dpdk/ipsec: rework plus improved cli commands
This patch reworks the DPDK ipsec implementation including the cryptodev
management as well as replacing new cli commands for better usability.
For the data path:
- The dpdk-esp-encrypt-post node is not necessary anymore.
- IPv4 packets in the decrypt path are sent to ip4-input-no-checksum instead
of ip4-input.
The DPDK cryptodev cli commands are replaced by the following new commands:
- show dpdk crypto devices
- show dpdk crypto placement [verbose]
- set dpdk crypto placement (<device> <thread> | auto)
- clear dpdk crypto placement <device> [<thread>]
- show dpdk crypto pools
Change-Id: I47324517ede82d3e6e0e9f9c71c1a3433714b27b
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
diff --git a/src/vnet/ipsec/ipsec.c b/src/vnet/ipsec/ipsec.c
index cfe434a..ba0d68b 100644
--- a/src/vnet/ipsec/ipsec.c
+++ b/src/vnet/ipsec/ipsec.c
@@ -434,7 +434,7 @@
}
hash_unset (im->sa_index_by_sa_id, sa->id);
if (im->cb.add_del_sa_sess_cb &&
- im->cb.add_del_sa_sess_cb (sa_index, is_add) < 0)
+ im->cb.add_del_sa_sess_cb (sa_index, 0) < 0)
return VNET_API_ERROR_SYSCALL_ERROR_1;
pool_put (im->sad, sa);
}
@@ -445,7 +445,7 @@
sa_index = sa - im->sad;
hash_set (im->sa_index_by_sa_id, sa->id, sa_index);
if (im->cb.add_del_sa_sess_cb &&
- im->cb.add_del_sa_sess_cb (sa_index, is_add) < 0)
+ im->cb.add_del_sa_sess_cb (sa_index, 1) < 0)
return VNET_API_ERROR_SYSCALL_ERROR_1;
}
return 0;
@@ -482,7 +482,7 @@
sa->integ_key_len = sa_update->integ_key_len;
}
- if (sa->crypto_key_len + sa->integ_key_len > 0)
+ if (0 < sa_update->crypto_key_len || 0 < sa_update->integ_key_len)
{
if (im->cb.add_del_sa_sess_cb &&
im->cb.add_del_sa_sess_cb (sa_index, 0) < 0)
@@ -516,8 +516,6 @@
return clib_error_return (0, "unsupported aes-gcm-128 crypto-alg");
if (sa->integ_alg == IPSEC_INTEG_ALG_NONE)
return clib_error_return (0, "unsupported none integ-alg");
- if (sa->integ_alg == IPSEC_INTEG_ALG_AES_GCM_128)
- return clib_error_return (0, "unsupported aes-gcm-128 integ-alg");
return 0;
}