summaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec/ipsec.c
diff options
context:
space:
mode:
authorKlement Sekera <ksekera@cisco.com>2018-10-09 16:05:48 +0200
committerDamjan Marion <dmarion@me.com>2018-10-22 08:22:52 +0000
commitbe5a5dd904d4d25857c53a4b5dee7951f724e3e2 (patch)
treef1623d508a65daf534b8307d29eb6d5492d7cb06 /src/vnet/ipsec/ipsec.c
parentb9ffffd61967ba9bc9453c93348be1ea5412c638 (diff)
ipsec: split ipsec nodes into ip4/ip6 nodes
Change-Id: Ic6b27659f1fe9e8df39e80a0441305e4e952195a Signed-off-by: Klement Sekera <ksekera@cisco.com>
Diffstat (limited to 'src/vnet/ipsec/ipsec.c')
-rw-r--r--src/vnet/ipsec/ipsec.c53
1 files changed, 37 insertions, 16 deletions
diff --git a/src/vnet/ipsec/ipsec.c b/src/vnet/ipsec/ipsec.c
index c882a628602..d1b82b51326 100644
--- a/src/vnet/ipsec/ipsec.c
+++ b/src/vnet/ipsec/ipsec.c
@@ -73,17 +73,17 @@ ipsec_set_interface_spd (vlib_main_t * vm, u32 sw_if_index, u32 spd_id,
sw_if_index, spd_id, spd_index);
/* enable IPsec on TX */
- vnet_feature_enable_disable ("ip4-output", "ipsec-output-ip4", sw_if_index,
+ vnet_feature_enable_disable ("ip4-output", "ipsec4-output", sw_if_index,
is_add, 0, 0);
- vnet_feature_enable_disable ("ip6-output", "ipsec-output-ip6", sw_if_index,
+ vnet_feature_enable_disable ("ip6-output", "ipsec6-output", sw_if_index,
is_add, 0, 0);
config.spd_index = spd_index;
/* enable IPsec on RX */
- vnet_feature_enable_disable ("ip4-unicast", "ipsec-input-ip4", sw_if_index,
+ vnet_feature_enable_disable ("ip4-unicast", "ipsec4-input", sw_if_index,
is_add, &config, sizeof (config));
- vnet_feature_enable_disable ("ip6-unicast", "ipsec-input-ip6", sw_if_index,
+ vnet_feature_enable_disable ("ip6-unicast", "ipsec6-input", sw_if_index,
is_add, &config, sizeof (config));
return 0;
@@ -562,26 +562,47 @@ ipsec_init (vlib_main_t * vm)
ASSERT (node);
im->error_drop_node_index = node->index;
- node = vlib_get_node_by_name (vm, (u8 *) "esp-encrypt");
+ node = vlib_get_node_by_name (vm, (u8 *) "esp4-encrypt");
ASSERT (node);
- im->esp_encrypt_node_index = node->index;
+ im->esp4_encrypt_node_index = node->index;
- node = vlib_get_node_by_name (vm, (u8 *) "esp-decrypt");
+ node = vlib_get_node_by_name (vm, (u8 *) "esp4-decrypt");
ASSERT (node);
- im->esp_decrypt_node_index = node->index;
+ im->esp4_decrypt_node_index = node->index;
- node = vlib_get_node_by_name (vm, (u8 *) "ah-encrypt");
+ node = vlib_get_node_by_name (vm, (u8 *) "ah4-encrypt");
ASSERT (node);
- im->ah_encrypt_node_index = node->index;
+ im->ah4_encrypt_node_index = node->index;
- node = vlib_get_node_by_name (vm, (u8 *) "ah-decrypt");
+ node = vlib_get_node_by_name (vm, (u8 *) "ah4-decrypt");
ASSERT (node);
- im->ah_decrypt_node_index = node->index;
+ im->ah4_decrypt_node_index = node->index;
- im->esp_encrypt_next_index = IPSEC_OUTPUT_NEXT_ESP_ENCRYPT;
- im->esp_decrypt_next_index = IPSEC_INPUT_NEXT_ESP_DECRYPT;
- im->ah_encrypt_next_index = IPSEC_OUTPUT_NEXT_AH_ENCRYPT;
- im->ah_decrypt_next_index = IPSEC_INPUT_NEXT_AH_DECRYPT;
+ im->esp4_encrypt_next_index = IPSEC_OUTPUT_NEXT_ESP4_ENCRYPT;
+ im->esp4_decrypt_next_index = IPSEC_INPUT_NEXT_ESP4_DECRYPT;
+ im->ah4_encrypt_next_index = IPSEC_OUTPUT_NEXT_AH4_ENCRYPT;
+ im->ah4_decrypt_next_index = IPSEC_INPUT_NEXT_AH4_DECRYPT;
+
+ node = vlib_get_node_by_name (vm, (u8 *) "esp6-encrypt");
+ ASSERT (node);
+ im->esp6_encrypt_node_index = node->index;
+
+ node = vlib_get_node_by_name (vm, (u8 *) "esp6-decrypt");
+ ASSERT (node);
+ im->esp6_decrypt_node_index = node->index;
+
+ node = vlib_get_node_by_name (vm, (u8 *) "ah6-encrypt");
+ ASSERT (node);
+ im->ah6_encrypt_node_index = node->index;
+
+ node = vlib_get_node_by_name (vm, (u8 *) "ah6-decrypt");
+ ASSERT (node);
+ im->ah6_decrypt_node_index = node->index;
+
+ im->esp6_encrypt_next_index = IPSEC_OUTPUT_NEXT_ESP6_ENCRYPT;
+ im->esp6_decrypt_next_index = IPSEC_INPUT_NEXT_ESP6_DECRYPT;
+ im->ah6_encrypt_next_index = IPSEC_OUTPUT_NEXT_AH6_ENCRYPT;
+ im->ah6_decrypt_next_index = IPSEC_INPUT_NEXT_AH6_DECRYPT;
im->cb.check_support_cb = ipsec_check_support;