diff options
| author |   Matus Fabian <matfabia@cisco.com> | 2016-08-10 01:55:36 -0700 |
|---|---|---|
| committer |   Keith Burns <alagalah@gmail.com> | 2016-08-17 23:21:46 +0000 |
| commit | 694265d4f10dc86bd27bfd29a2b7c49440aeb6b5 (patch) | |
| tree | 48dac360be791a6de945b4eaf1eca495ef08ef0a /vnet/vnet/ipsec/ipsec.c | |
| parent | 0c25d1f2a872e693d22b81f1d9cd48cc46b10cc1 (diff) | |
VPP-202: L2-GRE over IPSecv16.12-rc0
GRE encapsulate layer 2 traffic and IPSec encrypt what is encapsulated by GRE.
The whole point of L2-GRE over IPSec is to tunnel layer 2 over GRE and IPSec by
bridging the physical interface with IPSec-GRE tunnel interface.
Change-Id: Ia4cf9ed407bf663770e0d8905c0ad44ce73bd23b
Signed-off-by: Matus Fabian <matfabia@cisco.com>
Diffstat (limited to 'vnet/vnet/ipsec/ipsec.c')
| -rw-r--r-- | vnet/vnet/ipsec/ipsec.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/vnet/vnet/ipsec/ipsec.c b/vnet/vnet/ipsec/ipsec.c index bf9dd973f86..1b3b9ffcc38 100644 --- a/vnet/vnet/ipsec/ipsec.c +++ b/vnet/vnet/ipsec/ipsec.c @@ -24,6 +24,17 @@ #include <vnet/ipsec/esp.h> #include <vnet/ipsec/ikev2.h> +u32 +ipsec_get_sa_index_by_sa_id (u32 sa_id) +{ + ipsec_main_t *im = &ipsec_main; + uword *p = hash_get (im->sa_index_by_sa_id, sa_id); + if (!p) + return ~0; + + return p[0]; +} + int ipsec_set_interface_spd (vlib_main_t * vm, u32 sw_if_index, u32 spd_id, int is_add) @@ -391,6 +402,7 @@ ipsec_is_sa_used (u32 sa_index) ipsec_main_t *im = &ipsec_main; ipsec_spd_t *spd; ipsec_policy_t *p; + ipsec_tunnel_if_t *t; /* *INDENT-OFF* */ pool_foreach(spd, im->spds, ({ @@ -402,6 +414,13 @@ ipsec_is_sa_used (u32 sa_index) } })); })); + + pool_foreach(t, im->tunnel_interfaces, ({ + if (t->input_sa_index == sa_index) + return 1; + if (t->output_sa_index == sa_index) + return 1; + })); /* *INDENT-ON* */ return 0; |