if (PREDICT_FALSE (vec_len (empty_buffers) < n_left_from))
{
- if (is_ip6)
- vlib_node_increment_counter (vm, esp6_decrypt_node.index,
- ESP_DECRYPT_ERROR_NO_BUFFER,
- n_left_from);
- else
- vlib_node_increment_counter (vm, esp4_decrypt_node.index,
- ESP_DECRYPT_ERROR_NO_BUFFER,
- n_left_from);
+ vlib_node_increment_counter (vm, node->node_index,
+ ESP_DECRYPT_ERROR_NO_BUFFER, n_left_from);
goto free_buffers_and_exit;
}
if (PREDICT_FALSE (rv))
{
- clib_warning ("anti-replay SPI %u seq %u", sa0->spi, seq);
- if (is_ip6)
- vlib_node_increment_counter (vm,
- esp6_decrypt_node.index,
- ESP_DECRYPT_ERROR_REPLAY, 1);
- else
- vlib_node_increment_counter (vm,
- esp4_decrypt_node.index,
- ESP_DECRYPT_ERROR_REPLAY, 1);
+ vlib_node_increment_counter (vm, node->node_index,
+ ESP_DECRYPT_ERROR_REPLAY, 1);
o_bi0 = i_bi0;
to_next[0] = o_bi0;
to_next += 1;
}
}
- sa0->total_data_size += i_b0->current_length;
+ vlib_increment_combined_counter
+ (&ipsec_sa_counters, thread_index, sa_index0,
+ 1, i_b0->current_length);
if (PREDICT_TRUE (sa0->integ_alg != IPSEC_INTEG_ALG_NONE))
{
u8 sig[64];
int icv_size =
em->ipsec_proto_main_integ_algs[sa0->integ_alg].trunc_size;
- memset (sig, 0, sizeof (sig));
+ clib_memset (sig, 0, sizeof (sig));
u8 *icv =
vlib_buffer_get_current (i_b0) + i_b0->current_length -
icv_size;
i_b0->current_length -= icv_size;
- hmac_calc (sa0->integ_alg, sa0->integ_key, sa0->integ_key_len,
- (u8 *) esp0, i_b0->current_length, sig, sa0->use_esn,
+ hmac_calc (sa0->integ_alg, sa0->integ_key.data,
+ sa0->integ_key.len, (u8 *) esp0,
+ i_b0->current_length, sig, sa0->use_esn,
sa0->seq_hi);
if (PREDICT_FALSE (memcmp (icv, sig, icv_size)))
{
- if (is_ip6)
- vlib_node_increment_counter (vm,
- esp6_decrypt_node.index,
- ESP_DECRYPT_ERROR_INTEG_ERROR,
- 1);
- else
- vlib_node_increment_counter (vm,
- esp4_decrypt_node.index,
- ESP_DECRYPT_ERROR_INTEG_ERROR,
- 1);
+ vlib_node_increment_counter (vm, node->node_index,
+ ESP_DECRYPT_ERROR_INTEG_ERROR,
+ 1);
o_bi0 = i_bi0;
to_next[0] = o_bi0;
to_next += 1;
}
else
{
- ih4 =
- (ip4_header_t *) ((u8 *) esp0 -
- sizeof (ip4_header_t));
+ if (sa0->udp_encap)
+ {
+ ih4 =
+ (ip4_header_t *) ((u8 *) esp0 -
+ sizeof (udp_header_t) -
+ sizeof (ip4_header_t));
+ }
+ else
+ {
+ ih4 =
+ (ip4_header_t *) ((u8 *) esp0 -
+ sizeof (ip4_header_t));
+ }
oh4 = vlib_buffer_get_current (o_b0);
ip_hdr_size = sizeof (ip4_header_t);
}
esp0->data + IV_SIZE,
(u8 *) vlib_buffer_get_current (o_b0) +
ip_hdr_size, BLOCK_SIZE * blocks,
- sa0->crypto_key, esp0->data);
+ sa0->crypto_key.data, esp0->data);
o_b0->current_length = (blocks * BLOCK_SIZE) - 2 + ip_hdr_size;
o_b0->flags = VLIB_BUFFER_TOTAL_LENGTH_VALID;
next0 = ESP_DECRYPT_NEXT_IP6_INPUT;
else
{
- clib_warning ("next header: 0x%x", f0->next_header);
- if (is_ip6)
- vlib_node_increment_counter (vm,
- esp6_decrypt_node.index,
- ESP_DECRYPT_ERROR_DECRYPTION_FAILED,
- 1);
- else
- vlib_node_increment_counter (vm,
- esp4_decrypt_node.index,
- ESP_DECRYPT_ERROR_DECRYPTION_FAILED,
- 1);
+ vlib_node_increment_counter (vm, node->node_index,
+ ESP_DECRYPT_ERROR_DECRYPTION_FAILED,
+ 1);
o_b0 = 0;
goto trace;
}
}
vlib_put_next_frame (vm, node, next_index, n_left_to_next);
}
- if (is_ip6)
- vlib_node_increment_counter (vm, esp6_decrypt_node.index,
- ESP_DECRYPT_ERROR_RX_PKTS,
- from_frame->n_vectors);
- else
- vlib_node_increment_counter (vm, esp4_decrypt_node.index,
- ESP_DECRYPT_ERROR_RX_PKTS,
- from_frame->n_vectors);
+ vlib_node_increment_counter (vm, node->node_index,
+ ESP_DECRYPT_ERROR_RX_PKTS,
+ from_frame->n_vectors);
free_buffers_and_exit:
return from_frame->n_vectors;
}
-static uword
-esp4_decrypt_node_fn (vlib_main_t * vm,
- vlib_node_runtime_t * node, vlib_frame_t * from_frame)
+VLIB_NODE_FN (esp4_decrypt_node) (vlib_main_t * vm,
+ vlib_node_runtime_t * node,
+ vlib_frame_t * from_frame)
{
return esp_decrypt_inline (vm, node, from_frame, 0 /* is_ip6 */ );
}
/* *INDENT-OFF* */
VLIB_REGISTER_NODE (esp4_decrypt_node) = {
- .function = esp4_decrypt_node_fn,
.name = "esp4-decrypt",
.vector_size = sizeof (u32),
.format_trace = format_esp_decrypt_trace,
};
/* *INDENT-ON* */
-VLIB_NODE_FUNCTION_MULTIARCH (esp4_decrypt_node, esp4_decrypt_node_fn);
-
-static uword
-esp6_decrypt_node_fn (vlib_main_t * vm,
- vlib_node_runtime_t * node, vlib_frame_t * from_frame)
+VLIB_NODE_FN (esp6_decrypt_node) (vlib_main_t * vm,
+ vlib_node_runtime_t * node,
+ vlib_frame_t * from_frame)
{
return esp_decrypt_inline (vm, node, from_frame, 1 /* is_ip6 */ );
}
/* *INDENT-OFF* */
VLIB_REGISTER_NODE (esp6_decrypt_node) = {
- .function = esp6_decrypt_node_fn,
.name = "esp6-decrypt",
.vector_size = sizeof (u32),
.format_trace = format_esp_decrypt_trace,
};
/* *INDENT-ON* */
-VLIB_NODE_FUNCTION_MULTIARCH (esp6_decrypt_node, esp6_decrypt_node_fn);
/*
* fd.io coding-style-patch-verification: ON
*
Code Review / vpp.git / blobdiff