aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/dpdk
diff options
context:
space:
mode:
authorNeale Ranns <nranns@cisco.com>2019-04-23 20:57:55 -0400
committerDamjan Marion <dmarion@me.com>2019-04-25 08:32:56 +0000
commite8915fc707a03260c05624425f9548d796c089fb (patch)
treef1bc7dc86d2a6fb6d25afa8510d57d5cda689be6 /src/plugins/dpdk
parenta829b13986d556ab3aeb52668129fe4b13a1f24f (diff)
IPSEC; dpdk backend for tunnel interface encryption
Change-Id: Ide2a9df18db371c8428855d7f12f246006d7c04c Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'src/plugins/dpdk')
-rw-r--r--src/plugins/dpdk/ipsec/esp_encrypt.c77
-rw-r--r--src/plugins/dpdk/ipsec/ipsec.c2
2 files changed, 75 insertions, 4 deletions
diff --git a/src/plugins/dpdk/ipsec/esp_encrypt.c b/src/plugins/dpdk/ipsec/esp_encrypt.c
index 653c158fb94..45a6257f7e8 100644
--- a/src/plugins/dpdk/ipsec/esp_encrypt.c
+++ b/src/plugins/dpdk/ipsec/esp_encrypt.c
@@ -110,7 +110,7 @@ format_esp_encrypt_trace (u8 * s, va_list * args)
always_inline uword
dpdk_esp_encrypt_inline (vlib_main_t * vm,
vlib_node_runtime_t * node,
- vlib_frame_t * from_frame, int is_ip6)
+ vlib_frame_t * from_frame, int is_ip6, int is_tun)
{
u32 n_left_from, *from, *to_next, next_index, thread_index;
ipsec_main_t *im = &ipsec_main;
@@ -210,7 +210,16 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm,
sizeof (op[0]) + sizeof (op[0].sym[0]) + sizeof (priv[0]);
CLIB_PREFETCH (op, op_len, STORE);
- sa_index0 = vnet_buffer (b0)->ipsec.sad_index;
+ if (is_tun)
+ {
+ u32 tmp;
+ /* we are on a ipsec tunnel's feature arc */
+ sa_index0 = *(u32 *) vnet_feature_next_with_data (&tmp, b0,
+ sizeof
+ (sa_index0));
+ }
+ else
+ sa_index0 = vnet_buffer (b0)->ipsec.sad_index;
if (sa_index0 != last_sa_index)
{
@@ -586,7 +595,7 @@ VLIB_NODE_FN (dpdk_esp4_encrypt_node) (vlib_main_t * vm,
vlib_node_runtime_t * node,
vlib_frame_t * from_frame)
{
- return dpdk_esp_encrypt_inline (vm, node, from_frame, 0 /*is_ip6 */ );
+ return dpdk_esp_encrypt_inline (vm, node, from_frame, 0 /*is_ip6 */ , 0);
}
/* *INDENT-OFF* */
@@ -609,7 +618,7 @@ VLIB_NODE_FN (dpdk_esp6_encrypt_node) (vlib_main_t * vm,
vlib_node_runtime_t * node,
vlib_frame_t * from_frame)
{
- return dpdk_esp_encrypt_inline (vm, node, from_frame, 1 /*is_ip6 */ );
+ return dpdk_esp_encrypt_inline (vm, node, from_frame, 1 /*is_ip6 */ , 0);
}
/* *INDENT-OFF* */
@@ -628,6 +637,66 @@ VLIB_REGISTER_NODE (dpdk_esp6_encrypt_node) = {
};
/* *INDENT-ON* */
+VLIB_NODE_FN (dpdk_esp4_encrypt_tun_node) (vlib_main_t * vm,
+ vlib_node_runtime_t * node,
+ vlib_frame_t * from_frame)
+{
+ return dpdk_esp_encrypt_inline (vm, node, from_frame, 0 /*is_ip6 */ , 1);
+}
+
+/* *INDENT-OFF* */
+VLIB_REGISTER_NODE (dpdk_esp4_encrypt_tun_node) = {
+ .name = "dpdk-esp4-encrypt-tun",
+ .flags = VLIB_NODE_FLAG_IS_OUTPUT,
+ .vector_size = sizeof (u32),
+ .format_trace = format_esp_encrypt_trace,
+ .n_errors = ARRAY_LEN (esp_encrypt_error_strings),
+ .error_strings = esp_encrypt_error_strings,
+ .n_next_nodes = 1,
+ .next_nodes =
+ {
+ [ESP_ENCRYPT_NEXT_DROP] = "error-drop",
+ }
+};
+
+VNET_FEATURE_INIT (dpdk_esp4_encrypt_tun_feat_node, static) =
+{
+ .arc_name = "ip4-output",
+ .node_name = "dpdk-esp4-encrypt-tun",
+ .runs_before = VNET_FEATURES ("adj-midchain-tx"),
+};
+/* *INDENT-ON* */
+
+VLIB_NODE_FN (dpdk_esp6_encrypt_tun_node) (vlib_main_t * vm,
+ vlib_node_runtime_t * node,
+ vlib_frame_t * from_frame)
+{
+ return dpdk_esp_encrypt_inline (vm, node, from_frame, 1 /*is_ip6 */ , 1);
+}
+
+/* *INDENT-OFF* */
+VLIB_REGISTER_NODE (dpdk_esp6_encrypt_tun_node) = {
+ .name = "dpdk-esp6-encrypt-tun",
+ .flags = VLIB_NODE_FLAG_IS_OUTPUT,
+ .vector_size = sizeof (u32),
+ .format_trace = format_esp_encrypt_trace,
+ .n_errors = ARRAY_LEN (esp_encrypt_error_strings),
+ .error_strings = esp_encrypt_error_strings,
+ .n_next_nodes = 1,
+ .next_nodes =
+ {
+ [ESP_ENCRYPT_NEXT_DROP] = "error-drop",
+ }
+};
+
+VNET_FEATURE_INIT (dpdk_esp6_encrypt_tun_feat_node, static) =
+{
+ .arc_name = "ip6-output",
+ .node_name = "dpdk-esp6-encrypt-tun",
+ .runs_before = VNET_FEATURES ("adj-midchain-tx"),
+};
+/* *INDENT-ON* */
+
/*
* fd.io coding-style-patch-verification: ON
*
diff --git a/src/plugins/dpdk/ipsec/ipsec.c b/src/plugins/dpdk/ipsec/ipsec.c
index 682bcaf21c8..88fd75dcf1a 100644
--- a/src/plugins/dpdk/ipsec/ipsec.c
+++ b/src/plugins/dpdk/ipsec/ipsec.c
@@ -1069,8 +1069,10 @@ dpdk_ipsec_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
u32 idx = ipsec_register_esp_backend (vm, im, "dpdk backend",
"dpdk-esp4-encrypt",
+ "dpdk-esp4-encrypt-tun",
"dpdk-esp4-decrypt",
"dpdk-esp6-encrypt",
+ "dpdk-esp6-encrypt-tun",
"dpdk-esp6-decrypt",
dpdk_ipsec_check_support,
add_del_sa_session);