From 156b75b98035f90630abaf4a2450563364ecc011 Mon Sep 17 00:00:00 2001 From: Szymon Sliwa Date: Tue, 14 Nov 2017 16:50:11 +0100 Subject: plugins: odp: Add tunnel mode Change-Id: I8be5f8aa63da8fdf4b2043ba9cd048f2269e4e99 Signed-off-by: Szymon Sliwa --- src/plugins/odp/ipsec/esp_decrypt.c | 30 +++++++++++++++++++----------- src/plugins/odp/ipsec/esp_encrypt.c | 10 +++++++--- 2 files changed, 26 insertions(+), 14 deletions(-) diff --git a/src/plugins/odp/ipsec/esp_decrypt.c b/src/plugins/odp/ipsec/esp_decrypt.c index 69cfc3e7..9086f33a 100644 --- a/src/plugins/odp/ipsec/esp_decrypt.c +++ b/src/plugins/odp/ipsec/esp_decrypt.c @@ -278,8 +278,7 @@ esp_decrypt_node_fn (vlib_main_t * vm, } crypto_op_params.cipher_range.offset = - (u32) ((u8 *) vlib_buffer_get_current (b0) - (u8 *) b0) - - sizeof (vlib_buffer_t) + sizeof (esp_header_t) + IV_SIZE; + (u32) b0->current_data + sizeof (esp_header_t) + IV_SIZE; crypto_op_params.cipher_range.length = BLOCK_SIZE * blocks; crypto_op_params.override_iv_ptr = (u8 *) vlib_buffer_get_current (b0) + sizeof (esp_header_t); @@ -303,30 +302,39 @@ esp_decrypt_node_fn (vlib_main_t * vm, old_ip_hdr = *((ip4_header_t *) ((uintptr_t) vlib_buffer_get_current (b0) - - ip_hdr_size)); - - vlib_buffer_advance (b0, sizeof (esp_header_t) + IV_SIZE); + sizeof (ip4_header_t))); b0->current_data = sizeof (esp_header_t) + IV_SIZE + sizeof (ethernet_header_t); - b0->current_length = (blocks * 16) - 2 + ip_hdr_size; + b0->current_length = (blocks * BLOCK_SIZE) - 2; + if (tunnel_mode) + b0->current_data += sizeof (ip4_header_t); + else + b0->current_length += sizeof (ip4_header_t); + b0->flags = VLIB_BUFFER_TOTAL_LENGTH_VALID; f0 = (esp_footer_t *) ((u8 *) vlib_buffer_get_current (b0) + b0->current_length); b0->current_length -= f0->pad_length; - odp_packet_pull_head (crypto_op_params.pkt, - sizeof (esp_header_t) + IV_SIZE); + if (tunnel_mode) + { + odp_packet_pull_head (crypto_op_params.pkt, + sizeof (esp_header_t) + IV_SIZE + + ip_hdr_size); + } + else + { + odp_packet_pull_head (crypto_op_params.pkt, + sizeof (esp_header_t) + IV_SIZE); + } odp_packet_pull_tail (crypto_op_params.pkt, f0->pad_length + icv_size); /* tunnel mode */ if (PREDICT_TRUE (tunnel_mode)) { - // TODO not supported - assert (0); - if (PREDICT_TRUE (f0->next_header == IP_PROTOCOL_IP_IN_IP)) { next0 = ESP_DECRYPT_NEXT_IP4_INPUT; diff --git a/src/plugins/odp/ipsec/esp_encrypt.c b/src/plugins/odp/ipsec/esp_encrypt.c index 8a7d3f68..65c4c60f 100644 --- a/src/plugins/odp/ipsec/esp_encrypt.c +++ b/src/plugins/odp/ipsec/esp_encrypt.c @@ -264,9 +264,6 @@ esp_encrypt_node_fn (vlib_main_t * vm, if (PREDICT_TRUE (!is_ipv6 && sa0->is_tunnel && !sa0->is_tunnel_ip6)) { - // TODO not supported - assert (0); - oh0->ip4.src_address.as_u32 = sa0->tunnel_src_addr.ip4.as_u32; oh0->ip4.dst_address.as_u32 = sa0->tunnel_dst_addr.ip4.as_u32; @@ -349,12 +346,14 @@ esp_encrypt_node_fn (vlib_main_t * vm, int odp_offset_to_esp = ip_hdr_size, odp_offset_to_payload = sizeof (esp_header_t) + IV_SIZE + ip_hdr_size; + crypto_op_params.cipher_range.offset = odp_offset_to_payload; crypto_op_params.cipher_range.length = BLOCK_SIZE * blocks; crypto_op_params.auth_range.offset = odp_offset_to_esp; crypto_op_params.auth_range.length = b0->current_length - ip_hdr_size; + crypto_op_params.hash_result_offset = odp_offset_to_payload + BLOCK_SIZE * blocks; @@ -398,6 +397,11 @@ esp_encrypt_node_fn (vlib_main_t * vm, b0->current_data -= sizeof (ethernet_header_t) + ip_hdr_size; b0->current_length += sizeof (ethernet_header_t); } + else + { + b0->current_data = + (i16) - push_head_by + sizeof (ethernet_header_t); + } trace: if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED)) -- cgit 1.2.3-korg