[v4,5/7] examples/ipsec-secgw: define initial ESN value
Checks
Commit Message
New option added to the SA configuration arguments that
allows setting an arbitrary start value for ESN.
For example in the SA below ESN will be enabled and first egress
IPsec packet will have the ESN value 10000:
sa out 15 cipher_algo null auth_algo null mode ipv4-tunnel \
src 172.16.1.5 dst 172.16.2.5 \
esn 10000
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
---
doc/guides/sample_app_ug/ipsec_secgw.rst | 10 ++++++++++
examples/ipsec-secgw/ipsec.c | 6 ++++++
examples/ipsec-secgw/ipsec.h | 1 +
examples/ipsec-secgw/sa.c | 10 ++++++++++
4 files changed, 27 insertions(+)
@@ -737,6 +737,16 @@ where each options means:
* *telemetry*
+ ``<esn>``
+
+ * Enable ESN and set the initial ESN value.
+
+ * Optional: Yes, ESN not enabled by default
+
+ * Syntax:
+
+ * *esn N* N is the initial ESN value
+
Example SA rules:
.. code-block:: console
@@ -227,6 +227,12 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
sess_conf.ipsec.udp.dport = htons(sa->udp.dport);
}
+ if (sa->esn > 0) {
+ sess_conf.ipsec.options.esn = 1;
+ sess_conf.ipsec.esn.value = sa->esn;
+ }
+
+
RTE_LOG_DP(DEBUG, IPSEC, "Create session for SA spi %u on port %u\n",
sa->spi, sa->portid);
@@ -143,6 +143,7 @@ struct ipsec_sa {
enum rte_security_ipsec_sa_direction direction;
uint8_t udp_encap;
uint16_t portid;
+ uint64_t esn;
uint8_t fdir_qid;
uint8_t fdir_flag;
@@ -684,6 +684,16 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
continue;
}
+ if (strcmp(tokens[ti], "esn") == 0) {
+ INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
+ if (status->status < 0)
+ return;
+ rule->esn = atoll(tokens[ti]);
+ if (status->status < 0)
+ return;
+ continue;
+ }
+
if (strcmp(tokens[ti], "fallback") == 0) {
struct rte_ipsec_session *fb;