From 7a29a2d400bbc3740a6a98863f290aa654d5f724 Mon Sep 17 00:00:00 2001
From: Brian Russell <brian@graphiant.com>
Date: Mon, 22 Feb 2021 18:42:24 +0000
Subject: ipsec: enable input features on tunnels

Make the ipsec[46]-tun-input nodes siblings of device-input so that
input features can be enabled on them. Register ipsec-tun for feature
updates. When a feature is enabled on the device-input arc and the
ifindex is an IPSec tunnel, change the end node of the arc for that
ifindex to be the appropriate ESP decrypt node. Set a flag on the
tunnel to indicate that the feature arc should be started for packets
input on the tunnel.

Test input policing on ESP IPSec tunnels.

Type: improvement
Signed-off-by: Brian Russell <brian@graphiant.com>
Change-Id: I3b9f047e5e737f3ea4c58fc82cd3c15700b6f9f7
---
 src/vnet/ipsec/ipsec_tun.h | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'src/vnet/ipsec/ipsec_tun.h')

diff --git a/src/vnet/ipsec/ipsec_tun.h b/src/vnet/ipsec/ipsec_tun.h
index 070831fdca9..c79fb902dec 100644
--- a/src/vnet/ipsec/ipsec_tun.h
+++ b/src/vnet/ipsec/ipsec_tun.h
@@ -17,10 +17,11 @@
 
 #include <vnet/ipsec/ipsec.h>
 
-#define foreach_ipsec_protect_flags \
-  _(L2, 1, "l2")                    \
-  _(ENCAPED, 2, "encapped")         \
-  _(ITF, 4, "itf")                  \
+#define foreach_ipsec_protect_flags                                           \
+  _ (L2, 1, "l2")                                                             \
+  _ (ENCAPED, 2, "encapped")                                                  \
+  _ (ITF, 4, "itf")                                                           \
+  _ (FEAT, 8, "feat")
 
 typedef enum ipsec_protect_flags_t_
 {
-- 
cgit 1.2.3-korg