dpdk: rework cryptodev ipsec build and setup
Build Cryptodev IPsec support by default when DPDK is enabled but only build
hardware Cryptodev PMDs.
To enable Cryptodev support, a new startup.conf option for dpdk has been
introduced 'enable-cryptodev'.
During VPP init, if Cryptodev support is not enabled or not enough cryptodev
resources are available then default to OpenSSL ipsec implementation.
Change-Id: I5aa7e0d5c2676bdb41d775ef40364536a081956d
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
diff --git a/src/vnet/ipsec/ipsec_if_out.c b/src/vnet/ipsec/ipsec_if_out.c
index 8f06282..62ff67a 100644
--- a/src/vnet/ipsec/ipsec_if_out.c
+++ b/src/vnet/ipsec/ipsec_if_out.c
@@ -21,12 +21,6 @@
#include <vnet/ipsec/ipsec.h>
-#if DPDK_CRYPTO==1
-#define ESP_NODE "dpdk-esp-encrypt"
-#else
-#define ESP_NODE "esp-encrypt"
-#endif
-
/* Statistics (not really errors) */
#define foreach_ipsec_if_output_error \
_(TX, "good packets transmitted")
@@ -45,12 +39,6 @@
IPSEC_IF_OUTPUT_N_ERROR,
} ipsec_if_output_error_t;
-typedef enum
-{
- IPSEC_IF_OUTPUT_NEXT_ESP_ENCRYPT,
- IPSEC_IF_OUTPUT_NEXT_DROP,
- IPSEC_IF_OUTPUT_N_NEXT,
-} ipsec_if_output_next_t;
typedef struct
{
@@ -58,7 +46,6 @@
u32 seq;
} ipsec_if_output_trace_t;
-
u8 *
format_ipsec_if_output_trace (u8 * s, va_list * args)
{
@@ -106,7 +93,7 @@
hi0 = vnet_get_sup_hw_interface (vnm, sw_if_index0);
t0 = pool_elt_at_index (im->tunnel_interfaces, hi0->dev_instance);
vnet_buffer (b0)->ipsec.sad_index = t0->output_sa_index;
- next0 = IPSEC_IF_OUTPUT_NEXT_ESP_ENCRYPT;
+ next0 = im->esp_encrypt_next_index;
if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
{
@@ -142,12 +129,7 @@
.n_errors = ARRAY_LEN(ipsec_if_output_error_strings),
.error_strings = ipsec_if_output_error_strings,
- .n_next_nodes = IPSEC_IF_OUTPUT_N_NEXT,
-
- .next_nodes = {
- [IPSEC_IF_OUTPUT_NEXT_ESP_ENCRYPT] = ESP_NODE,
- [IPSEC_IF_OUTPUT_NEXT_DROP] = "error-drop",
- },
+ .sibling_of = "ipsec-output-ip4",
};
/* *INDENT-ON* */