diff options
Diffstat (limited to 'src/vnet')
-rw-r--r-- | src/vnet/ipsec/esp.h | 4 | ||||
-rw-r--r-- | src/vnet/ipsec/esp_encrypt.c | 2 | ||||
-rw-r--r-- | src/vnet/ipsec/ipsec.api | 2 | ||||
-rw-r--r-- | src/vnet/ipsec/ipsec_api.c | 6 | ||||
-rw-r--r-- | src/vnet/ipsec/ipsec_format.c | 2 | ||||
-rw-r--r-- | src/vnet/ipsec/ipsec_if.c | 2 | ||||
-rw-r--r-- | src/vnet/ipsec/ipsec_sa.c | 4 | ||||
-rw-r--r-- | src/vnet/ipsec/ipsec_sa.h | 6 |
8 files changed, 14 insertions, 14 deletions
diff --git a/src/vnet/ipsec/esp.h b/src/vnet/ipsec/esp.h index cc12785aaa4..2f734aa05ce 100644 --- a/src/vnet/ipsec/esp.h +++ b/src/vnet/ipsec/esp.h @@ -64,7 +64,7 @@ u8 *format_esp_header (u8 * s, va_list * args); always_inline int esp_seq_advance (ipsec_sa_t * sa) { - if (PREDICT_TRUE (ipsec_sa_is_set_USE_EXTENDED_SEQ_NUM (sa))) + if (PREDICT_TRUE (ipsec_sa_is_set_USE_ESN (sa))) { if (PREDICT_FALSE (sa->seq == ESP_SEQ_MAX)) { @@ -104,7 +104,7 @@ hmac_calc (vlib_main_t * vm, ipsec_sa_t * sa, u8 * data, int data_len, op->dst = signature; op->hmac_trunc_len = sa->integ_trunc_size; - if (ipsec_sa_is_set_USE_EXTENDED_SEQ_NUM (sa)) + if (ipsec_sa_is_set_USE_ESN (sa)) { u32 seq_hi = clib_host_to_net_u32 (sa->seq_hi); diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c index c08ea7f6c10..fc1fe392f16 100644 --- a/src/vnet/ipsec/esp_encrypt.c +++ b/src/vnet/ipsec/esp_encrypt.c @@ -451,7 +451,7 @@ esp_encrypt_inline (vlib_main_t * vm, vlib_node_runtime_t * node, op->len = payload_len - icv_sz + iv_sz + sizeof (esp_header_t); op->flags = 0; op->user_data = b - bufs; - if (ipsec_sa_is_set_USE_EXTENDED_SEQ_NUM (sa0)) + if (ipsec_sa_is_set_USE_ESN (sa0)) { u32 seq_hi = clib_net_to_host_u32 (sa0->seq_hi); clib_memcpy_fast (op->dst, &seq_hi, sizeof (seq_hi)); diff --git a/src/vnet/ipsec/ipsec.api b/src/vnet/ipsec/ipsec.api index e6e1ce3667b..bc407f1d272 100644 --- a/src/vnet/ipsec/ipsec.api +++ b/src/vnet/ipsec/ipsec.api @@ -222,7 +222,7 @@ enum ipsec_sad_flags { IPSEC_API_SAD_FLAG_NONE = 0, /* Enable extended sequence numbers */ - IPSEC_API_SAD_FLAG_USE_EXTENDED_SEQ_NUM = 0x01, + IPSEC_API_SAD_FLAG_USE_ESN = 0x01, /* Enable Anti-replay */ IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY = 0x02, /* IPsec tunnel mode if non-zero, else transport mode */ diff --git a/src/vnet/ipsec/ipsec_api.c b/src/vnet/ipsec/ipsec_api.c index da175b2e5b9..4c7242da30a 100644 --- a/src/vnet/ipsec/ipsec_api.c +++ b/src/vnet/ipsec/ipsec_api.c @@ -320,8 +320,8 @@ ipsec_sad_flags_encode (const ipsec_sa_t * sa) { vl_api_ipsec_sad_flags_t flags = IPSEC_API_SAD_FLAG_NONE; - if (ipsec_sa_is_set_USE_EXTENDED_SEQ_NUM (sa)) - flags |= IPSEC_API_SAD_FLAG_USE_EXTENDED_SEQ_NUM; + if (ipsec_sa_is_set_USE_ESN (sa)) + flags |= IPSEC_API_SAD_FLAG_USE_ESN; if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa)) flags |= IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY; if (ipsec_sa_is_set_IS_TUNNEL (sa)) @@ -702,7 +702,7 @@ send_ipsec_sa_details (ipsec_sa_t * sa, vl_api_registration_t * reg, mp->salt = clib_host_to_net_u32 (sa->salt); mp->seq_outbound = clib_host_to_net_u64 (((u64) sa->seq)); mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->last_seq)); - if (ipsec_sa_is_set_USE_EXTENDED_SEQ_NUM (sa)) + if (ipsec_sa_is_set_USE_ESN (sa)) { mp->seq_outbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi)); mp->last_seq_inbound |= (u64) (clib_host_to_net_u32 (sa->last_seq_hi)); diff --git a/src/vnet/ipsec/ipsec_format.c b/src/vnet/ipsec/ipsec_format.c index 1ad3a53c45b..dd99f780be6 100644 --- a/src/vnet/ipsec/ipsec_format.c +++ b/src/vnet/ipsec/ipsec_format.c @@ -261,7 +261,7 @@ format_ipsec_sa (u8 * s, va_list * args) sa->protocol ? "esp" : "ah", ipsec_sa_is_set_UDP_ENCAP (sa) ? " udp-encap-enabled" : "", ipsec_sa_is_set_USE_ANTI_REPLAY (sa) ? " anti-replay" : "", - ipsec_sa_is_set_USE_EXTENDED_SEQ_NUM (sa) ? + ipsec_sa_is_set_USE_ESN (sa) ? " extended-sequence-number" : ""); s = format (s, "\n seq %u seq-hi %u", sa->seq, sa->seq_hi); s = format (s, "\n last-seq %u last-seq-hi %u window %U", diff --git a/src/vnet/ipsec/ipsec_if.c b/src/vnet/ipsec/ipsec_if.c index af61178fbc8..7d6c725e539 100644 --- a/src/vnet/ipsec/ipsec_if.c +++ b/src/vnet/ipsec/ipsec_if.c @@ -290,7 +290,7 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm, if (args->udp_encap) flags |= IPSEC_SA_FLAG_UDP_ENCAP; if (args->esn) - flags |= IPSEC_SA_FLAG_USE_EXTENDED_SEQ_NUM; + flags |= IPSEC_SA_FLAG_USE_ESN; if (args->anti_replay) flags |= IPSEC_SA_FLAG_USE_ANTI_REPLAY; diff --git a/src/vnet/ipsec/ipsec_sa.c b/src/vnet/ipsec/ipsec_sa.c index 3d62395bd7c..eb21ecf81a4 100644 --- a/src/vnet/ipsec/ipsec_sa.c +++ b/src/vnet/ipsec/ipsec_sa.c @@ -155,8 +155,8 @@ ipsec_sa_add (u32 id, ip46_address_copy (&sa->tunnel_src_addr, tun_src); ip46_address_copy (&sa->tunnel_dst_addr, tun_dst); - if (flags & IPSEC_SA_FLAG_USE_EXTENDED_SEQ_NUM) - ipsec_sa_set_USE_EXTENDED_SEQ_NUM (sa); + if (flags & IPSEC_SA_FLAG_USE_ESN) + ipsec_sa_set_USE_ESN (sa); if (flags & IPSEC_SA_FLAG_USE_ANTI_REPLAY) ipsec_sa_set_USE_ANTI_REPLAY (sa); if (flags & IPSEC_SA_FLAG_IS_TUNNEL) diff --git a/src/vnet/ipsec/ipsec_sa.h b/src/vnet/ipsec/ipsec_sa.h index 44f9642ce47..94f1554112f 100644 --- a/src/vnet/ipsec/ipsec_sa.h +++ b/src/vnet/ipsec/ipsec_sa.h @@ -85,7 +85,7 @@ typedef struct ipsec_key_t_ */ #define foreach_ipsec_sa_flags \ _ (0, NONE, "none") \ - _ (1, USE_EXTENDED_SEQ_NUM, "esn") \ + _ (1, USE_ESN, "esn") \ _ (2, USE_ANTI_REPLAY, "anti-replay") \ _ (4, IS_TUNNEL, "tunnel") \ _ (8, IS_TUNNEL_V6, "tunnel-v6") \ @@ -227,7 +227,7 @@ ipsec_sa_anti_replay_check (ipsec_sa_t * sa, u32 * seqp) seq = clib_net_to_host_u32 (*seqp); - if ((sa->flags & IPSEC_SA_FLAG_USE_EXTENDED_SEQ_NUM) == 0) + if ((sa->flags & IPSEC_SA_FLAG_USE_ESN) == 0) { if (PREDICT_TRUE (seq > sa->last_seq)) @@ -291,7 +291,7 @@ ipsec_sa_anti_replay_advance (ipsec_sa_t * sa, u32 * seqp) return; seq = clib_host_to_net_u32 (*seqp); - if (PREDICT_TRUE (sa->flags & IPSEC_SA_FLAG_USE_EXTENDED_SEQ_NUM)) + if (PREDICT_TRUE (sa->flags & IPSEC_SA_FLAG_USE_ESN)) { int wrap = sa->seq_hi - sa->last_seq_hi; |