diff options
| author |   Neale Ranns <neale@graphiant.com> | 2021-02-25 19:09:24 +0000 |
|---|---|---|
| committer |   Damjan Marion <dmarion@me.com> | 2021-03-05 10:34:55 +0000 |
| commit | f16e9a5507c33642ac04d4b1a8712f8fac238828 (patch) | |
| tree | 4e38ba12c88fde939317d091f45026471f0f506b /src/vnet/ipsec/esp.h | |
| parent | fc81134a26458a8358483b0d2908a6b83afb7f11 (diff) | |
ipsec: Support async mode per-SA
Type: feature
This feautre only applies to ESP not AH SAs.
As well as the gobal switch for ayncs mode, allow individual SAs to be
async.
If global async is on, all SAs are async. If global async mode is off,
then if then an SA can be individually set to async. This preserves the
global switch behaviour.
the stratergy in the esp encrypt.decrypt nodes is to separate the frame
into, 1) sync buffers, 2) async buffers and 3) no-op buffers.
Sync buffer will undergo a cyrpto/ath operation, no-op will not, they
are dropped or handed-off.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ifc15b10b870b19413ad030ce7f92ed56275d6791
Diffstat (limited to 'src/vnet/ipsec/esp.h')
| -rw-r--r-- | src/vnet/ipsec/esp.h | 35 |
1 files changed, 15 insertions, 20 deletions
diff --git a/src/vnet/ipsec/esp.h b/src/vnet/ipsec/esp.h index 51386e68844..a0643c3b939 100644 --- a/src/vnet/ipsec/esp.h +++ b/src/vnet/ipsec/esp.h @@ -146,38 +146,33 @@ esp_aad_fill (u8 * data, const esp_header_t * esp, const ipsec_sa_t * sa) * to next nodes. */ always_inline void -esp_set_next_index (int is_async, u32 * from, u16 * nexts, u32 bi, - u16 * drop_index, u16 drop_next, u16 * next) +esp_set_next_index (vlib_buffer_t *b, vlib_node_runtime_t *node, u32 err, + u16 index, u16 *nexts, u16 drop_next) { - if (is_async) - { - from[*drop_index] = bi; - nexts[*drop_index] = drop_next; - *drop_index += 1; - } - else - next[0] = drop_next; + nexts[index] = drop_next; + b->error = node->errors[err]; } /* when submitting a frame is failed, drop all buffers in the frame */ -always_inline void -esp_async_recycle_failed_submit (vnet_crypto_async_frame_t * f, - vlib_buffer_t ** b, u32 * from, u16 * nexts, - u16 * n_dropped, u16 drop_next_index, - vlib_error_t err) +always_inline u32 +esp_async_recycle_failed_submit (vlib_main_t *vm, vnet_crypto_async_frame_t *f, + vlib_node_runtime_t *node, u32 err, u16 index, + u32 *from, u16 *nexts, u16 drop_next_index) { u32 n_drop = f->n_elts; u32 *bi = f->buffer_indices; - b -= n_drop; + while (n_drop--) { - b[0]->error = err; - esp_set_next_index (1, from, nexts, bi[0], n_dropped, drop_next_index, - NULL); + from[index] = bi[0]; + esp_set_next_index (vlib_get_buffer (vm, bi[0]), node, err, index, nexts, + drop_next_index); bi++; - b++; + index++; } vnet_crypto_async_reset_frame (f); + + return (f->n_elts); } /** |