ipsec: Reference count the SAs

- this remove the need to iterate through all state when deleting an SA - and ensures that if the SA is deleted by the client is remains for use in any state until that state is also removed. Type: feature Change-Id: I438cb67588cb65c701e49a7a9518f88641925419 Signed-off-by: Neale Ranns <nranns@cisco.com>
author: Neale Ranns <nranns@cisco.com> 2019-07-12 09:15:26 +0000
committer: Dave Barach <openvpp@barachs.net> 2019-07-12 12:24:55 +0000
commit: 495d7ffbc82823edccabab960fc81a909f80075d (patch)
tree: d4244f743b7406bbdc4235e6accdfc4899a88b83 /src/vnet/ipsec/ipsec_api.c
parent: def35a2352c9a54f748d301ffa47a446d25a83e0 (diff)
1 files changed, 6 insertions, 5 deletions
diff --git a/src/vnet/ipsec/ipsec_api.c b/src/vnet/ipsec/ipsec_api.c
index 6de0203602e..371e4fe4ed0 100644
--- a/src/vnet/ipsec/ipsec_api.c
+++ b/src/vnet/ipsec/ipsec_api.c
@@ -513,12 +513,13 @@ static void vl_api_ipsec_sad_entry_add_del_t_handler
   ip_address_decode (&mp->entry.tunnel_dst, &tun_dst);
 
   if (mp->is_add)
-    rv = ipsec_sa_add (id, spi, proto,
-		       crypto_alg, &crypto_key,
-		       integ_alg, &integ_key, flags,
-		       0, mp->entry.salt, &tun_src, &tun_dst, &sa_index);
+    rv = ipsec_sa_add_and_lock (id, spi, proto,
+				crypto_alg, &crypto_key,
+				integ_alg, &integ_key, flags,
+				0, mp->entry.salt, &tun_src, &tun_dst,
+				&sa_index);
   else
-    rv = ipsec_sa_del (id);
+    rv = ipsec_sa_unlock_id (id);
 
 #else
   rv = VNET_API_ERROR_UNIMPLEMENTED;
author	Neale Ranns <nranns@cisco.com>	2019-07-12 09:15:26 +0000
committer	Dave Barach <openvpp@barachs.net>	2019-07-12 12:24:55 +0000
commit	495d7ffbc82823edccabab960fc81a909f80075d (patch)
tree	d4244f743b7406bbdc4235e6accdfc4899a88b83 /src/vnet/ipsec/ipsec_api.c
parent	def35a2352c9a54f748d301ffa47a446d25a83e0 (diff)