int32_t payload_len, ip_hdr_len;
RTE_ASSERT(sa != NULL);
- if (sa->type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO)
+ if (ipsec_get_action_type(sa) ==
+ RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO)
return 0;
RTE_ASSERT(m != NULL);
uint8_t *nexthdr, *pad_len;
uint8_t *padding;
uint16_t i;
+ struct rte_ipsec_session *ips;
RTE_ASSERT(m != NULL);
RTE_ASSERT(sa != NULL);
RTE_ASSERT(cop != NULL);
- if ((sa->type == RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) ||
- (sa->type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO)) {
+ ips = ipsec_get_session(sa);
+
+ if ((ips->type == RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) ||
+ (ips->type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO)) {
if (m->ol_flags & PKT_RX_SEC_OFFLOAD) {
if (m->ol_flags & PKT_RX_SEC_OFFLOAD_FAILED)
cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
return -1;
}
- if (sa->type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO &&
- sa->ol_flags & RTE_SECURITY_RX_HW_TRAILER_OFFLOAD) {
+ if (ips->type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO &&
+ ips->security.ol_flags & RTE_SECURITY_RX_HW_TRAILER_OFFLOAD) {
nexthdr = &m->inner_esp_next_proto;
} else {
nexthdr = rte_pktmbuf_mtod_offset(m, uint8_t*,
struct rte_crypto_sym_op *sym_cop;
int32_t i;
uint16_t pad_payload_len, pad_len, ip_hdr_len;
+ struct rte_ipsec_session *ips;
RTE_ASSERT(m != NULL);
RTE_ASSERT(sa != NULL);
+ ips = ipsec_get_session(sa);
ip_hdr_len = 0;
ip4 = rte_pktmbuf_mtod(m, struct ip *);
}
/* Add trailer padding if it is not constructed by HW */
- if (sa->type != RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO ||
- (sa->type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO &&
- !(sa->ol_flags & RTE_SECURITY_TX_HW_TRAILER_OFFLOAD))) {
+ if (ips->type != RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO ||
+ (ips->type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO &&
+ !(ips->security.ol_flags &
+ RTE_SECURITY_TX_HW_TRAILER_OFFLOAD))) {
padding = (uint8_t *)rte_pktmbuf_append(m, pad_len +
sa->digest_len);
if (unlikely(padding == NULL)) {
}
}
- if (sa->type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) {
- if (sa->ol_flags & RTE_SECURITY_TX_HW_TRAILER_OFFLOAD) {
+ if (ips->type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) {
+ if (ips->security.ol_flags &
+ RTE_SECURITY_TX_HW_TRAILER_OFFLOAD) {
/* Set the inner esp next protocol for HW trailer */
m->inner_esp_next_proto = nlp;
m->packet_type |= RTE_PTYPE_TUNNEL_ESP;
struct ipsec_sa *sa,
struct rte_crypto_op *cop)
{
+ enum rte_security_session_action_type type;
RTE_ASSERT(m != NULL);
RTE_ASSERT(sa != NULL);
- if ((sa->type == RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) ||
- (sa->type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO)) {
+ type = ipsec_get_action_type(sa);
+
+ if ((type == RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) ||
+ (type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO)) {
m->ol_flags |= PKT_TX_SEC_OFFLOAD;
} else {
RTE_ASSERT(cop != NULL);
}
int
-create_lookaside_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
+create_lookaside_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa,
+ struct rte_ipsec_session *ips)
{
struct rte_cryptodev_info cdev_info;
unsigned long cdev_id_qp = 0;
ipsec_ctx->tbl[cdev_id_qp].id,
ipsec_ctx->tbl[cdev_id_qp].qp);
- if (sa->type != RTE_SECURITY_ACTION_TYPE_NONE) {
+ if (ips->type != RTE_SECURITY_ACTION_TYPE_NONE) {
struct rte_security_session_conf sess_conf = {
- .action_type = sa->type,
+ .action_type = ips->type,
.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
{.ipsec = {
.spi = sa->spi,
};
- if (sa->type == RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) {
+ if (ips->type == RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) {
struct rte_security_ctx *ctx = (struct rte_security_ctx *)
rte_cryptodev_get_sec_ctx(
ipsec_ctx->tbl[cdev_id_qp].id);
/* Set IPsec parameters in conf */
set_ipsec_conf(sa, &(sess_conf.ipsec));
- sa->sec_session = rte_security_session_create(ctx,
+ ips->security.ses = rte_security_session_create(ctx,
&sess_conf, ipsec_ctx->session_priv_pool);
- if (sa->sec_session == NULL) {
+ if (ips->security.ses == NULL) {
RTE_LOG(ERR, IPSEC,
"SEC Session init failed: err: %d\n", ret);
return -1;
return -1;
}
} else {
- sa->crypto_session = rte_cryptodev_sym_session_create(
+ ips->crypto.ses = rte_cryptodev_sym_session_create(
ipsec_ctx->session_pool);
rte_cryptodev_sym_session_init(ipsec_ctx->tbl[cdev_id_qp].id,
- sa->crypto_session, sa->xforms,
+ ips->crypto.ses, sa->xforms,
ipsec_ctx->session_priv_pool);
rte_cryptodev_info_get(ipsec_ctx->tbl[cdev_id_qp].id,
}
int
-create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa)
+create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
+ struct rte_ipsec_session *ips)
{
int32_t ret = 0;
struct rte_security_ctx *sec_ctx;
struct rte_security_session_conf sess_conf = {
- .action_type = sa->type,
+ .action_type = ips->type,
.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
{.ipsec = {
.spi = sa->spi,
RTE_LOG_DP(DEBUG, IPSEC, "Create session for SA spi %u on port %u\n",
sa->spi, sa->portid);
- if (sa->type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) {
+ if (ips->type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) {
struct rte_flow_error err;
const struct rte_security_capability *sec_cap;
int ret = 0;
return -1;
}
- sa->sec_session = rte_security_session_create(sec_ctx,
+ ips->security.ses = rte_security_session_create(sec_ctx,
&sess_conf, skt_ctx->session_pool);
- if (sa->sec_session == NULL) {
+ if (ips->security.ses == NULL) {
RTE_LOG(ERR, IPSEC,
"SEC Session init failed: err: %d\n", ret);
return -1;
/* iterate until ESP tunnel*/
while (sec_cap->action != RTE_SECURITY_ACTION_TYPE_NONE) {
- if (sec_cap->action == sa->type &&
+ if (sec_cap->action == ips->type &&
sec_cap->protocol ==
RTE_SECURITY_PROTOCOL_IPSEC &&
sec_cap->ipsec.mode ==
return -1;
}
- sa->ol_flags = sec_cap->ol_flags;
- sa->security_ctx = sec_ctx;
+ ips->security.ol_flags = sec_cap->ol_flags;
+ ips->security.ctx = sec_ctx;
sa->pattern[0].type = RTE_FLOW_ITEM_TYPE_ETH;
if (IS_IP6(sa->flags)) {
sa->pattern[3].type = RTE_FLOW_ITEM_TYPE_END;
sa->action[0].type = RTE_FLOW_ACTION_TYPE_SECURITY;
- sa->action[0].conf = sa->sec_session;
+ sa->action[0].conf = ips->security.ses;
sa->action[1].type = RTE_FLOW_ACTION_TYPE_END;
if (ret)
goto flow_create_failure;
} else if (sa->attr.egress &&
- (sa->ol_flags &
- RTE_SECURITY_TX_HW_TRAILER_OFFLOAD)) {
+ (ips->security.ol_flags &
+ RTE_SECURITY_TX_HW_TRAILER_OFFLOAD)) {
sa->action[1].type =
RTE_FLOW_ACTION_TYPE_PASSTHRU;
sa->action[2].type =
err.message);
return -1;
}
- } else if (sa->type == RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) {
+ } else if (ips->type == RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) {
const struct rte_security_capability *sec_cap;
sec_ctx = (struct rte_security_ctx *)
sess_conf.userdata = (void *) sa;
- sa->sec_session = rte_security_session_create(sec_ctx,
+ ips->security.ses = rte_security_session_create(sec_ctx,
&sess_conf, skt_ctx->session_pool);
- if (sa->sec_session == NULL) {
+ if (ips->security.ses == NULL) {
RTE_LOG(ERR, IPSEC,
"SEC Session init failed: err: %d\n", ret);
return -1;
/* iterate until ESP tunnel*/
while (sec_cap->action !=
RTE_SECURITY_ACTION_TYPE_NONE) {
- if (sec_cap->action == sa->type &&
+ if (sec_cap->action == ips->type &&
sec_cap->protocol ==
RTE_SECURITY_PROTOCOL_IPSEC &&
sec_cap->ipsec.mode ==
return -1;
}
- sa->ol_flags = sec_cap->ol_flags;
- sa->security_ctx = sec_ctx;
+ ips->security.ol_flags = sec_cap->ol_flags;
+ ips->security.ctx = sec_ctx;
}
sa->cdev_id_qp = 0;
struct ipsec_mbuf_metadata *priv;
struct rte_crypto_sym_op *sym_cop;
struct ipsec_sa *sa;
+ struct rte_ipsec_session *ips;
for (i = 0; i < nb_pkts; i++) {
if (unlikely(sas[i] == NULL)) {
priv = get_priv(pkts[i]);
sa = sas[i];
priv->sa = sa;
+ ips = ipsec_get_session(sa);
- switch (sa->type) {
+ switch (ips->type) {
case RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL:
priv->cop.type = RTE_CRYPTO_OP_TYPE_SYMMETRIC;
priv->cop.status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
rte_prefetch0(&priv->sym_cop);
- if ((unlikely(sa->sec_session == NULL)) &&
- create_lookaside_session(ipsec_ctx, sa)) {
+ if ((unlikely(ips->security.ses == NULL)) &&
+ create_lookaside_session(ipsec_ctx, sa, ips)) {
rte_pktmbuf_free(pkts[i]);
continue;
}
sym_cop->m_src = pkts[i];
rte_security_attach_session(&priv->cop,
- sa->sec_session);
+ ips->security.ses);
break;
case RTE_SECURITY_ACTION_TYPE_NONE:
rte_prefetch0(&priv->sym_cop);
- if ((unlikely(sa->crypto_session == NULL)) &&
- create_lookaside_session(ipsec_ctx, sa)) {
+ if ((unlikely(ips->crypto.ses == NULL)) &&
+ create_lookaside_session(ipsec_ctx, sa, ips)) {
rte_pktmbuf_free(pkts[i]);
continue;
}
rte_crypto_op_attach_sym_session(&priv->cop,
- sa->crypto_session);
+ ips->crypto.ses);
ret = xform_func(pkts[i], sa, &priv->cop);
if (unlikely(ret)) {
}
break;
case RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL:
- RTE_ASSERT(sa->sec_session != NULL);
+ RTE_ASSERT(ips->security.ses != NULL);
ipsec_ctx->ol_pkts[ipsec_ctx->ol_pkts_cnt++] = pkts[i];
- if (sa->ol_flags & RTE_SECURITY_TX_OLOAD_NEED_MDATA)
+ if (ips->security.ol_flags &
+ RTE_SECURITY_TX_OLOAD_NEED_MDATA)
rte_security_set_pkt_metadata(
- sa->security_ctx,
- sa->sec_session, pkts[i], NULL);
+ ips->security.ctx, ips->security.ses,
+ pkts[i], NULL);
continue;
case RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO:
- RTE_ASSERT(sa->sec_session != NULL);
+ RTE_ASSERT(ips->security.ses != NULL);
priv->cop.type = RTE_CRYPTO_OP_TYPE_SYMMETRIC;
priv->cop.status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
rte_prefetch0(&priv->sym_cop);
rte_security_attach_session(&priv->cop,
- sa->sec_session);
+ ips->security.ses);
ret = xform_func(pkts[i], sa, &priv->cop);
if (unlikely(ret)) {
}
ipsec_ctx->ol_pkts[ipsec_ctx->ol_pkts_cnt++] = pkts[i];
- if (sa->ol_flags & RTE_SECURITY_TX_OLOAD_NEED_MDATA)
+ if (ips->security.ol_flags &
+ RTE_SECURITY_TX_OLOAD_NEED_MDATA)
rte_security_set_pkt_metadata(
- sa->security_ctx,
- sa->sec_session, pkts[i], NULL);
+ ips->security.ctx, ips->security.ses,
+ pkts[i], NULL);
continue;
}
RTE_ASSERT(sa != NULL);
- if (sa->type == RTE_SECURITY_ACTION_TYPE_NONE) {
+ if (ipsec_get_action_type(sa) ==
+ RTE_SECURITY_ACTION_TYPE_NONE) {
ret = xform_func(pkt, sa, cops[j]);
if (unlikely(ret)) {
rte_pktmbuf_free(pkt);
continue;
}
- } else if (sa->type ==
+ } else if (ipsec_get_action_type(sa) ==
RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) {
if (cops[j]->status) {
rte_pktmbuf_free(pkt);
uint32_t cdev_id_qp;
uint64_t seq;
uint32_t salt;
- union {
- struct rte_cryptodev_sym_session *crypto_session;
- struct rte_security_session *sec_session;
- };
enum rte_crypto_cipher_algorithm cipher_algo;
enum rte_crypto_auth_algorithm auth_algo;
enum rte_crypto_aead_algorithm aead_algo;
struct rte_crypto_sym_xform *xforms;
struct rte_security_ipsec_xform *sec_xform;
};
- enum rte_security_session_action_type type;
enum rte_security_ipsec_sa_direction direction;
uint16_t portid;
- struct rte_security_ctx *security_ctx;
- uint32_t ol_flags;
#define MAX_RTE_FLOW_PATTERN (4)
#define MAX_RTE_FLOW_ACTIONS (3)
return (cop + 1);
}
+static inline struct rte_ipsec_session *
+ipsec_get_session(struct ipsec_sa *sa)
+{
+ return &sa->ips;
+}
+
+static inline enum rte_security_session_action_type
+ipsec_get_action_type(struct ipsec_sa *sa)
+{
+ struct rte_ipsec_session *ips;
+ ips = ipsec_get_session(sa);
+ return ips->type;
+}
+
int
inbound_sa_check(struct sa_ctx *sa_ctx, struct rte_mbuf *m, uint32_t sa_idx);
enqueue_cop_burst(struct cdev_qp *cqp);
int
-create_lookaside_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa);
+create_lookaside_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa,
+ struct rte_ipsec_session *ips);
int
-create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa);
+create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
+ struct rte_ipsec_session *ips);
#endif /* __IPSEC_H__ */
/* setup crypto section */
if (ss->type == RTE_SECURITY_ACTION_TYPE_NONE) {
- if (sa->crypto_session == NULL) {
- rc = create_lookaside_session(ctx, sa);
- if (rc != 0)
- return rc;
- }
- ss->crypto.ses = sa->crypto_session;
+ RTE_ASSERT(ss->crypto.ses == NULL);
+ rc = create_lookaside_session(ctx, sa, ss);
+ if (rc != 0)
+ return rc;
/* setup session action type */
- } else if (sa->type == RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) {
- if (sa->sec_session == NULL) {
- rc = create_lookaside_session(ctx, sa);
- if (rc != 0)
- return rc;
- }
- ss->security.ses = sa->sec_session;
- ss->security.ctx = sa->security_ctx;
- ss->security.ol_flags = sa->ol_flags;
+ } else if (ss->type == RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) {
+ RTE_ASSERT(ss->security.ses == NULL);
+ rc = create_lookaside_session(ctx, sa, ss);
+ if (rc != 0)
+ return rc;
} else
RTE_ASSERT(0);
pg = grp + i;
sa = pg->id.ptr;
- ips = &sa->ips;
+ ips = ipsec_get_session(sa);
/* no valid HW session for that SA, try to create one */
if (sa == NULL || (ips->crypto.ses == NULL &&
k = 0;
/* process packets inline */
- else if (sa->type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO ||
- sa->type ==
+ else if (ips->type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO ||
+ ips->type ==
RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) {
satp = rte_ipsec_sa_type(ips->sa);
struct parse_status *status)
{
struct ipsec_sa *rule = NULL;
+ struct rte_ipsec_session *ips;
uint32_t ti; /*token index*/
uint32_t *ri /*rule index*/;
uint32_t cipher_algo_p = 0;
if (atoi(tokens[1]) == INVALID_SPI)
return;
rule->spi = atoi(tokens[1]);
+ ips = ipsec_get_session(rule);
for (ti = 2; ti < n_tokens; ti++) {
if (strcmp(tokens[ti], "mode") == 0) {
return;
if (strcmp(tokens[ti], "inline-crypto-offload") == 0)
- rule->type =
+ ips->type =
RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO;
else if (strcmp(tokens[ti],
"inline-protocol-offload") == 0)
- rule->type =
+ ips->type =
RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL;
else if (strcmp(tokens[ti],
"lookaside-protocol-offload") == 0)
- rule->type =
+ ips->type =
RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL;
else if (strcmp(tokens[ti], "no-offload") == 0)
- rule->type = RTE_SECURITY_ACTION_TYPE_NONE;
+ ips->type = RTE_SECURITY_ACTION_TYPE_NONE;
else {
APP_CHECK(0, status, "Invalid input \"%s\"",
tokens[ti]);
if (status->status < 0)
return;
- if ((rule->type != RTE_SECURITY_ACTION_TYPE_NONE) && (portid_p == 0))
+ if ((ips->type != RTE_SECURITY_ACTION_TYPE_NONE) && (portid_p == 0))
printf("Missing portid option, falling back to non-offload\n");
if (!type_p || !portid_p) {
- rule->type = RTE_SECURITY_ACTION_TYPE_NONE;
+ ips->type = RTE_SECURITY_ACTION_TYPE_NONE;
rule->portid = -1;
}
{
uint32_t i;
uint8_t a, b, c, d;
+ const struct rte_ipsec_session *ips;
printf("\tspi_%s(%3u):", inbound?"in":"out", sa->spi);
printf("Transport ");
break;
}
+
+ ips = &sa->ips;
printf(" type:");
- switch (sa->type) {
+ switch (ips->type) {
case RTE_SECURITY_ACTION_TYPE_NONE:
printf("no-offload ");
break;
uint16_t iv_length, aad_length;
int inline_status;
int32_t rc;
+ struct rte_ipsec_session *ips;
/* for ESN upper 32 bits of SQN also need to be part of AAD */
aad_length = (app_sa_prm.enable_esn != 0) ? sizeof(uint32_t) : 0;
}
*sa = entries[i];
sa->seq = 0;
+ ips = ipsec_get_session(sa);
- if (sa->type == RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
- sa->type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) {
+ if (ips->type == RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
+ ips->type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) {
if (check_eth_dev_caps(sa->portid, inbound))
return -EINVAL;
}
sa->dst.ip.ip4 = rte_cpu_to_be_32(sa->dst.ip.ip4);
break;
case TRANSPORT:
- if (sa->type ==
+ if (ips->type ==
RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) {
inline_status =
sa_add_address_inline_crypto(sa);
}
if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
+ struct rte_ipsec_session *ips;
iv_length = 16;
sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_AEAD;
sa->xforms = &sa_ctx->xf[idx].a;
- if (sa->type ==
+ ips = ipsec_get_session(sa);
+ if (ips->type ==
RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
- sa->type ==
+ ips->type ==
RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) {
- rc = create_inline_session(skt_ctx, sa);
+ rc = create_inline_session(skt_ctx, sa, ips);
if (rc != 0) {
RTE_LOG(ERR, IPSEC_ESP,
"create_inline_session() failed\n");
}
static int
-fill_ipsec_session(struct rte_ipsec_session *ss, struct rte_ipsec_sa *sa,
- const struct ipsec_sa *lsa)
+fill_ipsec_session(struct rte_ipsec_session *ss, struct rte_ipsec_sa *sa)
{
int32_t rc = 0;
ss->sa = sa;
- ss->type = lsa->type;
-
- /* setup crypto section */
- if (ss->type == RTE_SECURITY_ACTION_TYPE_NONE) {
- ss->crypto.ses = lsa->crypto_session;
- /* setup session action type */
- } else {
- ss->security.ses = lsa->sec_session;
- ss->security.ctx = lsa->security_ctx;
- ss->security.ol_flags = lsa->ol_flags;
- }
if (ss->type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO ||
ss->type == RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) {
{
int rc;
struct rte_ipsec_sa_prm prm;
+ struct rte_ipsec_session *ips;
struct rte_ipv4_hdr v4 = {
.version_ihl = IPVERSION << 4 |
sizeof(v4) / RTE_IPV4_IHL_MULTIPLIER,
if (rc < 0)
return rc;
- rc = fill_ipsec_session(&lsa->ips, sa, lsa);
+ /* init processing session */
+ ips = ipsec_get_session(lsa);
+ rc = fill_ipsec_session(ips, sa);
+
return rc;
}
{
struct ipsec_sa *rule;
uint32_t idx_sa;
+ enum rte_security_session_action_type rule_type;
*rx_offloads = 0;
*tx_offloads = 0;
/* Check for inbound rules that use offloads and use this port */
for (idx_sa = 0; idx_sa < nb_sa_in; idx_sa++) {
rule = &sa_in[idx_sa];
- if ((rule->type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO ||
- rule->type ==
+ rule_type = ipsec_get_action_type(rule);
+ if ((rule_type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO ||
+ rule_type ==
RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL)
&& rule->portid == port_id)
*rx_offloads |= DEV_RX_OFFLOAD_SECURITY;
/* Check for outbound rules that use offloads and use this port */
for (idx_sa = 0; idx_sa < nb_sa_out; idx_sa++) {
rule = &sa_out[idx_sa];
- if ((rule->type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO ||
- rule->type ==
+ rule_type = ipsec_get_action_type(rule);
+ if ((rule_type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO ||
+ rule_type ==
RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL)
&& rule->portid == port_id)
*tx_offloads |= DEV_TX_OFFLOAD_SECURITY;
git.droids-corp.org / dpdk.git / commitdiff