Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/64002/?format=api
{ "id": 64002, "url": "http://patches.dpdk.org/api/patches/64002/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/768c28919880ba4ca92905c6d500c47baa25b69e.1576684589.git.vladimir.medvedkin@intel.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<768c28919880ba4ca92905c6d500c47baa25b69e.1576684589.git.vladimir.medvedkin@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/768c28919880ba4ca92905c6d500c47baa25b69e.1576684589.git.vladimir.medvedkin@intel.com", "date": "2019-12-18T16:00:23", "name": "[v2,5/5] examples/ipsec-secgw: get rid of maximum sp limitation", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "4d82cdfb5590c2b6d10399431396c71073d82916", "submitter": { "id": 1216, "url": "http://patches.dpdk.org/api/people/1216/?format=api", "name": "Vladimir Medvedkin", "email": "vladimir.medvedkin@intel.com" }, "delegate": { "id": 6690, "url": "http://patches.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/768c28919880ba4ca92905c6d500c47baa25b69e.1576684589.git.vladimir.medvedkin@intel.com/mbox/", "series": [ { "id": 7890, "url": "http://patches.dpdk.org/api/series/7890/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=7890", "date": "2019-12-18T16:00:18", "name": "integrate librte_ipsec SAD into ipsec-secgw", "version": 2, "mbox": "http://patches.dpdk.org/series/7890/mbox/" } ], "comments": "http://patches.dpdk.org/api/patches/64002/comments/", "check": "fail", "checks": "http://patches.dpdk.org/api/patches/64002/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from dpdk.org (dpdk.org [92.243.14.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id EB77FA0510;\n\tWed, 18 Dec 2019 17:01:31 +0100 (CET)", "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id B16251BF84;\n\tWed, 18 Dec 2019 17:00:38 +0100 (CET)", "from mga04.intel.com (mga04.intel.com [192.55.52.120])\n by dpdk.org (Postfix) with ESMTP id 5880B1BE8A\n for <dev@dpdk.org>; Wed, 18 Dec 2019 17:00:33 +0100 (CET)", "from fmsmga003.fm.intel.com ([10.253.24.29])\n by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;\n 18 Dec 2019 08:00:33 -0800", "from silpixa00400072.ir.intel.com ([10.237.222.213])\n by FMSMGA003.fm.intel.com with ESMTP; 18 Dec 2019 08:00:31 -0800" ], "X-Amp-Result": "SKIPPED(no attachment in message)", "X-Amp-File-Uploaded": "False", "X-ExtLoop1": "1", "X-IronPort-AV": "E=Sophos;i=\"5.69,330,1571727600\"; d=\"scan'208\";a=\"266922984\"", "From": "Vladimir Medvedkin <vladimir.medvedkin@intel.com>", "To": "dev@dpdk.org", "Cc": "konstantin.ananyev@intel.com,\n\takhil.goyal@nxp.com", "Date": "Wed, 18 Dec 2019 16:00:23 +0000", "Message-Id": "\n <768c28919880ba4ca92905c6d500c47baa25b69e.1576684589.git.vladimir.medvedkin@intel.com>", "X-Mailer": "git-send-email 2.7.4", "In-Reply-To": [ "<cover.1576684589.git.vladimir.medvedkin@intel.com>", "<cover.1576684589.git.vladimir.medvedkin@intel.com>" ], "References": [ "<cover.1576684589.git.vladimir.medvedkin@intel.com>", "<cover.1576081138.git.vladimir.medvedkin@intel.com>\n <cover.1576684589.git.vladimir.medvedkin@intel.com>" ], "Subject": "[dpdk-dev] [PATCH v2 5/5] examples/ipsec-secgw: get rid of maximum\n\tsp limitation", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "Parse config file and save SP rules into linked list\ninstead of flat array with predefined size.\n\nSigned-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>\n---\n examples/ipsec-secgw/sp4.c | 121 ++++++++++++++++++++++++++-------------------\n examples/ipsec-secgw/sp6.c | 118 +++++++++++++++++++++++--------------------\n 2 files changed, 134 insertions(+), 105 deletions(-)", "diff": "diff --git a/examples/ipsec-secgw/sp4.c b/examples/ipsec-secgw/sp4.c\nindex 1dcec52..f0938c5 100644\n--- a/examples/ipsec-secgw/sp4.c\n+++ b/examples/ipsec-secgw/sp4.c\n@@ -8,6 +8,7 @@\n #include <sys/types.h>\n #include <netinet/in.h>\n #include <netinet/ip.h>\n+#include <sys/queue.h>\n \n #include <rte_acl.h>\n #include <rte_ip.h>\n@@ -15,8 +16,6 @@\n #include \"ipsec.h\"\n #include \"parser.h\"\n \n-#define MAX_ACL_RULE_NUM\t1024\n-\n #define IPV4_DST_FROM_SP(acr) \\\n \t\t(rte_cpu_to_be_32((acr).field[DST_FIELD_IPV4].value.u32))\n \n@@ -97,16 +96,24 @@ static struct rte_acl_field_def ip4_defs[NUM_FIELDS_IPV4] = {\n \n RTE_ACL_RULE_DEF(acl4_rules, RTE_DIM(ip4_defs));\n \n-static struct acl4_rules acl4_rules_out[MAX_ACL_RULE_NUM];\n+struct ipsec_sp_mgmt {\n+\tSTAILQ_ENTRY(ipsec_sp_mgmt)\tnext;\n+\tstruct acl4_rules\t\tsp;\n+};\n+STAILQ_HEAD(sp_head, ipsec_sp_mgmt);\n+\n+static struct sp_head sp_out_head = STAILQ_HEAD_INITIALIZER(sp_out_head);\n static uint32_t nb_acl4_rules_out;\n \n-static struct acl4_rules acl4_rules_in[MAX_ACL_RULE_NUM];\n+static struct sp_head sp_in_head = STAILQ_HEAD_INITIALIZER(sp_in_head);\n static uint32_t nb_acl4_rules_in;\n \n void\n parse_sp4_tokens(char **tokens, uint32_t n_tokens,\n \tstruct parse_status *status)\n {\n+\tstruct ipsec_sp_mgmt *sp_mgmt;\n+\tstruct sp_head *head;\n \tstruct acl4_rules *rule_ipv4 = NULL;\n \n \tuint32_t *ri = NULL; /* rule index */\n@@ -124,25 +131,18 @@ parse_sp4_tokens(char **tokens, uint32_t n_tokens,\n \tuint32_t sport_p = 0;\n \tuint32_t dport_p = 0;\n \n+\tsp_mgmt = calloc(1, sizeof(struct ipsec_sp_mgmt));\n+\tif (sp_mgmt == NULL)\n+\t\treturn;\n+\n+\trule_ipv4 = &sp_mgmt->sp;\n+\n \tif (strcmp(tokens[1], \"in\") == 0) {\n \t\tri = &nb_acl4_rules_in;\n-\n-\t\tAPP_CHECK(*ri <= MAX_ACL_RULE_NUM - 1, status,\n-\t\t\t\"too many sp rules, abort insertion\\n\");\n-\t\tif (status->status < 0)\n-\t\t\treturn;\n-\n-\t\trule_ipv4 = &acl4_rules_in[*ri];\n-\n+\t\thead = &sp_in_head;\n \t} else if (strcmp(tokens[1], \"out\") == 0) {\n \t\tri = &nb_acl4_rules_out;\n-\n-\t\tAPP_CHECK(*ri <= MAX_ACL_RULE_NUM - 1, status,\n-\t\t\t\"too many sp rules, abort insertion\\n\");\n-\t\tif (status->status < 0)\n-\t\t\treturn;\n-\n-\t\trule_ipv4 = &acl4_rules_out[*ri];\n+\t\thead = &sp_out_head;\n \t} else {\n \t\tAPP_CHECK(0, status, \"unrecognized input \\\"%s\\\", expect\"\n \t\t\t\" \\\"in\\\" or \\\"out\\\"\\n\", tokens[ti]);\n@@ -400,6 +400,7 @@ parse_sp4_tokens(char **tokens, uint32_t n_tokens,\n \tif (status->status < 0)\n \t\treturn;\n \n+\tSTAILQ_INSERT_TAIL(head, sp_mgmt, next);\n \t*ri = *ri + 1;\n }\n \n@@ -443,18 +444,34 @@ dump_ip4_rules(const struct acl4_rules *rule, int32_t num, int32_t extra)\n }\n \n static struct rte_acl_ctx *\n-acl4_init(const char *name, int32_t socketid, const struct acl4_rules *rules,\n+acl4_init(const char *name, int32_t socketid, struct sp_head *rules_list,\n \t\tuint32_t rules_nb)\n {\n \tchar s[PATH_MAX];\n \tstruct rte_acl_param acl_param;\n \tstruct rte_acl_config acl_build_param;\n \tstruct rte_acl_ctx *ctx;\n+\tstruct acl4_rules *rules; /* Temporary array containing rules */\n+\tstruct ipsec_sp_mgmt *sp_mgmt;\n+\tuint32_t i;\n \n-\tprintf(\"Creating SP context with %u max rules\\n\", MAX_ACL_RULE_NUM);\n+\tprintf(\"Creating SP context with %u rules\\n\", rules_nb);\n \n \tmemset(&acl_param, 0, sizeof(acl_param));\n \n+\t/* Create flat array of rules which is needed for acl context */\n+\trules = calloc(rules_nb, sizeof(struct acl4_rules));\n+\tif (rules == NULL)\n+\t\trte_exit(EXIT_FAILURE, \"Can't allocate rules array\\n\");\n+\n+\tsp_mgmt = STAILQ_FIRST(rules_list);\n+\tfor (i = 0; i < rules_nb; i++) {\n+\t\tif (sp_mgmt == NULL)\n+\t\t\trte_exit(EXIT_FAILURE, \"SP list is broken\\n\");\n+\t\trules[i] = sp_mgmt->sp;\n+\t\tsp_mgmt = STAILQ_NEXT(sp_mgmt, next);\n+\t}\n+\n \t/* Create ACL contexts */\n \tsnprintf(s, sizeof(s), \"%s_%d\", name, socketid);\n \n@@ -464,7 +481,7 @@ acl4_init(const char *name, int32_t socketid, const struct acl4_rules *rules,\n \tacl_param.name = s;\n \tacl_param.socket_id = socketid;\n \tacl_param.rule_size = RTE_ACL_RULE_SZ(RTE_DIM(ip4_defs));\n-\tacl_param.max_rule_num = MAX_ACL_RULE_NUM;\n+\tacl_param.max_rule_num = rules_nb;\n \n \tctx = rte_acl_create(&acl_param);\n \tif (ctx == NULL)\n@@ -486,6 +503,7 @@ acl4_init(const char *name, int32_t socketid, const struct acl4_rules *rules,\n \n \trte_acl_dump(ctx);\n \n+\tfree(rules);\n \treturn ctx;\n }\n \n@@ -495,20 +513,19 @@ acl4_init(const char *name, int32_t socketid, const struct acl4_rules *rules,\n static int\n check_spi_value(struct sa_ctx *sa_ctx, int inbound)\n {\n-\tuint32_t i, num, spi;\n+\tuint32_t spi;\n \tint32_t spi_idx;\n-\tstruct acl4_rules *acr;\n+\tstruct ipsec_sp_mgmt\t*sp_mgmt;\n+\tstruct sp_head\t\t*head;\n \n-\tif (inbound != 0) {\n-\t\tacr = acl4_rules_in;\n-\t\tnum = nb_acl4_rules_in;\n-\t} else {\n-\t\tacr = acl4_rules_out;\n-\t\tnum = nb_acl4_rules_out;\n-\t}\n+\tif (inbound != 0)\n+\t\thead = &sp_in_head;\n+\telse\n+\t\thead = &sp_out_head;\n \n-\tfor (i = 0; i != num; i++) {\n-\t\tspi = acr[i].data.userdata;\n+\n+\tSTAILQ_FOREACH(sp_mgmt, head, next) {\n+\t\tspi = sp_mgmt->sp.data.userdata;\n \t\tif (spi != DISCARD && spi != BYPASS) {\n \t\t\tspi_idx = sa_spi_present(sa_ctx, spi, inbound);\n \t\t\tif (spi_idx < 0) {\n@@ -518,7 +535,7 @@ check_spi_value(struct sa_ctx *sa_ctx, int inbound)\n \t\t\t\treturn -ENOENT;\n \t\t\t}\n \t\t\t/* Update userdata with spi index */\n-\t\t\tacr[i].data.userdata = spi_idx + 1;\n+\t\t\tsp_mgmt->sp.data.userdata = spi_idx + 1;\n \t\t}\n \t}\n \n@@ -548,11 +565,10 @@ sp4_init(struct socket_ctx *ctx, int32_t socket_id)\n \tif (check_spi_value(ctx->sa_out, 0) < 0)\n \t\trte_exit(EXIT_FAILURE,\n \t\t\t\"Outbound IPv4 SP DB has unmatched in SAD SPIs\\n\");\n-\n \tif (nb_acl4_rules_in > 0) {\n \t\tname = \"sp_ip4_in\";\n \t\tctx->sp_ip4_in = (struct sp_ctx *)acl4_init(name,\n-\t\t\tsocket_id, acl4_rules_in, nb_acl4_rules_in);\n+\t\t\tsocket_id, &sp_in_head, nb_acl4_rules_in);\n \t} else\n \t\tRTE_LOG(WARNING, IPSEC, \"No IPv4 SP Inbound rule \"\n \t\t\t\"specified\\n\");\n@@ -560,7 +576,7 @@ sp4_init(struct socket_ctx *ctx, int32_t socket_id)\n \tif (nb_acl4_rules_out > 0) {\n \t\tname = \"sp_ip4_out\";\n \t\tctx->sp_ip4_out = (struct sp_ctx *)acl4_init(name,\n-\t\t\tsocket_id, acl4_rules_out, nb_acl4_rules_out);\n+\t\t\tsocket_id, &sp_out_head, nb_acl4_rules_out);\n \t} else\n \t\tRTE_LOG(WARNING, IPSEC, \"No IPv4 SP Outbound rule \"\n \t\t\t\"specified\\n\");\n@@ -573,27 +589,28 @@ int\n sp4_spi_present(uint32_t spi, int inbound, struct ip_addr ip_addr[2],\n \t\t\tuint32_t mask[2])\n {\n-\tuint32_t i, num;\n-\tconst struct acl4_rules *acr;\n+\tuint32_t i = 0;\n+\tstruct ipsec_sp_mgmt\t*sp_mgmt;\n+\tstruct sp_head\t\t*head;\n \n-\tif (inbound != 0) {\n-\t\tacr = acl4_rules_in;\n-\t\tnum = nb_acl4_rules_in;\n-\t} else {\n-\t\tacr = acl4_rules_out;\n-\t\tnum = nb_acl4_rules_out;\n-\t}\n+\tif (inbound != 0)\n+\t\thead = &sp_in_head;\n+\telse\n+\t\thead = &sp_out_head;\n \n-\tfor (i = 0; i != num; i++) {\n-\t\tif (acr[i].data.userdata == spi) {\n+\tSTAILQ_FOREACH(sp_mgmt, head, next) {\n+\t\tif (sp_mgmt->sp.data.userdata == spi) {\n \t\t\tif (NULL != ip_addr && NULL != mask) {\n-\t\t\t\tip_addr[0].ip.ip4 = IPV4_SRC_FROM_SP(acr[i]);\n-\t\t\t\tip_addr[1].ip.ip4 = IPV4_DST_FROM_SP(acr[i]);\n-\t\t\t\tmask[0] = IPV4_SRC_MASK_FROM_SP(acr[i]);\n-\t\t\t\tmask[1] = IPV4_DST_MASK_FROM_SP(acr[i]);\n+\t\t\t\tip_addr[0].ip.ip4 =\n+\t\t\t\t\tIPV4_SRC_FROM_SP(sp_mgmt->sp);\n+\t\t\t\tip_addr[1].ip.ip4 =\n+\t\t\t\t\tIPV4_DST_FROM_SP(sp_mgmt->sp);\n+\t\t\t\tmask[0] = IPV4_SRC_MASK_FROM_SP(sp_mgmt->sp);\n+\t\t\t\tmask[1] = IPV4_DST_MASK_FROM_SP(sp_mgmt->sp);\n \t\t\t}\n \t\t\treturn i;\n \t\t}\n+\t\ti++;\n \t}\n \n \treturn -ENOENT;\ndiff --git a/examples/ipsec-secgw/sp6.c b/examples/ipsec-secgw/sp6.c\nindex b489e15..b931c50 100644\n--- a/examples/ipsec-secgw/sp6.c\n+++ b/examples/ipsec-secgw/sp6.c\n@@ -8,6 +8,7 @@\n #include <sys/types.h>\n #include <netinet/in.h>\n #include <netinet/ip6.h>\n+#include <sys/queue.h>\n \n #include <rte_acl.h>\n #include <rte_ip.h>\n@@ -15,8 +16,6 @@\n #include \"ipsec.h\"\n #include \"parser.h\"\n \n-#define MAX_ACL_RULE_NUM\t1024\n-\n #define IPV6_FROM_SP(acr, fidx_low, fidx_high) \\\n \t\t(((uint64_t)(acr).field[(fidx_high)].value.u32 << 32) | \\\n \t\t(acr).field[(fidx_low)].value.u32)\n@@ -146,16 +145,24 @@ static struct rte_acl_field_def ip6_defs[IP6_NUM] = {\n \n RTE_ACL_RULE_DEF(acl6_rules, RTE_DIM(ip6_defs));\n \n-static struct acl6_rules acl6_rules_out[MAX_ACL_RULE_NUM];\n+struct ipsec_sp_mgmt {\n+\tSTAILQ_ENTRY(ipsec_sp_mgmt)\tnext;\n+\tstruct acl6_rules\t\tsp;\n+};\n+STAILQ_HEAD(sp_head, ipsec_sp_mgmt);\n+\n+static struct sp_head sp_out_head = STAILQ_HEAD_INITIALIZER(sp_out_head);\n static uint32_t nb_acl6_rules_out;\n \n-static struct acl6_rules acl6_rules_in[MAX_ACL_RULE_NUM];\n+static struct sp_head sp_in_head = STAILQ_HEAD_INITIALIZER(sp_in_head);\n static uint32_t nb_acl6_rules_in;\n \n void\n parse_sp6_tokens(char **tokens, uint32_t n_tokens,\n \tstruct parse_status *status)\n {\n+\tstruct ipsec_sp_mgmt *sp_mgmt;\n+\tstruct sp_head *head;\n \tstruct acl6_rules *rule_ipv6 = NULL;\n \n \tuint32_t *ri = NULL; /* rule index */\n@@ -173,26 +180,18 @@ parse_sp6_tokens(char **tokens, uint32_t n_tokens,\n \tuint32_t sport_p = 0;\n \tuint32_t dport_p = 0;\n \n+\tsp_mgmt = calloc(1, sizeof(struct ipsec_sp_mgmt));\n+\tif (sp_mgmt == NULL)\n+\t\treturn;\n+\n+\trule_ipv6 = &sp_mgmt->sp;\n+\n \tif (strcmp(tokens[1], \"in\") == 0) {\n \t\tri = &nb_acl6_rules_in;\n-\n-\t\tAPP_CHECK(*ri <= MAX_ACL_RULE_NUM - 1, status, \"too \"\n-\t\t\t\"many sp rules, abort insertion\\n\");\n-\t\tif (status->status < 0)\n-\t\t\treturn;\n-\n-\t\trule_ipv6 = &acl6_rules_in[*ri];\n-\n+\t\thead = &sp_in_head;\n \t} else if (strcmp(tokens[1], \"out\") == 0) {\n \t\tri = &nb_acl6_rules_out;\n-\n-\t\tAPP_CHECK(*ri <= MAX_ACL_RULE_NUM - 1, status, \"too \"\n-\t\t\t\"many sp rules, abort insertion\\n\");\n-\t\tif (status->status < 0)\n-\t\t\treturn;\n-\n-\t\trule_ipv6 = &acl6_rules_out[*ri];\n-\n+\t\thead = &sp_out_head;\n \t} else {\n \t\tAPP_CHECK(0, status, \"unrecognized input \\\"%s\\\", expect\"\n \t\t\t\" \\\"in\\\" or \\\"out\\\"\\n\", tokens[ti]);\n@@ -201,7 +200,6 @@ parse_sp6_tokens(char **tokens, uint32_t n_tokens,\n \n \trule_ipv6->data.category_mask = 1;\n \n-\n \tfor (ti = 2; ti < n_tokens; ti++) {\n \t\tif (strcmp(tokens[ti], \"esp\") == 0) {\n \t\t\t/* currently do nothing */\n@@ -506,6 +504,7 @@ parse_sp6_tokens(char **tokens, uint32_t n_tokens,\n \tif (status->status < 0)\n \t\treturn;\n \n+\tSTAILQ_INSERT_TAIL(head, sp_mgmt, next);\n \t*ri = *ri + 1;\n }\n \n@@ -575,18 +574,34 @@ dump_ip6_rules(const struct acl6_rules *rule, int32_t num, int32_t extra)\n }\n \n static struct rte_acl_ctx *\n-acl6_init(const char *name, int32_t socketid, const struct acl6_rules *rules,\n+acl6_init(const char *name, int32_t socketid, struct sp_head *rules_list,\n \t\tuint32_t rules_nb)\n {\n \tchar s[PATH_MAX];\n \tstruct rte_acl_param acl_param;\n \tstruct rte_acl_config acl_build_param;\n \tstruct rte_acl_ctx *ctx;\n+\tstruct acl6_rules *rules; /* Temporary array containing rules */\n+\tstruct ipsec_sp_mgmt *sp_mgmt;\n+\tuint32_t i;\n \n-\tprintf(\"Creating SP context with %u max rules\\n\", MAX_ACL_RULE_NUM);\n+\tprintf(\"Creating SP context with %u rules\\n\", rules_nb);\n \n \tmemset(&acl_param, 0, sizeof(acl_param));\n \n+\t/* Create flat array of rules which is needed for acl context */\n+\trules = calloc(rules_nb, sizeof(struct acl6_rules));\n+\tif (rules == NULL)\n+\t\trte_exit(EXIT_FAILURE, \"Can't allocate rules array\\n\");\n+\n+\tsp_mgmt = STAILQ_FIRST(rules_list);\n+\tfor (i = 0; i < rules_nb; i++) {\n+\t\tif (sp_mgmt == NULL)\n+\t\t\trte_exit(EXIT_FAILURE, \"SP list is broken\\n\");\n+\t\trules[i] = sp_mgmt->sp;\n+\t\tsp_mgmt = STAILQ_NEXT(sp_mgmt, next);\n+\t}\n+\n \t/* Create ACL contexts */\n \tsnprintf(s, sizeof(s), \"%s_%d\", name, socketid);\n \n@@ -596,7 +611,7 @@ acl6_init(const char *name, int32_t socketid, const struct acl6_rules *rules,\n \tacl_param.name = s;\n \tacl_param.socket_id = socketid;\n \tacl_param.rule_size = RTE_ACL_RULE_SZ(RTE_DIM(ip6_defs));\n-\tacl_param.max_rule_num = MAX_ACL_RULE_NUM;\n+\tacl_param.max_rule_num = rules_nb;\n \n \tctx = rte_acl_create(&acl_param);\n \tif (ctx == NULL)\n@@ -618,6 +633,7 @@ acl6_init(const char *name, int32_t socketid, const struct acl6_rules *rules,\n \n \trte_acl_dump(ctx);\n \n+\tfree(rules);\n \treturn ctx;\n }\n \n@@ -627,20 +643,18 @@ acl6_init(const char *name, int32_t socketid, const struct acl6_rules *rules,\n static int\n check_spi_value(struct sa_ctx *sa_ctx, int inbound)\n {\n-\tuint32_t i, num, spi;\n+\tuint32_t spi;\n \tint32_t spi_idx;\n-\tstruct acl6_rules *acr;\n+\tstruct ipsec_sp_mgmt *sp_mgmt;\n+\tstruct sp_head *head;\n \n-\tif (inbound != 0) {\n-\t\tacr = acl6_rules_in;\n-\t\tnum = nb_acl6_rules_in;\n-\t} else {\n-\t\tacr = acl6_rules_out;\n-\t\tnum = nb_acl6_rules_out;\n-\t}\n+\tif (inbound != 0)\n+\t\thead = &sp_in_head;\n+\telse\n+\t\thead = &sp_out_head;\n \n-\tfor (i = 0; i != num; i++) {\n-\t\tspi = acr[i].data.userdata;\n+\tSTAILQ_FOREACH(sp_mgmt, head, next) {\n+\t\tspi = sp_mgmt->sp.data.userdata;\n \t\tif (spi != DISCARD && spi != BYPASS) {\n \t\t\tspi_idx = sa_spi_present(sa_ctx, spi, inbound);\n \t\t\tif (spi_idx < 0) {\n@@ -650,7 +664,7 @@ check_spi_value(struct sa_ctx *sa_ctx, int inbound)\n \t\t\t\treturn -ENOENT;\n \t\t\t}\n \t\t\t/* Update userdata with spi index */\n-\t\t\tacr[i].data.userdata = spi_idx + 1;\n+\t\t\tsp_mgmt->sp.data.userdata = spi_idx + 1;\n \t\t}\n \t}\n \n@@ -684,7 +698,7 @@ sp6_init(struct socket_ctx *ctx, int32_t socket_id)\n \tif (nb_acl6_rules_in > 0) {\n \t\tname = \"sp_ip6_in\";\n \t\tctx->sp_ip6_in = (struct sp_ctx *)acl6_init(name,\n-\t\t\tsocket_id, acl6_rules_in, nb_acl6_rules_in);\n+\t\t\tsocket_id, &sp_in_head, nb_acl6_rules_in);\n \t} else\n \t\tRTE_LOG(WARNING, IPSEC, \"No IPv6 SP Inbound rule \"\n \t\t\t\"specified\\n\");\n@@ -692,7 +706,7 @@ sp6_init(struct socket_ctx *ctx, int32_t socket_id)\n \tif (nb_acl6_rules_out > 0) {\n \t\tname = \"sp_ip6_out\";\n \t\tctx->sp_ip6_out = (struct sp_ctx *)acl6_init(name,\n-\t\t\tsocket_id, acl6_rules_out, nb_acl6_rules_out);\n+\t\t\tsocket_id, &sp_out_head, nb_acl6_rules_out);\n \t} else\n \t\tRTE_LOG(WARNING, IPSEC, \"No IPv6 SP Outbound rule \"\n \t\t\t\"specified\\n\");\n@@ -705,24 +719,22 @@ int\n sp6_spi_present(uint32_t spi, int inbound, struct ip_addr ip_addr[2],\n \t\t\tuint32_t mask[2])\n {\n-\tuint32_t i, num;\n-\tconst struct acl6_rules *acr;\n+\tuint32_t i = 0;\n+\tstruct ipsec_sp_mgmt\t*sp_mgmt;\n+\tstruct sp_head\t\t*head;\n \n-\tif (inbound != 0) {\n-\t\tacr = acl6_rules_in;\n-\t\tnum = nb_acl6_rules_in;\n-\t} else {\n-\t\tacr = acl6_rules_out;\n-\t\tnum = nb_acl6_rules_out;\n-\t}\n+\tif (inbound != 0)\n+\t\thead = &sp_in_head;\n+\telse\n+\t\thead = &sp_out_head;\n \n-\tfor (i = 0; i != num; i++) {\n-\t\tif (acr[i].data.userdata == spi) {\n+\tSTAILQ_FOREACH(sp_mgmt, head, next) {\n+\t\tif (sp_mgmt->sp.data.userdata == spi) {\n \t\t\tif (NULL != ip_addr && NULL != mask) {\n-\t\t\t\tIPV6_SRC_FROM_SP(ip_addr[0], acr[i]);\n-\t\t\t\tIPV6_DST_FROM_SP(ip_addr[1], acr[i]);\n-\t\t\t\tIPV6_SRC_MASK_FROM_SP(mask[0], acr[i]);\n-\t\t\t\tIPV6_DST_MASK_FROM_SP(mask[1], acr[i]);\n+\t\t\t\tIPV6_SRC_FROM_SP(ip_addr[0], sp_mgmt->sp);\n+\t\t\t\tIPV6_DST_FROM_SP(ip_addr[1], sp_mgmt->sp);\n+\t\t\t\tIPV6_SRC_MASK_FROM_SP(mask[0], sp_mgmt->sp);\n+\t\t\t\tIPV6_DST_MASK_FROM_SP(mask[1], sp_mgmt->sp);\n \t\t\t}\n \t\t\treturn i;\n \t\t}\n", "prefixes": [ "v2", "5/5" ] }