diff options
Diffstat (limited to 'src/plugins/dpdk/ipsec/esp_encrypt.c')
-rw-r--r-- | src/plugins/dpdk/ipsec/esp_encrypt.c | 77 |
1 files changed, 73 insertions, 4 deletions
diff --git a/src/plugins/dpdk/ipsec/esp_encrypt.c b/src/plugins/dpdk/ipsec/esp_encrypt.c index 653c158fb94..45a6257f7e8 100644 --- a/src/plugins/dpdk/ipsec/esp_encrypt.c +++ b/src/plugins/dpdk/ipsec/esp_encrypt.c @@ -110,7 +110,7 @@ format_esp_encrypt_trace (u8 * s, va_list * args) always_inline uword dpdk_esp_encrypt_inline (vlib_main_t * vm, vlib_node_runtime_t * node, - vlib_frame_t * from_frame, int is_ip6) + vlib_frame_t * from_frame, int is_ip6, int is_tun) { u32 n_left_from, *from, *to_next, next_index, thread_index; ipsec_main_t *im = &ipsec_main; @@ -210,7 +210,16 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm, sizeof (op[0]) + sizeof (op[0].sym[0]) + sizeof (priv[0]); CLIB_PREFETCH (op, op_len, STORE); - sa_index0 = vnet_buffer (b0)->ipsec.sad_index; + if (is_tun) + { + u32 tmp; + /* we are on a ipsec tunnel's feature arc */ + sa_index0 = *(u32 *) vnet_feature_next_with_data (&tmp, b0, + sizeof + (sa_index0)); + } + else + sa_index0 = vnet_buffer (b0)->ipsec.sad_index; if (sa_index0 != last_sa_index) { @@ -586,7 +595,7 @@ VLIB_NODE_FN (dpdk_esp4_encrypt_node) (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * from_frame) { - return dpdk_esp_encrypt_inline (vm, node, from_frame, 0 /*is_ip6 */ ); + return dpdk_esp_encrypt_inline (vm, node, from_frame, 0 /*is_ip6 */ , 0); } /* *INDENT-OFF* */ @@ -609,7 +618,7 @@ VLIB_NODE_FN (dpdk_esp6_encrypt_node) (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * from_frame) { - return dpdk_esp_encrypt_inline (vm, node, from_frame, 1 /*is_ip6 */ ); + return dpdk_esp_encrypt_inline (vm, node, from_frame, 1 /*is_ip6 */ , 0); } /* *INDENT-OFF* */ @@ -628,6 +637,66 @@ VLIB_REGISTER_NODE (dpdk_esp6_encrypt_node) = { }; /* *INDENT-ON* */ +VLIB_NODE_FN (dpdk_esp4_encrypt_tun_node) (vlib_main_t * vm, + vlib_node_runtime_t * node, + vlib_frame_t * from_frame) +{ + return dpdk_esp_encrypt_inline (vm, node, from_frame, 0 /*is_ip6 */ , 1); +} + +/* *INDENT-OFF* */ +VLIB_REGISTER_NODE (dpdk_esp4_encrypt_tun_node) = { + .name = "dpdk-esp4-encrypt-tun", + .flags = VLIB_NODE_FLAG_IS_OUTPUT, + .vector_size = sizeof (u32), + .format_trace = format_esp_encrypt_trace, + .n_errors = ARRAY_LEN (esp_encrypt_error_strings), + .error_strings = esp_encrypt_error_strings, + .n_next_nodes = 1, + .next_nodes = + { + [ESP_ENCRYPT_NEXT_DROP] = "error-drop", + } +}; + +VNET_FEATURE_INIT (dpdk_esp4_encrypt_tun_feat_node, static) = +{ + .arc_name = "ip4-output", + .node_name = "dpdk-esp4-encrypt-tun", + .runs_before = VNET_FEATURES ("adj-midchain-tx"), +}; +/* *INDENT-ON* */ + +VLIB_NODE_FN (dpdk_esp6_encrypt_tun_node) (vlib_main_t * vm, + vlib_node_runtime_t * node, + vlib_frame_t * from_frame) +{ + return dpdk_esp_encrypt_inline (vm, node, from_frame, 1 /*is_ip6 */ , 1); +} + +/* *INDENT-OFF* */ +VLIB_REGISTER_NODE (dpdk_esp6_encrypt_tun_node) = { + .name = "dpdk-esp6-encrypt-tun", + .flags = VLIB_NODE_FLAG_IS_OUTPUT, + .vector_size = sizeof (u32), + .format_trace = format_esp_encrypt_trace, + .n_errors = ARRAY_LEN (esp_encrypt_error_strings), + .error_strings = esp_encrypt_error_strings, + .n_next_nodes = 1, + .next_nodes = + { + [ESP_ENCRYPT_NEXT_DROP] = "error-drop", + } +}; + +VNET_FEATURE_INIT (dpdk_esp6_encrypt_tun_feat_node, static) = +{ + .arc_name = "ip6-output", + .node_name = "dpdk-esp6-encrypt-tun", + .runs_before = VNET_FEATURES ("adj-midchain-tx"), +}; +/* *INDENT-ON* */ + /* * fd.io coding-style-patch-verification: ON * |