Code Review
/
vpp.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
IPSec AH protocol enhancement in VPP native core
[vpp.git]
/
src
/
vnet
/
ipsec
/
ipsec_output.c
diff --git
a/src/vnet/ipsec/ipsec_output.c
b/src/vnet/ipsec/ipsec_output.c
index
df93b5e
..
e86292c
100644
(file)
--- a/
src/vnet/ipsec/ipsec_output.c
+++ b/
src/vnet/ipsec/ipsec_output.c
@@
-21,27
+21,8
@@
#include <vnet/ipsec/ipsec.h>
#include <vnet/ipsec/ipsec.h>
-#if DPDK_CRYPTO==1
-#define ESP_NODE "dpdk-esp-encrypt"
-#else
-#define ESP_NODE "esp-encrypt"
-#endif
-
#if WITH_LIBSSL > 0
#if WITH_LIBSSL > 0
-#define foreach_ipsec_output_next \
-_(DROP, "error-drop") \
-_(ESP_ENCRYPT, ESP_NODE)
-
-#define _(v, s) IPSEC_OUTPUT_NEXT_##v,
-typedef enum
-{
- foreach_ipsec_output_next
-#undef _
- IPSEC_OUTPUT_N_NEXT,
-} ipsec_output_next_t;
-
-
#define foreach_ipsec_output_error \
_(RX_PKTS, "IPSec pkts received") \
_(POLICY_DISCARD, "IPSec policy discard") \
#define foreach_ipsec_output_error \
_(RX_PKTS, "IPSec pkts received") \
_(POLICY_DISCARD, "IPSec policy discard") \
@@
-50,7
+31,6
@@
typedef enum
_(POLICY_BYPASS, "IPSec policy bypass") \
_(ENCAPS_FAILED, "IPSec encapsulation failed")
_(POLICY_BYPASS, "IPSec policy bypass") \
_(ENCAPS_FAILED, "IPSec encapsulation failed")
-
typedef enum
{
#define _(sym,str) IPSEC_OUTPUT_ERROR_##sym,
typedef enum
{
#define _(sym,str) IPSEC_OUTPUT_ERROR_##sym,
@@
-290,8
+270,15
@@
ipsec_output_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
{
if (p0->policy == IPSEC_POLICY_ACTION_PROTECT)
{
{
if (p0->policy == IPSEC_POLICY_ACTION_PROTECT)
{
+ u32 sa_index = 0;
+ ipsec_sa_t *sa = 0;
nc_protect++;
nc_protect++;
- next_node_index = im->esp_encrypt_node_index;
+ sa_index = ipsec_get_sa_index_by_sa_id (p0->sa_id);
+ sa = pool_elt_at_index (im->sad, sa_index);
+ if (sa->protocol == IPSEC_PROTOCOL_ESP)
+ next_node_index = im->esp_encrypt_node_index;
+ else
+ next_node_index = im->ah_encrypt_node_index;
vnet_buffer (b0)->ipsec.sad_index = p0->sa_index;
vlib_buffer_advance (b0, iph_offset);
p0->counter.packets++;
vnet_buffer (b0)->ipsec.sad_index = p0->sa_index;
vlib_buffer_advance (b0, iph_offset);
p0->counter.packets++;