diff options
| author |   Neale Ranns <nranns@cisco.com> | 2020-01-02 04:06:10 +0000 |
|---|---|---|
| committer |   Ole Tr�an <otroan@employees.org> | 2020-11-02 08:49:08 +0000 |
| commit | 041add7d12217494934b651e4e38b5eab5216ddc (patch) | |
| tree | 42f6ed8c3e4477b7c7cf93b19f227e4fc0afb4cb /src/vnet/ipsec/ipsec_cli.c | |
| parent | 62877029aac3e05a1e1db579aeaad42bca5a70a4 (diff) | |
ipsec: Tunnel SA DSCP behaviour
Type: feature
- use tunnel_encap_decap_flags to control the copying of DSCP/ECN/etc
during IPSEC tunnel mode encap.
- use DSCP value to have fixed encap value.
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: If4f51fd4c1dcbb0422aac9bd078e5c14af5bf11f
Diffstat (limited to 'src/vnet/ipsec/ipsec_cli.c')
| -rw-r--r-- | src/vnet/ipsec/ipsec_cli.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c index d7378534eb8..fc79c4ca347 100644 --- a/src/vnet/ipsec/ipsec_cli.c +++ b/src/vnet/ipsec/ipsec_cli.c @@ -90,6 +90,7 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm, u16 udp_src, udp_dst; int is_add, rv; u32 m_args = 0; + ip_dscp_t dscp; salt = 0; error = NULL; @@ -99,6 +100,7 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm, integ_alg = IPSEC_INTEG_ALG_NONE; crypto_alg = IPSEC_CRYPTO_ALG_NONE; udp_src = udp_dst = IPSEC_UDP_PORT_NONE; + dscp = IP_DSCP_CS0; if (!unformat_user (input, unformat_line_input, line_input)) return 0; @@ -182,7 +184,9 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm, rv = ipsec_sa_add_and_lock (id, spi, proto, crypto_alg, &ck, integ_alg, &ik, flags, 0, clib_host_to_net_u32 (salt), - &tun_src, &tun_dst, &sai, udp_src, udp_dst); + &tun_src, &tun_dst, + TUNNEL_ENCAP_DECAP_FLAG_NONE, dscp, + &sai, udp_src, udp_dst); } else { @@ -910,16 +914,18 @@ create_ipsec_tunnel_command_fn (vlib_main_t * vm, local_spi, IPSEC_PROTOCOL_ESP, crypto_alg, &lck, integ_alg, &lik, flags, table_id, clib_host_to_net_u32 (salt), &local_ip, - &remote_ip, NULL, IPSEC_UDP_PORT_NONE, - IPSEC_UDP_PORT_NONE); + &remote_ip, TUNNEL_ENCAP_DECAP_FLAG_NONE, + IP_DSCP_CS0, NULL, + IPSEC_UDP_PORT_NONE, IPSEC_UDP_PORT_NONE); rv |= ipsec_sa_add_and_lock (ipsec_tun_mk_remote_sa_id (sw_if_index), remote_spi, IPSEC_PROTOCOL_ESP, crypto_alg, &rck, integ_alg, &rik, (flags | IPSEC_SA_FLAG_IS_INBOUND), table_id, clib_host_to_net_u32 (salt), &remote_ip, - &local_ip, NULL, IPSEC_UDP_PORT_NONE, - IPSEC_UDP_PORT_NONE); + &local_ip, TUNNEL_ENCAP_DECAP_FLAG_NONE, + IP_DSCP_CS0, NULL, + IPSEC_UDP_PORT_NONE, IPSEC_UDP_PORT_NONE); rv |= ipsec_tun_protect_update_one (sw_if_index, &nh, ipsec_tun_mk_local_sa_id (sw_if_index), |