summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/plugins/dpdk/ipsec/cli.c2
-rw-r--r--src/plugins/dpdk/ipsec/esp_decrypt.c6
-rw-r--r--src/plugins/dpdk/ipsec/esp_encrypt.c8
-rw-r--r--src/vnet/ipsec/ipsec.c29
4 files changed, 28 insertions, 17 deletions
diff --git a/src/plugins/dpdk/ipsec/cli.c b/src/plugins/dpdk/ipsec/cli.c
index 2dcfe1d5441..ad6025f72ea 100644
--- a/src/plugins/dpdk/ipsec/cli.c
+++ b/src/plugins/dpdk/ipsec/cli.c
@@ -287,7 +287,7 @@ set_dpdk_crypto_placement_fn (vlib_main_t * vm,
crypto_dev_t *dev;
u32 thread_idx, i;
u16 res_idx, *idx;
- u8 dev_idx, auto_en;
+ u8 dev_idx, auto_en = 0;
if (!unformat_user (input, unformat_line_input, line_input))
return clib_error_return (0, "invalid syntax");
diff --git a/src/plugins/dpdk/ipsec/esp_decrypt.c b/src/plugins/dpdk/ipsec/esp_decrypt.c
index 90be466efd7..36be24ba430 100644
--- a/src/plugins/dpdk/ipsec/esp_decrypt.c
+++ b/src/plugins/dpdk/ipsec/esp_decrypt.c
@@ -165,8 +165,6 @@ dpdk_esp_decrypt_node_fn (vlib_main_t * vm,
if (sa_index0 != last_sa_index)
{
- last_sa_index = sa_index0;
-
sa0 = pool_elt_at_index (im->sad, sa_index0);
cipher_alg = vec_elt_at_index (dcm->cipher_algs, sa0->crypto_alg);
@@ -207,6 +205,8 @@ dpdk_esp_decrypt_node_fn (vlib_main_t * vm,
n_left_to_next -= 1;
goto trace;
}
+
+ last_sa_index = sa_index0;
}
/* anti-replay check */
@@ -283,7 +283,7 @@ dpdk_esp_decrypt_node_fn (vlib_main_t * vm,
digest = vlib_buffer_get_tail (b0) - trunc_size;
- if (cipher_alg->alg == RTE_CRYPTO_CIPHER_AES_CBC)
+ if (!is_aead && cipher_alg->alg == RTE_CRYPTO_CIPHER_AES_CBC)
clib_memcpy(icb, iv, 16);
else /* CTR/GCM */
{
diff --git a/src/plugins/dpdk/ipsec/esp_encrypt.c b/src/plugins/dpdk/ipsec/esp_encrypt.c
index 3ce22843289..a1ef798e070 100644
--- a/src/plugins/dpdk/ipsec/esp_encrypt.c
+++ b/src/plugins/dpdk/ipsec/esp_encrypt.c
@@ -191,8 +191,6 @@ dpdk_esp_encrypt_node_fn (vlib_main_t * vm,
if (sa_index0 != last_sa_index)
{
- last_sa_index = sa_index0;
-
sa0 = pool_elt_at_index (im->sad, sa_index0);
cipher_alg =
@@ -238,6 +236,8 @@ dpdk_esp_encrypt_node_fn (vlib_main_t * vm,
n_left_to_next -= 1;
goto trace;
}
+
+ last_sa_index = sa_index0;
}
if (PREDICT_FALSE (esp_seq_advance (sa0)))
@@ -375,7 +375,7 @@ dpdk_esp_encrypt_node_fn (vlib_main_t * vm,
rewrite_len + ip4_header_bytes (&ih0->ip4));
oh0->ip4.protocol = IP_PROTOCOL_IPSEC_ESP;
esp0 =
- (esp_header_t *) (oh6_0 + ip4_header_bytes (&ih0->ip4));
+ (esp_header_t *) (oh0 + ip4_header_bytes (&ih0->ip4));
}
esp0->spi = clib_host_to_net_u32 (sa0->spi);
esp0->seq = clib_host_to_net_u32 (sa0->seq);
@@ -421,7 +421,7 @@ dpdk_esp_encrypt_node_fn (vlib_main_t * vm,
u32 *aad = NULL;
u8 *digest = vlib_buffer_get_tail (b0) - trunc_size;
- if (cipher_alg->alg == RTE_CRYPTO_CIPHER_AES_CBC)
+ if (!is_aead && cipher_alg->alg == RTE_CRYPTO_CIPHER_AES_CBC)
{
cipher_off = sizeof (esp_header_t);
cipher_len = iv_size + pad_payload_len;
diff --git a/src/vnet/ipsec/ipsec.c b/src/vnet/ipsec/ipsec.c
index ba0d68bde97..828bfe81e43 100644
--- a/src/vnet/ipsec/ipsec.c
+++ b/src/vnet/ipsec/ipsec.c
@@ -414,6 +414,7 @@ ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add)
ipsec_sa_t *sa = 0;
uword *p;
u32 sa_index;
+ clib_error_t *err;
clib_warning ("id %u spi %u", new_sa->id, new_sa->spi);
@@ -433,9 +434,12 @@ ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add)
return VNET_API_ERROR_SYSCALL_ERROR_1; /* sa used in policy */
}
hash_unset (im->sa_index_by_sa_id, sa->id);
- if (im->cb.add_del_sa_sess_cb &&
- im->cb.add_del_sa_sess_cb (sa_index, 0) < 0)
- return VNET_API_ERROR_SYSCALL_ERROR_1;
+ if (im->cb.add_del_sa_sess_cb)
+ {
+ err = im->cb.add_del_sa_sess_cb (sa_index, 0);
+ if (err)
+ return VNET_API_ERROR_SYSCALL_ERROR_1;
+ }
pool_put (im->sad, sa);
}
else /* create new SA */
@@ -444,9 +448,12 @@ ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add)
clib_memcpy (sa, new_sa, sizeof (*sa));
sa_index = sa - im->sad;
hash_set (im->sa_index_by_sa_id, sa->id, sa_index);
- if (im->cb.add_del_sa_sess_cb &&
- im->cb.add_del_sa_sess_cb (sa_index, 1) < 0)
- return VNET_API_ERROR_SYSCALL_ERROR_1;
+ if (im->cb.add_del_sa_sess_cb)
+ {
+ err = im->cb.add_del_sa_sess_cb (sa_index, 1);
+ if (err)
+ return VNET_API_ERROR_SYSCALL_ERROR_1;
+ }
}
return 0;
}
@@ -458,6 +465,7 @@ ipsec_set_sa_key (vlib_main_t * vm, ipsec_sa_t * sa_update)
uword *p;
u32 sa_index;
ipsec_sa_t *sa = 0;
+ clib_error_t *err;
p = hash_get (im->sa_index_by_sa_id, sa_update->id);
if (!p)
@@ -484,9 +492,12 @@ ipsec_set_sa_key (vlib_main_t * vm, ipsec_sa_t * sa_update)
if (0 < sa_update->crypto_key_len || 0 < sa_update->integ_key_len)
{
- if (im->cb.add_del_sa_sess_cb &&
- im->cb.add_del_sa_sess_cb (sa_index, 0) < 0)
- return VNET_API_ERROR_SYSCALL_ERROR_1;
+ if (im->cb.add_del_sa_sess_cb)
+ {
+ err = im->cb.add_del_sa_sess_cb (sa_index, 0);
+ if (err)
+ return VNET_API_ERROR_SYSCALL_ERROR_1;
+ }
}
return 0;