X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=examples%2Fipsec-secgw%2Fsa.c;h=f7b6eb0bbe6c53f1ee363421d95bd9e87e50257b;hb=8d53e9f3c6001dcb2865f6e894da5b54e1418f88;hp=640f1d7938e72bcb80a82f2d217739af6608090c;hpb=e2bea7436061ca2e7e14bfcfdc5870f2555c3965;p=deb_dpdk.git diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c index 640f1d79..f7b6eb0b 100644 --- a/examples/ipsec-secgw/sa.c +++ b/examples/ipsec-secgw/sa.c @@ -79,7 +79,7 @@ const struct supported_cipher_algo cipher_algos[] = { .keyword = "aes-128-ctr", .algo = RTE_CRYPTO_CIPHER_AES_CTR, .iv_len = 8, - .block_size = 16, /* XXX AESNI MB limition, should be 4 */ + .block_size = 4, .key_len = 20 }, { @@ -125,11 +125,11 @@ const struct supported_aead_algo aead_algos[] = { } }; -struct ipsec_sa sa_out[IPSEC_SA_MAX_ENTRIES]; -uint32_t nb_sa_out; +static struct ipsec_sa sa_out[IPSEC_SA_MAX_ENTRIES]; +static uint32_t nb_sa_out; -struct ipsec_sa sa_in[IPSEC_SA_MAX_ENTRIES]; -uint32_t nb_sa_in; +static struct ipsec_sa sa_in[IPSEC_SA_MAX_ENTRIES]; +static uint32_t nb_sa_in; static const struct supported_cipher_algo * find_match_cipher_algo(const char *cipher_keyword) @@ -630,7 +630,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens, *ri = *ri + 1; } -static inline void +static void print_one_sa_rule(const struct ipsec_sa *sa, int inbound) { uint32_t i; @@ -687,7 +687,22 @@ print_one_sa_rule(const struct ipsec_sa *sa, int inbound) } break; case TRANSPORT: - printf("Transport"); + printf("Transport "); + break; + } + printf(" type:"); + switch (sa->type) { + case RTE_SECURITY_ACTION_TYPE_NONE: + printf("no-offload "); + break; + case RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO: + printf("inline-crypto-offload "); + break; + case RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL: + printf("inline-protocol-offload "); + break; + case RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL: + printf("lookaside-protocol-offload "); break; } printf("\n"); @@ -714,8 +729,8 @@ sa_create(const char *name, int32_t socket_id) snprintf(s, sizeof(s), "%s_%u", name, socket_id); /* Create SA array table */ - printf("Creating SA context with %u maximum entries\n", - IPSEC_SA_MAX_ENTRIES); + printf("Creating SA context with %u maximum entries on socket %d\n", + IPSEC_SA_MAX_ENTRIES, socket_id); mz_size = sizeof(struct sa_ctx); mz = rte_memzone_reserve(s, mz_size, socket_id, @@ -901,6 +916,31 @@ sa_in_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[], return sa_add_rules(sa_ctx, entries, nb_entries, 1); } +/* + * Walk through all SA rules to find an SA with given SPI + */ +int +sa_spi_present(uint32_t spi, int inbound) +{ + uint32_t i, num; + const struct ipsec_sa *sar; + + if (inbound != 0) { + sar = sa_in; + num = nb_sa_in; + } else { + sar = sa_out; + num = nb_sa_out; + } + + for (i = 0; i != num; i++) { + if (sar[i].spi == spi) + return i; + } + + return -ENOENT; +} + void sa_init(struct socket_ctx *ctx, int32_t socket_id) {