ip ipsec: Remove IPSec SPI-0 punt reason

Type: fix

There's no call for an SPI-0 punt reason with UDP encap, since
it's only with UDP encap that the ambiguity between IKE or IPSEC
occurs (and SPI=0 determines IKE).

Enhance the punt API to dum ponly the reason requested, so a client
can use this as a get-ID API

Change-Id: I5c6d72b03885e88c489117677e72f1ef5da90dfc
Signed-off-by: Neale Ranns <nranns@cisco.com>

3 files changed, 9 insertions, 24 deletions

diff --git a/src/vnet/ipsec/ipsec_if_in.c b/src/vnet/ipsec/ipsec_if_in.c
index d1f9d5c3ad3..4e93725b97c 100644
--- a/src/vnet/ipsec/ipsec_if_in.c
+++ b/src/vnet/ipsec/ipsec_if_in.c
@@ -74,7 +74,8 @@ ipsec_ip4_if_no_tunnel (vlib_node_runtime_t * node,
       b->error = node->errors[IPSEC_IF_INPUT_ERROR_SPI_0];
       b->punt_reason =
 	ipsec_punt_reason[(ip4->protocol == IP_PROTOCOL_UDP ?
-			   IPSEC_PUNT_IP4_SPI_UDP_0 : IPSEC_PUNT_IP4_SPI_0)];
+			   IPSEC_PUNT_IP4_SPI_UDP_0 :
+			   IPSEC_PUNT_IP4_NO_SUCH_TUNNEL)];
     }
   else
     {
@@ -90,16 +91,9 @@ ipsec_ip6_if_no_tunnel (vlib_node_runtime_t * node,
 			vlib_buffer_t * b,
 			const esp_header_t * esp, u16 offset)
 {
-  if (PREDICT_FALSE (0 == esp->spi))
-    {
-      b->error = node->errors[IPSEC_IF_INPUT_ERROR_NO_TUNNEL];
-      b->punt_reason = ipsec_punt_reason[IPSEC_PUNT_IP6_SPI_0];
-    }
-  else
-    {
-      b->error = node->errors[IPSEC_IF_INPUT_ERROR_NO_TUNNEL];
-      b->punt_reason = ipsec_punt_reason[IPSEC_PUNT_IP6_NO_SUCH_TUNNEL];
-    }
+  b->error = node->errors[IPSEC_IF_INPUT_ERROR_NO_TUNNEL];
+  b->punt_reason = ipsec_punt_reason[IPSEC_PUNT_IP6_NO_SUCH_TUNNEL];
+
   vlib_buffer_advance (b, -offset);
   return (IPSEC_INPUT_NEXT_PUNT);
 }
diff --git a/src/vnet/ipsec/ipsec_punt.h b/src/vnet/ipsec/ipsec_punt.h
index 4400ec9b4d2..f95e1da9133 100644
--- a/src/vnet/ipsec/ipsec_punt.h
+++ b/src/vnet/ipsec/ipsec_punt.h
@@ -18,8 +18,6 @@
 #include <vlib/vlib.h>
 
 #define foreach_ipsec_punt_reason                             \
-  _(IP4_SPI_0, "ipsec4-spi-0")                                \
-  _(IP6_SPI_0, "ipsec6-spi-0")                                \
   _(IP4_SPI_UDP_0, "ipsec4-spi-o-udp-0")                      \
   _(IP4_NO_SUCH_TUNNEL, "ipsec4-no-such-tunnel")              \
   _(IP6_NO_SUCH_TUNNEL, "ipsec6-no-such-tunnel")
diff --git a/src/vnet/ipsec/ipsec_tun_in.c b/src/vnet/ipsec/ipsec_tun_in.c
index 2ce1691b242..df6d9278303 100644
--- a/src/vnet/ipsec/ipsec_tun_in.c
+++ b/src/vnet/ipsec/ipsec_tun_in.c
@@ -85,7 +85,7 @@ ipsec_ip4_if_no_tunnel (vlib_node_runtime_t * node,
       b->error = node->errors[IPSEC_TUN_PROTECT_INPUT_ERROR_SPI_0];
       b->punt_reason = ipsec_punt_reason[(ip4->protocol == IP_PROTOCOL_UDP ?
 					  IPSEC_PUNT_IP4_SPI_UDP_0 :
-					  IPSEC_PUNT_IP4_SPI_0)];
+					  IPSEC_PUNT_IP4_NO_SUCH_TUNNEL)];
     }
   else
     {
@@ -99,16 +99,9 @@ always_inline u16
 ipsec_ip6_if_no_tunnel (vlib_node_runtime_t * node,
 			vlib_buffer_t * b, const esp_header_t * esp)
 {
-  if (PREDICT_FALSE (0 == esp->spi))
-    {
-      b->error = node->errors[IPSEC_TUN_PROTECT_INPUT_ERROR_NO_TUNNEL];
-      b->punt_reason = ipsec_punt_reason[IPSEC_PUNT_IP6_SPI_0];
-    }
-  else
-    {
-      b->error = node->errors[IPSEC_TUN_PROTECT_INPUT_ERROR_NO_TUNNEL];
-      b->punt_reason = ipsec_punt_reason[IPSEC_PUNT_IP6_NO_SUCH_TUNNEL];
-    }
+  b->error = node->errors[IPSEC_TUN_PROTECT_INPUT_ERROR_NO_TUNNEL];
+  b->punt_reason = ipsec_punt_reason[IPSEC_PUNT_IP6_NO_SUCH_TUNNEL];
+
   return (IPSEC_INPUT_NEXT_PUNT);
 }