X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;ds=sidebyside;f=examples%2Fipsec-secgw%2Fsa.c;h=14ee947310cf0fee4809dbf06551af19b01b1bd7;hb=0e8f47491f090f44a4956429cb27f6942b6618b0;hp=d700c8ea4c1565ca0aface7c1ffcb85bbab250e1;hpb=4fbf33243175311781e8f130b53890859304dc29;p=dpdk.git diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c index d700c8ea4c..14ee947310 100644 --- a/examples/ipsec-secgw/sa.c +++ b/examples/ipsec-secgw/sa.c @@ -756,8 +756,16 @@ static int check_eth_dev_caps(uint16_t portid, uint32_t inbound) { struct rte_eth_dev_info dev_info; + int retval; - rte_eth_dev_info_get(portid, &dev_info); + retval = rte_eth_dev_info_get(portid, &dev_info); + if (retval != 0) { + RTE_LOG(ERR, IPSEC, + "Error during getting device (port %u) info: %s\n", + portid, strerror(-retval)); + + return retval; + } if (inbound) { if ((dev_info.rx_offload_capa & @@ -868,12 +876,14 @@ sa_add_address_inline_crypto(struct ipsec_sa *sa) static int sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[], - uint32_t nb_entries, uint32_t inbound) + uint32_t nb_entries, uint32_t inbound, + struct socket_ctx *skt_ctx) { struct ipsec_sa *sa; uint32_t i, idx; uint16_t iv_length, aad_length; int inline_status; + int32_t rc; /* for ESN upper 32 bits of SQN also need to be part of AAD */ aad_length = (app_sa_prm.enable_esn != 0) ? sizeof(uint32_t) : 0; @@ -936,6 +946,17 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[], sa->xforms = &sa_ctx->xf[idx].a; + if (sa->type == + RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL || + sa->type == + RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) { + rc = create_inline_session(skt_ctx, sa); + if (rc != 0) { + RTE_LOG(ERR, IPSEC_ESP, + "create_inline_session() failed\n"); + return -EINVAL; + } + } print_one_sa_rule(sa, inbound); } else { switch (sa->cipher_algo) { @@ -1011,16 +1032,16 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[], static inline int sa_out_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[], - uint32_t nb_entries) + uint32_t nb_entries, struct socket_ctx *skt_ctx) { - return sa_add_rules(sa_ctx, entries, nb_entries, 0); + return sa_add_rules(sa_ctx, entries, nb_entries, 0, skt_ctx); } static inline int sa_in_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[], - uint32_t nb_entries) + uint32_t nb_entries, struct socket_ctx *skt_ctx) { - return sa_add_rules(sa_ctx, entries, nb_entries, 1); + return sa_add_rules(sa_ctx, entries, nb_entries, 1, skt_ctx); } /* @@ -1086,10 +1107,12 @@ fill_ipsec_sa_prm(struct rte_ipsec_sa_prm *prm, const struct ipsec_sa *ss, return 0; } -static void +static int fill_ipsec_session(struct rte_ipsec_session *ss, struct rte_ipsec_sa *sa, const struct ipsec_sa *lsa) { + int32_t rc = 0; + ss->sa = sa; ss->type = lsa->type; @@ -1102,6 +1125,17 @@ fill_ipsec_session(struct rte_ipsec_session *ss, struct rte_ipsec_sa *sa, ss->security.ctx = lsa->security_ctx; ss->security.ol_flags = lsa->ol_flags; } + + if (ss->type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO || + ss->type == RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) { + if (ss->security.ses != NULL) { + rc = rte_ipsec_session_prepare(ss); + if (rc != 0) + memset(ss, 0, sizeof(*ss)); + } + } + + return rc; } /* @@ -1136,8 +1170,8 @@ ipsec_sa_init(struct ipsec_sa *lsa, struct rte_ipsec_sa *sa, uint32_t sa_size) if (rc < 0) return rc; - fill_ipsec_session(&lsa->ips, sa, lsa); - return 0; + rc = fill_ipsec_session(&lsa->ips, sa, lsa); + return rc; } /* @@ -1240,7 +1274,7 @@ sa_init(struct socket_ctx *ctx, int32_t socket_id) "context %s in socket %d\n", rte_errno, name, socket_id); - sa_in_add_rules(ctx->sa_in, sa_in, nb_sa_in); + sa_in_add_rules(ctx->sa_in, sa_in, nb_sa_in, ctx); if (app_sa_prm.enable != 0) { rc = ipsec_satbl_init(ctx->sa_in, sa_in, nb_sa_in, @@ -1260,7 +1294,7 @@ sa_init(struct socket_ctx *ctx, int32_t socket_id) "context %s in socket %d\n", rte_errno, name, socket_id); - sa_out_add_rules(ctx->sa_out, sa_out, nb_sa_out); + sa_out_add_rules(ctx->sa_out, sa_out, nb_sa_out, ctx); if (app_sa_prm.enable != 0) { rc = ipsec_satbl_init(ctx->sa_out, sa_out, nb_sa_out,