From 9ec846c2684b69f47505d73ea9f873b793a11558 Mon Sep 17 00:00:00 2001 From: Neale Ranns Date: Tue, 9 Feb 2021 14:04:02 +0000 Subject: ipsec: Use the new tunnel API types to add flow label and TTL copy support Type: feature attmpet 2. this includes changes in ah_encrypt that don't use uninitialised memory when doing tunnel mode fixups. Signed-off-by: Neale Ranns Change-Id: Ie3cb776f5c415c93b8a5ee22f22586fd0181110d --- src/vnet/ipsec/ipsec_sa.h | 31 ++++++++----------------------- 1 file changed, 8 insertions(+), 23 deletions(-) (limited to 'src/vnet/ipsec/ipsec_sa.h') diff --git a/src/vnet/ipsec/ipsec_sa.h b/src/vnet/ipsec/ipsec_sa.h index 7a52e831c77..84abd6ef4b4 100644 --- a/src/vnet/ipsec/ipsec_sa.h +++ b/src/vnet/ipsec/ipsec_sa.h @@ -174,8 +174,7 @@ typedef struct ipsec_protocol_t protocol; tunnel_encap_decap_flags_t tunnel_flags; - ip_dscp_t dscp; - u8 __pad2[1]; + u8 __pad[2]; /* data accessed by dataplane code should be above this comment */ CLIB_CACHE_LINE_ALIGN_MARK (cacheline2); @@ -203,8 +202,7 @@ typedef struct u64 data; } async_op_data; - ip46_address_t tunnel_src_addr; - ip46_address_t tunnel_dst_addr; + tunnel_t tunnel; fib_node_t node; @@ -214,10 +212,6 @@ typedef struct vnet_crypto_alg_t integ_calg; vnet_crypto_alg_t crypto_calg; - fib_node_index_t fib_entry_index; - u32 sibling; - u32 tx_fib_index; - /* else u8 packed */ ipsec_crypto_alg_t crypto_alg; ipsec_integ_alg_t integ_alg; @@ -258,21 +252,12 @@ extern vlib_combined_counter_main_t ipsec_sa_counters; extern void ipsec_mk_key (ipsec_key_t * key, const u8 * data, u8 len); -extern int ipsec_sa_add_and_lock (u32 id, - u32 spi, - ipsec_protocol_t proto, - ipsec_crypto_alg_t crypto_alg, - const ipsec_key_t * ck, - ipsec_integ_alg_t integ_alg, - const ipsec_key_t * ik, - ipsec_sa_flags_t flags, - u32 tx_table_id, - u32 salt, - const ip46_address_t * tunnel_src_addr, - const ip46_address_t * tunnel_dst_addr, - tunnel_encap_decap_flags_t tunnel_flags, - ip_dscp_t dscp, - u32 * sa_index, u16 src_port, u16 dst_port); +extern int +ipsec_sa_add_and_lock (u32 id, u32 spi, ipsec_protocol_t proto, + ipsec_crypto_alg_t crypto_alg, const ipsec_key_t *ck, + ipsec_integ_alg_t integ_alg, const ipsec_key_t *ik, + ipsec_sa_flags_t flags, u32 salt, u16 src_port, + u16 dst_port, const tunnel_t *tun, u32 *sa_out_index); extern index_t ipsec_sa_find_and_lock (u32 id); extern int ipsec_sa_unlock_id (u32 id); extern void ipsec_sa_unlock (index_t sai); -- cgit 1.2.3-korg