summaryrefslogtreecommitdiffstats
path: root/src/plugins
diff options
context:
space:
mode:
authorNeale Ranns <nranns@cisco.com>2020-01-21 04:58:02 +0000
committerNeale Ranns <nranns@cisco.com>2020-01-22 22:35:03 +0000
commit7ec120e8dd8ab366fab27eca4e6402f213e24cc8 (patch)
tree936060953b9f27189b3172d2692c2768565126c5 /src/plugins
parent66300f6ab8da91201e78dcf502b0f6c872e5f23f (diff)
ipsec: re-enable DPDK IPSec for tunnel decap/encap (VPP-1823)
Type: fix Change-Id: Iff9b1960b122f7d326efc37770b4ae3e81eb3122 Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'src/plugins')
-rw-r--r--src/plugins/dpdk/ipsec/esp_decrypt.c5
-rw-r--r--src/plugins/dpdk/ipsec/esp_encrypt.c24
-rw-r--r--src/plugins/dpdk/ipsec/ipsec.c2
-rw-r--r--src/plugins/dpdk/ipsec/ipsec.h1
4 files changed, 27 insertions, 5 deletions
diff --git a/src/plugins/dpdk/ipsec/esp_decrypt.c b/src/plugins/dpdk/ipsec/esp_decrypt.c
index 112b96a12bd..315251694ba 100644
--- a/src/plugins/dpdk/ipsec/esp_decrypt.c
+++ b/src/plugins/dpdk/ipsec/esp_decrypt.c
@@ -256,7 +256,10 @@ dpdk_esp_decrypt_inline (vlib_main_t * vm,
if (is_ip6)
priv->next = DPDK_CRYPTO_INPUT_NEXT_DECRYPT6_POST;
else
- priv->next = DPDK_CRYPTO_INPUT_NEXT_DECRYPT4_POST;
+ {
+ priv->next = DPDK_CRYPTO_INPUT_NEXT_DECRYPT4_POST;
+ b0->flags |= VNET_BUFFER_F_IS_IP4;
+ }
/* FIXME multi-seg */
vlib_increment_combined_counter
diff --git a/src/plugins/dpdk/ipsec/esp_encrypt.c b/src/plugins/dpdk/ipsec/esp_encrypt.c
index dd37f081a15..7da5cf8876f 100644
--- a/src/plugins/dpdk/ipsec/esp_encrypt.c
+++ b/src/plugins/dpdk/ipsec/esp_encrypt.c
@@ -66,6 +66,8 @@ static char *esp_encrypt_error_strings[] = {
extern vlib_node_registration_t dpdk_esp4_encrypt_node;
extern vlib_node_registration_t dpdk_esp6_encrypt_node;
+extern vlib_node_registration_t dpdk_esp4_encrypt_tun_node;
+extern vlib_node_registration_t dpdk_esp6_encrypt_tun_node;
typedef struct
{
@@ -411,8 +413,16 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm,
}
else /* transport mode */
{
- priv->next = DPDK_CRYPTO_INPUT_NEXT_INTERFACE_OUTPUT;
- rewrite_len = vnet_buffer (b0)->ip.save_rewrite_length;
+ if (is_tun)
+ {
+ rewrite_len = 0;
+ priv->next = DPDK_CRYPTO_INPUT_NEXT_MIDCHAIN;
+ }
+ else
+ {
+ priv->next = DPDK_CRYPTO_INPUT_NEXT_INTERFACE_OUTPUT;
+ rewrite_len = vnet_buffer (b0)->ip.save_rewrite_length;
+ }
u16 adv = sizeof (esp_header_t) + iv_size + udp_encap_adv;
vlib_buffer_advance (b0, -adv - rewrite_len);
u8 *src = ((u8 *) ih0) - rewrite_len;
@@ -576,7 +586,10 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm,
}
if (is_ip6)
{
- vlib_node_increment_counter (vm, dpdk_esp6_encrypt_node.index,
+ vlib_node_increment_counter (vm,
+ (is_tun ?
+ dpdk_esp6_encrypt_tun_node.index :
+ dpdk_esp6_encrypt_node.index),
ESP_ENCRYPT_ERROR_RX_PKTS,
from_frame->n_vectors);
@@ -585,7 +598,10 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm,
}
else
{
- vlib_node_increment_counter (vm, dpdk_esp4_encrypt_node.index,
+ vlib_node_increment_counter (vm,
+ (is_tun ?
+ dpdk_esp4_encrypt_tun_node.index :
+ dpdk_esp4_encrypt_node.index),
ESP_ENCRYPT_ERROR_RX_PKTS,
from_frame->n_vectors);
diff --git a/src/plugins/dpdk/ipsec/ipsec.c b/src/plugins/dpdk/ipsec/ipsec.c
index 260775b0695..8837756554f 100644
--- a/src/plugins/dpdk/ipsec/ipsec.c
+++ b/src/plugins/dpdk/ipsec/ipsec.c
@@ -1049,9 +1049,11 @@ dpdk_ipsec_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
"dpdk-esp4-encrypt",
"dpdk-esp4-encrypt-tun",
"dpdk-esp4-decrypt",
+ "dpdk-esp4-decrypt",
"dpdk-esp6-encrypt",
"dpdk-esp6-encrypt-tun",
"dpdk-esp6-decrypt",
+ "dpdk-esp6-decrypt",
dpdk_ipsec_check_support,
add_del_sa_session);
int rv = ipsec_select_esp_backend (im, idx);
diff --git a/src/plugins/dpdk/ipsec/ipsec.h b/src/plugins/dpdk/ipsec/ipsec.h
index 572845927c8..741674376e3 100644
--- a/src/plugins/dpdk/ipsec/ipsec.h
+++ b/src/plugins/dpdk/ipsec/ipsec.h
@@ -38,6 +38,7 @@
_(IP4_LOOKUP, "ip4-lookup") \
_(IP6_LOOKUP, "ip6-lookup") \
_(INTERFACE_OUTPUT, "interface-output") \
+ _(MIDCHAIN, "adj-midchain-tx") \
_(DECRYPT4_POST, "dpdk-esp4-decrypt-post") \
_(DECRYPT6_POST, "dpdk-esp6-decrypt-post")