From 495d7ffbc82823edccabab960fc81a909f80075d Mon Sep 17 00:00:00 2001 From: Neale Ranns Date: Fri, 12 Jul 2019 09:15:26 +0000 Subject: ipsec: Reference count the SAs - this remove the need to iterate through all state when deleting an SA - and ensures that if the SA is deleted by the client is remains for use in any state until that state is also removed. Type: feature Change-Id: I438cb67588cb65c701e49a7a9518f88641925419 Signed-off-by: Neale Ranns --- src/vnet/ipsec/ipsec_cli.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'src/vnet/ipsec/ipsec_cli.c') diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c index 60b9244589e..a5972bbf2c1 100644 --- a/src/vnet/ipsec/ipsec_cli.c +++ b/src/vnet/ipsec/ipsec_cli.c @@ -144,12 +144,12 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm, } if (is_add) - rv = ipsec_sa_add (id, spi, proto, crypto_alg, - &ck, integ_alg, &ik, flags, - 0, clib_host_to_net_u32 (salt), - &tun_src, &tun_dst, NULL); + rv = ipsec_sa_add_and_lock (id, spi, proto, crypto_alg, + &ck, integ_alg, &ik, flags, + 0, clib_host_to_net_u32 (salt), + &tun_src, &tun_dst, NULL); else - rv = ipsec_sa_del (id); + rv = ipsec_sa_unlock_id (id); if (rv) error = clib_error_return (0, "failed"); -- cgit 1.2.3-korg