#include <vnet/ipsec/ipsec.h>
#include <vnet/ipsec/esp.h>
-#define ESP_SEQ_MAX (4294967295UL)
#define foreach_esp_encrypt_next \
_(DROP, "error-drop") \
-_(IP4_INPUT, "ip4-input") \
-_(IP6_INPUT, "ip6-input") \
+_(IP4_LOOKUP, "ip4-lookup") \
+_(IP6_LOOKUP, "ip6-lookup") \
_(INTERFACE_OUTPUT, "interface-output")
#define _(v, s) ESP_ENCRYPT_NEXT_##v,
EVP_EncryptFinal_ex (ctx, out + out_len, &out_len);
}
-always_inline int
-esp_seq_advance (ipsec_sa_t * sa)
-{
- if (PREDICT_TRUE (sa->use_esn))
- {
- if (PREDICT_FALSE (sa->seq == ESP_SEQ_MAX))
- {
- if (PREDICT_FALSE
- (sa->use_anti_replay && sa->seq_hi == ESP_SEQ_MAX))
- return 1;
- sa->seq_hi++;
- }
- sa->seq++;
- }
- else
- {
- if (PREDICT_FALSE (sa->use_anti_replay && sa->seq == ESP_SEQ_MAX))
- return 1;
- sa->seq++;
- }
-
- return 0;
-}
-
static uword
esp_encrypt_node_fn (vlib_main_t * vm,
vlib_node_runtime_t * node, vlib_frame_t * from_frame)
next0 = ESP_ENCRYPT_NEXT_DROP;
i_b0 = vlib_get_buffer (vm, i_bi0);
- sa_index0 = vnet_buffer (i_b0)->output_features.ipsec_sad_index;
+ sa_index0 = vnet_buffer (i_b0)->ipsec.sad_index;
sa0 = pool_elt_at_index (im->sad, sa_index0);
if (PREDICT_FALSE (esp_seq_advance (sa0)))
oh6_0->esp.seq = clib_net_to_host_u32 (sa0->seq);
ip_proto = ih6_0->ip6.protocol;
- next0 = ESP_ENCRYPT_NEXT_IP6_INPUT;
+ next0 = ESP_ENCRYPT_NEXT_IP6_LOOKUP;
}
else
{
oh0->esp.seq = clib_net_to_host_u32 (sa0->seq);
ip_proto = ih0->ip4.protocol;
- next0 = ESP_ENCRYPT_NEXT_IP4_INPUT;
+ next0 = ESP_ENCRYPT_NEXT_IP4_LOOKUP;
}
if (PREDICT_TRUE
oeh0 = (ethernet_header_t *) o_b0->data;
clib_memcpy (oeh0, ieh0, sizeof (ethernet_header_t));
next0 = ESP_ENCRYPT_NEXT_INTERFACE_OUTPUT;
- o_b0->flags |= BUFFER_OUTPUT_FEAT_DONE;
vnet_buffer (o_b0)->sw_if_index[VLIB_TX] =
vnet_buffer (i_b0)->sw_if_index[VLIB_TX];
- vnet_buffer (o_b0)->output_features.bitmap =
- vnet_buffer (i_b0)->output_features.bitmap;
}
vlib_buffer_advance (i_b0, ip_hdr_size);
}
Code Review / vpp.git / blobdiff