#define foreach_crypto_input_error \
_(DEQUE_COP, "Dequed crypto operations") \
-_(CRYPTO_ERROR, "Error while performing crypto")
+_(CRYPTO_ERROR, "Error while performing crypto") \
+_(IPSEC_ERROR, "Erro while performing ipsec processing")
typedef enum
{
odp_event_t event = events[index++];
odp_packet_t pkt;
+ odp_ipsec_packet_result_t result;
vlib_buffer_t *b0;
u32 bi0;
+ u32 next0 = next_index;
+
+ /* We are not interested in other event types */
+ ASSERT (ODP_EVENT_PACKET == odp_event_type (event));
+
pkt = odp_packet_from_event (event);
+ odp_ipsec_result (&result, pkt);
+
+ if (PREDICT_FALSE (result.status.all != ODP_IPSEC_OK))
+ {
+ vlib_node_increment_counter (vm, odp_crypto_input_node.index,
+ CRYPTO_INPUT_ERROR_IPSEC_ERROR, 1);
+ next0 = ODP_CRYPTO_INPUT_NEXT_DROP;
+ }
+
b0 = vlib_buffer_from_odp_packet (pkt);
bi0 = vlib_get_buffer_index (vm, b0);
{
odp_packet_crypto_trace_t *tr;
tr = vlib_add_trace (vm, node, b0, sizeof (*tr));
- tr->next_index = next_index;
+ tr->next_index = next0;
}
vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
to_next, n_left_to_next, bi0,
- next_node_index);
+ next0);
}
vlib_put_next_frame (vm, node, next_index, n_left_to_next);
}
else
next0 = ESP_DECRYPT_NEXT_IP4_INPUT;
+ odp_ipsec_packet_result_t result;
odp_packet_t pkt = odp_packet_from_vlib_buffer (i_b0);
odp_packet_t out_pkt;
if (!is_async)
{
+ odp_ipsec_result (&result, out_pkt);
+ if (PREDICT_FALSE (result.status.all != ODP_IPSEC_OK))
+ {
+ vlib_node_increment_counter (vm,
+ odp_ipsec_esp_decrypt_node.index,
+ ESP_DECRYPT_ERROR_DECRYPTION_FAILED,
+ from_frame->n_vectors);
+ goto trace;
+ }
+
o_b0 = vlib_buffer_from_odp_packet (out_pkt);
/* add the change of the ODP data offset
odp_packet_len (out_pkt) - sizeof (ethernet_header_t);
vnet_buffer (o_b0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
-
- vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
- n_left_to_next, bi0, next0);
- }
- else
- {
- to_next -= 1;
- n_left_to_next += 1;
}
trace:
tr->crypto_alg = sa0->crypto_alg;
tr->integ_alg = sa0->integ_alg;
}
+
+ if (!is_async)
+ {
+ vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
+ n_left_to_next, bi0, next0);
+ }
+ else
+ {
+ to_next -= 1;
+ n_left_to_next += 1;
+ }
}
vlib_put_next_frame (vm, node, next_index, n_left_to_next);
}
#define foreach_esp_encrypt_error \
_(RX_PKTS, "ESP pkts received") \
_(NO_BUFFER, "No buffer (packet dropped)") \
- _(DECRYPTION_FAILED, "ESP encryption failed") \
+ _(ENCRYPTION_FAILED, "ESP encryption failed") \
_(SEQ_CYCLED, "sequence number cycled")
if (PREDICT_TRUE (sa0->crypto_alg != IPSEC_CRYPTO_ALG_NONE))
{
+ odp_ipsec_packet_result_t result;
odp_packet_t pkt = odp_packet_from_vlib_buffer (i_b0);
odp_packet_t out_pkt;
odp_ipsec_out_inline_param_t ipsec_inline_params;
vnet_buffer (i_b0)->sw_if_index[VLIB_TX], 1,
i_b0->current_length);
}
- else if (is_async)
+ else if (is_async)
ret = odp_ipsec_out_enq (&pkt, 1, &oiopt);
else
ret = odp_ipsec_out (&pkt, 1, &out_pkt, &processed, &oiopt);
if (ret < 1)
{
clib_error ("(out) IPsec packet not processed\n");
+ next0 = ESP_ENCRYPT_NEXT_DROP;
goto trace;
}
&& !(is_inline
&& next0 == ESP_ENCRYPT_NEXT_INTERFACE_OUTPUT))
{
- o_b0 = vlib_buffer_from_odp_packet (out_pkt);
+ odp_ipsec_result (&result, out_pkt);
+ if (PREDICT_FALSE (result.status.all != ODP_IPSEC_OK))
+ {
+ vlib_node_increment_counter (vm,
+ odp_ipsec_esp_encrypt_node.index,
+ ESP_ENCRYPT_ERROR_ENCRYPTION_FAILED,
+ from_frame->n_vectors);
+ next0 = ESP_ENCRYPT_NEXT_DROP;
+ goto trace;
+ }
+ o_b0 = vlib_buffer_from_odp_packet (out_pkt);
o_b0->current_data =
(i16) ((intptr_t) odp_packet_data (out_pkt) -
o_b0->current_data -= sizeof (ethernet_header_t);
o_b0->current_length += sizeof (ethernet_header_t);
}
-
- vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
- to_next, n_left_to_next,
- bi0, next0);
- }
- else
- {
- to_next -= 1;
- n_left_to_next += 1;
}
+
}
trace:
if (PREDICT_FALSE (i_b0->flags & VLIB_BUFFER_IS_TRACED))
tr->crypto_alg = sa0->crypto_alg;
tr->integ_alg = sa0->integ_alg;
}
+
+ if (!is_async
+ && !(is_inline && next0 == ESP_ENCRYPT_NEXT_INTERFACE_OUTPUT))
+ {
+ vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
+ to_next, n_left_to_next,
+ bi0, next0);
+ }
+ else
+ {
+ to_next -= 1;
+ n_left_to_next += 1;
+ }
}
vlib_put_next_frame (vm, node, next_index, n_left_to_next);
}
Code Review / odp4vpp.git / commitdiff