net/enic: avoid error message when no advanced filtering

[dpdk.git] / examples / ipsec-secgw / sa.c

diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index e3a1a5a..88dd304 100644 (file)
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -32,7 +32,7 @@
 
 #define IP6_FULL_MASK (sizeof(((struct ip_addr *)NULL)->ip.ip6.ip6) * CHAR_BIT)
 
-#define MBUF_NO_SEC_OFFLOAD(m) ((m->ol_flags & PKT_RX_SEC_OFFLOAD) == 0)
+#define MBUF_NO_SEC_OFFLOAD(m) ((m->ol_flags & RTE_MBUF_F_RX_SEC_OFFLOAD) == 0)
 
 struct supported_cipher_algo {
        const char *keyword;
@@ -160,6 +160,7 @@ const struct supported_aead_algo aead_algos[] = {
 
 #define SA_INIT_NB     128
 
+static uint32_t nb_crypto_sessions;
 struct ipsec_sa *sa_out;
 uint32_t nb_sa_out;
 static uint32_t sa_out_sz;
@@ -297,6 +298,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
        uint32_t portid_p = 0;
        uint32_t fallback_p = 0;
        int16_t status_p = 0;
+       uint16_t udp_encap_p = 0;
 
        if (strcmp(tokens[0], "in") == 0) {
                ri = &nb_sa_in;
@@ -712,6 +714,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
                        }
 
                        rule->fallback_sessions = 1;
+                       nb_crypto_sessions++;
                        fallback_p = 1;
                        continue;
                }
@@ -755,6 +758,28 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
                        }
                        continue;
                }
+               if (strcmp(tokens[ti], "udp-encap") == 0) {
+                       switch (ips->type) {
+                       case RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL:
+                       case RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL:
+                               APP_CHECK_PRESENCE(udp_encap_p, tokens[ti],
+                                                  status);
+                               if (status->status < 0)
+                                       return;
+
+                               rule->udp_encap = 1;
+                               app_sa_prm.udp_encap = 1;
+                               udp_encap_p = 1;
+                               break;
+                       default:
+                               APP_CHECK(0, status,
+                                       "UDP encapsulation not supported for "
+                                       "security session type %d",
+                                       ips->type);
+                               return;
+                       }
+                       continue;
+               }
 
                /* unrecognizeable input */
                APP_CHECK(0, status, "unrecognized input \"%s\"",
@@ -795,6 +820,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
                ips->type = RTE_SECURITY_ACTION_TYPE_NONE;
        }
 
+       nb_crypto_sessions++;
        *ri = *ri + 1;
 }
 
@@ -960,7 +986,7 @@ check_eth_dev_caps(uint16_t portid, uint32_t inbound)
 
        if (inbound) {
                if ((dev_info.rx_offload_capa &
-                               DEV_RX_OFFLOAD_SECURITY) == 0) {
+                               RTE_ETH_RX_OFFLOAD_SECURITY) == 0) {
                        RTE_LOG(WARNING, PORT,
                                "hardware RX IPSec offload is not supported\n");
                        return -EINVAL;
@@ -968,7 +994,7 @@ check_eth_dev_caps(uint16_t portid, uint32_t inbound)
 
        } else { /* outbound */
                if ((dev_info.tx_offload_capa &
-                               DEV_TX_OFFLOAD_SECURITY) == 0) {
+                               RTE_ETH_TX_OFFLOAD_SECURITY) == 0) {
                        RTE_LOG(WARNING, PORT,
                                "hardware TX IPSec offload is not supported\n");
                        return -EINVAL;
@@ -1223,8 +1249,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
                        rc = create_ipsec_esp_flow(sa);
                        if (rc != 0)
                                RTE_LOG(ERR, IPSEC_ESP,
-                                       "create_ipsec_esp_flow() failed %s\n",
-                                       strerror(rc));
+                                       "create_ipsec_esp_flow() failed\n");
                }
                print_one_sa_rule(sa, inbound);
        }
@@ -1603,7 +1628,7 @@ sa_check_offloads(uint16_t port_id, uint64_t *rx_offloads,
                                rule_type ==
                                RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL)
                                && rule->portid == port_id)
-                       *rx_offloads |= DEV_RX_OFFLOAD_SECURITY;
+                       *rx_offloads |= RTE_ETH_RX_OFFLOAD_SECURITY;
        }
 
        /* Check for outbound rules that use offloads and use this port */
@@ -1614,7 +1639,7 @@ sa_check_offloads(uint16_t port_id, uint64_t *rx_offloads,
                                rule_type ==
                                RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL)
                                && rule->portid == port_id)
-                       *tx_offloads |= DEV_TX_OFFLOAD_SECURITY;
+                       *tx_offloads |= RTE_ETH_TX_OFFLOAD_SECURITY;
        }
        return 0;
 }
@@ -1625,3 +1650,9 @@ sa_sort_arr(void)
        qsort(sa_in, nb_sa_in, sizeof(struct ipsec_sa), sa_cmp);
        qsort(sa_out, nb_sa_out, sizeof(struct ipsec_sa), sa_cmp);
 }
+
+uint32_t
+get_nb_crypto_sessions(void)
+{
+       return nb_crypto_sessions;
+}