From 28a0b0197e9894ce835ded5c641fd2a032cf673e Mon Sep 17 00:00:00 2001 From: Neale Ranns Date: Thu, 25 Feb 2021 08:53:15 +0000 Subject: ikev2: Use the IPSec functions for UDP port management Type: refactor IKEv2 registers the IPSec node as the port handler, so it can use the IPSec functions to do that. Signed-off-by: Neale Ranns Change-Id: If398dde0a8eb0407eba3ede62a3d5a8c12fe68a7 --- src/plugins/ikev2/ikev2.c | 45 ++---------------------------------------- src/plugins/ikev2/ikev2_priv.h | 3 --- 2 files changed, 2 insertions(+), 46 deletions(-) diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c index d5dd013e0a5..aaebf625ab2 100644 --- a/src/plugins/ikev2/ikev2.c +++ b/src/plugins/ikev2/ikev2.c @@ -3723,27 +3723,7 @@ ikev2_set_local_key (vlib_main_t * vm, u8 * file) static_always_inline vnet_api_error_t ikev2_register_udp_port (ikev2_profile_t * p, u16 port) { - ikev2_main_t *km = &ikev2_main; - udp_dst_port_info_t *pi; - - uword *v = hash_get (km->udp_ports, port); - pi = udp_get_dst_port_info (&udp_main, port, UDP_IP4); - - if (v) - { - /* IKE already uses this port, only increment reference counter */ - ASSERT (pi); - v[0]++; - } - else - { - if (pi) - return VNET_API_ERROR_UDP_PORT_TAKEN; - - udp_register_dst_port (km->vlib_main, port, - ipsec4_tun_input_node.index, 1); - hash_set (km->udp_ports, port, 1); - } + ipsec_register_udp_port (port); p->ipsec_over_udp_port = port; return 0; } @@ -3751,24 +3731,10 @@ ikev2_register_udp_port (ikev2_profile_t * p, u16 port) static_always_inline void ikev2_unregister_udp_port (ikev2_profile_t * p) { - ikev2_main_t *km = &ikev2_main; - uword *v; - if (p->ipsec_over_udp_port == IPSEC_UDP_PORT_NONE) return; - v = hash_get (km->udp_ports, p->ipsec_over_udp_port); - if (!v) - return; - - v[0]--; - - if (v[0] == 0) - { - udp_unregister_dst_port (km->vlib_main, p->ipsec_over_udp_port, 1); - hash_unset (km->udp_ports, p->ipsec_over_udp_port); - } - + ipsec_unregister_udp_port (p->ipsec_over_udp_port); p->ipsec_over_udp_port = IPSEC_UDP_PORT_NONE; } @@ -4171,9 +4137,7 @@ ikev2_set_profile_ipsec_udp_port (vlib_main_t * vm, u8 * name, u16 port, u8 is_set) { ikev2_profile_t *p = ikev2_profile_index_by_name (name); - ikev2_main_t *km = &ikev2_main; vnet_api_error_t rv = 0; - uword *v; if (!p) return VNET_API_ERROR_INVALID_VALUE; @@ -4187,10 +4151,6 @@ ikev2_set_profile_ipsec_udp_port (vlib_main_t * vm, u8 * name, u16 port, } else { - v = hash_get (km->udp_ports, port); - if (!v) - return VNET_API_ERROR_IKE_NO_PORT; - if (p->ipsec_over_udp_port == IPSEC_UDP_PORT_NONE) return VNET_API_ERROR_INVALID_VALUE; @@ -4761,7 +4721,6 @@ ikev2_init (vlib_main_t * vm) km->sa_by_ispi = hash_create (0, sizeof (uword)); km->sw_if_indices = hash_create (0, 0); - km->udp_ports = hash_create (0, sizeof (uword)); udp_register_dst_port (vm, IKEV2_PORT, ikev2_node_ip4.index, 1); udp_register_dst_port (vm, IKEV2_PORT, ikev2_node_ip6.index, 0); diff --git a/src/plugins/ikev2/ikev2_priv.h b/src/plugins/ikev2/ikev2_priv.h index 95c4df4b987..ea630b86de4 100644 --- a/src/plugins/ikev2/ikev2_priv.h +++ b/src/plugins/ikev2/ikev2_priv.h @@ -518,9 +518,6 @@ typedef struct /* logging level */ ikev2_log_level_t log_level; - /* custom ipsec-over-udp ports managed by ike */ - uword *udp_ports; - /* how often a liveness check will be performed */ u32 liveness_period; -- cgit 1.2.3-korg