[v2,6/9] examples/ipsec-secgw: add support for defining initial sequence number value
Checks
Commit Message
Add esn field to SA definition block to allow initial ESN value
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
---
doc/guides/sample_app_ug/ipsec_secgw.rst | 10 ++++++++++
examples/ipsec-secgw/ipsec.c | 5 +++++
examples/ipsec-secgw/ipsec.h | 1 +
examples/ipsec-secgw/sa.c | 15 +++++++++++++++
4 files changed, 31 insertions(+)
@@ -746,6 +746,16 @@ where each options means:
* *mss N* N is the segment size
+ ``<esn>``
+
+ * Enable ESN and set the initial ESN value.
+
+ * Optional: Yes, ESN not enabled by default
+
+ * Syntax:
+
+ * *esn N* N is the initial ESN value
+
Example SA rules:
.. code-block:: console
@@ -222,6 +222,11 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
}
}
+ if (sa->esn > 0) {
+ sess_conf.ipsec.options.esn = 1;
+ sess_conf.ipsec.esn.value = sa->esn;
+ }
+
RTE_LOG_DP(DEBUG, IPSEC, "Create session for SA spi %u on port %u\n",
sa->spi, sa->portid);
@@ -142,6 +142,7 @@ struct ipsec_sa {
uint8_t udp_encap;
uint16_t portid;
uint16_t mss;
+ uint64_t esn;
uint8_t fdir_qid;
uint8_t fdir_flag;
@@ -693,6 +693,16 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
continue;
}
+ if (strcmp(tokens[ti], "esn") == 0) {
+ INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
+ if (status->status < 0)
+ return;
+ rule->esn = atoll(tokens[ti]);
+ if (status->status < 0)
+ return;
+ continue;
+ }
+
if (strcmp(tokens[ti], "fallback") == 0) {
struct rte_ipsec_session *fb;
@@ -1335,6 +1345,11 @@ fill_ipsec_sa_prm(struct rte_ipsec_sa_prm *prm, const struct ipsec_sa *ss,
prm->ipsec_xform.mss = ss->mss;
}
+ if (ss->esn > 0) {
+ prm->ipsec_xform.options.esn = 1;
+ prm->ipsec_xform.esn.value = ss->esn;
+ }
+
if (IS_IP4_TUNNEL(ss->flags)) {
prm->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
prm->tun.hdr_l3_len = sizeof(*v4);