struct rte_flow_item_tcp tcp[2] = { };
struct rte_flow_item_gtp gtp[2] = { };
struct rte_flow_item_l2tpv3oip l2tp[2] = { };
+ struct rte_flow_item_esp esp[2] = { };
+ struct rte_flow_item_ah ah[2] = { };
struct rte_flow_action_mark mark = { 0 };
struct rte_flow_action_queue queue = { 0 };
struct rte_flow_action_rss rss = { 0 };
}
protocol = l2tp->protocol;
}
+ if (f->type == VNET_FLOW_TYPE_IP4_IPSEC_ESP)
+ {
+ vnet_flow_ip4_ipsec_esp_t *tesp = &f->ip4_ipsec_esp;
+ item->type = RTE_FLOW_ITEM_TYPE_IPV4;
+
+ if (!tesp->src_addr.mask.as_u32 && !tesp->dst_addr.mask.as_u32)
+ {
+ item->spec = NULL;
+ item->mask = NULL;
+ }
+ else
+ {
+ ip4[0].hdr.src_addr = tesp->src_addr.addr.as_u32;
+ ip4[1].hdr.src_addr = tesp->src_addr.mask.as_u32;
+ ip4[0].hdr.dst_addr = tesp->dst_addr.addr.as_u32;
+ ip4[1].hdr.dst_addr = tesp->dst_addr.mask.as_u32;
+ item->spec = ip4;
+ item->mask = ip4 + 1;
+ }
+ protocol = tesp->protocol;
+ }
+ else if (f->type == VNET_FLOW_TYPE_IP4_IPSEC_AH)
+ {
+ vnet_flow_ip4_ipsec_ah_t *tah = &f->ip4_ipsec_ah;
+ item->type = RTE_FLOW_ITEM_TYPE_IPV4;
+
+ if (!tah->src_addr.mask.as_u32 && !tah->dst_addr.mask.as_u32)
+ {
+ item->spec = NULL;
+ item->mask = NULL;
+ }
+ else
+ {
+ ip4[0].hdr.src_addr = tah->src_addr.addr.as_u32;
+ ip4[1].hdr.src_addr = tah->src_addr.mask.as_u32;
+ ip4[0].hdr.dst_addr = tah->dst_addr.addr.as_u32;
+ ip4[1].hdr.dst_addr = tah->dst_addr.mask.as_u32;
+ item->spec = ip4;
+ item->mask = ip4 + 1;
+ }
+ protocol = tah->protocol;
+ }
else if ((f->type == VNET_FLOW_TYPE_IP6_N_TUPLE) ||
(f->type == VNET_FLOW_TYPE_IP6_GTPC) ||
(f->type == VNET_FLOW_TYPE_IP6_GTPU) ||
item->mask = tcp + 1;
}
}
+ else if (protocol == IP_PROTOCOL_IPSEC_ESP)
+ {
+ vec_add2 (items, item, 1);
+ item->type = RTE_FLOW_ITEM_TYPE_ESP;
+
+ vnet_flow_ip4_ipsec_esp_t *tesp = &f->ip4_ipsec_esp;
+ esp[0].hdr.spi = clib_host_to_net_u32 (tesp->spi);
+ esp[1].hdr.spi = ~0;
+
+ item->spec = esp;
+ item->mask = esp + 1;
+ }
+ else if (protocol == IP_PROTOCOL_IPSEC_AH)
+ {
+ vec_add2 (items, item, 1);
+ item->type = RTE_FLOW_ITEM_TYPE_AH;
+
+ vnet_flow_ip4_ipsec_ah_t *tah = &f->ip4_ipsec_ah;
+ ah[0].spi = clib_host_to_net_u32 (tah->spi);
+ ah[1].spi = ~0;
+
+ item->spec = ah;
+ item->mask = ah + 1;
+ }
else if (protocol == IP_PROTOCOL_RESERVED)
{
rv = VNET_FLOW_ERROR_NOT_SUPPORTED;
item->spec = l2tp;
item->mask = l2tp + 1;
}
+
if (f->type == VNET_FLOW_TYPE_IP4_VXLAN)
{
u32 vni = f->ip4_vxlan.vni;
case VNET_FLOW_TYPE_IP6_GTPU_IP4:
case VNET_FLOW_TYPE_IP6_GTPU_IP6:
case VNET_FLOW_TYPE_IP4_L2TPV3OIP:
+ case VNET_FLOW_TYPE_IP4_IPSEC_ESP:
+ case VNET_FLOW_TYPE_IP4_IPSEC_AH:
if ((rv = dpdk_flow_add (xd, flow, fe)))
goto done;
break;
_(IP6_N_TUPLE_TAGGED, ip6_n_tuple_tagged, "ipv6-n-tuple-tagged") \
/* IP tunnel flow */ \
_(IP4_L2TPV3OIP, ip4_l2tpv3oip, "ipv4-l2tpv3oip") \
+ _(IP4_IPSEC_ESP, ip4_ipsec_esp, "ipv4-ipsec-esp") \
+ _(IP4_IPSEC_AH, ip4_ipsec_ah, "ipv4-ipsec-ah") \
/* L4 tunnel flow*/ \
_(IP4_VXLAN, ip4_vxlan, "ipv4-vxlan") \
_(IP6_VXLAN, ip6_vxlan, "ipv6-vxlan") \
_fe(ip_protocol_t, protocol) \
_fe(u32, session_id)
+#define foreach_flow_entry_ip4_ipsec_esp \
+ _fe(ip4_address_and_mask_t, src_addr) \
+ _fe(ip4_address_and_mask_t, dst_addr) \
+ _fe(ip_protocol_t, protocol) \
+ _fe(u32, spi)
+
+#define foreach_flow_entry_ip4_ipsec_ah \
+ _fe(ip4_address_and_mask_t, src_addr) \
+ _fe(ip4_address_and_mask_t, dst_addr) \
+ _fe(ip_protocol_t, protocol) \
+ _fe(u32, spi)
+
#define foreach_flow_entry_ip4_vxlan \
_fe(ip4_address_t, src_addr) \
_fe(ip4_address_t, dst_addr) \
} action = FLOW_UNKNOWN_ACTION;
u32 hw_if_index = ~0, flow_index = ~0;
int rv;
- u32 prot = 0, teid = 0, session_id = 0;
+ u32 prot = 0, teid = 0, session_id = 0, spi = 0;
vnet_flow_type_t type = VNET_FLOW_TYPE_IP4_N_TUPLE;
bool is_gtpc_set = false;
bool is_gtpu_set = false;
bool is_l2tpv3oip_set = false;
+ bool is_ipsec_esp_set = false, is_ipsec_ah_set = false;
vnet_flow_type_t outer_type = VNET_FLOW_TYPE_UNKNOWN;
vnet_flow_type_t inner_type = VNET_FLOW_TYPE_UNKNOWN;
bool outer_ip4_set = false, inner_ip4_set = false;
if (prot == IP_PROTOCOL_L2TP)
is_l2tpv3oip_set = true;
}
+ else if (unformat (line_input, "spi %u", &spi))
+ {
+ if (prot == IP_PROTOCOL_IPSEC_ESP)
+ is_ipsec_esp_set = true;
+ else if (prot == IP_PROTOCOL_IPSEC_AH)
+ is_ipsec_ah_set = true;
+ }
else if (unformat (line_input, "index %u", &flow_index))
;
else if (unformat (line_input, "next-node %U", unformat_vlib_node, vm,
type = VNET_FLOW_TYPE_IP4_GTPU;
else if (is_l2tpv3oip_set)
type = VNET_FLOW_TYPE_IP4_L2TPV3OIP;
+ else if (is_ipsec_esp_set)
+ type = VNET_FLOW_TYPE_IP4_IPSEC_ESP;
+ else if (is_ipsec_ah_set)
+ type = VNET_FLOW_TYPE_IP4_IPSEC_AH;
}
else if (inner_type == VNET_FLOW_TYPE_IP4_N_TUPLE)
{
flow.ip4_l2tpv3oip.protocol = prot;
flow.ip4_l2tpv3oip.session_id = session_id;
break;
+ case VNET_FLOW_TYPE_IP4_IPSEC_ESP:
+ clib_memcpy (&flow.ip4_ipsec_esp.src_addr, &ip4s,
+ sizeof (ip4_address_and_mask_t));
+ clib_memcpy (&flow.ip4_ipsec_esp.dst_addr, &ip4d,
+ sizeof (ip4_address_and_mask_t));
+ flow.ip4_ipsec_esp.protocol = prot;
+ flow.ip4_ipsec_esp.spi = spi;
+ break;
+ case VNET_FLOW_TYPE_IP4_IPSEC_AH:
+ clib_memcpy (&flow.ip4_ipsec_ah.src_addr, &ip4s,
+ sizeof (ip4_address_and_mask_t));
+ clib_memcpy (&flow.ip4_ipsec_ah.dst_addr, &ip4d,
+ sizeof (ip4_address_and_mask_t));
+ flow.ip4_ipsec_ah.protocol = prot;
+ flow.ip4_ipsec_ah.spi = spi;
+ break;
case VNET_FLOW_TYPE_IP4_N_TUPLE:
case VNET_FLOW_TYPE_IP4_GTPC:
case VNET_FLOW_TYPE_IP4_GTPU:
Code Review / vpp.git / commitdiff