if (is_ip6)
priv->next = DPDK_CRYPTO_INPUT_NEXT_DECRYPT6_POST;
else
- priv->next = DPDK_CRYPTO_INPUT_NEXT_DECRYPT4_POST;
+ {
+ priv->next = DPDK_CRYPTO_INPUT_NEXT_DECRYPT4_POST;
+ b0->flags |= VNET_BUFFER_F_IS_IP4;
+ }
/* FIXME multi-seg */
vlib_increment_combined_counter
extern vlib_node_registration_t dpdk_esp4_encrypt_node;
extern vlib_node_registration_t dpdk_esp6_encrypt_node;
+extern vlib_node_registration_t dpdk_esp4_encrypt_tun_node;
+extern vlib_node_registration_t dpdk_esp6_encrypt_tun_node;
typedef struct
{
}
else /* transport mode */
{
- priv->next = DPDK_CRYPTO_INPUT_NEXT_INTERFACE_OUTPUT;
- rewrite_len = vnet_buffer (b0)->ip.save_rewrite_length;
+ if (is_tun)
+ {
+ rewrite_len = 0;
+ priv->next = DPDK_CRYPTO_INPUT_NEXT_MIDCHAIN;
+ }
+ else
+ {
+ priv->next = DPDK_CRYPTO_INPUT_NEXT_INTERFACE_OUTPUT;
+ rewrite_len = vnet_buffer (b0)->ip.save_rewrite_length;
+ }
u16 adv = sizeof (esp_header_t) + iv_size + udp_encap_adv;
vlib_buffer_advance (b0, -adv - rewrite_len);
u8 *src = ((u8 *) ih0) - rewrite_len;
}
if (is_ip6)
{
- vlib_node_increment_counter (vm, dpdk_esp6_encrypt_node.index,
+ vlib_node_increment_counter (vm,
+ (is_tun ?
+ dpdk_esp6_encrypt_tun_node.index :
+ dpdk_esp6_encrypt_node.index),
ESP_ENCRYPT_ERROR_RX_PKTS,
from_frame->n_vectors);
}
else
{
- vlib_node_increment_counter (vm, dpdk_esp4_encrypt_node.index,
+ vlib_node_increment_counter (vm,
+ (is_tun ?
+ dpdk_esp4_encrypt_tun_node.index :
+ dpdk_esp4_encrypt_node.index),
ESP_ENCRYPT_ERROR_RX_PKTS,
from_frame->n_vectors);
"dpdk-esp4-encrypt",
"dpdk-esp4-encrypt-tun",
"dpdk-esp4-decrypt",
+ "dpdk-esp4-decrypt",
"dpdk-esp6-encrypt",
"dpdk-esp6-encrypt-tun",
"dpdk-esp6-decrypt",
+ "dpdk-esp6-decrypt",
dpdk_ipsec_check_support,
add_del_sa_session);
int rv = ipsec_select_esp_backend (im, idx);
_(IP4_LOOKUP, "ip4-lookup") \
_(IP6_LOOKUP, "ip6-lookup") \
_(INTERFACE_OUTPUT, "interface-output") \
+ _(MIDCHAIN, "adj-midchain-tx") \
_(DECRYPT4_POST, "dpdk-esp4-decrypt-post") \
_(DECRYPT6_POST, "dpdk-esp6-decrypt-post")
const char *esp4_encrypt_node_name,
const char *esp4_encrypt_node_tun_name,
const char *esp4_decrypt_node_name,
+ const char *esp4_decrypt_tun_node_name,
const char *esp6_encrypt_node_name,
const char *esp6_encrypt_node_tun_name,
const char *esp6_decrypt_node_name,
+ const char *esp6_decrypt_tun_node_name,
check_support_cb_t esp_check_support_cb,
add_del_sa_sess_cb_t esp_add_del_sa_sess_cb)
{
&b->esp6_encrypt_node_index, &b->esp6_encrypt_next_index);
ipsec_add_node (vm, esp6_decrypt_node_name, "ipsec6-input-feature",
&b->esp6_decrypt_node_index, &b->esp6_decrypt_next_index);
+ ipsec_add_node (vm, esp4_decrypt_tun_node_name, "ipsec4-tun-input",
+ &b->esp4_decrypt_tun_node_index,
+ &b->esp4_decrypt_tun_next_index);
+ ipsec_add_node (vm, esp6_decrypt_tun_node_name, "ipsec6-tun-input",
+ &b->esp6_decrypt_tun_node_index,
+ &b->esp6_decrypt_tun_next_index);
ipsec_add_feature ("ip4-output", esp4_encrypt_node_tun_name,
&b->esp44_encrypt_tun_feature_index);
im->esp6_decrypt_node_index = b->esp6_decrypt_node_index;
im->esp6_encrypt_next_index = b->esp6_encrypt_next_index;
im->esp6_decrypt_next_index = b->esp6_decrypt_next_index;
+ im->esp4_decrypt_tun_node_index = b->esp4_decrypt_tun_node_index;
+ im->esp4_decrypt_tun_next_index = b->esp4_decrypt_tun_next_index;
+ im->esp6_decrypt_tun_node_index = b->esp6_decrypt_tun_node_index;
+ im->esp6_decrypt_tun_next_index = b->esp6_decrypt_tun_next_index;
im->esp44_encrypt_tun_feature_index = b->esp44_encrypt_tun_feature_index;
im->esp64_encrypt_tun_feature_index = b->esp64_encrypt_tun_feature_index;
"esp4-encrypt",
"esp4-encrypt-tun",
"esp4-decrypt",
+ "esp4-decrypt-tun",
"esp6-encrypt",
"esp6-encrypt-tun",
"esp6-decrypt",
+ "esp6-decrypt-tun",
ipsec_check_esp_support, NULL);
im->esp_default_backend = idx;
u32 esp6_decrypt_node_index;
u32 esp6_encrypt_next_index;
u32 esp6_decrypt_next_index;
+ u32 esp4_decrypt_tun_node_index;
+ u32 esp4_decrypt_tun_next_index;
+ u32 esp6_decrypt_tun_node_index;
+ u32 esp6_decrypt_tun_next_index;
u32 esp44_encrypt_tun_feature_index;
u32 esp46_encrypt_tun_feature_index;
u32 esp66_encrypt_tun_feature_index;
u32 error_drop_node_index;
u32 esp4_encrypt_node_index;
u32 esp4_decrypt_node_index;
+ u32 esp4_decrypt_tun_node_index;
u32 ah4_encrypt_node_index;
u32 ah4_decrypt_node_index;
u32 esp6_encrypt_node_index;
u32 esp6_decrypt_node_index;
+ u32 esp6_decrypt_tun_node_index;
u32 ah6_encrypt_node_index;
u32 ah6_decrypt_node_index;
/* next node indices */
u32 esp4_encrypt_next_index;
u32 esp4_decrypt_next_index;
+ u32 esp4_decrypt_tun_next_index;
u32 ah4_encrypt_next_index;
u32 ah4_decrypt_next_index;
u32 esp6_encrypt_next_index;
u32 esp6_decrypt_next_index;
+ u32 esp6_decrypt_tun_next_index;
u32 ah6_encrypt_next_index;
u32 ah6_decrypt_next_index;
const char *esp4_encrypt_node_name,
const char *esp4_encrypt_tun_node_name,
const char *esp4_decrypt_node_name,
+ const char *esp4_decrypt_tun_node_name,
const char *esp6_encrypt_node_name,
const char *esp6_encrypt_tun_node_name,
const char *esp6_decrypt_node_name,
+ const char *esp6_decrypt_tun_node_name,
check_support_cb_t esp_check_support_cb,
add_del_sa_sess_cb_t esp_add_del_sa_sess_cb);
#define _(v, s) IPSEC_TUN_PROTECT_NEXT_##v,
foreach_ipsec_input_next
#undef _
- IPSEC_TUN_PROTECT_NEXT_DECRYPT,
- IPSEC_TUN_PROTECT_N_NEXT,
+ IPSEC_TUN_PROTECT_N_NEXT,
} ipsec_tun_next_t;
typedef struct
n_bytes = len0;
}
- next[0] = IPSEC_TUN_PROTECT_NEXT_DECRYPT;
+ next[0] = im->esp4_decrypt_tun_next_index; //IPSEC_TUN_PROTECT_NEXT_DECRYPT;
}
trace00:
if (PREDICT_FALSE (is_trace))
vlib_node_runtime_t * node,
vlib_frame_t * from_frame)
{
- return ipsec_tun_protect_input_inline (vm, node, from_frame,
- 0 /* is_ip6 */ );
+ return ipsec_tun_protect_input_inline (vm, node, from_frame, 0);
}
/* *INDENT-OFF* */
.next_nodes = {
[IPSEC_TUN_PROTECT_NEXT_DROP] = "ip4-drop",
[IPSEC_TUN_PROTECT_NEXT_PUNT] = "punt-dispatch",
- [IPSEC_TUN_PROTECT_NEXT_DECRYPT] = "esp4-decrypt-tun",
}
};
/* *INDENT-ON* */
vlib_node_runtime_t * node,
vlib_frame_t * from_frame)
{
- return ipsec_tun_protect_input_inline (vm, node, from_frame,
- 1 /* is_ip6 */ );
+ return ipsec_tun_protect_input_inline (vm, node, from_frame, 1);
}
/* *INDENT-OFF* */
.next_nodes = {
[IPSEC_TUN_PROTECT_NEXT_DROP] = "ip6-drop",
[IPSEC_TUN_PROTECT_NEXT_PUNT] = "punt-dispatch",
- [IPSEC_TUN_PROTECT_NEXT_DECRYPT] = "esp6-decrypt-tun",
}
};
/* *INDENT-ON* */
Code Review / vpp.git / commitdiff