From 6ba4e41d33ffda2596d9d4b3a1d7fdd3c9a6b870 Mon Sep 17 00:00:00 2001
From: Neale Ranns <nranns@cisco.com>
Date: Mon, 19 Oct 2020 09:59:41 +0000
Subject: ipsec: support for multipoint on ipsec interfaces

Type: feature

Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Iae9fe35cfbce4c675fa25e0800c0f4629a83e012
---
 src/vnet/ipsec/ipsec_itf.c | 45 +++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 41 insertions(+), 4 deletions(-)

(limited to 'src/vnet/ipsec/ipsec_itf.c')

diff --git a/src/vnet/ipsec/ipsec_itf.c b/src/vnet/ipsec/ipsec_itf.c
index 46095ce07fe..ff06a579f2e 100644
--- a/src/vnet/ipsec/ipsec_itf.c
+++ b/src/vnet/ipsec/ipsec_itf.c
@@ -29,6 +29,12 @@ static ipsec_itf_t *ipsec_itf_pool;
 
 static u32 *ipsec_itf_index_by_sw_if_index;
 
+ipsec_itf_t *
+ipsec_itf_get (index_t ii)
+{
+  return (pool_elt_at_index (ipsec_itf_pool, ii));
+}
+
 static ipsec_itf_t *
 ipsec_itf_find_by_sw_if_index (u32 sw_if_index)
 {
@@ -197,6 +203,11 @@ VNET_HW_INTERFACE_CLASS(ipsec_hw_interface_class) = {
   .update_adjacency = ipsec_itf_update_adj,
   .flags = VNET_HW_INTERFACE_CLASS_FLAG_P2P,
 };
+VNET_HW_INTERFACE_CLASS(ipsec_p2mp_hw_interface_class) = {
+  .name = "IPSec",
+  .build_rewrite = ipsec_itf_build_rewrite_i,
+  .update_adjacency = ipsec_itf_update_adj,
+};
 /* *INDENT-ON* */
 
 /*
@@ -276,9 +287,6 @@ ipsec_itf_create (u32 user_instance, tunnel_mode_t mode, u32 * sw_if_indexp)
 
   *sw_if_indexp = (u32) ~ 0;
 
-  if (mode != TUNNEL_MODE_P2P)
-    return VNET_API_ERROR_UNSUPPORTED;
-
   /*
    * Allocate a ipsec_itf instance.  Either select on dynamically
    * or try to use the desired user_instance number.
@@ -298,7 +306,9 @@ ipsec_itf_create (u32 user_instance, tunnel_mode_t mode, u32 * sw_if_indexp)
   hw_if_index = vnet_register_interface (vnm,
 					 ipsec_itf_device_class.index,
 					 ipsec_itf->ii_user_instance,
-					 ipsec_hw_interface_class.index,
+					 (mode == TUNNEL_MODE_P2P ?
+					  ipsec_hw_interface_class.index :
+					  ipsec_p2mp_hw_interface_class.index),
 					 t_idx);
 
   hi = vnet_get_hw_interface (vnm, hw_if_index);
@@ -450,6 +460,33 @@ VLIB_CLI_COMMAND (ipsec_itf_delete_command, static) = {
 };
 /* *INDENT-ON* */
 
+static clib_error_t *
+ipsec_interface_show (vlib_main_t * vm,
+		      unformat_input_t * input, vlib_cli_command_t * cmd)
+{
+  index_t ii;
+
+  /* *INDENT-OFF* */
+  pool_foreach_index (ii, ipsec_itf_pool,
+  ({
+    vlib_cli_output (vm, "%U", format_ipsec_itf, ii);
+  }));
+  /* *INDENT-ON* */
+
+  return NULL;
+}
+
+/**
+ * show IPSEC tunnel protection hash tables
+ */
+/* *INDENT-OFF* */
+VLIB_CLI_COMMAND (ipsec_interface_show_node, static) =
+{
+  .path = "show ipsec interface",
+  .function = ipsec_interface_show,
+  .short_help =  "show ipsec interface",
+};
+/* *INDENT-ON* */
 
 /*
  * fd.io coding-style-patch-verification: ON
-- 
cgit 1.2.3-korg