aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec/esp_encrypt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/vnet/ipsec/esp_encrypt.c')
-rw-r--r--src/vnet/ipsec/esp_encrypt.c79
1 files changed, 11 insertions, 68 deletions
diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c
index dce887f6fa8..15f590acbdb 100644
--- a/src/vnet/ipsec/esp_encrypt.c
+++ b/src/vnet/ipsec/esp_encrypt.c
@@ -608,7 +608,7 @@ esp_encrypt_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
esp_header_t *esp;
u8 *payload, *next_hdr_ptr;
u16 payload_len, payload_len_total, n_bufs;
- u32 hdr_len, config_index;
+ u32 hdr_len;
if (n_left > 2)
{
@@ -623,8 +623,6 @@ esp_encrypt_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
if (is_tun)
{
/* we are on a ipsec tunnel's feature arc */
- config_index = b[0]->current_config_index;
- vnet_feature_next_u16 (&next[0], b[0]);
vnet_buffer (b[0])->ipsec.sad_index =
sa_index0 = ipsec_tun_protect_get_sa_out
(vnet_buffer (b[0])->ip.adj_index[VLIB_TX]);
@@ -675,10 +673,6 @@ esp_encrypt_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
if (PREDICT_TRUE (thread_index != sa0->encrypt_thread_index))
{
next[0] = ESP_ENCRYPT_NEXT_HANDOFF;
- if (is_tun)
- {
- b[0]->current_config_index = config_index;
- }
goto trace;
}
@@ -778,6 +772,8 @@ esp_encrypt_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
next[0] = dpo->dpoi_next_node;
vnet_buffer (b[0])->ip.adj_index[VLIB_TX] = dpo->dpoi_index;
}
+ else
+ next[0] = ESP_ENCRYPT_NEXT_INTERFACE_OUTPUT;
}
else /* transport mode */
{
@@ -872,8 +868,7 @@ esp_encrypt_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
esp_fill_udp_hdr (sa0, udp, udp_len);
}
- if (!is_tun)
- next[0] = ESP_ENCRYPT_NEXT_INTERFACE_OUTPUT;
+ next[0] = ESP_ENCRYPT_NEXT_INTERFACE_OUTPUT;
}
esp->spi = spi;
@@ -1154,7 +1149,7 @@ VLIB_REGISTER_NODE (esp4_encrypt_tun_node) = {
.next_nodes = {
[ESP_ENCRYPT_NEXT_DROP] = "ip4-drop",
[ESP_ENCRYPT_NEXT_HANDOFF] = "esp4-encrypt-tun-handoff",
- [ESP_ENCRYPT_NEXT_INTERFACE_OUTPUT] = "error-drop",
+ [ESP_ENCRYPT_NEXT_INTERFACE_OUTPUT] = "adj-midchain-tx",
[ESP_ENCRYPT_NEXT_PENDING] = "esp-encrypt-pending",
},
};
@@ -1177,27 +1172,6 @@ VLIB_REGISTER_NODE (esp4_encrypt_tun_post_node) = {
.n_errors = ARRAY_LEN(esp_encrypt_error_strings),
.error_strings = esp_encrypt_error_strings,
};
-
-VNET_FEATURE_INIT (esp4_encrypt_tun_feat_node, static) =
-{
- .arc_name = "ip4-output",
- .node_name = "esp4-encrypt-tun",
- .runs_before = VNET_FEATURES ("adj-midchain-tx"),
-};
-
-VNET_FEATURE_INIT (esp6o4_encrypt_tun_feat_node, static) =
-{
- .arc_name = "ip6-output",
- .node_name = "esp4-encrypt-tun",
- .runs_before = VNET_FEATURES ("adj-midchain-tx"),
-};
-
-VNET_FEATURE_INIT (esp4_ethernet_encrypt_tun_feat_node, static) =
-{
- .arc_name = "ethernet-output",
- .node_name = "esp4-encrypt-tun",
- .runs_before = VNET_FEATURES ("adj-midchain-tx", "adj-midchain-tx-no-count"),
-};
/* *INDENT-ON* */
VLIB_NODE_FN (esp6_encrypt_tun_node) (vlib_main_t * vm,
@@ -1222,25 +1196,11 @@ VLIB_REGISTER_NODE (esp6_encrypt_tun_node) = {
.next_nodes = {
[ESP_ENCRYPT_NEXT_DROP] = "ip6-drop",
[ESP_ENCRYPT_NEXT_HANDOFF] = "esp6-encrypt-tun-handoff",
- [ESP_ENCRYPT_NEXT_INTERFACE_OUTPUT] = "error-drop",
[ESP_ENCRYPT_NEXT_PENDING] = "esp-encrypt-pending",
+ [ESP_ENCRYPT_NEXT_INTERFACE_OUTPUT] = "adj-midchain-tx",
},
};
-VNET_FEATURE_INIT (esp6_encrypt_tun_feat_node, static) =
-{
- .arc_name = "ip6-output",
- .node_name = "esp6-encrypt-tun",
- .runs_before = VNET_FEATURES ("adj-midchain-tx"),
-};
-
-VNET_FEATURE_INIT (esp4o6_encrypt_tun_feat_node, static) =
-{
- .arc_name = "ip4-output",
- .node_name = "esp6-encrypt-tun",
- .runs_before = VNET_FEATURES ("adj-midchain-tx"),
-};
-
/* *INDENT-ON* */
VLIB_NODE_FN (esp6_encrypt_tun_post_node) (vlib_main_t * vm,
@@ -1300,7 +1260,6 @@ esp_no_crypto_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
vlib_frame_t * frame)
{
vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b = bufs;
- u16 nexts[VLIB_FRAME_SIZE], *next = nexts;
u32 *from = vlib_frame_vector_args (frame);
u32 n_left = frame->n_vectors;
@@ -1308,14 +1267,11 @@ esp_no_crypto_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
while (n_left > 0)
{
- u32 next0;
u32 sa_index0;
/* packets are always going to be dropped, but get the sa_index */
- sa_index0 = *(u32 *) vnet_feature_next_with_data (&next0, b[0],
- sizeof (sa_index0));
-
- next[0] = ESP_NO_CRYPTO_NEXT_DROP;
+ sa_index0 = ipsec_tun_protect_get_sa_out
+ (vnet_buffer (b[0])->ip.adj_index[VLIB_TX]);
if (PREDICT_FALSE (b[0]->flags & VLIB_BUFFER_IS_TRACED))
{
@@ -1325,14 +1281,15 @@ esp_no_crypto_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
}
n_left -= 1;
- next += 1;
b += 1;
}
vlib_node_increment_counter (vm, node->node_index,
ESP_NO_CRYPTO_ERROR_RX_PKTS, frame->n_vectors);
- vlib_buffer_enqueue_to_next (vm, node, from, nexts, frame->n_vectors);
+ vlib_buffer_enqueue_to_single_next (vm, node, from,
+ ESP_NO_CRYPTO_NEXT_DROP,
+ frame->n_vectors);
return frame->n_vectors;
}
@@ -1358,13 +1315,6 @@ VLIB_REGISTER_NODE (esp4_no_crypto_tun_node) =
},
};
-VNET_FEATURE_INIT (esp4_no_crypto_tun_feat_node, static) =
-{
- .arc_name = "ip4-output",
- .node_name = "esp4-no-crypto",
- .runs_before = VNET_FEATURES ("adj-midchain-tx"),
-};
-
VLIB_NODE_FN (esp6_no_crypto_tun_node) (vlib_main_t * vm,
vlib_node_runtime_t * node,
vlib_frame_t * from_frame)
@@ -1385,13 +1335,6 @@ VLIB_REGISTER_NODE (esp6_no_crypto_tun_node) =
[ESP_NO_CRYPTO_NEXT_DROP] = "ip6-drop",
},
};
-
-VNET_FEATURE_INIT (esp6_no_crypto_tun_feat_node, static) =
-{
- .arc_name = "ip6-output",
- .node_name = "esp6-no-crypto",
- .runs_before = VNET_FEATURES ("adj-midchain-tx"),
-};
/* *INDENT-ON* */
VLIB_NODE_FN (esp_encrypt_pending_node) (vlib_main_t * vm,