vlib_node_runtime_t * node,
vlib_frame_t * from_frame, int is_ip6)
{
- u32 n_left_from, *from, *to_next, next_index;
+ u32 n_left_from, *from, *to_next, next_index, thread_index;
ipsec_main_t *im = &ipsec_main;
u32 thread_idx = vlib_get_thread_index ();
dpdk_crypto_main_t *dcm = &dpdk_crypto_main;
from = vlib_frame_vector_args (from_frame);
n_left_from = from_frame->n_vectors;
+ thread_index = vm->thread_index;
ret = crypto_alloc_ops (numa, ops, n_left_from);
if (ret)
CLIB_PREFETCH (op, op_len, STORE);
sa_index0 = vnet_buffer (b0)->ipsec.sad_index;
+ vlib_prefetch_combined_counter (&ipsec_sa_counters,
+ thread_index, sa_index0);
if (sa_index0 != last_sa_index)
{
}
/* anti-replay check */
- if (sa0->use_anti_replay)
+ if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa0))
{
int rv = 0;
seq = clib_net_to_host_u32 (esp0->seq);
- if (PREDICT_TRUE (sa0->use_esn))
+ if (PREDICT_TRUE (ipsec_sa_is_set_USE_EXTENDED_SEQ_NUM (sa0)))
rv = esp_replay_check_esn (sa0, seq);
else
rv = esp_replay_check (sa0, seq);
priv->next = DPDK_CRYPTO_INPUT_NEXT_DECRYPT4_POST;
/* FIXME multi-seg */
- sa0->total_data_size += b0->current_length;
+ vlib_increment_combined_counter
+ (&ipsec_sa_counters, thread_index, sa_index0,
+ 1, b0->current_length);
res->ops[res->n_ops] = op;
res->bi[res->n_ops] = bi0;
clib_memcpy_fast (aad, esp0, 8);
/* _aad[3] should always be 0 */
- if (PREDICT_FALSE (sa0->use_esn))
+ if (PREDICT_FALSE (ipsec_sa_is_set_USE_EXTENDED_SEQ_NUM (sa0)))
_aad[2] = clib_host_to_net_u32 (sa0->seq_hi);
else
_aad[2] = 0;
{
auth_len = sizeof (esp_header_t) + iv_size + payload_len;
- if (sa0->use_esn)
+ if (ipsec_sa_is_set_USE_EXTENDED_SEQ_NUM (sa0))
{
clib_memcpy_fast (priv->icv, digest, trunc_size);
u32 *_digest = (u32 *) digest;
iv_size = cipher_alg->iv_len;
- if (sa0->use_anti_replay)
+ if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa0))
{
u32 seq;
seq = clib_host_to_net_u32 (esp0->seq);
- if (PREDICT_TRUE (sa0->use_esn))
+ if (PREDICT_TRUE (ipsec_sa_is_set_USE_EXTENDED_SEQ_NUM (sa0)))
esp_replay_advance_esn (sa0, seq);
else
esp_replay_advance (sa0, seq);
}
/* if UDP encapsulation is used adjust the address of the IP header */
- if (sa0->udp_encap && (b0->flags & VNET_BUFFER_F_IS_IP4))
+ if (ipsec_sa_is_set_UDP_ENCAP (sa0)
+ && (b0->flags & VNET_BUFFER_F_IS_IP4))
{
udp_encap_adv = sizeof (udp_header_t);
}
goto trace;
}
#endif
- if (sa0->is_tunnel)
+ if (ipsec_sa_is_set_IS_TUNNEL (sa0))
{
if (f0->next_header == IP_PROTOCOL_IP_IN_IP)
next0 = ESP_DECRYPT_NEXT_IP4_INPUT;
- else if (sa0->is_tunnel_ip6
+ else if (ipsec_sa_is_set_IS_TUNNEL_V6 (sa0)
&& f0->next_header == IP_PROTOCOL_IPV6)
next0 = ESP_DECRYPT_NEXT_IP6_INPUT;
else
u16 ih4_len = ip4_header_bytes (ih4);
vlib_buffer_advance (b0, -ih4_len - udp_encap_adv);
next0 = ESP_DECRYPT_NEXT_IP4_INPUT;
- if (!sa0->udp_encap)
+ if (!ipsec_sa_is_set_UDP_ENCAP (sa0))
{
oh4 = vlib_buffer_get_current (b0);
memmove (oh4, ih4, ih4_len);