summaryrefslogtreecommitdiffstats
path: root/src/plugins
diff options
context:
space:
mode:
authorNeale Ranns <neale@graphiant.com>2021-02-25 16:01:28 +0000
committerFlorin Coras <florin.coras@gmail.com>2021-02-26 02:12:06 +0000
commitc5fe57dac12a46fa618259643909afaec1ac5aae (patch)
tree6962f3f1a8d10f2f30f0884889aaa379d0d3e509 /src/plugins
parentcc9a1a0d39f22f653801f5d08bfe4892325254b5 (diff)
ipsec: move the IPSec SA pool out of ipsec_main
Type: refactor this allows the ipsec_sa_get funtion to be moved from ipsec.h to ipsec_sa.h where it belongs. Also use ipsec_sa_get throughout the code base. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I2dce726c4f7052b5507dd8dcfead0ed5604357df
Diffstat (limited to 'src/plugins')
-rw-r--r--src/plugins/dpdk/ipsec/esp_decrypt.c6
-rw-r--r--src/plugins/dpdk/ipsec/esp_encrypt.c2
-rw-r--r--src/plugins/dpdk/ipsec/ipsec.c4
-rw-r--r--src/plugins/ikev2/ikev2.c8
-rw-r--r--src/plugins/unittest/ipsec_test.c3
5 files changed, 9 insertions, 14 deletions
diff --git a/src/plugins/dpdk/ipsec/esp_decrypt.c b/src/plugins/dpdk/ipsec/esp_decrypt.c
index 4981de33457..9a782abeb94 100644
--- a/src/plugins/dpdk/ipsec/esp_decrypt.c
+++ b/src/plugins/dpdk/ipsec/esp_decrypt.c
@@ -98,7 +98,6 @@ dpdk_esp_decrypt_inline (vlib_main_t * vm,
vlib_frame_t * from_frame, int is_ip6)
{
u32 n_left_from, *from, *to_next, next_index, thread_index;
- ipsec_main_t *im = &ipsec_main;
u32 thread_idx = vlib_get_thread_index ();
dpdk_crypto_main_t *dcm = &dpdk_crypto_main;
crypto_resource_t *res = 0;
@@ -181,7 +180,7 @@ dpdk_esp_decrypt_inline (vlib_main_t * vm,
if (sa_index0 != last_sa_index)
{
- sa0 = pool_elt_at_index (im->sad, sa_index0);
+ sa0 = ipsec_sa_get (sa_index0);
cipher_alg =
vec_elt_at_index (dcm->cipher_algs, sa0->crypto_alg);
@@ -498,7 +497,6 @@ dpdk_esp_decrypt_post_inline (vlib_main_t * vm,
u32 n_left_from, *from, *to_next = 0, next_index;
ipsec_sa_t *sa0;
u32 sa_index0 = ~0;
- ipsec_main_t *im = &ipsec_main;
dpdk_crypto_main_t *dcm = &dpdk_crypto_main;
from = vlib_frame_vector_args (from_frame);
@@ -535,7 +533,7 @@ dpdk_esp_decrypt_post_inline (vlib_main_t * vm,
esp0 = vlib_buffer_get_current (b0);
sa_index0 = vnet_buffer (b0)->ipsec.sad_index;
- sa0 = pool_elt_at_index (im->sad, sa_index0);
+ sa0 = ipsec_sa_get (sa_index0);
to_next[0] = bi0;
to_next += 1;
diff --git a/src/plugins/dpdk/ipsec/esp_encrypt.c b/src/plugins/dpdk/ipsec/esp_encrypt.c
index f50291fcf2f..157c93f417e 100644
--- a/src/plugins/dpdk/ipsec/esp_encrypt.c
+++ b/src/plugins/dpdk/ipsec/esp_encrypt.c
@@ -229,7 +229,7 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm,
if (sa_index0 != last_sa_index)
{
- sa0 = pool_elt_at_index (im->sad, sa_index0);
+ sa0 = ipsec_sa_get (sa_index0);
cipher_alg =
vec_elt_at_index (dcm->cipher_algs, sa0->crypto_alg);
diff --git a/src/plugins/dpdk/ipsec/ipsec.c b/src/plugins/dpdk/ipsec/ipsec.c
index 5d9e10b3aa5..e260ba7dcc4 100644
--- a/src/plugins/dpdk/ipsec/ipsec.c
+++ b/src/plugins/dpdk/ipsec/ipsec.c
@@ -325,7 +325,6 @@ create_sym_session (struct rte_cryptodev_sym_session **session,
crypto_worker_main_t * cwm, u8 is_outbound)
{
dpdk_crypto_main_t *dcm = &dpdk_crypto_main;
- ipsec_main_t *im = &ipsec_main;
crypto_data_t *data;
ipsec_sa_t *sa;
struct rte_crypto_sym_xform cipher_xform = { 0 };
@@ -334,8 +333,7 @@ create_sym_session (struct rte_cryptodev_sym_session **session,
struct rte_cryptodev_sym_session **s;
clib_error_t *error = 0;
-
- sa = pool_elt_at_index (im->sad, sa_idx);
+ sa = ipsec_sa_get (sa_idx);
if ((sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_128) |
(sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_192) |
diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c
index aaebf625ab2..7c57f22d5a3 100644
--- a/src/plugins/ikev2/ikev2.c
+++ b/src/plugins/ikev2/ikev2.c
@@ -5074,7 +5074,6 @@ ikev2_mngr_process_fn (vlib_main_t * vm, vlib_node_runtime_t * rt,
vlib_frame_t * f)
{
ikev2_main_t *km = &ikev2_main;
- ipsec_main_t *im = &ipsec_main;
ikev2_profile_t *p;
ikev2_child_sa_t *c;
u32 *sai;
@@ -5148,9 +5147,10 @@ ikev2_mngr_process_fn (vlib_main_t * vm, vlib_node_runtime_t * rt,
/* process ipsec sas */
ipsec_sa_t *sa;
/* *INDENT-OFF* */
- pool_foreach (sa, im->sad) {
- ikev2_mngr_process_ipsec_sa(sa);
- }
+ pool_foreach (sa, ipsec_sa_pool)
+ {
+ ikev2_mngr_process_ipsec_sa (sa);
+ }
/* *INDENT-ON* */
ikev2_process_pending_sa_init (km);
diff --git a/src/plugins/unittest/ipsec_test.c b/src/plugins/unittest/ipsec_test.c
index c40e954786d..0e9865052b4 100644
--- a/src/plugins/unittest/ipsec_test.c
+++ b/src/plugins/unittest/ipsec_test.c
@@ -38,12 +38,11 @@ test_ipsec_command_fn (vlib_main_t * vm,
if (~0 != sa_id)
{
- ipsec_main_t *im = &ipsec_main;
ipsec_sa_t *sa;
u32 sa_index;
sa_index = ipsec_sa_find_and_lock (sa_id);
- sa = pool_elt_at_index (im->sad, sa_index);
+ sa = ipsec_sa_get (sa_index);
sa->seq = seq_num & 0xffffffff;
sa->seq_hi = seq_num >> 32;