diff options
| author |   Szymon Sliwa <szs@semihalf.com> | 2017-11-14 16:50:11 +0100 |
|---|---|---|
| committer | Szymon Sliwa <szs@semihalf.com> | 2018-02-05 11:01:09 +0100 |
| commit | 156b75b98035f90630abaf4a2450563364ecc011 (patch) | |
| tree | f1256ddeaa49dd506c1a7a23f19250a1c76ca845 /src | |
| parent | 589a02d7c6afd021824546d1b4c62997723adaff (diff) | |
plugins: odp: Add tunnel mode
Change-Id: I8be5f8aa63da8fdf4b2043ba9cd048f2269e4e99
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/plugins/odp/ipsec/esp_decrypt.c | 30 | ||||
| -rw-r--r-- | src/plugins/odp/ipsec/esp_encrypt.c | 10 |
2 files changed, 26 insertions, 14 deletions
diff --git a/src/plugins/odp/ipsec/esp_decrypt.c b/src/plugins/odp/ipsec/esp_decrypt.c index 69cfc3e7..9086f33a 100644 --- a/src/plugins/odp/ipsec/esp_decrypt.c +++ b/src/plugins/odp/ipsec/esp_decrypt.c @@ -278,8 +278,7 @@ esp_decrypt_node_fn (vlib_main_t * vm, } crypto_op_params.cipher_range.offset = - (u32) ((u8 *) vlib_buffer_get_current (b0) - (u8 *) b0) - - sizeof (vlib_buffer_t) + sizeof (esp_header_t) + IV_SIZE; + (u32) b0->current_data + sizeof (esp_header_t) + IV_SIZE; crypto_op_params.cipher_range.length = BLOCK_SIZE * blocks; crypto_op_params.override_iv_ptr = (u8 *) vlib_buffer_get_current (b0) + sizeof (esp_header_t); @@ -303,30 +302,39 @@ esp_decrypt_node_fn (vlib_main_t * vm, old_ip_hdr = *((ip4_header_t *) ((uintptr_t) vlib_buffer_get_current (b0) - - ip_hdr_size)); - - vlib_buffer_advance (b0, sizeof (esp_header_t) + IV_SIZE); + sizeof (ip4_header_t))); b0->current_data = sizeof (esp_header_t) + IV_SIZE + sizeof (ethernet_header_t); - b0->current_length = (blocks * 16) - 2 + ip_hdr_size; + b0->current_length = (blocks * BLOCK_SIZE) - 2; + if (tunnel_mode) + b0->current_data += sizeof (ip4_header_t); + else + b0->current_length += sizeof (ip4_header_t); + b0->flags = VLIB_BUFFER_TOTAL_LENGTH_VALID; f0 = (esp_footer_t *) ((u8 *) vlib_buffer_get_current (b0) + b0->current_length); b0->current_length -= f0->pad_length; - odp_packet_pull_head (crypto_op_params.pkt, - sizeof (esp_header_t) + IV_SIZE); + if (tunnel_mode) + { + odp_packet_pull_head (crypto_op_params.pkt, + sizeof (esp_header_t) + IV_SIZE + + ip_hdr_size); + } + else + { + odp_packet_pull_head (crypto_op_params.pkt, + sizeof (esp_header_t) + IV_SIZE); + } odp_packet_pull_tail (crypto_op_params.pkt, f0->pad_length + icv_size); /* tunnel mode */ if (PREDICT_TRUE (tunnel_mode)) { - // TODO not supported - assert (0); - if (PREDICT_TRUE (f0->next_header == IP_PROTOCOL_IP_IN_IP)) { next0 = ESP_DECRYPT_NEXT_IP4_INPUT; diff --git a/src/plugins/odp/ipsec/esp_encrypt.c b/src/plugins/odp/ipsec/esp_encrypt.c index 8a7d3f68..65c4c60f 100644 --- a/src/plugins/odp/ipsec/esp_encrypt.c +++ b/src/plugins/odp/ipsec/esp_encrypt.c @@ -264,9 +264,6 @@ esp_encrypt_node_fn (vlib_main_t * vm, if (PREDICT_TRUE (!is_ipv6 && sa0->is_tunnel && !sa0->is_tunnel_ip6)) { - // TODO not supported - assert (0); - oh0->ip4.src_address.as_u32 = sa0->tunnel_src_addr.ip4.as_u32; oh0->ip4.dst_address.as_u32 = sa0->tunnel_dst_addr.ip4.as_u32; @@ -349,12 +346,14 @@ esp_encrypt_node_fn (vlib_main_t * vm, int odp_offset_to_esp = ip_hdr_size, odp_offset_to_payload = sizeof (esp_header_t) + IV_SIZE + ip_hdr_size; + crypto_op_params.cipher_range.offset = odp_offset_to_payload; crypto_op_params.cipher_range.length = BLOCK_SIZE * blocks; crypto_op_params.auth_range.offset = odp_offset_to_esp; crypto_op_params.auth_range.length = b0->current_length - ip_hdr_size; + crypto_op_params.hash_result_offset = odp_offset_to_payload + BLOCK_SIZE * blocks; @@ -398,6 +397,11 @@ esp_encrypt_node_fn (vlib_main_t * vm, b0->current_data -= sizeof (ethernet_header_t) + ip_hdr_size; b0->current_length += sizeof (ethernet_header_t); } + else + { + b0->current_data = + (i16) - push_head_by + sizeof (ethernet_header_t); + } trace: if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED)) |