ipsec: move the IPSec SA pool out of ipsec_main

[vpp.git] / src / plugins / dpdk / ipsec / esp_encrypt.c

diff --git a/src/plugins/dpdk/ipsec/esp_encrypt.c b/src/plugins/dpdk/ipsec/esp_encrypt.c
index e78cb2d..157c93f 100644 (file)
--- a/src/plugins/dpdk/ipsec/esp_encrypt.c
+++ b/src/plugins/dpdk/ipsec/esp_encrypt.c
@@ -21,7 +21,7 @@
 
 #include <vnet/ipsec/ipsec.h>
 #include <vnet/ipsec/esp.h>
-#include <vnet/udp/udp.h>
+#include <vnet/udp/udp_local.h>
 #include <dpdk/buffer.h>
 #include <dpdk/ipsec/ipsec.h>
 #include <vnet/ipsec/ipsec_tun.h>
@@ -46,7 +46,7 @@ typedef enum
  _(RX_PKTS, "ESP pkts received")                    \
  _(SEQ_CYCLED, "Sequence number cycled")            \
  _(ENQ_FAIL, "Enqueue encrypt failed (queue full)")     \
- _(DISCARD, "Not enough crypto operations, discarding frame")  \
+ _(DISCARD, "Not enough crypto operations")         \
  _(SESSION, "Failed to get crypto session")         \
  _(NOSUP, "Cipher/Auth not supported")
 
@@ -141,11 +141,12 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm,
     {
       if (is_ip6)
        vlib_node_increment_counter (vm, dpdk_esp6_encrypt_node.index,
-                                    ESP_ENCRYPT_ERROR_DISCARD, 1);
+                                    ESP_ENCRYPT_ERROR_DISCARD, n_left_from);
       else
        vlib_node_increment_counter (vm, dpdk_esp4_encrypt_node.index,
-                                    ESP_ENCRYPT_ERROR_DISCARD, 1);
+                                    ESP_ENCRYPT_ERROR_DISCARD, n_left_from);
       /* Discard whole frame */
+      vlib_buffer_free (vm, from, n_left_from);
       return n_left_from;
     }
 
@@ -228,7 +229,7 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm,
 
          if (sa_index0 != last_sa_index)
            {
-             sa0 = pool_elt_at_index (im->sad, sa_index0);
+             sa0 = ipsec_sa_get (sa_index0);
 
              cipher_alg =
                vec_elt_at_index (dcm->cipher_algs, sa0->crypto_alg);
@@ -356,9 +357,9 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm,
                    clib_host_to_net_u32 (0xfe320000);
 
                  oh0->ip4.src_address.as_u32 =
-                   sa0->tunnel_src_addr.ip4.as_u32;
+                   sa0->tunnel.t_src.ip.ip4.as_u32;
                  oh0->ip4.dst_address.as_u32 =
-                   sa0->tunnel_dst_addr.ip4.as_u32;
+                   sa0->tunnel.t_dst.ip.ip4.as_u32;
 
                  if (ipsec_sa_is_set_UDP_ENCAP (sa0))
                    {
@@ -391,13 +392,13 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm,
                  oh6_0->ip6.protocol = IP_PROTOCOL_IPSEC_ESP;
                  oh6_0->ip6.hop_limit = 254;
                  oh6_0->ip6.src_address.as_u64[0] =
-                   sa0->tunnel_src_addr.ip6.as_u64[0];
+                   sa0->tunnel.t_src.ip.ip6.as_u64[0];
                  oh6_0->ip6.src_address.as_u64[1] =
-                   sa0->tunnel_src_addr.ip6.as_u64[1];
+                   sa0->tunnel.t_src.ip.ip6.as_u64[1];
                  oh6_0->ip6.dst_address.as_u64[0] =
-                   sa0->tunnel_dst_addr.ip6.as_u64[0];
+                   sa0->tunnel.t_dst.ip.ip6.as_u64[0];
                  oh6_0->ip6.dst_address.as_u64[1] =
-                   sa0->tunnel_dst_addr.ip6.as_u64[1];
+                   sa0->tunnel.t_dst.ip.ip6.as_u64[1];
                  esp0 = &oh6_0->esp;
                  oh6_0->esp.spi = clib_host_to_net_u32 (sa0->spi);
                  oh6_0->esp.seq = clib_host_to_net_u32 (sa0->seq);
@@ -513,8 +514,7 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm,
          u32 *aad = NULL;
 
          u8 *digest = vlib_buffer_get_tail (b0) - trunc_size;
-         u64 digest_paddr =
-           mb0->buf_physaddr + digest - ((u8 *) mb0->buf_addr);
+         u64 digest_paddr = mb0->buf_iova + digest - ((u8 *) mb0->buf_addr);
 
          if (!is_aead && (cipher_alg->alg == RTE_CRYPTO_CIPHER_AES_CBC ||
                           cipher_alg->alg == RTE_CRYPTO_CIPHER_NULL))