Gitiles
Code Review Sign In
gerrit.nordix.org / fdio / vpp / 9ec846c2684b69f47505d73ea9f873b793a11558^! / . / src / vnet / ipsec / ipsec_sa.h
commit9ec846c2684b69f47505d73ea9f873b793a11558[log] [tgz]
authorNeale Ranns <neale@graphiant.com>Tue Feb 09 14:04:02 2021 +0000
committerMatthew Smith <mgsmith@netgate.com>Wed Feb 10 13:39:37 2021 +0000
tree78b1f3ced7dcee5d925f5c715b7e2ba99d5cdd95
parent98d82ca04ba438cd2ba3c03de6e1e82e4786cd83 [diff] [blame]
ipsec: Use the new tunnel API types to add flow label and TTL copy
support

Type: feature

attmpet 2. this includes changes in ah_encrypt that don't use
uninitialised memory when doing tunnel mode fixups.

Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ie3cb776f5c415c93b8a5ee22f22586fd0181110d

diff --git a/src/vnet/ipsec/ipsec_sa.h b/src/vnet/ipsec/ipsec_sa.h
index 7a52e83..84abd6e 100644
--- a/src/vnet/ipsec/ipsec_sa.h
+++ b/src/vnet/ipsec/ipsec_sa.h

@@ -174,8 +174,7 @@
 
   ipsec_protocol_t protocol;
   tunnel_encap_decap_flags_t tunnel_flags;
-  ip_dscp_t dscp;
-  u8 __pad2[1];
+  u8 __pad[2];
 
   /* data accessed by dataplane code should be above this comment */
     CLIB_CACHE_LINE_ALIGN_MARK (cacheline2);
@@ -203,8 +202,7 @@
     u64 data;
   } async_op_data;
 
-  ip46_address_t tunnel_src_addr;
-  ip46_address_t tunnel_dst_addr;
+  tunnel_t tunnel;
 
   fib_node_t node;
 
@@ -214,10 +212,6 @@
   vnet_crypto_alg_t integ_calg;
   vnet_crypto_alg_t crypto_calg;
 
-  fib_node_index_t fib_entry_index;
-  u32 sibling;
-  u32 tx_fib_index;
-
   /* else u8 packed */
   ipsec_crypto_alg_t crypto_alg;
   ipsec_integ_alg_t integ_alg;
@@ -258,21 +252,12 @@
 
 extern void ipsec_mk_key (ipsec_key_t * key, const u8 * data, u8 len);
 
-extern int ipsec_sa_add_and_lock (u32 id,
-				  u32 spi,
-				  ipsec_protocol_t proto,
-				  ipsec_crypto_alg_t crypto_alg,
-				  const ipsec_key_t * ck,
-				  ipsec_integ_alg_t integ_alg,
-				  const ipsec_key_t * ik,
-				  ipsec_sa_flags_t flags,
-				  u32 tx_table_id,
-				  u32 salt,
-				  const ip46_address_t * tunnel_src_addr,
-				  const ip46_address_t * tunnel_dst_addr,
-				  tunnel_encap_decap_flags_t tunnel_flags,
-				  ip_dscp_t dscp,
-				  u32 * sa_index, u16 src_port, u16 dst_port);
+extern int
+ipsec_sa_add_and_lock (u32 id, u32 spi, ipsec_protocol_t proto,
+		       ipsec_crypto_alg_t crypto_alg, const ipsec_key_t *ck,
+		       ipsec_integ_alg_t integ_alg, const ipsec_key_t *ik,
+		       ipsec_sa_flags_t flags, u32 salt, u16 src_port,
+		       u16 dst_port, const tunnel_t *tun, u32 *sa_out_index);
 extern index_t ipsec_sa_find_and_lock (u32 id);
 extern int ipsec_sa_unlock_id (u32 id);
 extern void ipsec_sa_unlock (index_t sai);