X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fipsec%2Fipsec.c;h=e7cb615f957c1ee526a99f6d0223c615e86cdc36;hb=59fea5a6a3fafe0a5a0d2f543db53af790013e3a;hp=c54b94a4799906749fb0e028a7314b8a464b9774;hpb=12989b538881f9681f078cf1485c51df1251877a;p=vpp.git

diff --git a/src/vnet/ipsec/ipsec.c b/src/vnet/ipsec/ipsec.c
index c54b94a4799..e7cb615f957 100644
--- a/src/vnet/ipsec/ipsec.c
+++ b/src/vnet/ipsec/ipsec.c
@@ -167,9 +167,11 @@ ipsec_register_esp_backend (vlib_main_t * vm, ipsec_main_t * im,
 			    const char *esp4_encrypt_node_name,
 			    const char *esp4_encrypt_node_tun_name,
 			    const char *esp4_decrypt_node_name,
+			    const char *esp4_decrypt_tun_node_name,
 			    const char *esp6_encrypt_node_name,
 			    const char *esp6_encrypt_node_tun_name,
 			    const char *esp6_decrypt_node_name,
+			    const char *esp6_decrypt_tun_node_name,
 			    check_support_cb_t esp_check_support_cb,
 			    add_del_sa_sess_cb_t esp_add_del_sa_sess_cb)
 {
@@ -186,11 +188,21 @@ ipsec_register_esp_backend (vlib_main_t * vm, ipsec_main_t * im,
 		  &b->esp6_encrypt_node_index, &b->esp6_encrypt_next_index);
   ipsec_add_node (vm, esp6_decrypt_node_name, "ipsec6-input-feature",
 		  &b->esp6_decrypt_node_index, &b->esp6_decrypt_next_index);
+  ipsec_add_node (vm, esp4_decrypt_tun_node_name, "ipsec4-tun-input",
+		  &b->esp4_decrypt_tun_node_index,
+		  &b->esp4_decrypt_tun_next_index);
+  ipsec_add_node (vm, esp6_decrypt_tun_node_name, "ipsec6-tun-input",
+		  &b->esp6_decrypt_tun_node_index,
+		  &b->esp6_decrypt_tun_next_index);
 
   ipsec_add_feature ("ip4-output", esp4_encrypt_node_tun_name,
-		     &b->esp4_encrypt_tun_feature_index);
+		     &b->esp44_encrypt_tun_feature_index);
+  ipsec_add_feature ("ip4-output", esp6_encrypt_node_tun_name,
+		     &b->esp46_encrypt_tun_feature_index);
   ipsec_add_feature ("ip6-output", esp6_encrypt_node_tun_name,
-		     &b->esp6_encrypt_tun_feature_index);
+		     &b->esp66_encrypt_tun_feature_index);
+  ipsec_add_feature ("ip6-output", esp4_encrypt_node_tun_name,
+		     &b->esp64_encrypt_tun_feature_index);
 
   b->check_support_cb = esp_check_support_cb;
   b->add_del_sa_sess_cb = esp_add_del_sa_sess_cb;
@@ -251,9 +263,15 @@ ipsec_select_esp_backend (ipsec_main_t * im, u32 backend_idx)
   im->esp6_decrypt_node_index = b->esp6_decrypt_node_index;
   im->esp6_encrypt_next_index = b->esp6_encrypt_next_index;
   im->esp6_decrypt_next_index = b->esp6_decrypt_next_index;
+  im->esp4_decrypt_tun_node_index = b->esp4_decrypt_tun_node_index;
+  im->esp4_decrypt_tun_next_index = b->esp4_decrypt_tun_next_index;
+  im->esp6_decrypt_tun_node_index = b->esp6_decrypt_tun_node_index;
+  im->esp6_decrypt_tun_next_index = b->esp6_decrypt_tun_next_index;
 
-  im->esp4_encrypt_tun_feature_index = b->esp4_encrypt_tun_feature_index;
-  im->esp6_encrypt_tun_feature_index = b->esp6_encrypt_tun_feature_index;
+  im->esp44_encrypt_tun_feature_index = b->esp44_encrypt_tun_feature_index;
+  im->esp64_encrypt_tun_feature_index = b->esp64_encrypt_tun_feature_index;
+  im->esp46_encrypt_tun_feature_index = b->esp46_encrypt_tun_feature_index;
+  im->esp66_encrypt_tun_feature_index = b->esp66_encrypt_tun_feature_index;
 
   return 0;
 }
@@ -297,9 +315,11 @@ ipsec_init (vlib_main_t * vm)
 				    "esp4-encrypt",
 				    "esp4-encrypt-tun",
 				    "esp4-decrypt",
+				    "esp4-decrypt-tun",
 				    "esp6-encrypt",
 				    "esp6-encrypt-tun",
 				    "esp6-decrypt",
+				    "esp6-decrypt-tun",
 				    ipsec_check_esp_support, NULL);
   im->esp_default_backend = idx;
 
@@ -353,21 +373,24 @@ ipsec_init (vlib_main_t * vm)
   a->enc_op_id = VNET_CRYPTO_OP_AES_128_GCM_ENC;
   a->dec_op_id = VNET_CRYPTO_OP_AES_128_GCM_DEC;
   a->alg = VNET_CRYPTO_ALG_AES_128_GCM;
-  a->iv_size = a->block_size = 8;
+  a->iv_size = 8;
+  a->block_size = 16;
   a->icv_size = 16;
 
   a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_GCM_192;
   a->enc_op_id = VNET_CRYPTO_OP_AES_192_GCM_ENC;
   a->dec_op_id = VNET_CRYPTO_OP_AES_192_GCM_DEC;
   a->alg = VNET_CRYPTO_ALG_AES_192_GCM;
-  a->iv_size = a->block_size = 8;
+  a->iv_size = 8;
+  a->block_size = 16;
   a->icv_size = 16;
 
   a = im->crypto_algs + IPSEC_CRYPTO_ALG_AES_GCM_256;
   a->enc_op_id = VNET_CRYPTO_OP_AES_256_GCM_ENC;
   a->dec_op_id = VNET_CRYPTO_OP_AES_256_GCM_DEC;
   a->alg = VNET_CRYPTO_ALG_AES_256_GCM;
-  a->iv_size = a->block_size = 8;
+  a->iv_size = 8;
+  a->block_size = 16;
   a->icv_size = 16;
 
   vec_validate (im->integ_algs, IPSEC_INTEG_N_ALG - 1);
@@ -405,6 +428,32 @@ ipsec_init (vlib_main_t * vm)
 
   vec_validate_aligned (im->ptd, vlib_num_workers (), CLIB_CACHE_LINE_BYTES);
 
+  im->ah4_enc_fq_index =
+    vlib_frame_queue_main_init (ah4_encrypt_node.index, 0);
+  im->ah4_dec_fq_index =
+    vlib_frame_queue_main_init (ah4_decrypt_node.index, 0);
+  im->ah6_enc_fq_index =
+    vlib_frame_queue_main_init (ah6_encrypt_node.index, 0);
+  im->ah6_dec_fq_index =
+    vlib_frame_queue_main_init (ah6_decrypt_node.index, 0);
+
+  im->esp4_enc_fq_index =
+    vlib_frame_queue_main_init (esp4_encrypt_node.index, 0);
+  im->esp4_dec_fq_index =
+    vlib_frame_queue_main_init (esp4_decrypt_node.index, 0);
+  im->esp6_enc_fq_index =
+    vlib_frame_queue_main_init (esp6_encrypt_node.index, 0);
+  im->esp6_dec_fq_index =
+    vlib_frame_queue_main_init (esp6_decrypt_node.index, 0);
+  im->esp4_enc_tun_fq_index =
+    vlib_frame_queue_main_init (esp4_encrypt_tun_node.index, 0);
+  im->esp6_enc_tun_fq_index =
+    vlib_frame_queue_main_init (esp6_encrypt_tun_node.index, 0);
+  im->esp4_dec_tun_fq_index =
+    vlib_frame_queue_main_init (esp4_decrypt_tun_node.index, 0);
+  im->esp6_dec_tun_fq_index =
+    vlib_frame_queue_main_init (esp6_decrypt_tun_node.index, 0);
+
   return 0;
 }