aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec/ipsec_sa.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/vnet/ipsec/ipsec_sa.c')
-rw-r--r--src/vnet/ipsec/ipsec_sa.c25
1 files changed, 23 insertions, 2 deletions
diff --git a/src/vnet/ipsec/ipsec_sa.c b/src/vnet/ipsec/ipsec_sa.c
index e8a015957ce..afdecfee10d 100644
--- a/src/vnet/ipsec/ipsec_sa.c
+++ b/src/vnet/ipsec/ipsec_sa.c
@@ -17,6 +17,7 @@
#include <vnet/ipsec/esp.h>
#include <vnet/udp/udp.h>
#include <vnet/fib/fib_table.h>
+#include <vnet/ipsec/ipsec_tun.h>
/**
* @brief
@@ -292,7 +293,7 @@ ipsec_sa_del (u32 id)
{
clib_warning ("sa_id %u used in policy", sa->id);
/* sa used in policy */
- return VNET_API_ERROR_SYSCALL_ERROR_1;
+ return VNET_API_ERROR_RSRC_IN_USE;
}
hash_unset (im->sa_index_by_sa_id, sa->id);
err = ipsec_call_add_del_callbacks (im, sa, sa_index, 0);
@@ -313,12 +314,20 @@ ipsec_sa_del (u32 id)
return 0;
}
+void
+ipsec_sa_clear (index_t sai)
+{
+ vlib_zero_combined_counter (&ipsec_sa_counters, sai);
+}
+
u8
ipsec_is_sa_used (u32 sa_index)
{
ipsec_main_t *im = &ipsec_main;
+ ipsec_tun_protect_t *itp;
ipsec_tunnel_if_t *t;
ipsec_policy_t *p;
+ u32 sai;
/* *INDENT-OFF* */
pool_foreach(p, im->policies, ({
@@ -335,8 +344,20 @@ ipsec_is_sa_used (u32 sa_index)
if (t->output_sa_index == sa_index)
return 1;
}));
+
+ /* *INDENT-OFF* */
+ pool_foreach(itp, ipsec_protect_pool, ({
+ FOR_EACH_IPSEC_PROTECT_INPUT_SAI(itp, sai,
+ ({
+ if (sai == sa_index)
+ return 1;
+ }));
+ if (itp->itp_out_sa == sa_index)
+ return 1;
+ }));
/* *INDENT-ON* */
+
return 0;
}
@@ -415,7 +436,7 @@ ipsec_sa_back_walk (fib_node_t * node, fib_node_back_walk_ctx_t * ctx)
}
/*
- * Virtual function table registered by MPLS GRE tunnels
+ * Virtual function table registered by SAs
* for participation in the FIB object graph.
*/
const static fib_node_vft_t ipsec_sa_vft = {