if (PREDICT_FALSE (vec_len (empty_buffers) < n_left_from))
{
- if (is_ip6)
- vlib_node_increment_counter (vm, esp6_decrypt_node.index,
- ESP_DECRYPT_ERROR_NO_BUFFER,
- n_left_from);
- else
- vlib_node_increment_counter (vm, esp4_decrypt_node.index,
- ESP_DECRYPT_ERROR_NO_BUFFER,
- n_left_from);
+ vlib_node_increment_counter (vm, node->node_index,
+ ESP_DECRYPT_ERROR_NO_BUFFER, n_left_from);
goto free_buffers_and_exit;
}
if (PREDICT_FALSE (rv))
{
- if (is_ip6)
- vlib_node_increment_counter (vm,
- esp6_decrypt_node.index,
- ESP_DECRYPT_ERROR_REPLAY, 1);
- else
- vlib_node_increment_counter (vm,
- esp4_decrypt_node.index,
- ESP_DECRYPT_ERROR_REPLAY, 1);
+ vlib_node_increment_counter (vm, node->node_index,
+ ESP_DECRYPT_ERROR_REPLAY, 1);
o_bi0 = i_bi0;
to_next[0] = o_bi0;
to_next += 1;
}
}
- sa0->total_data_size += i_b0->current_length;
+ vlib_increment_combined_counter
+ (&ipsec_sa_counters, thread_index, sa_index0,
+ 1, i_b0->current_length);
if (PREDICT_TRUE (sa0->integ_alg != IPSEC_INTEG_ALG_NONE))
{
icv_size;
i_b0->current_length -= icv_size;
- hmac_calc (sa0->integ_alg, sa0->integ_key, sa0->integ_key_len,
- (u8 *) esp0, i_b0->current_length, sig, sa0->use_esn,
+ hmac_calc (sa0->integ_alg, sa0->integ_key.data,
+ sa0->integ_key.len, (u8 *) esp0,
+ i_b0->current_length, sig, sa0->use_esn,
sa0->seq_hi);
if (PREDICT_FALSE (memcmp (icv, sig, icv_size)))
{
- if (is_ip6)
- vlib_node_increment_counter (vm,
- esp6_decrypt_node.index,
- ESP_DECRYPT_ERROR_INTEG_ERROR,
- 1);
- else
- vlib_node_increment_counter (vm,
- esp4_decrypt_node.index,
- ESP_DECRYPT_ERROR_INTEG_ERROR,
- 1);
+ vlib_node_increment_counter (vm, node->node_index,
+ ESP_DECRYPT_ERROR_INTEG_ERROR,
+ 1);
o_bi0 = i_bi0;
to_next[0] = o_bi0;
to_next += 1;
}
else
{
- ih4 =
- (ip4_header_t *) ((u8 *) esp0 -
- sizeof (ip4_header_t));
+ if (sa0->udp_encap)
+ {
+ ih4 =
+ (ip4_header_t *) ((u8 *) esp0 -
+ sizeof (udp_header_t) -
+ sizeof (ip4_header_t));
+ }
+ else
+ {
+ ih4 =
+ (ip4_header_t *) ((u8 *) esp0 -
+ sizeof (ip4_header_t));
+ }
oh4 = vlib_buffer_get_current (o_b0);
ip_hdr_size = sizeof (ip4_header_t);
}
esp0->data + IV_SIZE,
(u8 *) vlib_buffer_get_current (o_b0) +
ip_hdr_size, BLOCK_SIZE * blocks,
- sa0->crypto_key, esp0->data);
+ sa0->crypto_key.data, esp0->data);
o_b0->current_length = (blocks * BLOCK_SIZE) - 2 + ip_hdr_size;
o_b0->flags = VLIB_BUFFER_TOTAL_LENGTH_VALID;
next0 = ESP_DECRYPT_NEXT_IP6_INPUT;
else
{
- if (is_ip6)
- vlib_node_increment_counter (vm,
- esp6_decrypt_node.index,
- ESP_DECRYPT_ERROR_DECRYPTION_FAILED,
- 1);
- else
- vlib_node_increment_counter (vm,
- esp4_decrypt_node.index,
- ESP_DECRYPT_ERROR_DECRYPTION_FAILED,
- 1);
+ vlib_node_increment_counter (vm, node->node_index,
+ ESP_DECRYPT_ERROR_DECRYPTION_FAILED,
+ 1);
o_b0 = 0;
goto trace;
}
}
vlib_put_next_frame (vm, node, next_index, n_left_to_next);
}
- if (is_ip6)
- vlib_node_increment_counter (vm, esp6_decrypt_node.index,
- ESP_DECRYPT_ERROR_RX_PKTS,
- from_frame->n_vectors);
- else
- vlib_node_increment_counter (vm, esp4_decrypt_node.index,
- ESP_DECRYPT_ERROR_RX_PKTS,
- from_frame->n_vectors);
+ vlib_node_increment_counter (vm, node->node_index,
+ ESP_DECRYPT_ERROR_RX_PKTS,
+ from_frame->n_vectors);
free_buffers_and_exit:
Code Review / vpp.git / blobdiff