Code Review
/
vpp.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
ipsec: add support for AES CTR
[vpp.git]
/
src
/
vnet
/
ipsec
/
ipsec_sa.c
diff --git
a/src/vnet/ipsec/ipsec_sa.c
b/src/vnet/ipsec/ipsec_sa.c
index
9b2f2b5
..
515eb25
100644
(file)
--- a/
src/vnet/ipsec/ipsec_sa.c
+++ b/
src/vnet/ipsec/ipsec_sa.c
@@
-108,8
+108,13
@@
ipsec_sa_set_crypto_alg (ipsec_sa_t * sa, ipsec_crypto_alg_t crypto_alg)
if (IPSEC_CRYPTO_ALG_IS_GCM (crypto_alg))
{
sa->integ_icv_size = im->crypto_algs[crypto_alg].icv_size;
if (IPSEC_CRYPTO_ALG_IS_GCM (crypto_alg))
{
sa->integ_icv_size = im->crypto_algs[crypto_alg].icv_size;
+ ipsec_sa_set_IS_CTR (sa);
ipsec_sa_set_IS_AEAD (sa);
}
ipsec_sa_set_IS_AEAD (sa);
}
+ else if (IPSEC_CRYPTO_ALG_IS_CTR (crypto_alg))
+ {
+ ipsec_sa_set_IS_CTR (sa);
+ }
}
void
}
void
@@
-178,8
+183,10
@@
ipsec_sa_add_and_lock (u32 id,
u32 tx_table_id,
u32 salt,
const ip46_address_t * tun_src,
u32 tx_table_id,
u32 salt,
const ip46_address_t * tun_src,
- const ip46_address_t * tun_dst, u32 * sa_out_index,
- u16 src_port, u16 dst_port)
+ const ip46_address_t * tun_dst,
+ tunnel_encap_decap_flags_t tunnel_flags,
+ ip_dscp_t dscp,
+ u32 * sa_out_index, u16 src_port, u16 dst_port)
{
vlib_main_t *vm = vlib_get_main ();
ipsec_main_t *im = &ipsec_main;
{
vlib_main_t *vm = vlib_get_main ();
ipsec_main_t *im = &ipsec_main;
@@
-206,9
+213,10
@@
ipsec_sa_add_and_lock (u32 id,
sa->stat_index = sa_index;
sa->protocol = proto;
sa->flags = flags;
sa->stat_index = sa_index;
sa->protocol = proto;
sa->flags = flags;
+ sa->tunnel_flags = tunnel_flags;
+ sa->dscp = dscp;
sa->salt = salt;
sa->salt = salt;
- sa->encrypt_thread_index = (vlib_num_workers ())? ~0 : 0;
- sa->decrypt_thread_index = (vlib_num_workers ())? ~0 : 0;
+ sa->thread_index = (vlib_num_workers ()) ? ~0 : 0;
if (integ_alg != IPSEC_INTEG_ALG_NONE)
{
ipsec_sa_set_integ_alg (sa, integ_alg);
if (integ_alg != IPSEC_INTEG_ALG_NONE)
{
ipsec_sa_set_integ_alg (sa, integ_alg);
@@
-297,6
+305,8
@@
ipsec_sa_add_and_lock (u32 id,
if (ipsec_sa_is_set_IS_TUNNEL_V6 (sa))
{
sa->ip6_hdr.ip_version_traffic_class_and_flow_label = 0x60;
if (ipsec_sa_is_set_IS_TUNNEL_V6 (sa))
{
sa->ip6_hdr.ip_version_traffic_class_and_flow_label = 0x60;
+ ip6_set_dscp_network_order (&sa->ip6_hdr, sa->dscp);
+
sa->ip6_hdr.hop_limit = 254;
sa->ip6_hdr.src_address.as_u64[0] =
sa->tunnel_src_addr.ip6.as_u64[0];
sa->ip6_hdr.hop_limit = 254;
sa->ip6_hdr.src_address.as_u64[0] =
sa->tunnel_src_addr.ip6.as_u64[0];
@@
-317,6
+327,7
@@
ipsec_sa_add_and_lock (u32 id,
sa->ip4_hdr.ttl = 254;
sa->ip4_hdr.src_address.as_u32 = sa->tunnel_src_addr.ip4.as_u32;
sa->ip4_hdr.dst_address.as_u32 = sa->tunnel_dst_addr.ip4.as_u32;
sa->ip4_hdr.ttl = 254;
sa->ip4_hdr.src_address.as_u32 = sa->tunnel_src_addr.ip4.as_u32;
sa->ip4_hdr.dst_address.as_u32 = sa->tunnel_dst_addr.ip4.as_u32;
+ sa->ip4_hdr.tos = sa->dscp << 2;
if (ipsec_sa_is_set_UDP_ENCAP (sa))
sa->ip4_hdr.protocol = IP_PROTOCOL_UDP;
if (ipsec_sa_is_set_UDP_ENCAP (sa))
sa->ip4_hdr.protocol = IP_PROTOCOL_UDP;
@@
-453,11
+464,11
@@
ipsec_sa_walk (ipsec_sa_walk_cb_t cb, void *ctx)
ipsec_sa_t *sa;
/* *INDENT-OFF* */
ipsec_sa_t *sa;
/* *INDENT-OFF* */
- pool_foreach (sa, im->sad
,
-
(
{
+ pool_foreach (sa, im->sad
)
+
{
if (WALK_CONTINUE != cb(sa, ctx))
break;
if (WALK_CONTINUE != cb(sa, ctx))
break;
- }
));
+ }
/* *INDENT-ON* */
}
/* *INDENT-ON* */
}