aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec
diff options
context:
space:
mode:
Diffstat (limited to 'src/vnet/ipsec')
-rw-r--r--src/vnet/ipsec/ipsec.api13
-rw-r--r--src/vnet/ipsec/ipsec.h4
-rw-r--r--src/vnet/ipsec/ipsec_api.c12
-rw-r--r--src/vnet/ipsec/ipsec_if.c22
4 files changed, 36 insertions, 15 deletions
diff --git a/src/vnet/ipsec/ipsec.api b/src/vnet/ipsec/ipsec.api
index f3b5993700b..011b0d4b1ff 100644
--- a/src/vnet/ipsec/ipsec.api
+++ b/src/vnet/ipsec/ipsec.api
@@ -511,7 +511,7 @@ define ipsec_spd_details {
@param remote_integ_key_len - length of remote integrity key in bytes
@param remote_integ_key - integrity key for inbound IPsec SA
*/
-autoreply define ipsec_tunnel_if_add_del {
+define ipsec_tunnel_if_add_del {
u32 client_index;
u32 context;
u8 is_add;
@@ -533,6 +533,17 @@ autoreply define ipsec_tunnel_if_add_del {
u8 remote_integ_key[128];
};
+/** \brief Add/delete IPsec tunnel interface response
+ @param context - sender context, to match reply w/ request
+ @param retval - return status
+ @param sw_if_index - sw_if_index of new interface (for successful add)
+*/
+define ipsec_tunnel_if_add_del_reply {
+ u32 context;
+ i32 retval;
+ u32 sw_if_index;
+};
+
/*
* Local Variables:
* eval: (c-set-style "gnu")
diff --git a/src/vnet/ipsec/ipsec.h b/src/vnet/ipsec/ipsec.h
index c884e360004..1eff1c3a0be 100644
--- a/src/vnet/ipsec/ipsec.h
+++ b/src/vnet/ipsec/ipsec.h
@@ -308,7 +308,9 @@ uword unformat_ipsec_policy_action (unformat_input_t * input, va_list * args);
uword unformat_ipsec_crypto_alg (unformat_input_t * input, va_list * args);
uword unformat_ipsec_integ_alg (unformat_input_t * input, va_list * args);
-/*u32 ipsec_add_del_tunnel_if (vnet_main_t * vnm, ipsec_add_del_tunnel_args_t * args); */
+int ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
+ ipsec_add_del_tunnel_args_t * args,
+ u32 * sw_if_index);
int ipsec_add_del_tunnel_if (ipsec_add_del_tunnel_args_t * args);
int ipsec_add_del_ipsec_gre_tunnel (vnet_main_t * vnm,
ipsec_add_del_ipsec_gre_tunnel_args_t *
diff --git a/src/vnet/ipsec/ipsec_api.c b/src/vnet/ipsec/ipsec_api.c
index 04dff4d0fd0..3a5b89feb7d 100644
--- a/src/vnet/ipsec/ipsec_api.c
+++ b/src/vnet/ipsec/ipsec_api.c
@@ -357,6 +357,9 @@ vl_api_ipsec_tunnel_if_add_del_t_handler (vl_api_ipsec_tunnel_if_add_del_t *
mp)
{
vl_api_ipsec_tunnel_if_add_del_reply_t *rmp;
+ ipsec_main_t *im = &ipsec_main;
+ vnet_main_t *vnm = im->vnet_main;
+ u32 sw_if_index = ~0;
int rv;
#if WITH_LIBSSL > 0
@@ -386,15 +389,20 @@ vl_api_ipsec_tunnel_if_add_del_t_handler (vl_api_ipsec_tunnel_if_add_del_t *
memcpy (&tun.remote_integ_key, &mp->remote_integ_key,
mp->remote_integ_key_len);
- rv = ipsec_add_del_tunnel_if (&tun);
+ rv = ipsec_add_del_tunnel_if_internal (vnm, &tun, &sw_if_index);
#else
rv = VNET_API_ERROR_UNIMPLEMENTED;
#endif
- REPLY_MACRO (VL_API_IPSEC_TUNNEL_IF_ADD_DEL_REPLY);
+ REPLY_MACRO2 (VL_API_IPSEC_TUNNEL_IF_ADD_DEL_REPLY, (
+ {
+ rmp->sw_if_index =
+ htonl (sw_if_index);
+ }));
}
+
static void
vl_api_ikev2_profile_add_del_t_handler (vl_api_ikev2_profile_add_del_t * mp)
{
diff --git a/src/vnet/ipsec/ipsec_if.c b/src/vnet/ipsec/ipsec_if.c
index ed1248942e3..9b0eb5b2779 100644
--- a/src/vnet/ipsec/ipsec_if.c
+++ b/src/vnet/ipsec/ipsec_if.c
@@ -92,16 +92,12 @@ VNET_HW_INTERFACE_CLASS (ipsec_hw_class) =
/* *INDENT-ON* */
static int
-ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
- ipsec_add_del_tunnel_args_t * args);
-
-static int
ipsec_add_del_tunnel_if_rpc_callback (ipsec_add_del_tunnel_args_t * a)
{
vnet_main_t *vnm = vnet_get_main ();
ASSERT (vlib_get_thread_index () == 0);
- return ipsec_add_del_tunnel_if_internal (vnm, a);
+ return ipsec_add_del_tunnel_if_internal (vnm, a, NULL);
}
int
@@ -114,11 +110,12 @@ ipsec_add_del_tunnel_if (ipsec_add_del_tunnel_args_t * args)
int
ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
- ipsec_add_del_tunnel_args_t * args)
+ ipsec_add_del_tunnel_args_t * args,
+ u32 * sw_if_index)
{
ipsec_tunnel_if_t *t;
ipsec_main_t *im = &ipsec_main;
- vnet_hw_interface_t *hi;
+ vnet_hw_interface_t *hi = NULL;
u32 hw_if_index = ~0;
uword *p;
ipsec_sa_t *sa;
@@ -209,10 +206,10 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
t - im->tunnel_interfaces,
ipsec_hw_class.index,
t - im->tunnel_interfaces);
-
- hi = vnet_get_hw_interface (vnm, hw_if_index);
- hi->output_node_index = ipsec_if_output_node.index;
}
+
+ hi = vnet_get_hw_interface (vnm, hw_if_index);
+ hi->output_node_index = ipsec_if_output_node.index;
t->hw_if_index = hw_if_index;
/*1st interface, register protocol */
@@ -220,7 +217,6 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
ip4_register_protocol (IP_PROTOCOL_IPSEC_ESP,
ipsec_if_input_node.index);
- return hw_if_index;
}
else
{
@@ -253,6 +249,10 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
hash_unset (im->ipsec_if_pool_index_by_key, key);
pool_put (im->tunnel_interfaces, t);
}
+
+ if (sw_if_index)
+ *sw_if_index = hi->sw_if_index;
+
return 0;
}