aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet
diff options
context:
space:
mode:
authorChenmin Sun <chenmin.sun@intel.com>2020-06-22 18:21:31 +0800
committerDamjan Marion <dmarion@me.com>2020-06-27 10:18:05 +0000
commitd4c3666b9aef1050796677320460dee2df44a830 (patch)
tree4ca4806b9ed8bfbae58d0278270c23ad402d1a40 /src/vnet
parentb5ca55962d3a9e10068b153cc863fed421871fff (diff)
flow: add IPSec ESP/AH flow
This patch adds the IPSec ESP/AH type flow support Have tested on E810 with Intel iAVF driver Type: feature Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: I6ab8e69f67c423cc4e33f3c363881a97cdb98c30
Diffstat (limited to 'src/vnet')
-rw-r--r--src/vnet/flow/flow.h14
-rw-r--r--src/vnet/flow/flow_cli.c30
2 files changed, 43 insertions, 1 deletions
diff --git a/src/vnet/flow/flow.h b/src/vnet/flow/flow.h
index a880b8a69be..b5ec7ccd142 100644
--- a/src/vnet/flow/flow.h
+++ b/src/vnet/flow/flow.h
@@ -33,6 +33,8 @@
_(IP6_N_TUPLE_TAGGED, ip6_n_tuple_tagged, "ipv6-n-tuple-tagged") \
/* IP tunnel flow */ \
_(IP4_L2TPV3OIP, ip4_l2tpv3oip, "ipv4-l2tpv3oip") \
+ _(IP4_IPSEC_ESP, ip4_ipsec_esp, "ipv4-ipsec-esp") \
+ _(IP4_IPSEC_AH, ip4_ipsec_ah, "ipv4-ipsec-ah") \
/* L4 tunnel flow*/ \
_(IP4_VXLAN, ip4_vxlan, "ipv4-vxlan") \
_(IP6_VXLAN, ip6_vxlan, "ipv6-vxlan") \
@@ -82,6 +84,18 @@
_fe(ip_protocol_t, protocol) \
_fe(u32, session_id)
+#define foreach_flow_entry_ip4_ipsec_esp \
+ _fe(ip4_address_and_mask_t, src_addr) \
+ _fe(ip4_address_and_mask_t, dst_addr) \
+ _fe(ip_protocol_t, protocol) \
+ _fe(u32, spi)
+
+#define foreach_flow_entry_ip4_ipsec_ah \
+ _fe(ip4_address_and_mask_t, src_addr) \
+ _fe(ip4_address_and_mask_t, dst_addr) \
+ _fe(ip_protocol_t, protocol) \
+ _fe(u32, spi)
+
#define foreach_flow_entry_ip4_vxlan \
_fe(ip4_address_t, src_addr) \
_fe(ip4_address_t, dst_addr) \
diff --git a/src/vnet/flow/flow_cli.c b/src/vnet/flow/flow_cli.c
index 364b475dc3e..98007a7723e 100644
--- a/src/vnet/flow/flow_cli.c
+++ b/src/vnet/flow/flow_cli.c
@@ -276,11 +276,12 @@ test_flow (vlib_main_t * vm, unformat_input_t * input,
} action = FLOW_UNKNOWN_ACTION;
u32 hw_if_index = ~0, flow_index = ~0;
int rv;
- u32 prot = 0, teid = 0, session_id = 0;
+ u32 prot = 0, teid = 0, session_id = 0, spi = 0;
vnet_flow_type_t type = VNET_FLOW_TYPE_IP4_N_TUPLE;
bool is_gtpc_set = false;
bool is_gtpu_set = false;
bool is_l2tpv3oip_set = false;
+ bool is_ipsec_esp_set = false, is_ipsec_ah_set = false;
vnet_flow_type_t outer_type = VNET_FLOW_TYPE_UNKNOWN;
vnet_flow_type_t inner_type = VNET_FLOW_TYPE_UNKNOWN;
bool outer_ip4_set = false, inner_ip4_set = false;
@@ -363,6 +364,13 @@ test_flow (vlib_main_t * vm, unformat_input_t * input,
if (prot == IP_PROTOCOL_L2TP)
is_l2tpv3oip_set = true;
}
+ else if (unformat (line_input, "spi %u", &spi))
+ {
+ if (prot == IP_PROTOCOL_IPSEC_ESP)
+ is_ipsec_esp_set = true;
+ else if (prot == IP_PROTOCOL_IPSEC_AH)
+ is_ipsec_ah_set = true;
+ }
else if (unformat (line_input, "index %u", &flow_index))
;
else if (unformat (line_input, "next-node %U", unformat_vlib_node, vm,
@@ -489,6 +497,10 @@ test_flow (vlib_main_t * vm, unformat_input_t * input,
type = VNET_FLOW_TYPE_IP4_GTPU;
else if (is_l2tpv3oip_set)
type = VNET_FLOW_TYPE_IP4_L2TPV3OIP;
+ else if (is_ipsec_esp_set)
+ type = VNET_FLOW_TYPE_IP4_IPSEC_ESP;
+ else if (is_ipsec_ah_set)
+ type = VNET_FLOW_TYPE_IP4_IPSEC_AH;
}
else if (inner_type == VNET_FLOW_TYPE_IP4_N_TUPLE)
{
@@ -539,6 +551,22 @@ test_flow (vlib_main_t * vm, unformat_input_t * input,
flow.ip4_l2tpv3oip.protocol = prot;
flow.ip4_l2tpv3oip.session_id = session_id;
break;
+ case VNET_FLOW_TYPE_IP4_IPSEC_ESP:
+ clib_memcpy (&flow.ip4_ipsec_esp.src_addr, &ip4s,
+ sizeof (ip4_address_and_mask_t));
+ clib_memcpy (&flow.ip4_ipsec_esp.dst_addr, &ip4d,
+ sizeof (ip4_address_and_mask_t));
+ flow.ip4_ipsec_esp.protocol = prot;
+ flow.ip4_ipsec_esp.spi = spi;
+ break;
+ case VNET_FLOW_TYPE_IP4_IPSEC_AH:
+ clib_memcpy (&flow.ip4_ipsec_ah.src_addr, &ip4s,
+ sizeof (ip4_address_and_mask_t));
+ clib_memcpy (&flow.ip4_ipsec_ah.dst_addr, &ip4d,
+ sizeof (ip4_address_and_mask_t));
+ flow.ip4_ipsec_ah.protocol = prot;
+ flow.ip4_ipsec_ah.spi = spi;
+ break;
case VNET_FLOW_TYPE_IP4_N_TUPLE:
case VNET_FLOW_TYPE_IP4_GTPC:
case VNET_FLOW_TYPE_IP4_GTPU: