[dpdk-dev] [PATCH v3 6/8] examples/ipsec-secgw: add support for defining initial sequence number value

Fri, 01 Oct 2021 03:04:27 -0700 

Add esn field to SA definition block to allow initial ESN value

Signed-off-by: Declan Doherty <declan.dohe...@intel.com>
Signed-off-by: Radu Nicolau <radu.nico...@intel.com>
---
 doc/guides/sample_app_ug/ipsec_secgw.rst | 10 ++++++++++
 examples/ipsec-secgw/ipsec.c             |  6 ++++++
 examples/ipsec-secgw/ipsec.h             |  1 +
 examples/ipsec-secgw/sa.c                | 10 ++++++++++
 4 files changed, 27 insertions(+)

diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst 
b/doc/guides/sample_app_ug/ipsec_secgw.rst
index 54c96ddb58..0e08c30248 100644
--- a/doc/guides/sample_app_ug/ipsec_secgw.rst
+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
@@ -746,6 +746,16 @@ where each options means:
 
    * *telemetry*
 
+ ``<esn>``
+
+ * Enable ESN and set the initial ESN value.
+
+ * Optional: Yes, ESN not enabled by default
+
+ * Syntax:
+
+   * *esn N* N is the initial ESN value
+
 Example SA rules:
 
 .. code-block:: console
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 3bee2ec2d3..0026b16041 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -228,6 +228,12 @@ create_inline_session(struct socket_ctx *skt_ctx, struct 
ipsec_sa *sa,
                sess_conf.ipsec.udp.dport = htons(sa->udp.dport);
        }
 
+       if (sa->esn > 0) {
+               sess_conf.ipsec.options.esn = 1;
+               sess_conf.ipsec.esn.value = sa->esn;
+       }
+
+
        RTE_LOG_DP(DEBUG, IPSEC, "Create session for SA spi %u on port %u\n",
                sa->spi, sa->portid);
 
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index f18c97959e..8a76405ad9 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -146,6 +146,7 @@ struct ipsec_sa {
        uint8_t udp_encap;
        uint16_t portid;
        uint16_t mss;
+       uint64_t esn;
        uint8_t fdir_qid;
        uint8_t fdir_flag;
 
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 8cd5309517..d52dd94056 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -694,6 +694,16 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
                        continue;
                }
 
+               if (strcmp(tokens[ti], "esn") == 0) {
+                       INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
+                       if (status->status < 0)
+                               return;
+                       rule->esn = atoll(tokens[ti]);
+                       if (status->status < 0)
+                               return;
+                       continue;
+               }
+
                if (strcmp(tokens[ti], "fallback") == 0) {
                        struct rte_ipsec_session *fb;
 
-- 
2.25.1

Reply via email to