New option added to the SA configuration arguments that
allows setting an arbitrary start value for ESN.
For example in the SA below ESN will be enabled and first egress
IPsec packet will have the ESN value 10000:
sa out 15 cipher_algo null auth_algo null mode ipv4-tunnel \
src 172.16.1.5 dst 172.16.2.5 \
esn 10000
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
* *telemetry*
+ ``<esn>``
+
+ * Enable ESN and set the initial ESN value.
+
+ * Optional: Yes, ESN not enabled by default
+
+ * Syntax:
+
+ * *esn N* N is the initial ESN value
+
Example SA rules:
.. code-block:: console
sess_conf.ipsec.udp.dport = htons(sa->udp.dport);
}
+ if (sa->esn > 0) {
+ sess_conf.ipsec.options.esn = 1;
+ sess_conf.ipsec.esn.value = sa->esn;
+ }
+
+
RTE_LOG_DP(DEBUG, IPSEC, "Create session for SA spi %u on port %u\n",
sa->spi, sa->portid);
enum rte_security_ipsec_sa_direction direction;
uint8_t udp_encap;
uint16_t portid;
+ uint64_t esn;
uint16_t mss;
uint8_t fdir_qid;
uint8_t fdir_flag;
continue;
}
+ if (strcmp(tokens[ti], "esn") == 0) {
+ INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
+ if (status->status < 0)
+ return;
+ rule->esn = atoll(tokens[ti]);
+ if (status->status < 0)
+ return;
+ continue;
+ }
+
if (strcmp(tokens[ti], "fallback") == 0) {
struct rte_ipsec_session *fb;
git.droids-corp.org / dpdk.git / commitdiff