73a196c190f26118e2b678941c5ddf28a52b812a
[keystone-rtos/netapi.git] / ti / runtime / netapi / applications / ipsec_offload / ipsecmgr / src / netapilib_interface.c
1 /*
2 * Copyright (C) 2013 Texas Instruments Incorporated - http://www.ti.com/
3 *
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the
15 * distribution.
16 *
17 * Neither the name of Texas Instruments Incorporated nor the names of
18 * its contributors may be used to endorse or promote products derived
19 * from this software without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
24 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
25 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 *
33 */
35 /* Standard includes */
36 #include <stdio.h>
37 #include <arpa/inet.h>
38 #include <inttypes.h>
40 /* ipsecmgr includes */
41 #include <ipsecmgr_snoop.h>
42 #include <ipsecmgr_syslog.h>
44 #include "netapilib_interface.h"
47 extern ipsecMgrMcb_t globalDB;
48 extern NETAPI_T netapi_handle;
49 extern ipsecMgrIfConfigEntry_T ipConfigList[];
53 int compareIPAddr(unsigned char* ip1, unsigned char* ip2, int ip_type)
54 {
55 int found = 1;
56 int i;
57 if (ip_type == nwal_IPV4)
58 {
59 for (i = 0; i < NWAL_IPV4_ADDR_SIZE; i++)
60 {
61 if (ip1[i] != ip2[i])
62 {
63 found = 0;
64 break;
65 }
66 }
67 return found;
68 }
69 else
70 {
71 for (i = 0; i < NWAL_IPV6_ADDR_SIZE; i++)
72 {
73 if (ip1[i] != ip2[i])
74 {
75 found = 0;
76 break;
77 }
78 }
79 return found;
80 }
81 }
82 /**************************************************************************
83 * FUNCTION PURPOSE: Internal function to find a free slot to store APPID
84 * in list
85 **************************************************************************
86 * DESCRIPTION: Internal internal function to find a free slot in SA list for an SA
87 ********************************************************************/
88 int findFreeAppIdSlot(ipsecMgrAppId_T *pList)
89 {
90 int i;
91 for(i=0;i<64;i++)
92 {
93 if (!pList[i].in_use)
94 {
95 if (free)
96 pList[i].in_use = 1; //pending
97 return i;
98 }
99 }
100 return -1;
101 }
103 /********************************************************************
104 * FUNCTION PURPOSE: Internal function to find a SA app id in SA list
105 * and free SA Slot entry if specified
106 ********************************************************************
107 * DESCRIPTION: Internal function to find a SA app id in SA list
108 * and free SA Slot entry if specified
109 ********************************************************************/
110 int findAppIdSlot(ipsecMgrAppId_T *pList, uint32_t saAppId, int free)
111 {
112 int i;
113 for(i=0;i<64;i++)
114 {
115 if ((pList[i].in_use) && (pList[i].saAppId == saAppId))
116 {
117 if(free)
118 pList[i].in_use = 0;
119 return i;
120 }
121 }
122 return -1;
123 }
125 /**************************************************************************
126 * FUNCTION PURPOSE: The function is used to translate the SA configuration
127 * parameters received from the IPSec Snopper and call the NETAPI function
128 * to create a security association
129 ********************************************************************/
130 int netapilib_ifAddSA
131 (
132 ipsecmgr_af_t af,
133 ipsecmgr_sa_id_t *sa_id,
134 ipsecmgr_sa_info_t *sa_info,
135 ipsecmgr_sa_dscp_map_cfg_t *dscp_map_cfg,
136 ipsecmgr_ifname_t *if_name,
137 ipsecmgr_sa_encap_tmpl_t *encap,
138 ipsecmgr_fp_handle_t *sa_handle
139 )
140 {
141 int i;
142 uint8_t auth_key[36];
143 uint8_t encr_key[36];
144 int error, index,slot;
145 NETAPI_SEC_SA_INFO_T saInfo;
146 nwalSecKeyParams_t keyParams;
147 void * p_rx_inflow_mode_handle;
148 void * p_tx_inflow_mode_handle;
149 NETCP_CFG_ROUTE_T route;
150 NETCP_CFG_FLOW_T flow;
151 NETCP_CFG_SA_HANDLE_T pSaHandle;
152 char* pTok = NULL;
153 int iface;
154 ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
155 "netapilib_ifAddSA:, DEBUG: Translating SA\n");
157 memset((void *)&saInfo, 0, sizeof (NETAPI_SEC_SA_INFO_T));
158 memset((void *)&keyParams, 0, sizeof (nwalSecKeyParams_t));
159 memset((void *)&route, 0, sizeof (NETCP_CFG_ROUTE_T));
160 memset((void *)&flow, 0, sizeof (NETCP_CFG_FLOW_T));
162 /* Initialize the SA Config structure. */
163 /* Get the IP protocol version. */
164 if (af == IPSECMGR_AF_IPV4)
165 {
166 saInfo.ipType = nwal_IPV4;
167 /* Populate the source and destination IP addresses. */
168 for (index = 0; index < NWAL_IPV4_ADDR_SIZE; index++)
169 {
170 saInfo.dst.ipv4[index] = sa_id->daddr.ipv4[index];
171 saInfo.src.ipv4[index] = sa_info->saddr.ipv4[index];
172 }
173 }
174 else if (af == IPSECMGR_AF_IPV6)
175 {
176 saInfo.ipType = nwal_IPV6;
178 /* Populate the source and destination IP addresses. */
179 for (index = 0; index < NWAL_IPV6_ADDR_SIZE; index++)
180 {
181 saInfo.dst.ipv6[index] = sa_id->daddr.ipv6[index];
182 saInfo.src.ipv6[index] = sa_info->saddr.ipv6[index];
183 }
184 }
185 else
186 {
187 ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
188 "netapilib_ifAddSA: Address family (%d) is invalid\n", af);
189 return -1;
190 }
191 /* Get the SPI. */
192 saInfo.spi = sa_id->spi;
194 /* Get the SA direction. */
195 if (sa_info->dir == DIR_INBOUND)
196 {
197 slot = findFreeAppIdSlot(&globalDB.rx_sa[0]);
198 if (slot == -1)
199 {
200 ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
201 "netapilib_ifAddSA:, Too many INBOUND SAs already offloaded\n");
202 return -1;
203 }
204 saInfo.dir = NWAL_SA_DIR_INBOUND;
205 /* need to check which interface this SA will be attached to */
206 for (i=0;i<16;i++)
207 {
208 /* get interface for destination ip address */
209 if (compareIPAddr(&ipConfigList[i].ip[0],
210 saInfo.ipType == nwal_IPV4 ?
211 &saInfo.dst.ipv4[0]:
212 &saInfo.dst.ipv6[0],
213 saInfo.ipType))
214 {
215 pTok = strtok(ipConfigList[i].name, ":.");
216 /* now we have the interface name, is this eth0 or eth1 */
217 if (pTok)
218 {
219 /* now we have interface name, now find the i/f number */
220 if(strstr(pTok,"eth"))
221 {
222 sscanf(pTok,"eth%d", &iface);
223 }
224 else if(strstr(pTok,"br"))
225 {
226 sscanf(pTok,"br%d", &iface);
227 }
228 else
229 {
230 ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
231 "netapilib_ifAddSA: invalid interface\n");
232 return -1;
233 }
234 }
235 globalDB.rx_sa[slot].iface = iface;
236 flow.dma_engine= 1;
237 flow.flowid = globalDB.flowId[iface];
238 printf("add_sa: iface: %d, flowid: %d\n",
239 iface,
240 flow.flowid);
242 route.p_flow = &flow;
243 route.p_dest_q = globalDB.pktio_channel[iface];
244 printf("add_sa: p_dest_q: 0x%x, flowId: 0x%x\n",
245 route.p_dest_q, route.p_flow->flowid);
246 printf("add_sa: pktio_handle: 0x%x\n", globalDB.pktio_channel[iface]);
247 break;
248 }
249 }
250 }
251 else if (sa_info->dir == DIR_OUTBOUND)
252 {
253 slot = findFreeAppIdSlot(&globalDB.tx_sa[0]);
254 if (slot == -1)
255 {
256 ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
257 "netapilib_ifAddSA:, Too many OUTBOUND SAs already offloaded\n");
258 return -1;
259 }
260 saInfo.dir = NWAL_SA_DIR_OUTBOUND;
261 }
262 else
263 {
264 ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
265 "netapilib_ifAddSA: IPSec direction (%d) is invalid\n", sa_info->dir);
266 return -1;
267 }
270 /* Get the replay Window */
271 saInfo.replayWindow = sa_info->replay_window;
273 /* Get the IPSec protocol. */
274 if (sa_id->proto == SA_PROTO_AH)
275 saInfo.proto = nwal_IpSecProtoAH;
276 else if (sa_id->proto == SA_PROTO_ESP)
277 saInfo.proto = nwal_IpSecProtoESP;
278 else
279 {
280 ipsecmgr_syslog_msg(SYSLOG_LEVEL_INFO,
281 "netapilib_ifAddSA: IPSec protocol (%d) is invalid.\n", sa_id->proto);
282 return -1;
283 }
284 /* Get the IPSec mode. */
285 if (sa_info->mode == SA_MODE_TRANSPORT)
286 saInfo.saMode = nwal_SA_MODE_TRANSPORT;
287 else if (sa_info->mode == SA_MODE_TUNNEL)
288 saInfo.saMode = nwal_SA_MODE_TUNNEL;
289 else
290 {
291 ipsecmgr_syslog_msg(SYSLOG_LEVEL_INFO,
292 "netapilib_ifAddSA: IPSec mode (%d) is invalid.\n", sa_info->mode);
293 return -1;
294 }
295 /* Get the authentication mode algorithm. */
296 if (sa_info->auth.algo == SA_AALG_HMAC_SHA1)
297 saInfo.authMode = NWAL_SA_AALG_HMAC_SHA1;
298 else if (sa_info->auth.algo == SA_AALG_HMAC_MD5)
299 saInfo.authMode = NWAL_SA_AALG_HMAC_MD5;
300 else if (sa_info->auth.algo == SA_AALG_AES_XCBC)
301 saInfo.authMode = NWAL_SA_AALG_AES_XCBC;
302 else if (sa_info->auth.algo == SA_AALG_NONE || sa_info->auth.algo == SA_AALG_NULL)
303 saInfo.authMode = NWAL_SA_AALG_NULL;
304 else
305 {
306 ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
307 "netapilib_ifAddSA: Authentication algorithm (%d) is invalid\n", sa_info->auth.algo);
308 return -1;
309 }
311 /* Get the encryption mode algorithm. */
312 if (sa_info->enc.algo == SA_EALG_NULL)
313 saInfo.cipherMode = NWAL_SA_EALG_NULL;
314 else if (sa_info->enc.algo == SA_EALG_AES_CTR)
315 saInfo.cipherMode = NWAL_SA_EALG_AES_CTR;
316 else if (sa_info->enc.algo == SA_EALG_AES_CBC)
317 saInfo.cipherMode = NWAL_SA_EALG_AES_CBC;
318 else if (sa_info->enc.algo == SA_EALG_3DES_CBC)
319 saInfo.cipherMode = NWAL_SA_EALG_3DES_CBC;
320 else if (sa_info->enc.algo == SA_EALG_DES_CBC)
321 saInfo.cipherMode = NWAL_SA_EALG_DES_CBC;
322 else
323 {
324 ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
325 "netapilib_ifAddSA: Encryption algorithm (%d) is invalid\n", sa_info->enc.algo);
326 return -1;
327 }
328 /* Validate the key lengths. */
329 if ((keyParams.macKeySize = sa_info->auth_key_len) > 32)
330 {
331 ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
332 "netapilib_ifAddSA: Authentication key size (%d) is invalid.\n", sa_info->auth_key_len);
333 return -1;
334 }
335 if ((keyParams.encKeySize = sa_info->enc_key_len) > 32)
336 {
337 ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
338 "netapilib_ifAddSA: Encryption key size (%d) is invalid.\n", sa_info->enc_key_len);
339 return -1;
340 }
342 /* Get the authentication/encryption keys. */
343 keyParams.pAuthKey = &sa_info->auth_key[0];
344 keyParams.pEncKey = &sa_info->enc_key[0];
346 if (saInfo.dir == NWAL_SA_DIR_INBOUND)
347 {
348 /* Inbound == RX */
349 globalDB.rx_sa[slot].saAppId = netapi_secAddSA(netapi_handle,
350 NETCP_CFG_NO_INTERFACE,
351 &saInfo,
352 &keyParams,
353 NETAPI_SEC_SA_INFLOW,
354 (NETCP_CFG_ROUTE_HANDLE_T)&route,
355 &p_rx_inflow_mode_handle,
356 &p_tx_inflow_mode_handle,
357 NULL, &error);
359 if (error == NETAPI_ERR_OK)
360 {
361 *sa_handle = globalDB.rx_sa[slot].saAppId;
362 }
363 else
364 {
365 ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
366 "netapilib_ifAddSA: netapi_secAddSA returned error: %d.\n",
367 error);
368 return -1;
369 }
370 }
371 else
372 {
373 /* OUTBOUND == TX */
374 globalDB.tx_sa[slot].saAppId = netapi_secAddSA(netapi_handle,
375 NETCP_CFG_NO_INTERFACE,
376 &saInfo,
377 &keyParams,
378 NETAPI_SEC_SA_INFLOW,
379 (NETCP_CFG_ROUTE_HANDLE_T)NULL,
380 &p_rx_inflow_mode_handle,
381 &p_tx_inflow_mode_handle,
382 NULL, &error);
383 if (error == NETAPI_ERR_OK)
384 {
385 *sa_handle = globalDB.tx_sa[slot].saAppId;
386 }
387 else
388 {
389 ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
390 "netapilib_ifAddSA: netapi_secAddSA returned error: %d.\n",
391 error);
392 return -1;
393 }
394 }
396 ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
397 "netapilib_ifAddSA: Translation of SA successful, app_id: 0x%x\n", *sa_handle);
399 /* SA was created successfully. */
400 return 0;
401 }
402 /**************************************************************************
403 * FUNCTION PURPOSE: The function is used to translate the SA configuration
404 * parameters received from the IPSec Snopper and call the NETAPI function
405 * to delete a security association
406 ********************************************************************/
407 int netapilib_ifDeleteSA (ipsecmgr_fp_handle_t sa_handle)
408 {
409 int error, slot;
411 slot = findAppIdSlot(&globalDB.rx_sa[0],sa_handle, 1);
413 /* Determine if rx_sa or tx_sa is being deleted */
414 if (slot != -1)
415 {
416 /* found rx SA, see if there is policy assoicated with rx SA
417 if so, then delete it first*/
418 if (globalDB.rx_sa[slot].spAppId)
419 {
420 netapi_secDelRxPolicy(netapi_handle,
421 (NETCP_CFG_IPSEC_POLICY_T) globalDB.rx_sa[slot].spAppId,
422 &error);
423 ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
424 "netapilib_ifDeleteSA: SP deleted: sp_app_id: 0x%x, slot: %d, error: %d\n",
425 globalDB.rx_sa[slot].spAppId, slot, error);
426 netapi_secDelSA(netapi_handle,
427 NETCP_CFG_NO_INTERFACE,
428 (NETCP_CFG_SA_T) sa_handle,
429 &error);
430 ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
431 "netapilib_ifDeleteSA: SA deleted: sa_app_id: 0x%x, slot: %d, error: %d\n",
432 sa_handle, slot, error);
434 }
435 }
436 else
437 {
438 /* not rx SA, check for tx_sa */
439 slot = findAppIdSlot(&globalDB.tx_sa[0], sa_handle, 1);
441 if (slot != -1)
442 {
443 /* found tx SA, delete it now */
444 netapi_secDelSA(netapi_handle,
445 NETCP_CFG_NO_INTERFACE,
446 (NETCP_CFG_SA_T) sa_handle,
447 &error);
448 ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
449 "netapilib_ifDeleteSA: SA deleted: sa_app_id: 0x%x, slot: %d, error: %d\n",
450 sa_handle, slot, error);
451 }
452 else
453 {
454 ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
455 "netapilib_ifDeleteSA: sa_app_id 0x%x not found in internal list\n",
456 sa_handle);
457 return -1;
458 }
459 }
461 return error;
462 }
464 /**************************************************************************
465 * FUNCTION PURPOSE: The function is used to translate the SP configuration
466 * parameters received from the IPSec Snopper and call the NETAPI function
467 * to create a security policy
468 ********************************************************************/
469 int32_t netapilib_ifAddSP
470 (
471 ipsecmgr_af_t af,
472 ipsecmgr_selector_t *sel,
473 ipsecmgr_dir_t dir,
474 uint32_t reqid,
475 ipsecmgr_fp_handle_t sa_handle,
476 ipsecmgr_policy_id_t policy_id,
477 ipsecmgr_fp_handle_t *sp_handle
478 )
479 {
480 #ifdef ENABLE_ADD_POLICY
481 #warning "ENABLE_ADD_POLICY"
482 NETCP_CFG_IPSEC_POLICY_T spAppIdIn;
483 int error, index, slot;
484 nwal_IpType ipType;
485 nwalIpAddr_t src_ip_addr;
486 nwalIpAddr_t dst_ip_addr;
487 nwalIpOpt_t ip_qualifiers;
488 NETCP_CFG_SA_T sa =(NETCP_CFG_SA_T)sa_handle;
489 NETCP_CFG_ROUTE_T route;
490 NETCP_CFG_FLOW_T flow;
491 NETCP_CFG_PA_HANDLE_T pPaHandleOuterIP;
492 NETCP_CFG_PA_HANDLE_T pPaHandleInnerIP;
493 NETCP_CFG_SA_HANDLE_T pSaHandle;
494 ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,"netapilib_ifAddSP: called\n");
497 if (dir == DIR_OUTBOUND)
498 {
499 ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
500 "netapilib_ifAddSP: called for outbound SA, no RX policy required\n");
501 return 0;
502 }
503 slot = findAppIdSlot(&globalDB.rx_sa[0],sa_handle, 0);
504 if (slot == -1)
505 {
506 ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
507 "netapilib_ifAddSA:, SA app_id not found\n");
508 return -1;
509 }
513 flow.dma_engine= 1;
514 flow.flowid = globalDB.flowId[globalDB.rx_sa[slot].iface];
515 route.p_flow = &flow;
516 route.p_dest_q = globalDB.pktio_channel[globalDB.rx_sa[slot].iface];
519 /* Get the IP protocol version. */
520 if (af == IPSECMGR_AF_IPV4)
521 {
522 ipType = nwal_IPV4;
523 /* Populate the source and destination IP addresses. */
524 for (index = 0; index < NWAL_IPV4_ADDR_SIZE; index++)
525 {
526 dst_ip_addr.ipv4[index] = sel->daddr.ipv4[index];
527 src_ip_addr.ipv4[index] = sel->saddr.ipv4[index];
528 }
529 }
530 else if (af == IPSECMGR_AF_IPV6)
531 {
532 ipType = nwal_IPV6;
533 /* Populate the source and destination IP addresses. */
534 for (index = 0; index < NWAL_IPV6_ADDR_SIZE; index++)
535 {
536 dst_ip_addr.ipv6[index] = sel->daddr.ipv6[index];
537 src_ip_addr.ipv6[index] = sel->saddr.ipv6[index];
538 }
539 }
540 else
541 {
542 ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
543 "netapilib_ifAddSP: Address family (%d) is invalid\n", af);
544 return -1;
545 }
547 globalDB.rx_sa[slot].spAppId = netapi_secAddRxPolicy(netapi_handle,
548 (NETCP_CFG_SA_T) sa_handle,
549 ipType,
550 &src_ip_addr,
551 &dst_ip_addr,
552 NULL,
553 (NETCP_CFG_ROUTE_HANDLE_T)&route,
554 NULL,
555 &error);
557 if (error == NETAPI_ERR_OK)
558 {
559 *sp_handle = globalDB.rx_sa[slot].spAppId;
560 }
561 else
562 {
563 ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
564 "netapilib_ifAddSA: netapi_secAddRxPolicy returned error: %d.\n",
565 error);
566 return -1;
567 }
568 ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
569 "netapilib_ifAddSA: Translation of SP successful, app_id: 0x%x\n", *sp_handle);
571 #endif
572 return 0;
573 }
575 /**************************************************************************
576 * FUNCTION PURPOSE: The function is used to translate the SP configuration
577 * parameters received from the IPSec Snopper and call the NETAPI function
578 * to delete a security association
579 ********************************************************************/
580 int32_t netapilib_ifDeleteSP
581 (
582 ipsecmgr_fp_handle_t sp_handle,
583 ipsecmgr_policy_id_t policy_id,
584 ipsecmgr_dir_t dir
585 )
586 {
587 /* Security Policy is deleted as part of deleting SA */
588 return 0;
589 #if 0
590 int error =0;
591 ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,"netapilib_ifDeleteSP: called\n");
593 if (dir == DIR_OUTBOUND)
594 {
595 ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
596 "netapilib_ifDeleteSP: called for outbound SA, no RX policy to delete\n");
597 return 0;
598 }
599 netapi_secDelRxPolicy(netapi_handle,
600 (NETCP_CFG_IPSEC_POLICY_T) sp_handle,
601 &error);
603 return 0;
604 #endif
605 }
607 /**************************************************************************
608 * FUNCTION PURPOSE: The function is used to translate the SA configuration
609 * parameters received from the IPSec Snopper and retrieve SA context
610 * information for SA.
611 *************************************************************************/
612 int netapilib_ifGetSACtx
613 (
614 ipsecmgr_fp_handle_t sa_handle,
615 ipsecmgr_sa_hw_ctx_t* hw_ctx
616 )
617 {
618 uint32_t swInfo0 = 0;
619 uint32_t swInfo1 = 0;
620 nwalGlobCxtInfo_t info;
621 nwal_RetValue retVal;
623 memset(&info, 0, sizeof(nwalGlobCxtInfo_t));
624 NETAPI_HANDLE_T * n = (NETAPI_HANDLE_T *) netapi_handle;
625 ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,"netapilib_ifGetSACtx: called\n");
628 netapip_netcpCfgGetSaInflowInfo(&netapi_get_global()->nwal_context,
629 (NETCP_CFG_SA_T) sa_handle,
630 &swInfo0,
631 &swInfo1);
633 hw_ctx->swinfo_sz = 2;
634 hw_ctx->swinfo[0] = swInfo0;
635 hw_ctx->swinfo[1] = swInfo1;
637 retVal = nwal_getGlobCxtInfo(((NETAPI_GLOBAL_T*) (n->global))->nwal_context.nwalInstHandle,
638 &info);
639 if (retVal != nwal_OK)
640 {
641 ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
642 "netapilib_ifGetSACtx: nwal_getGlobCxtInfo returned error: 0x%x\n", retVal);
643 return -1;
644 }
645 hw_ctx->flow_id = info.rxSaPaFlowId;
647 ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
648 "netapilib_ifGetSACtx: rxPaSaflowId: 0x%x, rxSaPaflowId: 0x%x\n",
649 info.rxPaSaFlowId,
650 info.rxSaPaFlowId);
651 ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
652 "netapilib_ifGetSACtx: swInfo0: 0x%x, swInfo1: 0x%x, flowId: 0x%x\n",
653 hw_ctx->swinfo[0],
654 hw_ctx->swinfo[1],
655 hw_ctx->flow_id);
657 /* return success */
658 return 0;
659 }