diff options
| author |   Neale Ranns <neale@graphiant.com> | 2021-02-25 16:01:28 +0000 |
|---|---|---|
| committer |   Florin Coras <florin.coras@gmail.com> | 2021-02-26 02:12:06 +0000 |
| commit | c5fe57dac12a46fa618259643909afaec1ac5aae (patch) | |
| tree | 6962f3f1a8d10f2f30f0884889aaa379d0d3e509 /src/vnet/ipsec/esp_decrypt.c | |
| parent | cc9a1a0d39f22f653801f5d08bfe4892325254b5 (diff) | |
ipsec: move the IPSec SA pool out of ipsec_main
Type: refactor
this allows the ipsec_sa_get funtion to be moved from ipsec.h to
ipsec_sa.h where it belongs.
Also use ipsec_sa_get throughout the code base.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I2dce726c4f7052b5507dd8dcfead0ed5604357df
Diffstat (limited to 'src/vnet/ipsec/esp_decrypt.c')
| -rw-r--r-- | src/vnet/ipsec/esp_decrypt.c | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c index 274fbf810c0..80ce08bf853 100644 --- a/src/vnet/ipsec/esp_decrypt.c +++ b/src/vnet/ipsec/esp_decrypt.c @@ -750,8 +750,7 @@ esp_decrypt_post_crypto (vlib_main_t * vm, vlib_node_runtime_t * node, esp_decrypt_packet_data2_t * pd2, vlib_buffer_t * b, u16 * next, int is_ip6, int is_tun, int is_async) { - ipsec_main_t *im = &ipsec_main; - ipsec_sa_t *sa0 = vec_elt_at_index (im->sad, pd->sa_index); + ipsec_sa_t *sa0 = ipsec_sa_get (pd->sa_index); vlib_buffer_t *lb = b; const u8 esp_sz = sizeof (esp_header_t); const u8 tun_flags = IPSEC_SA_FLAG_IS_TUNNEL | IPSEC_SA_FLAG_IS_TUNNEL_V6; @@ -1086,7 +1085,7 @@ esp_decrypt_inline (vlib_main_t * vm, current_sa_bytes = current_sa_pkts = 0; current_sa_index = vnet_buffer (b[0])->ipsec.sad_index; - sa0 = pool_elt_at_index (im->sad, current_sa_index); + sa0 = ipsec_sa_get (current_sa_index); /* fetch the second cacheline ASAP */ CLIB_PREFETCH (sa0->cacheline1, CLIB_CACHE_LINE_BYTES, LOAD); @@ -1295,7 +1294,7 @@ esp_decrypt_inline (vlib_main_t * vm, { esp_decrypt_trace_t *tr; tr = vlib_add_trace (vm, node, b[0], sizeof (*tr)); - sa0 = pool_elt_at_index (im->sad, current_sa_index); + sa0 = ipsec_sa_get (current_sa_index); tr->crypto_alg = sa0->crypto_alg; tr->integ_alg = sa0->integ_alg; tr->seq = pd->seq; @@ -1325,7 +1324,6 @@ esp_decrypt_post_inline (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * from_frame, int is_ip6, int is_tun) { - ipsec_main_t *im = &ipsec_main; u32 *from = vlib_frame_vector_args (from_frame); u32 n_left = from_frame->n_vectors; vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b = bufs; @@ -1355,12 +1353,12 @@ esp_decrypt_post_inline (vlib_main_t * vm, /*trace: */ if (PREDICT_FALSE (b[0]->flags & VLIB_BUFFER_IS_TRACED)) { - ipsec_sa_t *sa0 = pool_elt_at_index (im->sad, pd->sa_index); + ipsec_sa_t *sa0 = ipsec_sa_get (pd->sa_index); esp_decrypt_trace_t *tr; esp_decrypt_packet_data_t *async_pd = &(esp_post_data (b[0]))->decrypt_data; tr = vlib_add_trace (vm, node, b[0], sizeof (*tr)); - sa0 = pool_elt_at_index (im->sad, async_pd->sa_index); + sa0 = ipsec_sa_get (async_pd->sa_index); tr->crypto_alg = sa0->crypto_alg; tr->integ_alg = sa0->integ_alg; |