From 1b6f90204682fdd43d899ab454349536de785b86 Mon Sep 17 00:00:00 2001
From: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Date: Mon, 12 Dec 2016 10:37:49 +0000
Subject: ipsec: go straight to lookup after esp encrypt

Currently, IPsec tunnel traffic goes to ip4-input/ip6-input after esp-encrypt.
It is not necessary to check that the new IP header is valid (if it is not
valid then we have otehr issues).

Instead, just send packets straight to ip4-lookup/ip6-lookup after esp-encrypt.

Change-Id: I5e35d500cb0f33f418f8554ed1f4390f02b6647d
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
---
 vnet/vnet/devices/dpdk/ipsec/esp_encrypt.c | 8 ++++----
 vnet/vnet/ipsec/esp_encrypt.c              | 8 ++++----
 2 files changed, 8 insertions(+), 8 deletions(-)

(limited to 'vnet')

diff --git a/vnet/vnet/devices/dpdk/ipsec/esp_encrypt.c b/vnet/vnet/devices/dpdk/ipsec/esp_encrypt.c
index 7e41007c92c..10bb4616eef 100644
--- a/vnet/vnet/devices/dpdk/ipsec/esp_encrypt.c
+++ b/vnet/vnet/devices/dpdk/ipsec/esp_encrypt.c
@@ -25,8 +25,8 @@
 
 #define foreach_esp_encrypt_next                   \
 _(DROP, "error-drop")                              \
-_(IP4_INPUT, "ip4-input")                          \
-_(IP6_INPUT, "ip6-input")                          \
+_(IP4_LOOKUP, "ip4-lookup")                        \
+_(IP6_LOOKUP, "ip6-lookup")                        \
 _(INTERFACE_OUTPUT, "interface-output")
 
 #define _(v, s) ESP_ENCRYPT_NEXT_##v,
@@ -287,7 +287,7 @@ dpdk_esp_encrypt_node_fn (vlib_main_t * vm,
 	      oh0->ip4.dst_address.as_u32 = sa0->tunnel_dst_addr.ip4.as_u32;
 
 	      /* in tunnel mode send it back to FIB */
-	      next0 = ESP_ENCRYPT_NEXT_IP4_INPUT;
+	      next0 = ESP_ENCRYPT_NEXT_IP4_LOOKUP;
 	      vnet_buffer (b0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
 	    }
 	  else if (sa0->is_tunnel && sa0->is_tunnel_ip6)
@@ -302,7 +302,7 @@ dpdk_esp_encrypt_node_fn (vlib_main_t * vm,
 		sa0->tunnel_dst_addr.ip6.as_u64[1];
 
 	      /* in tunnel mode send it back to FIB */
-	      next0 = ESP_ENCRYPT_NEXT_IP6_INPUT;
+	      next0 = ESP_ENCRYPT_NEXT_IP6_LOOKUP;
 	      vnet_buffer (b0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
 	    }
 	  else
diff --git a/vnet/vnet/ipsec/esp_encrypt.c b/vnet/vnet/ipsec/esp_encrypt.c
index b947611e867..7b7f9b9c4c7 100644
--- a/vnet/vnet/ipsec/esp_encrypt.c
+++ b/vnet/vnet/ipsec/esp_encrypt.c
@@ -25,8 +25,8 @@
 
 #define foreach_esp_encrypt_next                   \
 _(DROP, "error-drop")                              \
-_(IP4_INPUT, "ip4-input")                          \
-_(IP6_INPUT, "ip6-input")                          \
+_(IP4_LOOKUP, "ip4-lookup")                        \
+_(IP6_LOOKUP, "ip6-lookup")                        \
 _(INTERFACE_OUTPUT, "interface-output")
 
 #define _(v, s) ESP_ENCRYPT_NEXT_##v,
@@ -226,7 +226,7 @@ esp_encrypt_node_fn (vlib_main_t * vm,
 	      oh6_0->esp.seq = clib_net_to_host_u32 (sa0->seq);
 	      ip_proto = ih6_0->ip6.protocol;
 
-	      next0 = ESP_ENCRYPT_NEXT_IP6_INPUT;
+	      next0 = ESP_ENCRYPT_NEXT_IP6_LOOKUP;
 	    }
 	  else
 	    {
@@ -248,7 +248,7 @@ esp_encrypt_node_fn (vlib_main_t * vm,
 	      oh0->esp.seq = clib_net_to_host_u32 (sa0->seq);
 	      ip_proto = ih0->ip4.protocol;
 
-	      next0 = ESP_ENCRYPT_NEXT_IP4_INPUT;
+	      next0 = ESP_ENCRYPT_NEXT_IP4_LOOKUP;
 	    }
 
 	  if (PREDICT_TRUE
-- 
cgit 1.2.3-korg