diff options
| author |   Klement Sekera <ksekera@cisco.com> | 2018-10-09 16:05:48 +0200 |
|---|---|---|
| committer |   Damjan Marion <dmarion@me.com> | 2018-10-22 08:22:52 +0000 |
| commit | be5a5dd904d4d25857c53a4b5dee7951f724e3e2 (patch) | |
| tree | f1623d508a65daf534b8307d29eb6d5492d7cb06 /src/vnet/ipsec/ipsec.c | |
| parent | b9ffffd61967ba9bc9453c93348be1ea5412c638 (diff) | |
ipsec: split ipsec nodes into ip4/ip6 nodes
Change-Id: Ic6b27659f1fe9e8df39e80a0441305e4e952195a
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Diffstat (limited to 'src/vnet/ipsec/ipsec.c')
| -rw-r--r-- | src/vnet/ipsec/ipsec.c | 53 |
1 files changed, 37 insertions, 16 deletions
diff --git a/src/vnet/ipsec/ipsec.c b/src/vnet/ipsec/ipsec.c index c882a628602..d1b82b51326 100644 --- a/src/vnet/ipsec/ipsec.c +++ b/src/vnet/ipsec/ipsec.c @@ -73,17 +73,17 @@ ipsec_set_interface_spd (vlib_main_t * vm, u32 sw_if_index, u32 spd_id, sw_if_index, spd_id, spd_index); /* enable IPsec on TX */ - vnet_feature_enable_disable ("ip4-output", "ipsec-output-ip4", sw_if_index, + vnet_feature_enable_disable ("ip4-output", "ipsec4-output", sw_if_index, is_add, 0, 0); - vnet_feature_enable_disable ("ip6-output", "ipsec-output-ip6", sw_if_index, + vnet_feature_enable_disable ("ip6-output", "ipsec6-output", sw_if_index, is_add, 0, 0); config.spd_index = spd_index; /* enable IPsec on RX */ - vnet_feature_enable_disable ("ip4-unicast", "ipsec-input-ip4", sw_if_index, + vnet_feature_enable_disable ("ip4-unicast", "ipsec4-input", sw_if_index, is_add, &config, sizeof (config)); - vnet_feature_enable_disable ("ip6-unicast", "ipsec-input-ip6", sw_if_index, + vnet_feature_enable_disable ("ip6-unicast", "ipsec6-input", sw_if_index, is_add, &config, sizeof (config)); return 0; @@ -562,26 +562,47 @@ ipsec_init (vlib_main_t * vm) ASSERT (node); im->error_drop_node_index = node->index; - node = vlib_get_node_by_name (vm, (u8 *) "esp-encrypt"); + node = vlib_get_node_by_name (vm, (u8 *) "esp4-encrypt"); ASSERT (node); - im->esp_encrypt_node_index = node->index; + im->esp4_encrypt_node_index = node->index; - node = vlib_get_node_by_name (vm, (u8 *) "esp-decrypt"); + node = vlib_get_node_by_name (vm, (u8 *) "esp4-decrypt"); ASSERT (node); - im->esp_decrypt_node_index = node->index; + im->esp4_decrypt_node_index = node->index; - node = vlib_get_node_by_name (vm, (u8 *) "ah-encrypt"); + node = vlib_get_node_by_name (vm, (u8 *) "ah4-encrypt"); ASSERT (node); - im->ah_encrypt_node_index = node->index; + im->ah4_encrypt_node_index = node->index; - node = vlib_get_node_by_name (vm, (u8 *) "ah-decrypt"); + node = vlib_get_node_by_name (vm, (u8 *) "ah4-decrypt"); ASSERT (node); - im->ah_decrypt_node_index = node->index; + im->ah4_decrypt_node_index = node->index; - im->esp_encrypt_next_index = IPSEC_OUTPUT_NEXT_ESP_ENCRYPT; - im->esp_decrypt_next_index = IPSEC_INPUT_NEXT_ESP_DECRYPT; - im->ah_encrypt_next_index = IPSEC_OUTPUT_NEXT_AH_ENCRYPT; - im->ah_decrypt_next_index = IPSEC_INPUT_NEXT_AH_DECRYPT; + im->esp4_encrypt_next_index = IPSEC_OUTPUT_NEXT_ESP4_ENCRYPT; + im->esp4_decrypt_next_index = IPSEC_INPUT_NEXT_ESP4_DECRYPT; + im->ah4_encrypt_next_index = IPSEC_OUTPUT_NEXT_AH4_ENCRYPT; + im->ah4_decrypt_next_index = IPSEC_INPUT_NEXT_AH4_DECRYPT; + + node = vlib_get_node_by_name (vm, (u8 *) "esp6-encrypt"); + ASSERT (node); + im->esp6_encrypt_node_index = node->index; + + node = vlib_get_node_by_name (vm, (u8 *) "esp6-decrypt"); + ASSERT (node); + im->esp6_decrypt_node_index = node->index; + + node = vlib_get_node_by_name (vm, (u8 *) "ah6-encrypt"); + ASSERT (node); + im->ah6_encrypt_node_index = node->index; + + node = vlib_get_node_by_name (vm, (u8 *) "ah6-decrypt"); + ASSERT (node); + im->ah6_decrypt_node_index = node->index; + + im->esp6_encrypt_next_index = IPSEC_OUTPUT_NEXT_ESP6_ENCRYPT; + im->esp6_decrypt_next_index = IPSEC_INPUT_NEXT_ESP6_DECRYPT; + im->ah6_encrypt_next_index = IPSEC_OUTPUT_NEXT_AH6_ENCRYPT; + im->ah6_decrypt_next_index = IPSEC_INPUT_NEXT_AH6_DECRYPT; im->cb.check_support_cb = ipsec_check_support; |