From 4a58e49cfe03150034a65e147a2ffe8d24391b86 Mon Sep 17 00:00:00 2001
From: Neale Ranns <nranns@cisco.com>
Date: Mon, 21 Dec 2020 13:19:10 +0000
Subject: ipsec: Support MPLS over IPSec[46] interface

Type: feature

Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I89dc3815eabfee135cd5b3c910dea5e2e2ef1333
---
 src/vnet/ipsec/ipsec_tun.c | 47 ++++++++++++++++++++++++++++++----------------
 1 file changed, 31 insertions(+), 16 deletions(-)

(limited to 'src/vnet/ipsec/ipsec_tun.c')

diff --git a/src/vnet/ipsec/ipsec_tun.c b/src/vnet/ipsec/ipsec_tun.c
index c3f50a6ffe9..ea60ab44a8c 100644
--- a/src/vnet/ipsec/ipsec_tun.c
+++ b/src/vnet/ipsec/ipsec_tun.c
@@ -141,33 +141,48 @@ ipsec_tun_protect_get_adj_next (vnet_link_t linkt,
 {
   ipsec_main_t *im;
   ipsec_sa_t *sa;
-  bool is_ip4;
   u32 next;
 
-
-  if (itp->itp_flags & IPSEC_PROTECT_ITF)
-    is_ip4 = linkt == VNET_LINK_IP4;
-  else
-    is_ip4 = ip46_address_is_ip4 (&itp->itp_tun.src);
+  if (!(itp->itp_flags & IPSEC_PROTECT_ITF))
+    {
+      if (ip46_address_is_ip4 (&itp->itp_tun.src))
+	linkt = VNET_LINK_IP4;
+      else
+	linkt = VNET_LINK_IP6;
+    }
 
   sa = ipsec_sa_get (itp->itp_out_sa);
   im = &ipsec_main;
+  next = 0;
 
   if ((sa->crypto_alg == IPSEC_CRYPTO_ALG_NONE &&
        sa->integ_alg == IPSEC_INTEG_ALG_NONE) &&
       !(itp->itp_flags & IPSEC_PROTECT_ITF))
-    next = (is_ip4 ?
-	    im->esp4_no_crypto_tun_node_index :
-	    im->esp6_no_crypto_tun_node_index);
+    next = (VNET_LINK_IP4 == linkt ? im->esp4_no_crypto_tun_node_index :
+				     im->esp6_no_crypto_tun_node_index);
   else if (itp->itp_flags & IPSEC_PROTECT_L2)
-    next = (is_ip4 ?
-	    im->esp4_encrypt_l2_tun_node_index :
-	    im->esp6_encrypt_l2_tun_node_index);
+    next = (VNET_LINK_IP4 == linkt ? im->esp4_encrypt_l2_tun_node_index :
+				     im->esp6_encrypt_l2_tun_node_index);
   else
-    next = (is_ip4 ?
-	    im->esp4_encrypt_tun_node_index :
-	    im->esp6_encrypt_tun_node_index);
-
+    {
+      switch (linkt)
+	{
+	case VNET_LINK_IP4:
+	  next = im->esp4_encrypt_tun_node_index;
+	  break;
+	case VNET_LINK_IP6:
+	  next = im->esp6_encrypt_tun_node_index;
+	  break;
+	case VNET_LINK_MPLS:
+	  next = im->esp_mpls_encrypt_tun_node_index;
+	  break;
+	case VNET_LINK_ARP:
+	case VNET_LINK_NSH:
+	case VNET_LINK_ETHERNET:
+	  ASSERT (0);
+	  break;
+	}
+    }
   return (next);
 }
 
-- 
cgit 1.2.3-korg