aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec/ipsec_tun.c
diff options
context:
space:
mode:
authorNeale Ranns <nranns@cisco.com>2020-12-23 16:22:28 +0000
committerAndrew Yourtchenko <ayourtch@gmail.com>2021-01-07 09:15:13 +0000
commita9e2774f5561ccb77c8243a196f93f5070f6c5ad (patch)
tree9bf88556378551ca3bc8ba24b2e2a42878b11208 /src/vnet/ipsec/ipsec_tun.c
parent3b6c84c8411f0052410fa0f207fd90f99cee5a2b (diff)
ipsec: Deprecated the old IPsec Tunnel interface
Type: fix it's been 2 releases since it was marked deprecated. Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I0eba7ed607826ed0d00e7d2d8f9b27d09e8e9a6e
Diffstat (limited to 'src/vnet/ipsec/ipsec_tun.c')
-rw-r--r--src/vnet/ipsec/ipsec_tun.c111
1 files changed, 3 insertions, 108 deletions
diff --git a/src/vnet/ipsec/ipsec_tun.c b/src/vnet/ipsec/ipsec_tun.c
index a35b6190c44..c3f50a6ffe9 100644
--- a/src/vnet/ipsec/ipsec_tun.c
+++ b/src/vnet/ipsec/ipsec_tun.c
@@ -529,111 +529,6 @@ ipsec_tun_protect_unconfig (ipsec_main_t * im, ipsec_tun_protect_t * itp)
ITP_DBG (itp, "unconfigured");
}
-int
-ipsec_tun_protect_update_one (u32 sw_if_index,
- const ip_address_t * nh, u32 sa_out, u32 sa_in)
-{
- u32 *sas_in = NULL;
- int rv;
-
- vec_add1 (sas_in, sa_in);
- rv = ipsec_tun_protect_update (sw_if_index, nh, sa_out, sas_in);
-
- return (rv);
-}
-
-int
-ipsec_tun_protect_update_out (u32 sw_if_index,
- const ip_address_t * nh, u32 sa_out)
-{
- u32 itpi, *sas_in, sai, *saip;
- ipsec_tun_protect_t *itp;
- ipsec_main_t *im;
- int rv;
-
- sas_in = NULL;
- rv = 0;
- im = &ipsec_main;
-
- itpi = ipsec_tun_protect_find (sw_if_index, nh);
-
- if (INDEX_INVALID == itpi)
- {
- return (VNET_API_ERROR_INVALID_INTERFACE);
- }
-
- itp = pool_elt_at_index (ipsec_tun_protect_pool, itpi);
-
- /* *INDENT-OFF* */
- FOR_EACH_IPSEC_PROTECT_INPUT_SAI (itp, sai,
- ({
- ipsec_sa_lock (sai);
- vec_add1 (sas_in, sai);
- }));
- /* *INDENT-ON* */
-
- sa_out = ipsec_sa_find_and_lock (sa_out);
-
- if (~0 == sa_out)
- {
- rv = VNET_API_ERROR_INVALID_VALUE;
- goto out;
- }
-
- ipsec_tun_protect_unconfig (im, itp);
- ipsec_tun_protect_config (im, itp, sa_out, sas_in);
-
- ipsec_sa_unlock (sa_out);
- vec_foreach (saip, sas_in) ipsec_sa_unlock (*saip);
-
-out:
- vec_free (sas_in);
- return (rv);
-}
-
-int
-ipsec_tun_protect_update_in (u32 sw_if_index,
- const ip_address_t * nh, u32 sa_in)
-{
- u32 itpi, *sas_in, sa_out;
- ipsec_tun_protect_t *itp;
- ipsec_main_t *im;
- int rv;
-
- sas_in = NULL;
- rv = 0;
- im = &ipsec_main;
- itpi = ipsec_tun_protect_find (sw_if_index, nh);
-
- if (INDEX_INVALID == itpi)
- {
- return (VNET_API_ERROR_INVALID_INTERFACE);
- }
-
- sa_in = ipsec_sa_find_and_lock (sa_in);
-
- if (~0 == sa_in)
- {
- rv = VNET_API_ERROR_INVALID_VALUE;
- goto out;
- }
- vec_add1 (sas_in, sa_in);
-
- itp = pool_elt_at_index (ipsec_tun_protect_pool, itpi);
- sa_out = itp->itp_out_sa;
-
- ipsec_sa_lock (sa_out);
-
- ipsec_tun_protect_unconfig (im, itp);
- ipsec_tun_protect_config (im, itp, sa_out, sas_in);
-
- ipsec_sa_unlock (sa_out);
- ipsec_sa_unlock (sa_in);
-out:
- vec_free (sas_in);
- return (rv);
-}
-
static void
ipsec_tun_protect_update_from_teib (ipsec_tun_protect_t * itp,
const teib_entry_t * ne)
@@ -972,7 +867,7 @@ const static teib_vft_t ipsec_tun_teib_vft = {
.nv_deleted = ipsec_tun_teib_entry_deleted,
};
-void
+static void
ipsec_tun_table_init (ip_address_family_t af, uword table_size, u32 n_buckets)
{
ipsec_main_t *im;
@@ -987,8 +882,8 @@ ipsec_tun_table_init (ip_address_family_t af, uword table_size, u32 n_buckets)
"IPSec IPv6 tunnels", n_buckets, table_size);
}
-clib_error_t *
-ipsec_tunnel_protect_init (vlib_main_t * vm)
+static clib_error_t *
+ipsec_tunnel_protect_init (vlib_main_t *vm)
{
ipsec_main_t *im;