summaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec/ipsec_sa.h
diff options
context:
space:
mode:
authorNeale Ranns <nranns@cisco.com>2019-07-12 09:15:26 +0000
committerDave Barach <openvpp@barachs.net>2019-07-12 12:24:55 +0000
commit495d7ffbc82823edccabab960fc81a909f80075d (patch)
treed4244f743b7406bbdc4235e6accdfc4899a88b83 /src/vnet/ipsec/ipsec_sa.h
parentdef35a2352c9a54f748d301ffa47a446d25a83e0 (diff)
ipsec: Reference count the SAs
- this remove the need to iterate through all state when deleting an SA - and ensures that if the SA is deleted by the client is remains for use in any state until that state is also removed. Type: feature Change-Id: I438cb67588cb65c701e49a7a9518f88641925419 Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'src/vnet/ipsec/ipsec_sa.h')
-rw-r--r--src/vnet/ipsec/ipsec_sa.h34
1 files changed, 16 insertions, 18 deletions
diff --git a/src/vnet/ipsec/ipsec_sa.h b/src/vnet/ipsec/ipsec_sa.h
index 284826772a0..811f4cabcf0 100644
--- a/src/vnet/ipsec/ipsec_sa.h
+++ b/src/vnet/ipsec/ipsec_sa.h
@@ -140,7 +140,6 @@ typedef struct
};
udp_header_t udp_hdr;
-
fib_node_t node;
u32 id;
u32 stat_index;
@@ -198,29 +197,28 @@ extern vlib_combined_counter_main_t ipsec_sa_counters;
extern void ipsec_mk_key (ipsec_key_t * key, const u8 * data, u8 len);
-extern int ipsec_sa_add (u32 id,
- u32 spi,
- ipsec_protocol_t proto,
- ipsec_crypto_alg_t crypto_alg,
- const ipsec_key_t * ck,
- ipsec_integ_alg_t integ_alg,
- const ipsec_key_t * ik,
- ipsec_sa_flags_t flags,
- u32 tx_table_id,
- u32 salt,
- const ip46_address_t * tunnel_src_addr,
- const ip46_address_t * tunnel_dst_addr,
- u32 * sa_index);
-extern u32 ipsec_sa_del (u32 id);
+extern int ipsec_sa_add_and_lock (u32 id,
+ u32 spi,
+ ipsec_protocol_t proto,
+ ipsec_crypto_alg_t crypto_alg,
+ const ipsec_key_t * ck,
+ ipsec_integ_alg_t integ_alg,
+ const ipsec_key_t * ik,
+ ipsec_sa_flags_t flags,
+ u32 tx_table_id,
+ u32 salt,
+ const ip46_address_t * tunnel_src_addr,
+ const ip46_address_t * tunnel_dst_addr,
+ u32 * sa_index);
+extern index_t ipsec_sa_find_and_lock (u32 id);
+extern int ipsec_sa_unlock_id (u32 id);
+extern void ipsec_sa_unlock (index_t sai);
extern void ipsec_sa_clear (index_t sai);
extern void ipsec_sa_set_crypto_alg (ipsec_sa_t * sa,
ipsec_crypto_alg_t crypto_alg);
extern void ipsec_sa_set_integ_alg (ipsec_sa_t * sa,
ipsec_integ_alg_t integ_alg);
-extern u8 ipsec_is_sa_used (u32 sa_index);
-extern u32 ipsec_get_sa_index_by_sa_id (u32 sa_id);
-
typedef walk_rc_t (*ipsec_sa_walk_cb_t) (ipsec_sa_t * sa, void *ctx);
extern void ipsec_sa_walk (ipsec_sa_walk_cb_t cd, void *ctx);