_(DECRYPTION_FAILED, "ESP decryption failed") \
_(REPLAY, "SA replayed packet") \
_(NOT_IP, "Not IP packet (dropped)") \
- _(ENQ_FAIL, "Enqueue failed (buffer full)") \
- _(DISCARD, "Not enough crypto operations, discarding frame") \
+ _(ENQ_FAIL, "Enqueue decrypt failed (queue full)") \
+ _(DISCARD, "Not enough crypto operations") \
_(BAD_LEN, "Invalid ciphertext length") \
_(SESSION, "Failed to get crypto session") \
_(NOSUP, "Cipher/Auth not supported")
vlib_frame_t * from_frame, int is_ip6)
{
u32 n_left_from, *from, *to_next, next_index, thread_index;
- ipsec_main_t *im = &ipsec_main;
u32 thread_idx = vlib_get_thread_index ();
dpdk_crypto_main_t *dcm = &dpdk_crypto_main;
crypto_resource_t *res = 0;
{
if (is_ip6)
vlib_node_increment_counter (vm, dpdk_esp6_decrypt_node.index,
- ESP_DECRYPT_ERROR_DISCARD, 1);
+ ESP_DECRYPT_ERROR_DISCARD, n_left_from);
else
vlib_node_increment_counter (vm, dpdk_esp4_decrypt_node.index,
- ESP_DECRYPT_ERROR_DISCARD, 1);
+ ESP_DECRYPT_ERROR_DISCARD, n_left_from);
/* Discard whole frame */
+ vlib_buffer_free (vm, from, n_left_from);
return n_left_from;
}
if (sa_index0 != last_sa_index)
{
- sa0 = pool_elt_at_index (im->sad, sa_index0);
+ sa0 = ipsec_sa_get (sa_index0);
cipher_alg =
vec_elt_at_index (dcm->cipher_algs, sa0->crypto_alg);
if (PREDICT_FALSE (res_idx == (u16) ~ 0))
{
- clib_warning ("unsupported SA by thread index %u",
- thread_idx);
if (is_ip6)
vlib_node_increment_counter (vm,
dpdk_esp6_decrypt_node.index,
error = crypto_get_session (&session, sa_index0, res, cwm, 0);
if (PREDICT_FALSE (error || !session))
{
- clib_warning ("failed to get crypto session");
if (is_ip6)
vlib_node_increment_counter (vm,
dpdk_esp6_decrypt_node.index,
if (ipsec_sa_anti_replay_check
(sa0, clib_host_to_net_u32 (esp0->seq)))
{
- clib_warning ("failed anti-replay check");
if (is_ip6)
vlib_node_increment_counter (vm,
dpdk_esp6_decrypt_node.index,
if (payload_len & (cipher_alg->boundary - 1))
{
- clib_warning ("payload %u not multiple of %d\n",
- payload_len, cipher_alg->boundary);
if (is_ip6)
vlib_node_increment_counter (vm, dpdk_esp6_decrypt_node.index,
ESP_DECRYPT_ERROR_BAD_LEN, 1);
cipher_len = payload_len;
u8 *digest = vlib_buffer_get_tail (b0) - trunc_size;
- u64 digest_paddr =
- mb0->buf_physaddr + digest - ((u8 *) mb0->buf_addr);
+ u64 digest_paddr = mb0->buf_iova + digest - ((u8 *) mb0->buf_addr);
if (!is_aead && cipher_alg->alg == RTE_CRYPTO_CIPHER_AES_CBC)
clib_memcpy_fast (icb, iv, 16);
u32 n_left_from, *from, *to_next = 0, next_index;
ipsec_sa_t *sa0;
u32 sa_index0 = ~0;
- ipsec_main_t *im = &ipsec_main;
dpdk_crypto_main_t *dcm = &dpdk_crypto_main;
from = vlib_frame_vector_args (from_frame);
esp0 = vlib_buffer_get_current (b0);
sa_index0 = vnet_buffer (b0)->ipsec.sad_index;
- sa0 = pool_elt_at_index (im->sad, sa_index0);
+ sa0 = ipsec_sa_get (sa_index0);
to_next[0] = bi0;
to_next += 1;
Code Review / vpp.git / blobdiff