ipsec: cleanup, remove unnecessary code,
ipsec_proto_main moved to ipsec.c
fix missing '\0' of backend name
Change-Id: I90760b3045973a46792c2f098d9b0b1b3d209ad0
Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
diff --git a/src/vnet/ipsec/ah_decrypt.c b/src/vnet/ipsec/ah_decrypt.c
index 2858912..0fc4f48 100644
--- a/src/vnet/ipsec/ah_decrypt.c
+++ b/src/vnet/ipsec/ah_decrypt.c
@@ -87,7 +87,7 @@
ipsec_proto_main_t *em = &ipsec_proto_main;
from = vlib_frame_vector_args (from_frame);
n_left_from = from_frame->n_vectors;
- int icv_size = 0;
+ int icv_size;
next_index = node->cached_next_index;
thread_index = vm->thread_index;
@@ -178,9 +178,7 @@
if (PREDICT_TRUE (sa0->integ_alg != IPSEC_INTEG_ALG_NONE))
{
u8 sig[64];
- u8 digest[64];
- clib_memset (sig, 0, sizeof (sig));
- clib_memset (digest, 0, sizeof (digest));
+ u8 digest[icv_size];
u8 *icv = ah0->auth_data;
memcpy (digest, icv, icv_size);
clib_memset (icv, 0, icv_size);
diff --git a/src/vnet/ipsec/ah_encrypt.c b/src/vnet/ipsec/ah_encrypt.c
index 5f6a099..2e561de 100644
--- a/src/vnet/ipsec/ah_encrypt.c
+++ b/src/vnet/ipsec/ah_encrypt.c
@@ -261,7 +261,7 @@
}
u8 sig[64];
- clib_memset (sig, 0, sizeof (sig));
+
u8 *digest =
vlib_buffer_get_current (i_b0) + ip_hdr_size +
sizeof (ah_header_t);
@@ -296,7 +296,6 @@
trace:
if (PREDICT_FALSE (i_b0->flags & VLIB_BUFFER_IS_TRACED))
{
- i_b0->flags |= VLIB_BUFFER_IS_TRACED;
ah_encrypt_trace_t *tr =
vlib_add_trace (vm, node, i_b0, sizeof (*tr));
tr->spi = sa0->spi;
diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c
index 2548ed4..0cb5c15 100644
--- a/src/vnet/ipsec/esp_decrypt.c
+++ b/src/vnet/ipsec/esp_decrypt.c
@@ -25,7 +25,7 @@
#define foreach_esp_decrypt_next \
_(DROP, "error-drop") \
-_(IP4_INPUT, "ip4-input") \
+_(IP4_INPUT, "ip4-input-no-checksum") \
_(IP6_INPUT, "ip6-input") \
_(IPSEC_GRE_INPUT, "ipsec-gre-input")
diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c
index ffa0211..1e0bd7f 100644
--- a/src/vnet/ipsec/esp_encrypt.c
+++ b/src/vnet/ipsec/esp_encrypt.c
@@ -23,10 +23,6 @@
#include <vnet/ipsec/ipsec.h>
#include <vnet/ipsec/esp.h>
-#ifndef CLIB_MARCH_VARIANT
-ipsec_proto_main_t ipsec_proto_main;
-#endif /* CLIB_MARCH_VARIANT */
-
#define foreach_esp_encrypt_next \
_(DROP, "error-drop") \
_(IP4_LOOKUP, "ip4-lookup") \
diff --git a/src/vnet/ipsec/ipsec.c b/src/vnet/ipsec/ipsec.c
index a512d00..a1d8f09 100644
--- a/src/vnet/ipsec/ipsec.c
+++ b/src/vnet/ipsec/ipsec.c
@@ -26,6 +26,7 @@
#include <vnet/ipsec/ah.h>
ipsec_main_t ipsec_main;
+ipsec_proto_main_t ipsec_proto_main;
static void
ipsec_rand_seed (void)
@@ -136,7 +137,7 @@
{
ipsec_ah_backend_t *b;
pool_get (im->ah_backends, b);
- b->name = format (NULL, "%s", name);
+ b->name = format (0, "%s%c", name, 0);
ipsec_add_node (vm, ah4_encrypt_node_name, "ipsec4-output-feature",
&b->ah4_encrypt_node_index, &b->ah4_encrypt_next_index);
@@ -164,7 +165,7 @@
{
ipsec_esp_backend_t *b;
pool_get (im->esp_backends, b);
- b->name = format (NULL, "%s", name);
+ b->name = format (0, "%s%c", name, 0);
ipsec_add_node (vm, esp4_encrypt_node_name, "ipsec4-output-feature",
&b->esp4_encrypt_node_index, &b->esp4_encrypt_next_index);