff options
author | Neale Ranns <nranns@cisco.com> | 2019-03-22 08:12:48 +0000 |
---|---|---|
committer | Damjan Marion <dmarion@me.com> | 2019-03-28 08:16:37 +0000 |
commit | 25edf14369b27ab3dfcda14b69dc53148c9ccf7e (patch) | |
tree | 38de7ee1fe1d6f8c846153b50c2d6330c1615e85 /src/vnet/ip | |
parent | 8feeaff56fa9a4fbdfc06131f28a1060ffd9645d (diff) |
IPSEC: run encrpyt as a feautre on the tunnel
Change-Id: I6527e3fd8bbbca2d5f728621fc66b3856b39d505
Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'src/vnet/ip')
-rw-r--r-- | src/vnet/ip/ip4_forward.c | 27 | ||||
-rw-r--r-- | src/vnet/ip/ip6_forward.c | 29 |
2 files changed, 42 insertions, 14 deletions
diff --git a/src/vnet/ip/ip4_forward.c b/src/vnet/ip/ip4_forward.c index 981dfe3c91f..985db21d6b0 100644 --- a/src/vnet/ip/ip4_forward.c +++ b/src/vnet/ip/ip4_forward.c @@ -55,6 +55,7 @@ #include <vnet/mfib/mfib_table.h> /* for mFIB table and entry creation */ #include <vnet/ip/ip4_forward.h> +#include <vnet/interface_output.h> /** @brief IPv4 lookup node. @node ip4-lookup @@ -2336,7 +2337,11 @@ ip4_rewrite_inline_with_gso (vlib_main_t * vm, { b[1]->error = error_node->errors[error1]; } - + if (is_midchain) + { + calc_checksums (vm, b[0]); + calc_checksums (vm, b[1]); + } /* Guess we are only writing on simple Ethernet header. */ vnet_rewrite_two_headers (adj0[0], adj1[0], ip0, ip1, sizeof (ethernet_header_t)); @@ -2359,10 +2364,12 @@ ip4_rewrite_inline_with_gso (vlib_main_t * vm, if (is_midchain) { - adj0->sub_type.midchain.fixup_func - (vm, adj0, b[0], adj0->sub_type.midchain.fixup_data); - adj1->sub_type.midchain.fixup_func - (vm, adj1, b[1], adj1->sub_type.midchain.fixup_data); + if (adj0->sub_type.midchain.fixup_func) + adj0->sub_type.midchain.fixup_func + (vm, adj0, b[0], adj0->sub_type.midchain.fixup_data); + if (adj1->sub_type.midchain.fixup_func) + adj1->sub_type.midchain.fixup_func + (vm, adj1, b[1], adj1->sub_type.midchain.fixup_data); } if (is_mcast) @@ -2447,7 +2454,10 @@ ip4_rewrite_inline_with_gso (vlib_main_t * vm, { b[0]->error = error_node->errors[error0]; } - + if (is_midchain) + { + calc_checksums (vm, b[0]); + } /* Guess we are only writing on simple Ethernet header. */ vnet_rewrite_one_header (adj0[0], ip0, sizeof (ethernet_header_t)); @@ -2459,8 +2469,9 @@ ip4_rewrite_inline_with_gso (vlib_main_t * vm, if (is_midchain) { - adj0->sub_type.midchain.fixup_func - (vm, adj0, b[0], adj0->sub_type.midchain.fixup_data); + if (adj0->sub_type.midchain.fixup_func) + adj0->sub_type.midchain.fixup_func + (vm, adj0, b[0], adj0->sub_type.midchain.fixup_data); } if (is_mcast) diff --git a/src/vnet/ip/ip6_forward.c b/src/vnet/ip/ip6_forward.c index 858dd73a712..511fc9329e8 100644 --- a/src/vnet/ip/ip6_forward.c +++ b/src/vnet/ip/ip6_forward.c @@ -54,6 +54,7 @@ #include <vppinfra/bihash_template.c> #endif #include <vnet/ip/ip6_forward.h> +#include <vnet/interface_output.h> /* Flag used by IOAM code. Classifier sets it pop-hop-by-hop checks it */ #define OI_DECAP 0x80000000 @@ -1831,16 +1832,26 @@ ip6_rewrite_inline_with_gso (vlib_main_t * vm, p1->error = error_node->errors[error1]; } + if (is_midchain) + { + /* before we paint on the next header, update the L4 + * checksums if required, since there's no offload on a tunnel */ + calc_checksums (vm, p0); + calc_checksums (vm, p1); + } + /* Guess we are only writing on simple Ethernet header. */ vnet_rewrite_two_headers (adj0[0], adj1[0], ip0, ip1, sizeof (ethernet_header_t)); if (is_midchain) { - adj0->sub_type.midchain.fixup_func - (vm, adj0, p0, adj0->sub_type.midchain.fixup_data); - adj1->sub_type.midchain.fixup_func - (vm, adj1, p1, adj1->sub_type.midchain.fixup_data); + if (adj0->sub_type.midchain.fixup_func) + adj0->sub_type.midchain.fixup_func + (vm, adj0, p0, adj0->sub_type.midchain.fixup_data); + if (adj1->sub_type.midchain.fixup_func) + adj1->sub_type.midchain.fixup_func + (vm, adj1, p1, adj1->sub_type.midchain.fixup_data); } if (is_mcast) { @@ -1919,6 +1930,11 @@ ip6_rewrite_inline_with_gso (vlib_main_t * vm, p0->flags &= ~VNET_BUFFER_F_LOCALLY_ORIGINATED; } + if (is_midchain) + { + calc_checksums (vm, p0); + } + /* Guess we are only writing on simple Ethernet header. */ vnet_rewrite_one_header (adj0[0], ip0, sizeof (ethernet_header_t)); @@ -1969,8 +1985,9 @@ ip6_rewrite_inline_with_gso (vlib_main_t * vm, if (is_midchain) { - adj0->sub_type.midchain.fixup_func - (vm, adj0, p0, adj0->sub_type.midchain.fixup_data); + if (adj0->sub_type.midchain.fixup_func) + adj0->sub_type.midchain.fixup_func + (vm, adj0, p0, adj0->sub_type.midchain.fixup_data); } if (is_mcast) { |