if (ic_session->op == IXGBE_OP_AUTHENTICATED_DECRYPTION) {
int i, ip_index = -1;
+ uint8_t *key;
/* Find a match in the IP table*/
for (i = 0; i < IPSEC_MAX_RX_IP_COUNT; i++) {
if (ic_session->op == IXGBE_OP_AUTHENTICATED_DECRYPTION)
priv->rx_sa_tbl[sa_index].mode |=
(IPSRXMOD_PROTO | IPSRXMOD_DECRYPT);
- if (ic_session->dst_ip.type == IPv6)
+ if (ic_session->dst_ip.type == IPv6) {
priv->rx_sa_tbl[sa_index].mode |= IPSRXMOD_IPV6;
+ priv->rx_ip_tbl[ip_index].ip.type = IPv6;
+ } else if (ic_session->dst_ip.type == IPv4)
+ priv->rx_ip_tbl[ip_index].ip.type = IPv4;
+
priv->rx_sa_tbl[sa_index].used = 1;
/* write IP table entry*/
IXGBE_WAIT_RWRITE;
/* write Key table entry*/
+ key = malloc(ic_session->key_len);
+ if (!key)
+ return -ENOMEM;
+
+ memcpy(key, ic_session->key, ic_session->key_len);
+
reg_val = IPSRXIDX_RX_EN | IPSRXIDX_WRITE |
IPSRXIDX_TABLE_KEY | (sa_index << 3);
IXGBE_WRITE_REG(hw, IXGBE_IPSRXKEY(0),
- rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[12]));
+ rte_cpu_to_be_32(*(uint32_t *)&key[12]));
IXGBE_WRITE_REG(hw, IXGBE_IPSRXKEY(1),
- rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[8]));
+ rte_cpu_to_be_32(*(uint32_t *)&key[8]));
IXGBE_WRITE_REG(hw, IXGBE_IPSRXKEY(2),
- rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[4]));
+ rte_cpu_to_be_32(*(uint32_t *)&key[4]));
IXGBE_WRITE_REG(hw, IXGBE_IPSRXKEY(3),
- rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[0]));
+ rte_cpu_to_be_32(*(uint32_t *)&key[0]));
IXGBE_WRITE_REG(hw, IXGBE_IPSRXSALT,
rte_cpu_to_be_32(ic_session->salt));
IXGBE_WRITE_REG(hw, IXGBE_IPSRXMOD,
priv->rx_sa_tbl[sa_index].mode);
IXGBE_WAIT_RWRITE;
+ free(key);
+
} else { /* sess->dir == RTE_CRYPTO_OUTBOUND */
+ uint8_t *key;
int i;
/* Find a free entry in the SA table*/
priv->tx_sa_tbl[i].used = 1;
ic_session->sa_index = sa_index;
+ key = malloc(ic_session->key_len);
+ if (!key)
+ return -ENOMEM;
+
+ memcpy(key, ic_session->key, ic_session->key_len);
+
/* write Key table entry*/
reg_val = IPSRXIDX_RX_EN | IPSRXIDX_WRITE | (sa_index << 3);
IXGBE_WRITE_REG(hw, IXGBE_IPSTXKEY(0),
- rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[12]));
+ rte_cpu_to_be_32(*(uint32_t *)&key[12]));
IXGBE_WRITE_REG(hw, IXGBE_IPSTXKEY(1),
- rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[8]));
+ rte_cpu_to_be_32(*(uint32_t *)&key[8]));
IXGBE_WRITE_REG(hw, IXGBE_IPSTXKEY(2),
- rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[4]));
+ rte_cpu_to_be_32(*(uint32_t *)&key[4]));
IXGBE_WRITE_REG(hw, IXGBE_IPSTXKEY(3),
- rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[0]));
+ rte_cpu_to_be_32(*(uint32_t *)&key[0]));
IXGBE_WRITE_REG(hw, IXGBE_IPSTXSALT,
rte_cpu_to_be_32(ic_session->salt));
IXGBE_WAIT_TWRITE;
+
+ free(key);
}
return 0;
conf->crypto_xform->aead.algo !=
RTE_CRYPTO_AEAD_AES_GCM) {
PMD_DRV_LOG(ERR, "Unsupported crypto transformation mode\n");
+ rte_mempool_put(mempool, (void *)ic_session);
return -ENOTSUP;
}
aead_xform = &conf->crypto_xform->aead;
ic_session->op = IXGBE_OP_AUTHENTICATED_DECRYPTION;
} else {
PMD_DRV_LOG(ERR, "IPsec decryption not enabled\n");
+ rte_mempool_put(mempool, (void *)ic_session);
return -ENOTSUP;
}
} else {
ic_session->op = IXGBE_OP_AUTHENTICATED_ENCRYPTION;
} else {
PMD_DRV_LOG(ERR, "IPsec encryption not enabled\n");
+ rte_mempool_put(mempool, (void *)ic_session);
return -ENOTSUP;
}
}
ic_session->key = aead_xform->key.data;
+ ic_session->key_len = aead_xform->key.length;
memcpy(&ic_session->salt,
&aead_xform->key.data[aead_xform->key.length], 4);
ic_session->spi = conf->ipsec.spi;
if (ic_session->op == IXGBE_OP_AUTHENTICATED_ENCRYPTION) {
if (ixgbe_crypto_add_sa(ic_session)) {
PMD_DRV_LOG(ERR, "Failed to add SA\n");
+ rte_mempool_put(mempool, (void *)ic_session);
return -EPERM;
}
}
PMD_DRV_LOG(ERR, "RSC and IPsec not supported");
return -1;
}
- if (!(rx_offloads & DEV_RX_OFFLOAD_CRC_STRIP)) {
+ if (rx_offloads & DEV_RX_OFFLOAD_KEEP_CRC) {
PMD_DRV_LOG(ERR, "HW CRC strip needs to be enabled for IPsec");
return -1;
}