Add esn field to SA definition block to allow initial ESN value
Signed-off-by: Declan Doherty <declan.dohe...@intel.com>
Signed-off-by: Radu Nicolau <radu.nico...@intel.com>
---
examples/ipsec-secgw/ipsec.c | 5 +++++
examples/ipsec-secgw/ipsec.h | 2 ++
examples/ipsec-secgw/sa.c | 15 +++++++++++++++
3 files changed, 22 insertions(+)
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index aa68e4f827..28772da345 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -234,6 +234,11 @@ create_inline_session(struct socket_ctx *skt_ctx, struct
ipsec_sa *sa,
sess_conf.ipsec.udp.dport = htons(sa->udp.dport);
}
+ if (sa->esn > 0) {
+ sess_conf.ipsec.options.esn = 1;
+ sess_conf.ipsec.esn.value = sa->esn;
+ }
+
struct rte_flow_action_security action_security;
struct rte_flow_error err;
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 4f12c57dc3..db7988604a 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -146,6 +146,8 @@ struct ipsec_sa {
uint8_t udp_encap;
uint16_t portid;
uint16_t mss;
+ uint16_t esn;
+
uint8_t fdir_qid;
uint8_t fdir_flag;
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 37039e70fc..3ee5ed7dcf 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -711,6 +711,16 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
continue;
}
+ if (strcmp(tokens[ti], "esn") == 0) {
+ INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
+ if (status->status < 0)
+ return;
+ rule->esn = atoll(tokens[ti]);
+ if (status->status < 0)
+ return;
+ continue;
+ }
+
if (strcmp(tokens[ti], "fallback") == 0) {
struct rte_ipsec_session *fb;
@@ -1387,6 +1397,11 @@ fill_ipsec_sa_prm(struct rte_ipsec_sa_prm *prm, const
struct ipsec_sa *ss,
prm->ipsec_xform.mss = ss->mss;
}
+ if (ss->esn > 0) {
+ prm->ipsec_xform.options.esn = 1;
+ prm->ipsec_xform.esn.value = ss->esn;
+ }
+
if (IS_TRANSPORT(ss->flags)) {
/* transport mode */
prm->trs.proto = rc;
--
2.25.1
