ipsec: remove dedicated IPSec tunnels
APIs for dedicated IPSec tunnels will remain in this release and are
used to programme the IPIP tunnel protect. APIs will be removed in a
future release.
see:
https://wiki.fd.io/view/VPP/IPSec
Type: feature
Change-Id: I0f01f597946fdd15dfa5cae3643104d5a9c83089
Signed-off-by: Neale Ranns <nranns@cisco.com>
diff --git a/src/vnet/ipsec/ipsec_tun_in.c b/src/vnet/ipsec/ipsec_tun_in.c
index d88cc08..f25a763 100644
--- a/src/vnet/ipsec/ipsec_tun_in.c
+++ b/src/vnet/ipsec/ipsec_tun_in.c
@@ -68,6 +68,7 @@
};
u8 is_ip6;
u32 seq;
+ u32 sa_index;
} ipsec_tun_protect_input_trace_t;
static u8 *
@@ -79,11 +80,11 @@
va_arg (*args, ipsec_tun_protect_input_trace_t *);
if (t->is_ip6)
- s = format (s, "IPSec: %U seq %u",
- format_ipsec6_tunnel_key, &t->key6, t->seq);
+ s = format (s, "IPSec: %U seq %u sa %d",
+ format_ipsec6_tunnel_key, &t->key6, t->seq, t->sa_index);
else
- s = format (s, "IPSec: %U seq %u",
- format_ipsec4_tunnel_key, &t->key4, t->seq);
+ s = format (s, "IPSec: %U seq %u sa %d",
+ format_ipsec4_tunnel_key, &t->key4, t->seq, t->sa_index);
return s;
}
@@ -376,9 +377,9 @@
else
clib_memcpy (&tr->key4, &key40, sizeof (tr->key4));
tr->is_ip6 = is_ip6;
- tr->seq =
- len0 >=
- sizeof (*esp0) ? clib_host_to_net_u32 (esp0->seq) : ~0;
+ tr->seq = (len0 >= sizeof (*esp0) ?
+ clib_host_to_net_u32 (esp0->seq) : ~0);
+ tr->sa_index = vnet_buffer (b[0])->ipsec.sad_index;
}
}