diff options
author | Neale Ranns <nranns@cisco.com> | 2019-02-11 11:24:07 +0000 |
---|---|---|
committer | Damjan Marion <dmarion@me.com> | 2019-02-11 16:07:38 +0000 |
commit | 7ba8fe20970b501f06a6c5a6e3632913e2492acb (patch) | |
tree | 1b5389d4a948ca0169b753329cf1ed2db1864a9d /src/vnet | |
parent | b4c1491f7419a91bc5b74f1aa00f56d4b07c5b14 (diff) |
IPSEC-tun: The tunnel DB uses the network order SPI to save the byte swap in the DP
Change-Id: I78a1c39682d5afd356a3cfe70097fc682e8cb938
Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'src/vnet')
-rw-r--r-- | src/vnet/ipsec/ipsec_if.c | 16 | ||||
-rw-r--r-- | src/vnet/ipsec/ipsec_if_in.c | 3 |
2 files changed, 11 insertions, 8 deletions
diff --git a/src/vnet/ipsec/ipsec_if.c b/src/vnet/ipsec/ipsec_if.c index 519b6135b1b..3ec4b0b460c 100644 --- a/src/vnet/ipsec/ipsec_if.c +++ b/src/vnet/ipsec/ipsec_if.c @@ -280,7 +280,8 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm, ipsec_sa_flags_t flags; int rv; - u64 key = (u64) args->remote_ip.ip4.as_u32 << 32 | (u64) args->remote_spi; + u64 key = ((u64) args->remote_ip.ip4.as_u32 << 32 | + (u64) clib_host_to_net_u32 (args->remote_spi)); p = hash_get (im->ipsec_if_pool_index_by_key, key); if (args->is_add) @@ -436,9 +437,11 @@ ipsec_add_del_ipsec_gre_tunnel (vnet_main_t * vnm, sa = pool_elt_at_index (im->sad, p[0]); if (sa->is_tunnel) - key = (u64) sa->tunnel_dst_addr.ip4.as_u32 << 32 | (u64) sa->spi; + key = ((u64) sa->tunnel_dst_addr.ip4.as_u32 << 32 | + (u64) clib_host_to_net_u32 (sa->spi)); else - key = (u64) args->remote_ip.as_u32 << 32 | (u64) sa->spi; + key = ((u64) args->remote_ip.as_u32 << 32 | + (u64) clib_host_to_net_u32 (sa->spi)); p = hash_get (im->ipsec_if_pool_index_by_key, key); @@ -563,15 +566,16 @@ ipsec_set_interface_sa (vnet_main_t * vnm, u32 hw_if_index, u32 sa_id, old_sa = pool_elt_at_index (im->sad, old_sa_index); /* unset old inbound hash entry. packets should stop arriving */ - key = - (u64) old_sa->tunnel_src_addr.ip4.as_u32 << 32 | (u64) old_sa->spi; + key = ((u64) old_sa->tunnel_src_addr.ip4.as_u32 << 32 | + (u64) clib_host_to_net_u32 (old_sa->spi)); p = hash_get (im->ipsec_if_pool_index_by_key, key); if (p) hash_unset (im->ipsec_if_pool_index_by_key, key); /* set new inbound SA, then set new hash entry */ t->input_sa_index = sa_index; - key = (u64) sa->tunnel_src_addr.ip4.as_u32 << 32 | (u64) sa->spi; + key = ((u64) sa->tunnel_src_addr.ip4.as_u32 << 32 | + (u64) clib_host_to_net_u32 (sa->spi)); hash_set (im->ipsec_if_pool_index_by_key, key, hi->dev_instance); } else diff --git a/src/vnet/ipsec/ipsec_if_in.c b/src/vnet/ipsec/ipsec_if_in.c index 5834e3e6ad5..b8610f4864f 100644 --- a/src/vnet/ipsec/ipsec_if_in.c +++ b/src/vnet/ipsec/ipsec_if_in.c @@ -112,8 +112,7 @@ VLIB_NODE_FN (ipsec_if_input_node) (vlib_main_t * vm, next0 = IPSEC_INPUT_NEXT_DROP; - u64 key = (u64) ip0->src_address.as_u32 << 32 | - (u64) clib_net_to_host_u32 (esp0->spi); + u64 key = (u64) ip0->src_address.as_u32 << 32 | (u64) esp0->spi; p = hash_get (im->ipsec_if_pool_index_by_key, key); |