From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 303EFA0C57; Mon, 1 Nov 2021 14:21:25 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id CCBCF41124; Mon, 1 Nov 2021 14:21:08 +0100 (CET) Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by mails.dpdk.org (Postfix) with ESMTP id D0E7D40DF6 for ; Mon, 1 Nov 2021 14:21:03 +0100 (CET) X-IronPort-AV: E=McAfee;i="6200,9189,10154"; a="211063768" X-IronPort-AV: E=Sophos;i="5.87,199,1631602800"; d="scan'208";a="211063768" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Nov 2021 06:13:02 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.87,199,1631602800"; d="scan'208";a="500034369" Received: from silpixa00400884.ir.intel.com ([10.243.22.82]) by orsmga008.jf.intel.com with ESMTP; 01 Nov 2021 06:13:01 -0700 From: Radu Nicolau To: Radu Nicolau , Akhil Goyal Cc: dev@dpdk.org, declan.doherty@intel.com, hemant.agrawal@oss.nxp.com Date: Mon, 1 Nov 2021 12:58:13 +0000 Message-Id: <20211101125815.3219304-6-radu.nicolau@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211101125815.3219304-1-radu.nicolau@intel.com> References: <20210903112257.303961-1-radu.nicolau@intel.com> <20211101125815.3219304-1-radu.nicolau@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-dev] [PATCH v6 5/7] examples/ipsec-secgw: define initial ESN value X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" New option added to the SA configuration arguments that allows setting an arbitrary start value for ESN. For example in the SA below ESN will be enabled and first egress IPsec packet will have the ESN value 10000: sa out 15 cipher_algo null auth_algo null mode ipv4-tunnel \ src 172.16.1.5 dst 172.16.2.5 \ esn 10000 Signed-off-by: Declan Doherty Signed-off-by: Radu Nicolau Acked-by: Akhil Goyal --- doc/guides/sample_app_ug/ipsec_secgw.rst | 10 ++++++++++ examples/ipsec-secgw/ipsec.c | 6 ++++++ examples/ipsec-secgw/ipsec.h | 1 + examples/ipsec-secgw/sa.c | 10 ++++++++++ 4 files changed, 27 insertions(+) diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst index c67e2ba1b0..7252e8b08c 100644 --- a/doc/guides/sample_app_ug/ipsec_secgw.rst +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst @@ -737,6 +737,16 @@ where each options means: * *telemetry* + ```` + + * Enable ESN and set the initial ESN value. + + * Optional: Yes, ESN not enabled by default + + * Syntax: + + * *esn N* N is the initial ESN value + Example SA rules: .. code-block:: console diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c index 90d9e61e5b..2d4a26c962 100644 --- a/examples/ipsec-secgw/ipsec.c +++ b/examples/ipsec-secgw/ipsec.c @@ -227,6 +227,12 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa, sess_conf.ipsec.udp.dport = htons(sa->udp.dport); } + if (sa->esn > 0) { + sess_conf.ipsec.options.esn = 1; + sess_conf.ipsec.esn.value = sa->esn; + } + + RTE_LOG_DP(DEBUG, IPSEC, "Create session for SA spi %u on port %u\n", sa->spi, sa->portid); diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h index de4e0606e2..b037d5179f 100644 --- a/examples/ipsec-secgw/ipsec.h +++ b/examples/ipsec-secgw/ipsec.h @@ -143,6 +143,7 @@ struct ipsec_sa { enum rte_security_ipsec_sa_direction direction; uint8_t udp_encap; uint16_t portid; + uint64_t esn; uint8_t fdir_qid; uint8_t fdir_flag; diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c index 65c975993d..8725001fc7 100644 --- a/examples/ipsec-secgw/sa.c +++ b/examples/ipsec-secgw/sa.c @@ -684,6 +684,16 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens, continue; } + if (strcmp(tokens[ti], "esn") == 0) { + INCREMENT_TOKEN_INDEX(ti, n_tokens, status); + if (status->status < 0) + return; + rule->esn = atoll(tokens[ti]); + if (status->status < 0) + return; + continue; + } + if (strcmp(tokens[ti], "fallback") == 0) { struct rte_ipsec_session *fb; -- 2.25.1