diff options
author | Matus Fabian <matfabia@cisco.com> | 2016-08-10 01:55:36 -0700 |
---|---|---|
committer | Keith Burns <alagalah@gmail.com> | 2016-08-17 23:21:46 +0000 |
commit | 694265d4f10dc86bd27bfd29a2b7c49440aeb6b5 (patch) | |
tree | 48dac360be791a6de945b4eaf1eca495ef08ef0a /vnet/vnet/ipsec/ipsec_if.c | |
parent | 0c25d1f2a872e693d22b81f1d9cd48cc46b10cc1 (diff) |
VPP-202: L2-GRE over IPSecv16.12-rc0
GRE encapsulate layer 2 traffic and IPSec encrypt what is encapsulated by GRE.
The whole point of L2-GRE over IPSec is to tunnel layer 2 over GRE and IPSec by
bridging the physical interface with IPSec-GRE tunnel interface.
Change-Id: Ia4cf9ed407bf663770e0d8905c0ad44ce73bd23b
Signed-off-by: Matus Fabian <matfabia@cisco.com>
Diffstat (limited to 'vnet/vnet/ipsec/ipsec_if.c')
-rw-r--r-- | vnet/vnet/ipsec/ipsec_if.c | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/vnet/vnet/ipsec/ipsec_if.c b/vnet/vnet/ipsec/ipsec_if.c index 475b7bda2bc..f4fad8d95b3 100644 --- a/vnet/vnet/ipsec/ipsec_if.c +++ b/vnet/vnet/ipsec/ipsec_if.c @@ -195,6 +195,68 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm, } int +ipsec_add_del_ipsec_gre_tunnel (vnet_main_t * vnm, + ipsec_add_del_ipsec_gre_tunnel_args_t * args) +{ + ipsec_tunnel_if_t *t = 0; + ipsec_main_t *im = &ipsec_main; + uword *p; + ipsec_sa_t *sa; + u64 key; + u32 isa, osa; + + p = hash_get (im->sa_index_by_sa_id, args->local_sa_id); + if (!p) + return VNET_API_ERROR_INVALID_VALUE; + isa = p[0]; + + p = hash_get (im->sa_index_by_sa_id, args->remote_sa_id); + if (!p) + return VNET_API_ERROR_INVALID_VALUE; + osa = p[0]; + sa = pool_elt_at_index (im->sad, p[0]); + + if (sa->is_tunnel) + key = (u64) sa->tunnel_dst_addr.ip4.as_u32 << 32 | (u64) sa->spi; + else + key = (u64) args->remote_ip.as_u32 << 32 | (u64) sa->spi; + + p = hash_get (im->ipsec_if_pool_index_by_key, key); + + if (args->is_add) + { + /* check if same src/dst pair exists */ + if (p) + return VNET_API_ERROR_INVALID_VALUE; + + pool_get_aligned (im->tunnel_interfaces, t, CLIB_CACHE_LINE_BYTES); + memset (t, 0, sizeof (*t)); + + t->input_sa_index = isa; + t->output_sa_index = osa; + t->hw_if_index = ~0; + hash_set (im->ipsec_if_pool_index_by_key, key, + t - im->tunnel_interfaces); + + /*1st interface, register protocol */ + if (pool_elts (im->tunnel_interfaces) == 1) + ip4_register_protocol (IP_PROTOCOL_IPSEC_ESP, + ipsec_if_input_node.index); + } + else + { + /* check if exists */ + if (!p) + return VNET_API_ERROR_INVALID_VALUE; + + t = pool_elt_at_index (im->tunnel_interfaces, p[0]); + hash_unset (im->ipsec_if_pool_index_by_key, key); + pool_put (im->tunnel_interfaces, t); + } + return 0; +} + +int ipsec_set_interface_key (vnet_main_t * vnm, u32 hw_if_index, ipsec_if_set_key_type_t type, u8 alg, u8 * key) { |