diff options
author | Matus Fabian <matfabia@cisco.com> | 2016-08-10 01:55:36 -0700 |
---|---|---|
committer | Keith Burns <alagalah@gmail.com> | 2016-08-17 23:21:46 +0000 |
commit | 694265d4f10dc86bd27bfd29a2b7c49440aeb6b5 (patch) | |
tree | 48dac360be791a6de945b4eaf1eca495ef08ef0a /vnet/vnet/ipsec/esp_decrypt.c | |
parent | 0c25d1f2a872e693d22b81f1d9cd48cc46b10cc1 (diff) |
VPP-202: L2-GRE over IPSecv16.12-rc0
GRE encapsulate layer 2 traffic and IPSec encrypt what is encapsulated by GRE.
The whole point of L2-GRE over IPSec is to tunnel layer 2 over GRE and IPSec by
bridging the physical interface with IPSec-GRE tunnel interface.
Change-Id: Ia4cf9ed407bf663770e0d8905c0ad44ce73bd23b
Signed-off-by: Matus Fabian <matfabia@cisco.com>
Diffstat (limited to 'vnet/vnet/ipsec/esp_decrypt.c')
-rw-r--r-- | vnet/vnet/ipsec/esp_decrypt.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/vnet/vnet/ipsec/esp_decrypt.c b/vnet/vnet/ipsec/esp_decrypt.c index c350508917b..6c7f27f078c 100644 --- a/vnet/vnet/ipsec/esp_decrypt.c +++ b/vnet/vnet/ipsec/esp_decrypt.c @@ -27,7 +27,8 @@ #define foreach_esp_decrypt_next \ _(DROP, "error-drop") \ _(IP4_INPUT, "ip4-input") \ -_(IP6_INPUT, "ip6-input") +_(IP6_INPUT, "ip6-input") \ +_(IPSEC_GRE_INPUT, "ipsec-gre-input") #define _(v, s) ESP_DECRYPT_NEXT_##v, typedef enum @@ -421,7 +422,10 @@ esp_decrypt_node_fn (vlib_main_t * vm, if (PREDICT_TRUE (tunnel_mode)) { if (PREDICT_TRUE (f0->next_header == IP_PROTOCOL_IP_IN_IP)) - next0 = ESP_DECRYPT_NEXT_IP4_INPUT; + { + next0 = ESP_DECRYPT_NEXT_IP4_INPUT; + oh4 = vlib_buffer_get_current (o_b0); + } else if (f0->next_header == IP_PROTOCOL_IPV6) next0 = ESP_DECRYPT_NEXT_IP6_INPUT; else @@ -471,6 +475,12 @@ esp_decrypt_node_fn (vlib_main_t * vm, } } + /* for IPSec-GRE tunnel next node is ipsec-gre-input */ + if (PREDICT_FALSE + ((vnet_buffer (i_b0)->output_features.ipsec_flags) & + IPSEC_FLAG_IPSEC_GRE_TUNNEL)) + next0 = ESP_DECRYPT_NEXT_IPSEC_GRE_INPUT; + to_next[0] = o_bi0; to_next += 1; |