#include <vnet/ipsec/ah.h>
#define foreach_ah_encrypt_next \
- _ (DROP, "error-drop") \
- _ (IP4_LOOKUP, "ip4-lookup") \
- _ (IP6_LOOKUP, "ip6-lookup") \
+ _ (DROP, "error-drop") \
+ _ (HANDOFF, "handoff") \
_ (INTERFACE_OUTPUT, "interface-output")
CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
ah_encrypt_trace_t *t = va_arg (*args, ah_encrypt_trace_t *);
- s = format (s, "ah: sa-index %d spi %u seq %u:%u integrity %U",
- t->sa_index, t->spi, t->seq_hi, t->seq_lo,
+ s = format (s, "ah: sa-index %d spi %u (0x%08x) seq %u:%u integrity %U",
+ t->sa_index, t->spi, t->spi, t->seq_hi, t->seq_lo,
format_ipsec_integ_alg, t->integ_alg);
return s;
}
pd->sa_index = current_sa_index;
next[0] = AH_ENCRYPT_NEXT_DROP;
+ if (PREDICT_FALSE (~0 == sa0->encrypt_thread_index))
+ {
+ /* this is the first packet to use this SA, claim the SA
+ * for this thread. this could happen simultaneously on
+ * another thread */
+ clib_atomic_cmp_and_swap (&sa0->encrypt_thread_index, ~0,
+ ipsec_sa_assign_thread (thread_index));
+ }
+
+ if (PREDICT_TRUE (thread_index != sa0->encrypt_thread_index))
+ {
+ next[0] = AH_ENCRYPT_NEXT_HANDOFF;
+ goto next;
+ }
+
if (PREDICT_FALSE (esp_seq_advance (sa0)))
{
b[0]->error = node->errors[AH_ENCRYPT_ERROR_SEQ_CYCLED];
.n_next_nodes = AH_ENCRYPT_N_NEXT,
.next_nodes = {
-#define _(s,n) [AH_ENCRYPT_NEXT_##s] = n,
- foreach_ah_encrypt_next
-#undef _
+ [AH_ENCRYPT_NEXT_DROP] = "ip4-drop",
+ [AH_ENCRYPT_NEXT_HANDOFF] = "ah4-encrypt-handoff",
+ [AH_ENCRYPT_NEXT_INTERFACE_OUTPUT] = "interface-output",
},
};
/* *INDENT-ON* */
.n_next_nodes = AH_ENCRYPT_N_NEXT,
.next_nodes = {
-#define _(s,n) [AH_ENCRYPT_NEXT_##s] = n,
- foreach_ah_encrypt_next
-#undef _
+ [AH_ENCRYPT_NEXT_DROP] = "ip6-drop",
+ [AH_ENCRYPT_NEXT_HANDOFF] = "ah6-encrypt-handoff",
+ [AH_ENCRYPT_NEXT_INTERFACE_OUTPUT] = "interface-output",
},
};
/* *INDENT-ON* */
Code Review / vpp.git / blobdiff