summaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec/ipsec_tun.c
diff options
context:
space:
mode:
authorNeale Ranns <nranns@cisco.com>2019-07-16 06:19:35 -0700
committerNeale Ranns <nranns@cisco.com>2019-07-16 15:05:10 +0000
commit41afb33efe81a93ddf5879138802bf23602ccc81 (patch)
treec0a8f8b7866d58379e35fd5b57057b86b780115a /src/vnet/ipsec/ipsec_tun.c
parent37dab437be1331e40f6f3e63f52235655431f65f (diff)
ipsec: handle UDP keepalives
Type: feature Change-Id: I87cc1168466f267e8c4bbec318401982f4bdf03a Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'src/vnet/ipsec/ipsec_tun.c')
-rw-r--r--src/vnet/ipsec/ipsec_tun.c20
1 files changed, 14 insertions, 6 deletions
diff --git a/src/vnet/ipsec/ipsec_tun.c b/src/vnet/ipsec/ipsec_tun.c
index 46980df101b..859fab8899e 100644
--- a/src/vnet/ipsec/ipsec_tun.c
+++ b/src/vnet/ipsec/ipsec_tun.c
@@ -98,10 +98,14 @@ ipsec_tun_protect_db_add (ipsec_main_t * im, const ipsec_tun_protect_t * itp)
if (ip46_address_is_ip4 (&itp->itp_crypto.dst))
{
ipsec4_tunnel_key_t key = {
- .remote_ip = itp->itp_crypto.dst.ip4.as_u32,
+ .remote_ip = itp->itp_crypto.dst.ip4,
.spi = clib_host_to_net_u32 (sa->spi),
};
hash_set (im->tun4_protect_by_key, key.as_u64, res.as_u64);
+ if (1 == hash_elts(im->tun4_protect_by_key))
+ udp_register_dst_port (vlib_get_main(),
+ UDP_DST_PORT_ipsec,
+ ipsec4_tun_input_node.index, 1);
}
else
{
@@ -127,10 +131,14 @@ ipsec_tun_protect_db_remove (ipsec_main_t * im,
if (ip46_address_is_ip4 (&itp->itp_crypto.dst))
{
ipsec4_tunnel_key_t key = {
- .remote_ip = itp->itp_crypto.dst.ip4.as_u32,
+ .remote_ip = itp->itp_crypto.dst.ip4,
.spi = clib_host_to_net_u32 (sa->spi),
};
hash_unset (im->tun4_protect_by_key, &key);
+ if (0 == hash_elts(im->tun4_protect_by_key))
+ udp_unregister_dst_port (vlib_get_main(),
+ UDP_DST_PORT_ipsec,
+ 1);
}
else
{
@@ -359,10 +367,10 @@ ipsec_tun_protect_del (u32 sw_if_index)
pool_put (ipsec_protect_pool, itp);
- /* if (0 == hash_elts (im->tun4_protect_by_key)) */
- /* ip4_unregister_protocol (IP_PROTOCOL_IPSEC_ESP); */
- /* if (0 == hash_elts (im->tun6_protect_by_key)) */
- /* ip6_unregister_protocol (IP_PROTOCOL_IPSEC_ESP); */
+ if (0 == hash_elts (im->tun4_protect_by_key))
+ ip4_unregister_protocol (IP_PROTOCOL_IPSEC_ESP);
+ if (0 == hash_elts (im->tun6_protect_by_key))
+ ip6_unregister_protocol (IP_PROTOCOL_IPSEC_ESP);
return (0);
}