}
};
-struct ipsec_sa sa_out[IPSEC_SA_MAX_ENTRIES];
-uint32_t nb_sa_out;
+static struct ipsec_sa sa_out[IPSEC_SA_MAX_ENTRIES];
+static uint32_t nb_sa_out;
-struct ipsec_sa sa_in[IPSEC_SA_MAX_ENTRIES];
-uint32_t nb_sa_in;
+static struct ipsec_sa sa_in[IPSEC_SA_MAX_ENTRIES];
+static uint32_t nb_sa_in;
static const struct supported_cipher_algo *
find_match_cipher_algo(const char *cipher_keyword)
*ri = *ri + 1;
}
-static inline void
+static void
print_one_sa_rule(const struct ipsec_sa *sa, int inbound)
{
uint32_t i;
}
break;
case TRANSPORT:
- printf("Transport");
+ printf("Transport ");
+ break;
+ }
+ printf(" type:");
+ switch (sa->type) {
+ case RTE_SECURITY_ACTION_TYPE_NONE:
+ printf("no-offload ");
+ break;
+ case RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO:
+ printf("inline-crypto-offload ");
+ break;
+ case RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL:
+ printf("inline-protocol-offload ");
+ break;
+ case RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL:
+ printf("lookaside-protocol-offload ");
break;
}
printf("\n");
snprintf(s, sizeof(s), "%s_%u", name, socket_id);
/* Create SA array table */
- printf("Creating SA context with %u maximum entries\n",
- IPSEC_SA_MAX_ENTRIES);
+ printf("Creating SA context with %u maximum entries on socket %d\n",
+ IPSEC_SA_MAX_ENTRIES, socket_id);
mz_size = sizeof(struct sa_ctx);
mz = rte_memzone_reserve(s, mz_size, socket_id,
if (rc6 >= 0) {
RTE_LOG(ERR, IPSEC,
"%s: SPI %u used simultaeously by "
- "IPv4(%d) and IPv6 (%d) SP rules\n",
+ "RTE_IPv4(%d) and IPv6 (%d) SP rules\n",
__func__, spi, rc4, rc6);
return -EINVAL;
} else
static int
fill_ipsec_sa_prm(struct rte_ipsec_sa_prm *prm, const struct ipsec_sa *ss,
- const struct ipv4_hdr *v4, struct ipv6_hdr *v6)
+ const struct rte_ipv4_hdr *v4, struct rte_ipv6_hdr *v6)
{
int32_t rc;
{
int rc;
struct rte_ipsec_sa_prm prm;
- struct ipv4_hdr v4 = {
+ struct rte_ipv4_hdr v4 = {
.version_ihl = IPVERSION << 4 |
- sizeof(v4) / IPV4_IHL_MULTIPLIER,
+ sizeof(v4) / RTE_IPV4_IHL_MULTIPLIER,
.time_to_live = IPDEFTTL,
.next_proto_id = IPPROTO_ESP,
.src_addr = lsa->src.ip.ip4,
.dst_addr = lsa->dst.ip.ip4,
};
- struct ipv6_hdr v6 = {
+ struct rte_ipv6_hdr v6 = {
.vtc_flow = htonl(IP6_VERSION << 28),
.proto = IPPROTO_ESP,
};
return rc;
}
+/*
+ * Walk through all SA rules to find an SA with given SPI
+ */
+int
+sa_spi_present(uint32_t spi, int inbound)
+{
+ uint32_t i, num;
+ const struct ipsec_sa *sar;
+
+ if (inbound != 0) {
+ sar = sa_in;
+ num = nb_sa_in;
+ } else {
+ sar = sa_out;
+ num = nb_sa_out;
+ }
+
+ for (i = 0; i != num; i++) {
+ if (sar[i].spi == spi)
+ return i;
+ }
+
+ return -ENOENT;
+}
+
void
sa_init(struct socket_ctx *ctx, int32_t socket_id)
{
single_inbound_lookup(struct ipsec_sa *sadb, struct rte_mbuf *pkt,
struct ipsec_sa **sa_ret)
{
- struct esp_hdr *esp;
+ struct rte_esp_hdr *esp;
struct ip *ip;
uint32_t *src4_addr;
uint8_t *src6_addr;
ip = rte_pktmbuf_mtod(pkt, struct ip *);
if (ip->ip_v == IPVERSION)
- esp = (struct esp_hdr *)(ip + 1);
+ esp = (struct rte_esp_hdr *)(ip + 1);
else
- esp = (struct esp_hdr *)(((struct ip6_hdr *)ip) + 1);
+ esp = (struct rte_esp_hdr *)(((struct ip6_hdr *)ip) + 1);
if (esp->spi == INVALID_SPI)
return;
git.droids-corp.org / dpdk.git / blobdiff