X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=vnet%2Fvnet%2Fipsec%2Fipsec_if_in.c;h=e5574421cfac28ba8338b915ad6bd00b72c4a86f;hb=166a9d4c21821bdbc9a2d5a818ec5ae0e8bdc036;hp=5a8a685807b5c978da1581a36f16edd73af573b3;hpb=e2c987e21fa9d2d2be93176429679dd8eaca9576;p=vpp.git diff --git a/vnet/vnet/ipsec/ipsec_if_in.c b/vnet/vnet/ipsec/ipsec_if_in.c index 5a8a685807b..e5574421cfa 100644 --- a/vnet/vnet/ipsec/ipsec_if_in.c +++ b/vnet/vnet/ipsec/ipsec_if_in.c @@ -26,37 +26,40 @@ #define foreach_ipsec_if_input_error \ _(RX, "good packets received") -static char * ipsec_if_input_error_strings[] = { +static char *ipsec_if_input_error_strings[] = { #define _(sym,string) string, foreach_ipsec_if_input_error #undef _ }; -typedef enum { +typedef enum +{ #define _(sym,str) IPSEC_IF_INPUT_ERROR_##sym, - foreach_ipsec_if_input_error + foreach_ipsec_if_input_error #undef _ IPSEC_IF_INPUT_N_ERROR, } ipsec_if_input_error_t; -typedef enum { - IPSEC_IF_INPUT_NEXT_ESP_DECRYPT, - IPSEC_IF_INPUT_NEXT_DROP, - IPSEC_IF_INPUT_N_NEXT, +typedef enum +{ + IPSEC_IF_INPUT_NEXT_ESP_DECRYPT, + IPSEC_IF_INPUT_NEXT_DROP, + IPSEC_IF_INPUT_N_NEXT, } ipsec_if_input_next_t; -typedef struct { +typedef struct +{ u32 spi; u32 seq; } ipsec_if_input_trace_t; -u8 * format_ipsec_if_input_trace (u8 * s, va_list * args) +u8 * +format_ipsec_if_input_trace (u8 * s, va_list * args) { CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *); CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *); - ipsec_if_input_trace_t * t - = va_arg (*args, ipsec_if_input_trace_t *); + ipsec_if_input_trace_t *t = va_arg (*args, ipsec_if_input_trace_t *); s = format (s, "IPSec: spi %u seq %u", t->spi, t->seq); return s; @@ -64,10 +67,10 @@ u8 * format_ipsec_if_input_trace (u8 * s, va_list * args) static uword ipsec_if_input_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node, - vlib_frame_t * from_frame) + vlib_frame_t * from_frame) { ipsec_main_t *im = &ipsec_main; - u32 * from, * to_next = 0, next_index; + u32 *from, *to_next = 0, next_index; u32 n_left_from; from = vlib_frame_vector_args (from_frame); @@ -81,57 +84,61 @@ ipsec_if_input_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next); while (n_left_from > 0 && n_left_to_next > 0) - { - u32 bi0, next0; - vlib_buffer_t * b0; - ip4_header_t *ip0; - esp_header_t *esp0; - uword * p; - - bi0 = to_next[0] = from[0]; - from += 1; - n_left_from -= 1; - to_next +=1; - n_left_to_next -= 1; - b0 = vlib_get_buffer (vm, bi0); - ip0 = vlib_buffer_get_current (b0); - esp0 = (esp_header_t *) ((u8 *) ip0 + ip4_header_bytes (ip0)); - - next0 = IPSEC_IF_INPUT_NEXT_DROP; - - u64 key = (u64) ip0->src_address.as_u32 << 32 | - (u64) clib_net_to_host_u32(esp0->spi); - - p = hash_get (im->ipsec_if_pool_index_by_key, key); - - if (p) - { - ipsec_tunnel_if_t * t; - t = pool_elt_at_index(im->tunnel_interfaces, p[0]); - vnet_buffer(b0)->output_features.ipsec_sad_index = t->input_sa_index; - vlib_buffer_advance(b0, ip4_header_bytes (ip0)); - next0 = IPSEC_IF_INPUT_NEXT_ESP_DECRYPT; - } - - if (PREDICT_FALSE(b0->flags & VLIB_BUFFER_IS_TRACED)) { - ipsec_if_input_trace_t *tr = vlib_add_trace (vm, node, b0, sizeof (*tr)); - tr->spi = clib_host_to_net_u32(esp0->spi); - tr->seq = clib_host_to_net_u32(esp0->seq); - } - - vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next, - n_left_to_next, bi0, next0); - } + { + u32 bi0, next0; + vlib_buffer_t *b0; + ip4_header_t *ip0; + esp_header_t *esp0; + uword *p; + + bi0 = to_next[0] = from[0]; + from += 1; + n_left_from -= 1; + to_next += 1; + n_left_to_next -= 1; + b0 = vlib_get_buffer (vm, bi0); + ip0 = vlib_buffer_get_current (b0); + esp0 = (esp_header_t *) ((u8 *) ip0 + ip4_header_bytes (ip0)); + + next0 = IPSEC_IF_INPUT_NEXT_DROP; + + u64 key = (u64) ip0->src_address.as_u32 << 32 | + (u64) clib_net_to_host_u32 (esp0->spi); + + p = hash_get (im->ipsec_if_pool_index_by_key, key); + + if (p) + { + ipsec_tunnel_if_t *t; + t = pool_elt_at_index (im->tunnel_interfaces, p[0]); + vnet_buffer (b0)->output_features.ipsec_sad_index = + t->input_sa_index; + vlib_buffer_advance (b0, ip4_header_bytes (ip0)); + next0 = IPSEC_IF_INPUT_NEXT_ESP_DECRYPT; + } + + if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED)) + { + ipsec_if_input_trace_t *tr = + vlib_add_trace (vm, node, b0, sizeof (*tr)); + tr->spi = clib_host_to_net_u32 (esp0->spi); + tr->seq = clib_host_to_net_u32 (esp0->seq); + } + + vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next, + n_left_to_next, bi0, next0); + } vlib_put_next_frame (vm, node, next_index, n_left_to_next); } vlib_node_increment_counter (vm, ipsec_if_input_node.index, - IPSEC_IF_INPUT_ERROR_RX, - from_frame->n_vectors); + IPSEC_IF_INPUT_ERROR_RX, + from_frame->n_vectors); return from_frame->n_vectors; } +/* *INDENT-OFF* */ VLIB_REGISTER_NODE (ipsec_if_input_node) = { .function = ipsec_if_input_node_fn, .name = "ipsec-if-input", @@ -149,6 +156,13 @@ VLIB_REGISTER_NODE (ipsec_if_input_node) = { [IPSEC_IF_INPUT_NEXT_DROP] = "error-drop", }, }; +/* *INDENT-ON* */ VLIB_NODE_FUNCTION_MULTIARCH (ipsec_if_input_node, ipsec_if_input_node_fn) - +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */