2 files changed, 29 insertions, 43 deletions

diff --git a/src/plugins/dpdk/ipsec/esp_encrypt.c b/src/plugins/dpdk/ipsec/esp_encrypt.c
index f50291fcf2f..984bb64d1ef 100644
--- a/src/plugins/dpdk/ipsec/esp_encrypt.c
+++ b/src/plugins/dpdk/ipsec/esp_encrypt.c
@@ -357,9 +357,9 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm,
 		    clib_host_to_net_u32 (0xfe320000);
 
 		  oh0->ip4.src_address.as_u32 =
-		    sa0->tunnel.t_src.ip.ip4.as_u32;
+		    sa0->tunnel_src_addr.ip4.as_u32;
 		  oh0->ip4.dst_address.as_u32 =
-		    sa0->tunnel.t_dst.ip.ip4.as_u32;
+		    sa0->tunnel_dst_addr.ip4.as_u32;
 
 		  if (ipsec_sa_is_set_UDP_ENCAP (sa0))
 		    {
@@ -392,13 +392,13 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm,
 		  oh6_0->ip6.protocol = IP_PROTOCOL_IPSEC_ESP;
 		  oh6_0->ip6.hop_limit = 254;
 		  oh6_0->ip6.src_address.as_u64[0] =
-		    sa0->tunnel.t_src.ip.ip6.as_u64[0];
+		    sa0->tunnel_src_addr.ip6.as_u64[0];
 		  oh6_0->ip6.src_address.as_u64[1] =
-		    sa0->tunnel.t_src.ip.ip6.as_u64[1];
+		    sa0->tunnel_src_addr.ip6.as_u64[1];
 		  oh6_0->ip6.dst_address.as_u64[0] =
-		    sa0->tunnel.t_dst.ip.ip6.as_u64[0];
+		    sa0->tunnel_dst_addr.ip6.as_u64[0];
 		  oh6_0->ip6.dst_address.as_u64[1] =
-		    sa0->tunnel.t_dst.ip.ip6.as_u64[1];
+		    sa0->tunnel_dst_addr.ip6.as_u64[1];
 		  esp0 = &oh6_0->esp;
 		  oh6_0->esp.spi = clib_host_to_net_u32 (sa0->spi);
 		  oh6_0->esp.seq = clib_host_to_net_u32 (sa0->seq);
diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c
index 0df7faa9bab..aa57deb0924 100644
--- a/src/plugins/ikev2/ikev2.c
+++ b/src/plugins/ikev2/ikev2.c
@@ -1823,8 +1823,8 @@ typedef struct
   u32 remote_spi;
   ipsec_crypto_alg_t encr_type;
   ipsec_integ_alg_t integ_type;
-  ip_address_t local_ip;
-  ip_address_t remote_ip;
+  ip46_address_t local_ip;
+  ip46_address_t remote_ip;
   ipsec_key_t loc_ckey, rem_ckey, loc_ikey, rem_ikey;
   u8 is_rekey;
   u32 old_remote_sa_id;
@@ -1839,32 +1839,12 @@ ikev2_add_tunnel_from_main (ikev2_add_ipsec_tunnel_args_t * a)
   ikev2_main_t *km = &ikev2_main;
   u32 sw_if_index;
   int rv = 0;
-  tunnel_t tun_in = {
-    .t_flags = TUNNEL_FLAG_NONE,
-    .t_encap_decap_flags = TUNNEL_ENCAP_DECAP_FLAG_NONE,
-    .t_dscp = 0,
-    .t_mode = TUNNEL_MODE_P2P,
-    .t_table_id = 0,
-    .t_hop_limit = 255,
-    .t_src = a->local_ip,
-    .t_dst = a->remote_ip,
-  };
-  tunnel_t tun_out = {
-    .t_flags = TUNNEL_FLAG_NONE,
-    .t_encap_decap_flags = TUNNEL_ENCAP_DECAP_FLAG_NONE,
-    .t_dscp = 0,
-    .t_mode = TUNNEL_MODE_P2P,
-    .t_table_id = 0,
-    .t_hop_limit = 255,
-    .t_src = a->remote_ip,
-    .t_dst = a->local_ip,
-  };
 
   if (~0 == a->sw_if_index)
     {
       /* no tunnel associated with the SA/profile - create a new one */
-      rv = ipip_add_tunnel (IPIP_TRANSPORT_IP4, ~0, &ip_addr_46 (&a->local_ip),
-			    &ip_addr_46 (&a->remote_ip), 0,
+      rv = ipip_add_tunnel (IPIP_TRANSPORT_IP4, ~0,
+			    &a->local_ip, &a->remote_ip, 0,
 			    TUNNEL_ENCAP_DECAP_FLAG_NONE, IP_DSCP_CS0,
 			    TUNNEL_MODE_P2P, &sw_if_index);
 
@@ -1903,18 +1883,24 @@ ikev2_add_tunnel_from_main (ikev2_add_ipsec_tunnel_args_t * a)
       vec_add1 (sas_in, a->old_remote_sa_id);
     }
 
-  rv = ipsec_sa_add_and_lock (a->local_sa_id, a->local_spi, IPSEC_PROTOCOL_ESP,
-			      a->encr_type, &a->loc_ckey, a->integ_type,
-			      &a->loc_ikey, a->flags, a->salt_local,
-			      a->src_port, a->dst_port, &tun_out, NULL);
+  rv = ipsec_sa_add_and_lock (a->local_sa_id,
+			      a->local_spi,
+			      IPSEC_PROTOCOL_ESP, a->encr_type,
+			      &a->loc_ckey, a->integ_type, &a->loc_ikey,
+			      a->flags, 0, a->salt_local, &a->local_ip,
+			      &a->remote_ip, TUNNEL_ENCAP_DECAP_FLAG_NONE,
+			      IP_DSCP_CS0, NULL, a->src_port, a->dst_port);
   if (rv)
     goto err0;
 
-  rv = ipsec_sa_add_and_lock (
-    a->remote_sa_id, a->remote_spi, IPSEC_PROTOCOL_ESP, a->encr_type,
-    &a->rem_ckey, a->integ_type, &a->rem_ikey,
-    (a->flags | IPSEC_SA_FLAG_IS_INBOUND), a->salt_remote,
-    a->ipsec_over_udp_port, a->ipsec_over_udp_port, &tun_in, NULL);
+  rv = ipsec_sa_add_and_lock (a->remote_sa_id, a->remote_spi,
+			      IPSEC_PROTOCOL_ESP, a->encr_type, &a->rem_ckey,
+			      a->integ_type, &a->rem_ikey,
+			      (a->flags | IPSEC_SA_FLAG_IS_INBOUND), 0,
+			      a->salt_remote, &a->remote_ip,
+			      &a->local_ip, TUNNEL_ENCAP_DECAP_FLAG_NONE,
+			      IP_DSCP_CS0, NULL,
+			      a->ipsec_over_udp_port, a->ipsec_over_udp_port);
   if (rv)
     goto err1;
 
@@ -1958,16 +1944,16 @@ ikev2_create_tunnel_interface (vlib_main_t * vm,
 
   if (sa->is_initiator)
     {
-      ip_address_copy (&a.local_ip, &sa->iaddr);
-      ip_address_copy (&a.remote_ip, &sa->raddr);
+      ip_address_to_46 (&sa->iaddr, &a.local_ip);
+      ip_address_to_46 (&sa->raddr, &a.remote_ip);
       proposals = child->r_proposals;
       a.local_spi = child->r_proposals[0].spi;
       a.remote_spi = child->i_proposals[0].spi;
     }
   else
     {
-      ip_address_copy (&a.local_ip, &sa->raddr);
-      ip_address_copy (&a.remote_ip, &sa->iaddr);
+      ip_address_to_46 (&sa->raddr, &a.local_ip);
+      ip_address_to_46 (&sa->iaddr, &a.remote_ip);
       proposals = child->i_proposals;
       a.local_spi = child->i_proposals[0].spi;
       a.remote_spi = child->r_proposals[0].spi;