diff options
-rw-r--r-- | src/plugins/dpdk/ipsec/cli.c | 2 | ||||
-rw-r--r-- | src/plugins/dpdk/ipsec/esp_decrypt.c | 6 | ||||
-rw-r--r-- | src/plugins/dpdk/ipsec/esp_encrypt.c | 8 | ||||
-rw-r--r-- | src/vnet/ipsec/ipsec.c | 29 |
4 files changed, 28 insertions, 17 deletions
diff --git a/src/plugins/dpdk/ipsec/cli.c b/src/plugins/dpdk/ipsec/cli.c index 2dcfe1d5441..ad6025f72ea 100644 --- a/src/plugins/dpdk/ipsec/cli.c +++ b/src/plugins/dpdk/ipsec/cli.c @@ -287,7 +287,7 @@ set_dpdk_crypto_placement_fn (vlib_main_t * vm, crypto_dev_t *dev; u32 thread_idx, i; u16 res_idx, *idx; - u8 dev_idx, auto_en; + u8 dev_idx, auto_en = 0; if (!unformat_user (input, unformat_line_input, line_input)) return clib_error_return (0, "invalid syntax"); diff --git a/src/plugins/dpdk/ipsec/esp_decrypt.c b/src/plugins/dpdk/ipsec/esp_decrypt.c index 90be466efd7..36be24ba430 100644 --- a/src/plugins/dpdk/ipsec/esp_decrypt.c +++ b/src/plugins/dpdk/ipsec/esp_decrypt.c @@ -165,8 +165,6 @@ dpdk_esp_decrypt_node_fn (vlib_main_t * vm, if (sa_index0 != last_sa_index) { - last_sa_index = sa_index0; - sa0 = pool_elt_at_index (im->sad, sa_index0); cipher_alg = vec_elt_at_index (dcm->cipher_algs, sa0->crypto_alg); @@ -207,6 +205,8 @@ dpdk_esp_decrypt_node_fn (vlib_main_t * vm, n_left_to_next -= 1; goto trace; } + + last_sa_index = sa_index0; } /* anti-replay check */ @@ -283,7 +283,7 @@ dpdk_esp_decrypt_node_fn (vlib_main_t * vm, digest = vlib_buffer_get_tail (b0) - trunc_size; - if (cipher_alg->alg == RTE_CRYPTO_CIPHER_AES_CBC) + if (!is_aead && cipher_alg->alg == RTE_CRYPTO_CIPHER_AES_CBC) clib_memcpy(icb, iv, 16); else /* CTR/GCM */ { diff --git a/src/plugins/dpdk/ipsec/esp_encrypt.c b/src/plugins/dpdk/ipsec/esp_encrypt.c index 3ce22843289..a1ef798e070 100644 --- a/src/plugins/dpdk/ipsec/esp_encrypt.c +++ b/src/plugins/dpdk/ipsec/esp_encrypt.c @@ -191,8 +191,6 @@ dpdk_esp_encrypt_node_fn (vlib_main_t * vm, if (sa_index0 != last_sa_index) { - last_sa_index = sa_index0; - sa0 = pool_elt_at_index (im->sad, sa_index0); cipher_alg = @@ -238,6 +236,8 @@ dpdk_esp_encrypt_node_fn (vlib_main_t * vm, n_left_to_next -= 1; goto trace; } + + last_sa_index = sa_index0; } if (PREDICT_FALSE (esp_seq_advance (sa0))) @@ -375,7 +375,7 @@ dpdk_esp_encrypt_node_fn (vlib_main_t * vm, rewrite_len + ip4_header_bytes (&ih0->ip4)); oh0->ip4.protocol = IP_PROTOCOL_IPSEC_ESP; esp0 = - (esp_header_t *) (oh6_0 + ip4_header_bytes (&ih0->ip4)); + (esp_header_t *) (oh0 + ip4_header_bytes (&ih0->ip4)); } esp0->spi = clib_host_to_net_u32 (sa0->spi); esp0->seq = clib_host_to_net_u32 (sa0->seq); @@ -421,7 +421,7 @@ dpdk_esp_encrypt_node_fn (vlib_main_t * vm, u32 *aad = NULL; u8 *digest = vlib_buffer_get_tail (b0) - trunc_size; - if (cipher_alg->alg == RTE_CRYPTO_CIPHER_AES_CBC) + if (!is_aead && cipher_alg->alg == RTE_CRYPTO_CIPHER_AES_CBC) { cipher_off = sizeof (esp_header_t); cipher_len = iv_size + pad_payload_len; diff --git a/src/vnet/ipsec/ipsec.c b/src/vnet/ipsec/ipsec.c index ba0d68bde97..828bfe81e43 100644 --- a/src/vnet/ipsec/ipsec.c +++ b/src/vnet/ipsec/ipsec.c @@ -414,6 +414,7 @@ ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add) ipsec_sa_t *sa = 0; uword *p; u32 sa_index; + clib_error_t *err; clib_warning ("id %u spi %u", new_sa->id, new_sa->spi); @@ -433,9 +434,12 @@ ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add) return VNET_API_ERROR_SYSCALL_ERROR_1; /* sa used in policy */ } hash_unset (im->sa_index_by_sa_id, sa->id); - if (im->cb.add_del_sa_sess_cb && - im->cb.add_del_sa_sess_cb (sa_index, 0) < 0) - return VNET_API_ERROR_SYSCALL_ERROR_1; + if (im->cb.add_del_sa_sess_cb) + { + err = im->cb.add_del_sa_sess_cb (sa_index, 0); + if (err) + return VNET_API_ERROR_SYSCALL_ERROR_1; + } pool_put (im->sad, sa); } else /* create new SA */ @@ -444,9 +448,12 @@ ipsec_add_del_sa (vlib_main_t * vm, ipsec_sa_t * new_sa, int is_add) clib_memcpy (sa, new_sa, sizeof (*sa)); sa_index = sa - im->sad; hash_set (im->sa_index_by_sa_id, sa->id, sa_index); - if (im->cb.add_del_sa_sess_cb && - im->cb.add_del_sa_sess_cb (sa_index, 1) < 0) - return VNET_API_ERROR_SYSCALL_ERROR_1; + if (im->cb.add_del_sa_sess_cb) + { + err = im->cb.add_del_sa_sess_cb (sa_index, 1); + if (err) + return VNET_API_ERROR_SYSCALL_ERROR_1; + } } return 0; } @@ -458,6 +465,7 @@ ipsec_set_sa_key (vlib_main_t * vm, ipsec_sa_t * sa_update) uword *p; u32 sa_index; ipsec_sa_t *sa = 0; + clib_error_t *err; p = hash_get (im->sa_index_by_sa_id, sa_update->id); if (!p) @@ -484,9 +492,12 @@ ipsec_set_sa_key (vlib_main_t * vm, ipsec_sa_t * sa_update) if (0 < sa_update->crypto_key_len || 0 < sa_update->integ_key_len) { - if (im->cb.add_del_sa_sess_cb && - im->cb.add_del_sa_sess_cb (sa_index, 0) < 0) - return VNET_API_ERROR_SYSCALL_ERROR_1; + if (im->cb.add_del_sa_sess_cb) + { + err = im->cb.add_del_sa_sess_cb (sa_index, 0); + if (err) + return VNET_API_ERROR_SYSCALL_ERROR_1; + } } return 0; |