diff options
| author |   Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com> | 2017-08-26 15:22:05 +0100 |
|---|---|---|
| committer |   Damjan Marion <dmarion.lists@gmail.com> | 2017-10-05 09:54:34 +0000 |
| commit | db93cd971320301eb21403caabada7a3ec6a4cce (patch) | |
| tree | 01c57f4f476a97805411a74d665eedb72331f91e /src/vnet/ipsec/ipsec.c | |
| parent | 7939f904600018aeed9d8cc9d19ca37c7e96f3d1 (diff) | |
dpdk/ipsec: rework plus improved cli commands
This patch reworks the DPDK ipsec implementation including the cryptodev
management as well as replacing new cli commands for better usability.
For the data path:
- The dpdk-esp-encrypt-post node is not necessary anymore.
- IPv4 packets in the decrypt path are sent to ip4-input-no-checksum instead
of ip4-input.
The DPDK cryptodev cli commands are replaced by the following new commands:
- show dpdk crypto devices
- show dpdk crypto placement [verbose]
- set dpdk crypto placement (<device> <thread> | auto)
- clear dpdk crypto placement <device> [<thread>]
- show dpdk crypto pools
Change-Id: I47324517ede82d3e6e0e9f9c71c1a3433714b27b
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Diffstat (limited to 'src/vnet/ipsec/ipsec.c')
| -rw-r--r-- | src/vnet/ipsec/ipsec.c | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/src/vnet/ipsec/ipsec.c b/src/vnet/ipsec/ipsec.c index cfe434ab457..ba0d68bde97 100644 --- a/src/vnet/ipsec/ipsec.c +++ b/src/vnet/ipsec/ipsec.c @@ -434,7 +434,7 @@ ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add) } hash_unset (im->sa_index_by_sa_id, sa->id); if (im->cb.add_del_sa_sess_cb && - im->cb.add_del_sa_sess_cb (sa_index, is_add) < 0) + im->cb.add_del_sa_sess_cb (sa_index, 0) < 0) return VNET_API_ERROR_SYSCALL_ERROR_1; pool_put (im->sad, sa); } @@ -445,7 +445,7 @@ ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add) sa_index = sa - im->sad; hash_set (im->sa_index_by_sa_id, sa->id, sa_index); if (im->cb.add_del_sa_sess_cb && - im->cb.add_del_sa_sess_cb (sa_index, is_add) < 0) + im->cb.add_del_sa_sess_cb (sa_index, 1) < 0) return VNET_API_ERROR_SYSCALL_ERROR_1; } return 0; @@ -482,7 +482,7 @@ ipsec_set_sa_key (vlib_main_t * vm, ipsec_sa_t * sa_update) sa->integ_key_len = sa_update->integ_key_len; } - if (sa->crypto_key_len + sa->integ_key_len > 0) + if (0 < sa_update->crypto_key_len || 0 < sa_update->integ_key_len) { if (im->cb.add_del_sa_sess_cb && im->cb.add_del_sa_sess_cb (sa_index, 0) < 0) @@ -516,8 +516,6 @@ ipsec_check_support (ipsec_sa_t * sa) return clib_error_return (0, "unsupported aes-gcm-128 crypto-alg"); if (sa->integ_alg == IPSEC_INTEG_ALG_NONE) return clib_error_return (0, "unsupported none integ-alg"); - if (sa->integ_alg == IPSEC_INTEG_ALG_AES_GCM_128) - return clib_error_return (0, "unsupported aes-gcm-128 integ-alg"); return 0; } |