aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet
diff options
context:
space:
mode:
authorNeale Ranns <nranns@cisco.com>2019-02-11 11:24:07 +0000
committerDamjan Marion <dmarion@me.com>2019-02-11 16:07:38 +0000
commit7ba8fe20970b501f06a6c5a6e3632913e2492acb (patch)
tree1b5389d4a948ca0169b753329cf1ed2db1864a9d /src/vnet
parentb4c1491f7419a91bc5b74f1aa00f56d4b07c5b14 (diff)
IPSEC-tun: The tunnel DB uses the network order SPI to save the byte swap in the DP
Change-Id: I78a1c39682d5afd356a3cfe70097fc682e8cb938 Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'src/vnet')
-rw-r--r--src/vnet/ipsec/ipsec_if.c16
-rw-r--r--src/vnet/ipsec/ipsec_if_in.c3
2 files changed, 11 insertions, 8 deletions
diff --git a/src/vnet/ipsec/ipsec_if.c b/src/vnet/ipsec/ipsec_if.c
index 519b6135b1b..3ec4b0b460c 100644
--- a/src/vnet/ipsec/ipsec_if.c
+++ b/src/vnet/ipsec/ipsec_if.c
@@ -280,7 +280,8 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
ipsec_sa_flags_t flags;
int rv;
- u64 key = (u64) args->remote_ip.ip4.as_u32 << 32 | (u64) args->remote_spi;
+ u64 key = ((u64) args->remote_ip.ip4.as_u32 << 32 |
+ (u64) clib_host_to_net_u32 (args->remote_spi));
p = hash_get (im->ipsec_if_pool_index_by_key, key);
if (args->is_add)
@@ -436,9 +437,11 @@ ipsec_add_del_ipsec_gre_tunnel (vnet_main_t * vnm,
sa = pool_elt_at_index (im->sad, p[0]);
if (sa->is_tunnel)
- key = (u64) sa->tunnel_dst_addr.ip4.as_u32 << 32 | (u64) sa->spi;
+ key = ((u64) sa->tunnel_dst_addr.ip4.as_u32 << 32 |
+ (u64) clib_host_to_net_u32 (sa->spi));
else
- key = (u64) args->remote_ip.as_u32 << 32 | (u64) sa->spi;
+ key = ((u64) args->remote_ip.as_u32 << 32 |
+ (u64) clib_host_to_net_u32 (sa->spi));
p = hash_get (im->ipsec_if_pool_index_by_key, key);
@@ -563,15 +566,16 @@ ipsec_set_interface_sa (vnet_main_t * vnm, u32 hw_if_index, u32 sa_id,
old_sa = pool_elt_at_index (im->sad, old_sa_index);
/* unset old inbound hash entry. packets should stop arriving */
- key =
- (u64) old_sa->tunnel_src_addr.ip4.as_u32 << 32 | (u64) old_sa->spi;
+ key = ((u64) old_sa->tunnel_src_addr.ip4.as_u32 << 32 |
+ (u64) clib_host_to_net_u32 (old_sa->spi));
p = hash_get (im->ipsec_if_pool_index_by_key, key);
if (p)
hash_unset (im->ipsec_if_pool_index_by_key, key);
/* set new inbound SA, then set new hash entry */
t->input_sa_index = sa_index;
- key = (u64) sa->tunnel_src_addr.ip4.as_u32 << 32 | (u64) sa->spi;
+ key = ((u64) sa->tunnel_src_addr.ip4.as_u32 << 32 |
+ (u64) clib_host_to_net_u32 (sa->spi));
hash_set (im->ipsec_if_pool_index_by_key, key, hi->dev_instance);
}
else
diff --git a/src/vnet/ipsec/ipsec_if_in.c b/src/vnet/ipsec/ipsec_if_in.c
index 5834e3e6ad5..b8610f4864f 100644
--- a/src/vnet/ipsec/ipsec_if_in.c
+++ b/src/vnet/ipsec/ipsec_if_in.c
@@ -112,8 +112,7 @@ VLIB_NODE_FN (ipsec_if_input_node) (vlib_main_t * vm,
next0 = IPSEC_INPUT_NEXT_DROP;
- u64 key = (u64) ip0->src_address.as_u32 << 32 |
- (u64) clib_net_to_host_u32 (esp0->spi);
+ u64 key = (u64) ip0->src_address.as_u32 << 32 | (u64) esp0->spi;
p = hash_get (im->ipsec_if_pool_index_by_key, key);