diff options
author | Neale Ranns <neale@graphiant.com> | 2021-02-25 16:01:28 +0000 |
---|---|---|
committer | Florin Coras <florin.coras@gmail.com> | 2021-02-26 02:12:06 +0000 |
commit | c5fe57dac12a46fa618259643909afaec1ac5aae (patch) | |
tree | 6962f3f1a8d10f2f30f0884889aaa379d0d3e509 /src/plugins | |
parent | cc9a1a0d39f22f653801f5d08bfe4892325254b5 (diff) |
ipsec: move the IPSec SA pool out of ipsec_main
Type: refactor
this allows the ipsec_sa_get funtion to be moved from ipsec.h to
ipsec_sa.h where it belongs.
Also use ipsec_sa_get throughout the code base.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I2dce726c4f7052b5507dd8dcfead0ed5604357df
Diffstat (limited to 'src/plugins')
-rw-r--r-- | src/plugins/dpdk/ipsec/esp_decrypt.c | 6 | ||||
-rw-r--r-- | src/plugins/dpdk/ipsec/esp_encrypt.c | 2 | ||||
-rw-r--r-- | src/plugins/dpdk/ipsec/ipsec.c | 4 | ||||
-rw-r--r-- | src/plugins/ikev2/ikev2.c | 8 | ||||
-rw-r--r-- | src/plugins/unittest/ipsec_test.c | 3 |
5 files changed, 9 insertions, 14 deletions
diff --git a/src/plugins/dpdk/ipsec/esp_decrypt.c b/src/plugins/dpdk/ipsec/esp_decrypt.c index 4981de33457..9a782abeb94 100644 --- a/src/plugins/dpdk/ipsec/esp_decrypt.c +++ b/src/plugins/dpdk/ipsec/esp_decrypt.c @@ -98,7 +98,6 @@ dpdk_esp_decrypt_inline (vlib_main_t * vm, vlib_frame_t * from_frame, int is_ip6) { u32 n_left_from, *from, *to_next, next_index, thread_index; - ipsec_main_t *im = &ipsec_main; u32 thread_idx = vlib_get_thread_index (); dpdk_crypto_main_t *dcm = &dpdk_crypto_main; crypto_resource_t *res = 0; @@ -181,7 +180,7 @@ dpdk_esp_decrypt_inline (vlib_main_t * vm, if (sa_index0 != last_sa_index) { - sa0 = pool_elt_at_index (im->sad, sa_index0); + sa0 = ipsec_sa_get (sa_index0); cipher_alg = vec_elt_at_index (dcm->cipher_algs, sa0->crypto_alg); @@ -498,7 +497,6 @@ dpdk_esp_decrypt_post_inline (vlib_main_t * vm, u32 n_left_from, *from, *to_next = 0, next_index; ipsec_sa_t *sa0; u32 sa_index0 = ~0; - ipsec_main_t *im = &ipsec_main; dpdk_crypto_main_t *dcm = &dpdk_crypto_main; from = vlib_frame_vector_args (from_frame); @@ -535,7 +533,7 @@ dpdk_esp_decrypt_post_inline (vlib_main_t * vm, esp0 = vlib_buffer_get_current (b0); sa_index0 = vnet_buffer (b0)->ipsec.sad_index; - sa0 = pool_elt_at_index (im->sad, sa_index0); + sa0 = ipsec_sa_get (sa_index0); to_next[0] = bi0; to_next += 1; diff --git a/src/plugins/dpdk/ipsec/esp_encrypt.c b/src/plugins/dpdk/ipsec/esp_encrypt.c index f50291fcf2f..157c93f417e 100644 --- a/src/plugins/dpdk/ipsec/esp_encrypt.c +++ b/src/plugins/dpdk/ipsec/esp_encrypt.c @@ -229,7 +229,7 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm, if (sa_index0 != last_sa_index) { - sa0 = pool_elt_at_index (im->sad, sa_index0); + sa0 = ipsec_sa_get (sa_index0); cipher_alg = vec_elt_at_index (dcm->cipher_algs, sa0->crypto_alg); diff --git a/src/plugins/dpdk/ipsec/ipsec.c b/src/plugins/dpdk/ipsec/ipsec.c index 5d9e10b3aa5..e260ba7dcc4 100644 --- a/src/plugins/dpdk/ipsec/ipsec.c +++ b/src/plugins/dpdk/ipsec/ipsec.c @@ -325,7 +325,6 @@ create_sym_session (struct rte_cryptodev_sym_session **session, crypto_worker_main_t * cwm, u8 is_outbound) { dpdk_crypto_main_t *dcm = &dpdk_crypto_main; - ipsec_main_t *im = &ipsec_main; crypto_data_t *data; ipsec_sa_t *sa; struct rte_crypto_sym_xform cipher_xform = { 0 }; @@ -334,8 +333,7 @@ create_sym_session (struct rte_cryptodev_sym_session **session, struct rte_cryptodev_sym_session **s; clib_error_t *error = 0; - - sa = pool_elt_at_index (im->sad, sa_idx); + sa = ipsec_sa_get (sa_idx); if ((sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_128) | (sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_192) | diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c index aaebf625ab2..7c57f22d5a3 100644 --- a/src/plugins/ikev2/ikev2.c +++ b/src/plugins/ikev2/ikev2.c @@ -5074,7 +5074,6 @@ ikev2_mngr_process_fn (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_frame_t * f) { ikev2_main_t *km = &ikev2_main; - ipsec_main_t *im = &ipsec_main; ikev2_profile_t *p; ikev2_child_sa_t *c; u32 *sai; @@ -5148,9 +5147,10 @@ ikev2_mngr_process_fn (vlib_main_t * vm, vlib_node_runtime_t * rt, /* process ipsec sas */ ipsec_sa_t *sa; /* *INDENT-OFF* */ - pool_foreach (sa, im->sad) { - ikev2_mngr_process_ipsec_sa(sa); - } + pool_foreach (sa, ipsec_sa_pool) + { + ikev2_mngr_process_ipsec_sa (sa); + } /* *INDENT-ON* */ ikev2_process_pending_sa_init (km); diff --git a/src/plugins/unittest/ipsec_test.c b/src/plugins/unittest/ipsec_test.c index c40e954786d..0e9865052b4 100644 --- a/src/plugins/unittest/ipsec_test.c +++ b/src/plugins/unittest/ipsec_test.c @@ -38,12 +38,11 @@ test_ipsec_command_fn (vlib_main_t * vm, if (~0 != sa_id) { - ipsec_main_t *im = &ipsec_main; ipsec_sa_t *sa; u32 sa_index; sa_index = ipsec_sa_find_and_lock (sa_id); - sa = pool_elt_at_index (im->sad, sa_index); + sa = ipsec_sa_get (sa_index); sa->seq = seq_num & 0xffffffff; sa->seq_hi = seq_num >> 32; |