[dpdk-dev] [PATCH v2 6/9] examples/ipsec-secgw: add support for defining initial sequence number value

Wed, 15 Sep 2021 06:53:48 -0700 

Add esn field to SA definition block to allow initial ESN value

Signed-off-by: Declan Doherty <declan.dohe...@intel.com>
Signed-off-by: Radu Nicolau <radu.nico...@intel.com>
---
 doc/guides/sample_app_ug/ipsec_secgw.rst | 10 ++++++++++
 examples/ipsec-secgw/ipsec.c             |  5 +++++
 examples/ipsec-secgw/ipsec.h             |  1 +
 examples/ipsec-secgw/sa.c                | 15 +++++++++++++++
 4 files changed, 31 insertions(+)

diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst 
b/doc/guides/sample_app_ug/ipsec_secgw.rst
index 7727051394..dc3ced244d 100644
--- a/doc/guides/sample_app_ug/ipsec_secgw.rst
+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
@@ -746,6 +746,16 @@ where each options means:
 
    * *mss N* N is the segment size
 
+ ``<esn>``
+
+ * Enable ESN and set the initial ESN value.
+
+ * Optional: Yes, ESN not enabled by default
+
+ * Syntax:
+
+   * *esn N* N is the initial ESN value
+
 Example SA rules:
 
 .. code-block:: console
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 0af49f3f4b..868089ad3e 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -222,6 +222,11 @@ create_inline_session(struct socket_ctx *skt_ctx, struct 
ipsec_sa *sa,
                }
        }
 
+       if (sa->esn > 0) {
+               sess_conf.ipsec.options.esn = 1;
+               sess_conf.ipsec.esn.value = sa->esn;
+       }
+
        RTE_LOG_DP(DEBUG, IPSEC, "Create session for SA spi %u on port %u\n",
                sa->spi, sa->portid);
 
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index c3da5fb243..2807b41ebb 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -142,6 +142,7 @@ struct ipsec_sa {
        uint8_t udp_encap;
        uint16_t portid;
        uint16_t mss;
+       uint64_t esn;
        uint8_t fdir_qid;
        uint8_t fdir_flag;
 
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 1a53430ec9..cfab416c9c 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -693,6 +693,16 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
                        continue;
                }
 
+               if (strcmp(tokens[ti], "esn") == 0) {
+                       INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
+                       if (status->status < 0)
+                               return;
+                       rule->esn = atoll(tokens[ti]);
+                       if (status->status < 0)
+                               return;
+                       continue;
+               }
+
                if (strcmp(tokens[ti], "fallback") == 0) {
                        struct rte_ipsec_session *fb;
 
@@ -1335,6 +1345,11 @@ fill_ipsec_sa_prm(struct rte_ipsec_sa_prm *prm, const 
struct ipsec_sa *ss,
                prm->ipsec_xform.mss = ss->mss;
        }
 
+       if (ss->esn > 0) {
+               prm->ipsec_xform.options.esn = 1;
+               prm->ipsec_xform.esn.value = ss->esn;
+       }
+
        if (IS_IP4_TUNNEL(ss->flags)) {
                prm->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
                prm->tun.hdr_l3_len = sizeof(*v4);
-- 
2.25.1

Reply via email to