net: add rte prefix to ESP structure

[dpdk.git] / examples / ipsec-secgw / sa.c

diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 93e3620..c65dbe9 100644 (file)
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -126,11 +126,11 @@ const struct supported_aead_algo aead_algos[] = {
        }
 };
 
-struct ipsec_sa sa_out[IPSEC_SA_MAX_ENTRIES];
-uint32_t nb_sa_out;
+static struct ipsec_sa sa_out[IPSEC_SA_MAX_ENTRIES];
+static uint32_t nb_sa_out;
 
-struct ipsec_sa sa_in[IPSEC_SA_MAX_ENTRIES];
-uint32_t nb_sa_in;
+static struct ipsec_sa sa_in[IPSEC_SA_MAX_ENTRIES];
+static uint32_t nb_sa_in;
 
 static const struct supported_cipher_algo *
 find_match_cipher_algo(const char *cipher_keyword)
@@ -631,7 +631,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
        *ri = *ri + 1;
 }
 
-static inline void
+static void
 print_one_sa_rule(const struct ipsec_sa *sa, int inbound)
 {
        uint32_t i;
@@ -688,7 +688,22 @@ print_one_sa_rule(const struct ipsec_sa *sa, int inbound)
                }
                break;
        case TRANSPORT:
-               printf("Transport");
+               printf("Transport ");
+               break;
+       }
+       printf(" type:");
+       switch (sa->type) {
+       case RTE_SECURITY_ACTION_TYPE_NONE:
+               printf("no-offload ");
+               break;
+       case RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO:
+               printf("inline-crypto-offload ");
+               break;
+       case RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL:
+               printf("inline-protocol-offload ");
+               break;
+       case RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL:
+               printf("lookaside-protocol-offload ");
                break;
        }
        printf("\n");
@@ -716,8 +731,8 @@ sa_create(const char *name, int32_t socket_id)
        snprintf(s, sizeof(s), "%s_%u", name, socket_id);
 
        /* Create SA array table */
-       printf("Creating SA context with %u maximum entries\n",
-                       IPSEC_SA_MAX_ENTRIES);
+       printf("Creating SA context with %u maximum entries on socket %d\n",
+                       IPSEC_SA_MAX_ENTRIES, socket_id);
 
        mz_size = sizeof(struct sa_ctx);
        mz = rte_memzone_reserve(s, mz_size, socket_id,
@@ -1101,6 +1116,31 @@ ipsec_satbl_init(struct sa_ctx *ctx, const struct ipsec_sa *ent,
        return rc;
 }
 
+/*
+ * Walk through all SA rules to find an SA with given SPI
+ */
+int
+sa_spi_present(uint32_t spi, int inbound)
+{
+       uint32_t i, num;
+       const struct ipsec_sa *sar;
+
+       if (inbound != 0) {
+               sar = sa_in;
+               num = nb_sa_in;
+       } else {
+               sar = sa_out;
+               num = nb_sa_out;
+       }
+
+       for (i = 0; i != num; i++) {
+               if (sar[i].spi == spi)
+                       return i;
+       }
+
+       return -ENOENT;
+}
+
 void
 sa_init(struct socket_ctx *ctx, int32_t socket_id)
 {
@@ -1179,7 +1219,7 @@ static inline void
 single_inbound_lookup(struct ipsec_sa *sadb, struct rte_mbuf *pkt,
                struct ipsec_sa **sa_ret)
 {
-       struct esp_hdr *esp;
+       struct rte_esp_hdr *esp;
        struct ip *ip;
        uint32_t *src4_addr;
        uint8_t *src6_addr;
@@ -1189,9 +1229,9 @@ single_inbound_lookup(struct ipsec_sa *sadb, struct rte_mbuf *pkt,
 
        ip = rte_pktmbuf_mtod(pkt, struct ip *);
        if (ip->ip_v == IPVERSION)
-               esp = (struct esp_hdr *)(ip + 1);
+               esp = (struct rte_esp_hdr *)(ip + 1);
        else
-               esp = (struct esp_hdr *)(((struct ip6_hdr *)ip) + 1);
+               esp = (struct rte_esp_hdr *)(((struct ip6_hdr *)ip) + 1);
 
        if (esp->spi == INVALID_SPI)
                return;