summaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec
diff options
context:
space:
mode:
Diffstat (limited to 'src/vnet/ipsec')
-rw-r--r--src/vnet/ipsec/ipsec_sa.c16
1 files changed, 6 insertions, 10 deletions
diff --git a/src/vnet/ipsec/ipsec_sa.c b/src/vnet/ipsec/ipsec_sa.c
index e3eff586906..11d6b10c4a4 100644
--- a/src/vnet/ipsec/ipsec_sa.c
+++ b/src/vnet/ipsec/ipsec_sa.c
@@ -17,6 +17,7 @@
#include <vnet/ipsec/esp.h>
#include <vnet/udp/udp.h>
#include <vnet/fib/fib_table.h>
+#include <vnet/fib/fib_entry_track.h>
#include <vnet/ipsec/ipsec_tun.h>
/**
@@ -218,12 +219,10 @@ ipsec_sa_add_and_lock (u32 id,
return VNET_API_ERROR_NO_SUCH_FIB;
}
- sa->fib_entry_index = fib_table_entry_special_add (sa->tx_fib_index,
- &pfx,
- FIB_SOURCE_RR,
- FIB_ENTRY_FLAG_NONE);
- sa->sibling = fib_entry_child_add (sa->fib_entry_index,
- FIB_NODE_TYPE_IPSEC_SA, sa_index);
+ sa->fib_entry_index = fib_entry_track (sa->tx_fib_index,
+ &pfx,
+ FIB_NODE_TYPE_IPSEC_SA,
+ sa_index, &sa->sibling);
ipsec_sa_stack (sa);
/* generate header templates */
@@ -288,10 +287,7 @@ ipsec_sa_del (ipsec_sa_t * sa)
if (ipsec_sa_is_set_IS_TUNNEL (sa) && !ipsec_sa_is_set_IS_INBOUND (sa))
{
- fib_entry_child_remove (sa->fib_entry_index, sa->sibling);
- fib_table_entry_special_remove
- (sa->tx_fib_index,
- fib_entry_get_prefix (sa->fib_entry_index), FIB_SOURCE_RR);
+ fib_entry_untrack (sa->fib_entry_index, sa->sibling);
dpo_reset (&sa->dpo);
}
vnet_crypto_key_del (vm, sa->crypto_key_index);