ipsec: Support MPLS over IPSec[46] interface

[vpp.git] / src / plugins / dpdk / ipsec / ipsec.c

diff --git a/src/plugins/dpdk/ipsec/ipsec.c b/src/plugins/dpdk/ipsec/ipsec.c
index 260775b..5d9e10b 100644 (file)
--- a/src/plugins/dpdk/ipsec/ipsec.c
+++ b/src/plugins/dpdk/ipsec/ipsec.c
@@ -17,6 +17,7 @@
 #include <vnet/api_errno.h>
 #include <vnet/ipsec/ipsec.h>
 #include <vlib/node_funcs.h>
+#include <vlib/log.h>
 
 #include <dpdk/device/dpdk.h>
 #include <dpdk/buffer.h>
@@ -991,16 +992,33 @@ crypto_disable (void)
   vec_free (dcm->auth_algs);
 }
 
-static uword
-dpdk_ipsec_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
-                   vlib_frame_t * f)
+static clib_error_t *
+dpdk_ipsec_enable_disable (int is_enable)
+{
+  vlib_main_t *vm = vlib_get_main ();
+  vlib_thread_main_t *tm = vlib_get_thread_main ();
+  vlib_node_t *node = vlib_get_node_by_name (vm, (u8 *) "dpdk-crypto-input");
+  u32 skip_master = vlib_num_workers () > 0;
+  u32 n_mains = tm->n_vlib_mains;
+  u32 i;
+
+  ASSERT (node);
+  for (i = skip_master; i < n_mains; i++)
+    vlib_node_set_state (vlib_mains[i], node->index, is_enable != 0 ?
+                        VLIB_NODE_STATE_POLLING : VLIB_NODE_STATE_DISABLED);
+
+  return 0;
+}
+
+static clib_error_t *
+dpdk_ipsec_main_init (vlib_main_t * vm)
 {
   ipsec_main_t *im = &ipsec_main;
   dpdk_crypto_main_t *dcm = &dpdk_crypto_main;
   vlib_thread_main_t *tm = vlib_get_thread_main ();
   crypto_worker_main_t *cwm;
   clib_error_t *error = NULL;
-  u32 i, skip_master, n_mains;
+  u32 skip_master, n_mains;
 
   n_mains = tm->n_vlib_mains;
   skip_master = vlib_num_workers () > 0;
@@ -1011,7 +1029,8 @@ dpdk_ipsec_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
 
   if (!(dcm->enabled))
     {
-      clib_warning ("not enough DPDK crypto resources, default to OpenSSL");
+      vlib_log_warn (dpdk_main.log_default,
+                    "not enough DPDK crypto resources");
       crypto_disable ();
       return 0;
     }
@@ -1044,34 +1063,22 @@ dpdk_ipsec_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
       return 0;
     }
 
-
-  u32 idx = ipsec_register_esp_backend (vm, im, "dpdk backend",
-                                       "dpdk-esp4-encrypt",
-                                       "dpdk-esp4-encrypt-tun",
-                                       "dpdk-esp4-decrypt",
-                                       "dpdk-esp6-encrypt",
-                                       "dpdk-esp6-encrypt-tun",
-                                       "dpdk-esp6-decrypt",
-                                       dpdk_ipsec_check_support,
-                                       add_del_sa_session);
-  int rv = ipsec_select_esp_backend (im, idx);
-  ASSERT (rv == 0);
-
-  vlib_node_t *node = vlib_get_node_by_name (vm, (u8 *) "dpdk-crypto-input");
-  ASSERT (node);
-  for (i = skip_master; i < n_mains; i++)
-    vlib_node_set_state (vlib_mains[i], node->index, VLIB_NODE_STATE_POLLING);
+  u32 idx = ipsec_register_esp_backend (
+    vm, im, "dpdk backend", "dpdk-esp4-encrypt", "dpdk-esp4-encrypt-tun",
+    "dpdk-esp4-decrypt", "dpdk-esp4-decrypt", "dpdk-esp6-encrypt",
+    "dpdk-esp6-encrypt-tun", "dpdk-esp6-decrypt", "dpdk-esp6-decrypt",
+    "error-drop", dpdk_ipsec_check_support, add_del_sa_session,
+    dpdk_ipsec_enable_disable);
+  int rv;
+  if (im->esp_current_backend == ~0)
+    {
+      rv = ipsec_select_esp_backend (im, idx);
+      ASSERT (rv == 0);
+    }
   return 0;
 }
 
-/* *INDENT-OFF* */
-VLIB_REGISTER_NODE (dpdk_ipsec_process_node,static) = {
-    .function = dpdk_ipsec_process,
-    .type = VLIB_NODE_TYPE_PROCESS,
-    .name = "dpdk-ipsec-process",
-    .process_log2_n_stack_bytes = 17,
-};
-/* *INDENT-ON* */
+VLIB_MAIN_LOOP_ENTER_FUNCTION (dpdk_ipsec_main_init);
 
 /*
  * fd.io coding-style-patch-verification: ON