#include <vnet/ipsec/ipsec.h>
#include <vnet/ipsec/esp.h>
-#include <vnet/udp/udp.h>
+#include <vnet/udp/udp_local.h>
#include <dpdk/buffer.h>
#include <dpdk/ipsec/ipsec.h>
#include <vnet/ipsec/ipsec_tun.h>
_(RX_PKTS, "ESP pkts received") \
_(SEQ_CYCLED, "Sequence number cycled") \
_(ENQ_FAIL, "Enqueue encrypt failed (queue full)") \
- _(DISCARD, "Not enough crypto operations, discarding frame") \
+ _(DISCARD, "Not enough crypto operations") \
_(SESSION, "Failed to get crypto session") \
_(NOSUP, "Cipher/Auth not supported")
{
if (is_ip6)
vlib_node_increment_counter (vm, dpdk_esp6_encrypt_node.index,
- ESP_ENCRYPT_ERROR_DISCARD, 1);
+ ESP_ENCRYPT_ERROR_DISCARD, n_left_from);
else
vlib_node_increment_counter (vm, dpdk_esp4_encrypt_node.index,
- ESP_ENCRYPT_ERROR_DISCARD, 1);
+ ESP_ENCRYPT_ERROR_DISCARD, n_left_from);
/* Discard whole frame */
+ vlib_buffer_free (vm, from, n_left_from);
return n_left_from;
}
if (sa_index0 != last_sa_index)
{
- sa0 = pool_elt_at_index (im->sad, sa_index0);
+ sa0 = ipsec_sa_get (sa_index0);
cipher_alg =
vec_elt_at_index (dcm->cipher_algs, sa0->crypto_alg);
clib_host_to_net_u32 (0xfe320000);
oh0->ip4.src_address.as_u32 =
- sa0->tunnel_src_addr.ip4.as_u32;
+ sa0->tunnel.t_src.ip.ip4.as_u32;
oh0->ip4.dst_address.as_u32 =
- sa0->tunnel_dst_addr.ip4.as_u32;
+ sa0->tunnel.t_dst.ip.ip4.as_u32;
if (ipsec_sa_is_set_UDP_ENCAP (sa0))
{
oh6_0->ip6.protocol = IP_PROTOCOL_IPSEC_ESP;
oh6_0->ip6.hop_limit = 254;
oh6_0->ip6.src_address.as_u64[0] =
- sa0->tunnel_src_addr.ip6.as_u64[0];
+ sa0->tunnel.t_src.ip.ip6.as_u64[0];
oh6_0->ip6.src_address.as_u64[1] =
- sa0->tunnel_src_addr.ip6.as_u64[1];
+ sa0->tunnel.t_src.ip.ip6.as_u64[1];
oh6_0->ip6.dst_address.as_u64[0] =
- sa0->tunnel_dst_addr.ip6.as_u64[0];
+ sa0->tunnel.t_dst.ip.ip6.as_u64[0];
oh6_0->ip6.dst_address.as_u64[1] =
- sa0->tunnel_dst_addr.ip6.as_u64[1];
+ sa0->tunnel.t_dst.ip.ip6.as_u64[1];
esp0 = &oh6_0->esp;
oh6_0->esp.spi = clib_host_to_net_u32 (sa0->spi);
oh6_0->esp.seq = clib_host_to_net_u32 (sa0->seq);
u32 *aad = NULL;
u8 *digest = vlib_buffer_get_tail (b0) - trunc_size;
- u64 digest_paddr =
- mb0->buf_physaddr + digest - ((u8 *) mb0->buf_addr);
+ u64 digest_paddr = mb0->buf_iova + digest - ((u8 *) mb0->buf_addr);
if (!is_aead && (cipher_alg->alg == RTE_CRYPTO_CIPHER_AES_CBC ||
cipher_alg->alg == RTE_CRYPTO_CIPHER_NULL))