ipsec: Derive the TUNNEL_V6 flag from the configured address types

Type: improvement

There's no need for the user to set the TUNNEL_V6 flag, it can be
derived from the tunnel's address type.

Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I073073dc970b8a3f2b2645bc697fc00db1adbb47

2 files changed, 8 insertions, 1 deletions

diff --git a/src/vnet/ipsec/ipsec_sa.c b/src/vnet/ipsec/ipsec_sa.c
index b1e337470ab..b5d58d0c053 100644
--- a/src/vnet/ipsec/ipsec_sa.c
+++ b/src/vnet/ipsec/ipsec_sa.c
@@ -270,6 +270,10 @@ ipsec_sa_add_and_lock (u32 id, u32 spi, ipsec_protocol_t proto,
       return VNET_API_ERROR_SYSCALL_ERROR_1;
     }
 
+  if (ipsec_sa_is_set_IS_TUNNEL (sa) &&
+      AF_IP6 == ip_addr_version (&tun->t_src))
+    ipsec_sa_set_IS_TUNNEL_V6 (sa);
+
   if (ipsec_sa_is_set_IS_TUNNEL (sa) && !ipsec_sa_is_set_IS_INBOUND (sa))
     {
       sa->tunnel_flags = sa->tunnel.t_encap_decap_flags;
diff --git a/src/vnet/ipsec/ipsec_types.api b/src/vnet/ipsec/ipsec_types.api
index 9fa7e058cbf..ed04f470fd2 100644
--- a/src/vnet/ipsec/ipsec_types.api
+++ b/src/vnet/ipsec/ipsec_types.api
@@ -68,7 +68,10 @@ enum ipsec_sad_flags
   /* IPsec tunnel mode if non-zero, else transport mode */
   IPSEC_API_SAD_FLAG_IS_TUNNEL = 0x04,
   /* IPsec tunnel mode is IPv6 if non-zero,
-   *  else IPv4 tunnel only valid if is_tunnel is non-zero */
+   *  else IPv4 tunnel only valid if is_tunnel is non-zero
+   *  DEPRECATED - the user does not need to set this it is
+   *               derived from the tunnel's address types.
+   */
   IPSEC_API_SAD_FLAG_IS_TUNNEL_V6 = 0x08,
   /* enable UDP encapsulation for NAT traversal */
   IPSEC_API_SAD_FLAG_UDP_ENCAP = 0x10,