summaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec
diff options
context:
space:
mode:
authorNeale Ranns <neale@graphiant.com>2021-01-19 13:30:23 +0000
committerOle Tr�an <otroan@employees.org>2021-01-21 10:58:39 +0000
commit03fabbd22215d306fb66c51f952480631d67c9dc (patch)
treea6de31d85d0a9ca8387d8f8172bea0fd08f98a30 /src/vnet/ipsec
parent45d6d83761cd8c09c0a6430d11f70c37c3df256e (diff)
ipsec: Honour IPSec SA table-ID over API
Type: fix Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ib08fe356e4dc710dd60a96736c48b27129f06786
Diffstat (limited to 'src/vnet/ipsec')
-rw-r--r--src/vnet/ipsec/ipsec_api.c14
-rw-r--r--src/vnet/ipsec/ipsec_format.c6
2 files changed, 9 insertions, 11 deletions
diff --git a/src/vnet/ipsec/ipsec_api.c b/src/vnet/ipsec/ipsec_api.c
index 335996ee077..1a419e5c21a 100644
--- a/src/vnet/ipsec/ipsec_api.c
+++ b/src/vnet/ipsec/ipsec_api.c
@@ -454,15 +454,11 @@ static void vl_api_ipsec_sad_entry_add_del_v2_t_handler
ip_address_decode (&mp->entry.tunnel_dst, &tun_dst);
if (mp->is_add)
- rv = ipsec_sa_add_and_lock (id, spi, proto,
- crypto_alg, &crypto_key,
- integ_alg, &integ_key, flags,
- 0, mp->entry.salt, &tun_src, &tun_dst,
- tunnel_flags,
- ip_dscp_decode (mp->entry.dscp),
- &sa_index,
- htons (mp->entry.udp_src_port),
- htons (mp->entry.udp_dst_port));
+ rv = ipsec_sa_add_and_lock (
+ id, spi, proto, crypto_alg, &crypto_key, integ_alg, &integ_key, flags,
+ htonl (mp->entry.tx_table_id), mp->entry.salt, &tun_src, &tun_dst,
+ tunnel_flags, ip_dscp_decode (mp->entry.dscp), &sa_index,
+ htons (mp->entry.udp_src_port), htons (mp->entry.udp_dst_port));
else
rv = ipsec_sa_unlock_id (id);
diff --git a/src/vnet/ipsec/ipsec_format.c b/src/vnet/ipsec/ipsec_format.c
index 552d446aa34..909254a1dc9 100644
--- a/src/vnet/ipsec/ipsec_format.c
+++ b/src/vnet/ipsec/ipsec_format.c
@@ -320,8 +320,10 @@ format_ipsec_sa (u8 * s, va_list * args)
if (ipsec_sa_is_set_IS_TUNNEL (sa))
{
- tx_table_id = fib_table_get_table_id (sa->tx_fib_index,
- FIB_PROTOCOL_IP4);
+ tx_table_id = fib_table_get_table_id (
+ sa->tx_fib_index,
+ (ipsec_sa_is_set_IS_TUNNEL_V6 (sa) ? FIB_PROTOCOL_IP6 :
+ FIB_PROTOCOL_IP4));
s = format (s, "\n table-ID %d tunnel %U src %U dst %U flags %U",
tx_table_id,
format_ip_dscp, sa->dscp,