make test: improve handling of packet captures

[vpp.git] / vnet / vnet / ipsec / esp_encrypt.c

diff --git a/vnet/vnet/ipsec/esp_encrypt.c b/vnet/vnet/ipsec/esp_encrypt.c
index 0516d43..7b7f9b9 100644 (file)
--- a/vnet/vnet/ipsec/esp_encrypt.c
+++ b/vnet/vnet/ipsec/esp_encrypt.c
@@ -22,12 +22,11 @@
 #include <vnet/ipsec/ipsec.h>
 #include <vnet/ipsec/esp.h>
 
-#define ESP_SEQ_MAX (4294967295UL)
 
 #define foreach_esp_encrypt_next                   \
 _(DROP, "error-drop")                              \
-_(IP4_INPUT, "ip4-input")                          \
-_(IP6_INPUT, "ip6-input")                          \
+_(IP4_LOOKUP, "ip4-lookup")                        \
+_(IP6_LOOKUP, "ip6-lookup")                        \
 _(INTERFACE_OUTPUT, "interface-output")
 
 #define _(v, s) ESP_ENCRYPT_NEXT_##v,
@@ -111,30 +110,6 @@ esp_encrypt_aes_cbc (ipsec_crypto_alg_t alg,
   EVP_EncryptFinal_ex (ctx, out + out_len, &out_len);
 }
 
-always_inline int
-esp_seq_advance (ipsec_sa_t * sa)
-{
-  if (PREDICT_TRUE (sa->use_esn))
-    {
-      if (PREDICT_FALSE (sa->seq == ESP_SEQ_MAX))
-       {
-         if (PREDICT_FALSE
-             (sa->use_anti_replay && sa->seq_hi == ESP_SEQ_MAX))
-           return 1;
-         sa->seq_hi++;
-       }
-      sa->seq++;
-    }
-  else
-    {
-      if (PREDICT_FALSE (sa->use_anti_replay && sa->seq == ESP_SEQ_MAX))
-       return 1;
-      sa->seq++;
-    }
-
-  return 0;
-}
-
 static uword
 esp_encrypt_node_fn (vlib_main_t * vm,
                     vlib_node_runtime_t * node, vlib_frame_t * from_frame)
@@ -191,7 +166,7 @@ esp_encrypt_node_fn (vlib_main_t * vm,
          next0 = ESP_ENCRYPT_NEXT_DROP;
 
          i_b0 = vlib_get_buffer (vm, i_bi0);
-         sa_index0 = vnet_buffer (i_b0)->output_features.ipsec_sad_index;
+         sa_index0 = vnet_buffer (i_b0)->ipsec.sad_index;
          sa0 = pool_elt_at_index (im->sad, sa_index0);
 
          if (PREDICT_FALSE (esp_seq_advance (sa0)))
@@ -202,6 +177,8 @@ esp_encrypt_node_fn (vlib_main_t * vm,
                                           ESP_ENCRYPT_ERROR_SEQ_CYCLED, 1);
              //TODO: rekey SA
              o_bi0 = i_bi0;
+             to_next[0] = o_bi0;
+             to_next += 1;
              goto trace;
            }
 
@@ -249,7 +226,7 @@ esp_encrypt_node_fn (vlib_main_t * vm,
              oh6_0->esp.seq = clib_net_to_host_u32 (sa0->seq);
              ip_proto = ih6_0->ip6.protocol;
 
-             next0 = ESP_ENCRYPT_NEXT_IP6_INPUT;
+             next0 = ESP_ENCRYPT_NEXT_IP6_LOOKUP;
            }
          else
            {
@@ -271,7 +248,7 @@ esp_encrypt_node_fn (vlib_main_t * vm,
              oh0->esp.seq = clib_net_to_host_u32 (sa0->seq);
              ip_proto = ih0->ip4.protocol;
 
-             next0 = ESP_ENCRYPT_NEXT_IP4_INPUT;
+             next0 = ESP_ENCRYPT_NEXT_IP4_LOOKUP;
            }
 
          if (PREDICT_TRUE
@@ -297,22 +274,22 @@ esp_encrypt_node_fn (vlib_main_t * vm,
            }
          else
            {
-             vlib_buffer_advance (i_b0, ip_hdr_size);
              next_hdr_type = ip_proto;
              if (vnet_buffer (i_b0)->sw_if_index[VLIB_TX] != ~0)
                {
                  transport_mode = 1;
                  ethernet_header_t *ieh0, *oeh0;
-                 ieh0 = (ethernet_header_t *) i_b0->data;
+                 ieh0 =
+                   (ethernet_header_t *) ((u8 *)
+                                          vlib_buffer_get_current (i_b0) -
+                                          sizeof (ethernet_header_t));
                  oeh0 = (ethernet_header_t *) o_b0->data;
                  clib_memcpy (oeh0, ieh0, sizeof (ethernet_header_t));
                  next0 = ESP_ENCRYPT_NEXT_INTERFACE_OUTPUT;
-                 o_b0->flags |= BUFFER_OUTPUT_FEAT_DONE;
                  vnet_buffer (o_b0)->sw_if_index[VLIB_TX] =
                    vnet_buffer (i_b0)->sw_if_index[VLIB_TX];
-                 vnet_buffer (o_b0)->output_features.bitmap =
-                   vnet_buffer (i_b0)->output_features.bitmap;
                }
+             vlib_buffer_advance (i_b0, ip_hdr_size);
            }
 
          ASSERT (sa0->crypto_alg < IPSEC_CRYPTO_N_ALG);