diff options
Diffstat (limited to 'vnet/vnet/ipsec/ipsec.c')
-rw-r--r-- | vnet/vnet/ipsec/ipsec.c | 31 |
1 files changed, 28 insertions, 3 deletions
diff --git a/vnet/vnet/ipsec/ipsec.c b/vnet/vnet/ipsec/ipsec.c index 223440ec..ee85c402 100644 --- a/vnet/vnet/ipsec/ipsec.c +++ b/vnet/vnet/ipsec/ipsec.c @@ -21,9 +21,25 @@ #include <vnet/interface.h> #include <vnet/ipsec/ipsec.h> -#include <vnet/ipsec/esp.h> #include <vnet/ipsec/ikev2.h> +#if DPDK_CRYPTO==1 +#include <vnet/devices/dpdk/ipsec/esp.h> +#define ESP_NODE "dpdk-esp-encrypt" +#else +#include <vnet/ipsec/esp.h> +#define ESP_NODE "esp-encrypt" +#endif + +#if DPDK_CRYPTO==0 +/* dummy function */ +static int +add_del_sa_sess (u32 sa_index, u8 is_add) +{ + return 0; +} +#endif + u32 ipsec_get_sa_index_by_sa_id (u32 sa_id) { @@ -433,6 +449,7 @@ ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add) return VNET_API_ERROR_SYSCALL_ERROR_1; /* sa used in policy */ } hash_unset (im->sa_index_by_sa_id, sa->id); + add_del_sa_sess (sa_index, is_add); pool_put (im->sad, sa); } else /* create new SA */ @@ -441,6 +458,8 @@ ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add) clib_memcpy (sa, new_sa, sizeof (*sa)); sa_index = sa - im->sad; hash_set (im->sa_index_by_sa_id, sa->id, sa_index); + if (add_del_sa_sess (sa_index, is_add) < 0) + return VNET_API_ERROR_SYSCALL_ERROR_1; } return 0; } @@ -476,6 +495,12 @@ ipsec_set_sa_key (vlib_main_t * vm, ipsec_sa_t * sa_update) sa->integ_key_len = sa_update->integ_key_len; } + if (sa->crypto_key_len + sa->integ_key_len > 0) + { + if (add_del_sa_sess (sa_index, 0) < 0) + return VNET_API_ERROR_SYSCALL_ERROR_1; + } + return 0; } @@ -522,7 +547,8 @@ ipsec_init (vlib_main_t * vm) ASSERT (node); im->error_drop_node_index = node->index; - node = vlib_get_node_by_name (vm, (u8 *) "esp-encrypt"); + node = vlib_get_node_by_name (vm, (u8 *) ESP_NODE); + ASSERT (node); im->esp_encrypt_node_index = node->index; @@ -530,7 +556,6 @@ ipsec_init (vlib_main_t * vm) ASSERT (node); im->ip4_lookup_node_index = node->index; - if ((error = vlib_call_init_function (vm, ipsec_cli_init))) return error; |