plugins: odp: Add tunnel mode

Change-Id: I8be5f8aa63da8fdf4b2043ba9cd048f2269e4e99
Signed-off-by: Szymon Sliwa <[email protected]>

diff --git a/src/plugins/odp/ipsec/esp_decrypt.c b/src/plugins/odp/ipsec/esp_decrypt.c
index 69cfc3e..9086f33 100644 (file)
--- a/src/plugins/odp/ipsec/esp_decrypt.c
+++ b/src/plugins/odp/ipsec/esp_decrypt.c
@@ -278,8 +278,7 @@ esp_decrypt_node_fn (vlib_main_t * vm,
                }
 
              crypto_op_params.cipher_range.offset =
-               (u32) ((u8 *) vlib_buffer_get_current (b0) - (u8 *) b0) -
-               sizeof (vlib_buffer_t) + sizeof (esp_header_t) + IV_SIZE;
+               (u32) b0->current_data + sizeof (esp_header_t) + IV_SIZE;
              crypto_op_params.cipher_range.length = BLOCK_SIZE * blocks;
              crypto_op_params.override_iv_ptr =
                (u8 *) vlib_buffer_get_current (b0) + sizeof (esp_header_t);
@@ -303,30 +302,39 @@ esp_decrypt_node_fn (vlib_main_t * vm,
 
              old_ip_hdr =
                *((ip4_header_t *) ((uintptr_t) vlib_buffer_get_current (b0) -
-                                   ip_hdr_size));
-
-             vlib_buffer_advance (b0, sizeof (esp_header_t) + IV_SIZE);
+                                   sizeof (ip4_header_t)));
 
              b0->current_data =
                sizeof (esp_header_t) + IV_SIZE + sizeof (ethernet_header_t);
-             b0->current_length = (blocks * 16) - 2 + ip_hdr_size;
+             b0->current_length = (blocks * BLOCK_SIZE) - 2;
+             if (tunnel_mode)
+               b0->current_data += sizeof (ip4_header_t);
+             else
+               b0->current_length += sizeof (ip4_header_t);
+
              b0->flags = VLIB_BUFFER_TOTAL_LENGTH_VALID;
              f0 =
                (esp_footer_t *) ((u8 *) vlib_buffer_get_current (b0) +
                                  b0->current_length);
              b0->current_length -= f0->pad_length;
 
-             odp_packet_pull_head (crypto_op_params.pkt,
-                                   sizeof (esp_header_t) + IV_SIZE);
+             if (tunnel_mode)
+               {
+                 odp_packet_pull_head (crypto_op_params.pkt,
+                                       sizeof (esp_header_t) + IV_SIZE +
+                                       ip_hdr_size);
+               }
+             else
+               {
+                 odp_packet_pull_head (crypto_op_params.pkt,
+                                       sizeof (esp_header_t) + IV_SIZE);
+               }
              odp_packet_pull_tail (crypto_op_params.pkt,
                                    f0->pad_length + icv_size);
 
              /* tunnel mode */
              if (PREDICT_TRUE (tunnel_mode))
                {
-                 // TODO not supported
-                 assert (0);
-
                  if (PREDICT_TRUE (f0->next_header == IP_PROTOCOL_IP_IN_IP))
                    {
                      next0 = ESP_DECRYPT_NEXT_IP4_INPUT;

diff --git a/src/plugins/odp/ipsec/esp_encrypt.c b/src/plugins/odp/ipsec/esp_encrypt.c
index 8a7d3f6..65c4c60 100644 (file)
--- a/src/plugins/odp/ipsec/esp_encrypt.c
+++ b/src/plugins/odp/ipsec/esp_encrypt.c
@@ -264,9 +264,6 @@ esp_encrypt_node_fn (vlib_main_t * vm,
          if (PREDICT_TRUE
              (!is_ipv6 && sa0->is_tunnel && !sa0->is_tunnel_ip6))
            {
-             // TODO not supported
-             assert (0);
-
              oh0->ip4.src_address.as_u32 = sa0->tunnel_src_addr.ip4.as_u32;
              oh0->ip4.dst_address.as_u32 = sa0->tunnel_dst_addr.ip4.as_u32;
 
@@ -349,12 +346,14 @@ esp_encrypt_node_fn (vlib_main_t * vm,
              int odp_offset_to_esp = ip_hdr_size,
                odp_offset_to_payload =
                sizeof (esp_header_t) + IV_SIZE + ip_hdr_size;
+
              crypto_op_params.cipher_range.offset = odp_offset_to_payload;
              crypto_op_params.cipher_range.length = BLOCK_SIZE * blocks;
 
              crypto_op_params.auth_range.offset = odp_offset_to_esp;
              crypto_op_params.auth_range.length =
                b0->current_length - ip_hdr_size;
+
              crypto_op_params.hash_result_offset =
                odp_offset_to_payload + BLOCK_SIZE * blocks;
 
@@ -398,6 +397,11 @@ esp_encrypt_node_fn (vlib_main_t * vm,
              b0->current_data -= sizeof (ethernet_header_t) + ip_hdr_size;
              b0->current_length += sizeof (ethernet_header_t);
            }
+         else
+           {
+             b0->current_data =
+               (i16) - push_head_by + sizeof (ethernet_header_t);
+           }
 
        trace:
          if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))