ipsec: move the IPSec SA pool out of ipsec_main
Type: refactor
this allows the ipsec_sa_get funtion to be moved from ipsec.h to
ipsec_sa.h where it belongs.
Also use ipsec_sa_get throughout the code base.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I2dce726c4f7052b5507dd8dcfead0ed5604357df
diff --git a/src/vnet/ipsec/ipsec.c b/src/vnet/ipsec/ipsec.c
index 84d2293..45ae5ac 100644
--- a/src/vnet/ipsec/ipsec.c
+++ b/src/vnet/ipsec/ipsec.c
@@ -246,10 +246,9 @@
ipsec_rsc_in_use (ipsec_main_t * im)
{
/* return an error is crypto resource are in use */
- if (pool_elts (im->sad) > 0)
- return clib_error_return (0,
- "%d SA entries configured",
- pool_elts (im->sad));
+ if (pool_elts (ipsec_sa_pool) > 0)
+ return clib_error_return (0, "%d SA entries configured",
+ pool_elts (ipsec_sa_pool));
return (NULL);
}
@@ -331,20 +330,20 @@
ipsec_sa_t *sa;
/* lock all SAs before change im->async_mode */
- pool_foreach (sa, im->sad)
- {
- fib_node_lock (&sa->node);
- }
+ pool_foreach (sa, ipsec_sa_pool)
+ {
+ fib_node_lock (&sa->node);
+ }
im->async_mode = is_enabled;
/* change SA crypto op data before unlock them */
- pool_foreach (sa, im->sad)
- {
- sa->crypto_op_data = is_enabled ?
- sa->async_op_data.data : sa->sync_op_data.data;
- fib_node_unlock (&sa->node);
- }
+ pool_foreach (sa, ipsec_sa_pool)
+ {
+ sa->crypto_op_data =
+ is_enabled ? sa->async_op_data.data : sa->sync_op_data.data;
+ fib_node_unlock (&sa->node);
+ }
}
static void