#define IP6_FULL_MASK (sizeof(((struct ip_addr *)NULL)->ip.ip6.ip6) * CHAR_BIT)
-#define MBUF_NO_SEC_OFFLOAD(m) ((m->ol_flags & PKT_RX_SEC_OFFLOAD) == 0)
+#define MBUF_NO_SEC_OFFLOAD(m) ((m->ol_flags & RTE_MBUF_F_RX_SEC_OFFLOAD) == 0)
struct supported_cipher_algo {
const char *keyword;
#define SA_INIT_NB 128
+static uint32_t nb_crypto_sessions;
struct ipsec_sa *sa_out;
uint32_t nb_sa_out;
static uint32_t sa_out_sz;
uint32_t type_p = 0;
uint32_t portid_p = 0;
uint32_t fallback_p = 0;
+ int16_t status_p = 0;
+ uint16_t udp_encap_p = 0;
if (strcmp(tokens[0], "in") == 0) {
ri = &nb_sa_in;
if (atoi(tokens[1]) == INVALID_SPI)
return;
rule->spi = atoi(tokens[1]);
+ rule->portid = UINT16_MAX;
ips = ipsec_get_primary_session(rule);
for (ti = 2; ti < n_tokens; ti++) {
INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
if (status->status < 0)
return;
- rule->portid = atoi(tokens[ti]);
- if (status->status < 0)
+ if (rule->portid == UINT16_MAX)
+ rule->portid = atoi(tokens[ti]);
+ else if (rule->portid != atoi(tokens[ti])) {
+ APP_CHECK(0, status,
+ "portid %s not matching with already assigned portid %u",
+ tokens[ti], rule->portid);
return;
+ }
portid_p = 1;
continue;
}
}
rule->fallback_sessions = 1;
+ nb_crypto_sessions++;
fallback_p = 1;
continue;
}
+ if (strcmp(tokens[ti], "flow-direction") == 0) {
+ switch (ips->type) {
+ case RTE_SECURITY_ACTION_TYPE_NONE:
+ case RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO:
+ rule->fdir_flag = 1;
+ INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
+ if (status->status < 0)
+ return;
+ if (rule->portid == UINT16_MAX)
+ rule->portid = atoi(tokens[ti]);
+ else if (rule->portid != atoi(tokens[ti])) {
+ APP_CHECK(0, status,
+ "portid %s not matching with already assigned portid %u",
+ tokens[ti], rule->portid);
+ return;
+ }
+ INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
+ if (status->status < 0)
+ return;
+ rule->fdir_qid = atoi(tokens[ti]);
+ /* validating portid and queueid */
+ status_p = check_flow_params(rule->portid,
+ rule->fdir_qid);
+ if (status_p < 0) {
+ printf("port id %u / queue id %u is "
+ "not valid\n", rule->portid,
+ rule->fdir_qid);
+ }
+ break;
+ case RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO:
+ case RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL:
+ case RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL:
+ default:
+ APP_CHECK(0, status,
+ "flow director not supported for security session type %d",
+ ips->type);
+ return;
+ }
+ continue;
+ }
+ if (strcmp(tokens[ti], "udp-encap") == 0) {
+ switch (ips->type) {
+ case RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL:
+ case RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL:
+ APP_CHECK_PRESENCE(udp_encap_p, tokens[ti],
+ status);
+ if (status->status < 0)
+ return;
+
+ rule->udp_encap = 1;
+ app_sa_prm.udp_encap = 1;
+ udp_encap_p = 1;
+ break;
+ default:
+ APP_CHECK(0, status,
+ "UDP encapsulation not supported for "
+ "security session type %d",
+ ips->type);
+ return;
+ }
+ continue;
+ }
/* unrecognizeable input */
APP_CHECK(0, status, "unrecognized input \"%s\"",
if (!type_p || (!portid_p && ips->type !=
RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO)) {
ips->type = RTE_SECURITY_ACTION_TYPE_NONE;
- rule->portid = -1;
}
+ nb_crypto_sessions++;
*ri = *ri + 1;
}
printf("lookaside-protocol-offload ");
break;
case RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO:
- printf("cpu-crypto-accelerated");
+ printf("cpu-crypto-accelerated ");
break;
}
break;
}
}
+ if (sa->fdir_flag == 1)
+ printf("flow-direction port %d queue %d", sa->portid,
+ sa->fdir_qid);
+
printf("\n");
}
}
}
+ if (sa->fdir_flag && inbound) {
+ rc = create_ipsec_esp_flow(sa);
+ if (rc != 0)
+ RTE_LOG(ERR, IPSEC_ESP,
+ "create_ipsec_esp_flow() failed\n");
+ }
print_one_sa_rule(sa, inbound);
}
qsort(sa_in, nb_sa_in, sizeof(struct ipsec_sa), sa_cmp);
qsort(sa_out, nb_sa_out, sizeof(struct ipsec_sa), sa_cmp);
}
+
+uint32_t
+get_nb_crypto_sessions(void)
+{
+ return nb_crypto_sessions;
+}
git.droids-corp.org / dpdk.git / blobdiff