diff options
| author |   Neale Ranns <nranns@cisco.com> | 2019-09-26 16:20:19 +0000 |
|---|---|---|
| committer |   Damjan Marion <dmarion@me.com> | 2019-11-08 20:06:56 +0000 |
| commit | 12989b538881f9681f078cf1485c51df1251877a (patch) | |
| tree | 874156e3898e76fd5e966d3a87f0306dba8b742d /src/vnet/ipsec/esp_decrypt.c | |
| parent | f1653e62fe41e3df429aadaaab22d0cc8aaa227a (diff) | |
ipsec: remove dedicated IPSec tunnels
APIs for dedicated IPSec tunnels will remain in this release and are
used to programme the IPIP tunnel protect. APIs will be removed in a
future release.
see:
https://wiki.fd.io/view/VPP/IPSec
Type: feature
Change-Id: I0f01f597946fdd15dfa5cae3643104d5a9c83089
Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'src/vnet/ipsec/esp_decrypt.c')
| -rw-r--r-- | src/vnet/ipsec/esp_decrypt.c | 34 |
1 files changed, 14 insertions, 20 deletions
diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c index 986ac94676c..cddda1f8e54 100644 --- a/src/vnet/ipsec/esp_decrypt.c +++ b/src/vnet/ipsec/esp_decrypt.c @@ -47,7 +47,8 @@ typedef enum _(RUNT, "undersized packet") \ _(CHAINED_BUFFER, "chained buffers (packet dropped)") \ _(OVERSIZED_HEADER, "buffer with oversized header (dropped)") \ - _(NO_TAIL_SPACE, "no enough buffer tail space (dropped)") + _(NO_TAIL_SPACE, "no enough buffer tail space (dropped)") \ + _(TUN_NO_PROTO, "no tunnel protocol") \ typedef enum @@ -497,8 +498,11 @@ esp_decrypt_inline (vlib_main_t * vm, &ip4->dst_address) || !ip46_address_is_equal_v4 (&itp->itp_tun.dst, &ip4->src_address)) - next[0] = ESP_DECRYPT_NEXT_DROP; - + { + next[0] = ESP_DECRYPT_NEXT_DROP; + b[0]->error = + node->errors[ESP_DECRYPT_ERROR_TUN_NO_PROTO]; + } } else if (f->next_header == IP_PROTOCOL_IPV6) { @@ -510,7 +514,11 @@ esp_decrypt_inline (vlib_main_t * vm, &ip6->dst_address) || !ip46_address_is_equal_v6 (&itp->itp_tun.dst, &ip6->src_address)) - next[0] = ESP_DECRYPT_NEXT_DROP; + { + next[0] = ESP_DECRYPT_NEXT_DROP; + b[0]->error = + node->errors[ESP_DECRYPT_ERROR_TUN_NO_PROTO]; + } } } } @@ -615,16 +623,9 @@ VLIB_REGISTER_NODE (esp4_decrypt_tun_node) = { .vector_size = sizeof (u32), .format_trace = format_esp_decrypt_trace, .type = VLIB_NODE_TYPE_INTERNAL, - .n_errors = ARRAY_LEN(esp_decrypt_error_strings), .error_strings = esp_decrypt_error_strings, - - .n_next_nodes = ESP_DECRYPT_N_NEXT, - .next_nodes = { -#define _(s,n) [ESP_DECRYPT_NEXT_##s] = n, - foreach_esp_decrypt_next -#undef _ - }, + .sibling_of = "esp4-decrypt", }; VLIB_REGISTER_NODE (esp6_decrypt_tun_node) = { @@ -632,16 +633,9 @@ VLIB_REGISTER_NODE (esp6_decrypt_tun_node) = { .vector_size = sizeof (u32), .format_trace = format_esp_decrypt_trace, .type = VLIB_NODE_TYPE_INTERNAL, - .n_errors = ARRAY_LEN(esp_decrypt_error_strings), .error_strings = esp_decrypt_error_strings, - - .n_next_nodes = ESP_DECRYPT_N_NEXT, - .next_nodes = { -#define _(s,n) [ESP_DECRYPT_NEXT_##s] = n, - foreach_esp_decrypt_next -#undef _ - }, + .sibling_of = "esp6-decrypt", }; /* *INDENT-ON* */ |