Added IPV6 and bridge interface support
[keystone-rtos/netapi.git] / ti / runtime / netapi / applications / ipsec_offload / ipsecmgr / src / netapilib_interface.c
1 /*
2  * Copyright (C) 2013 Texas Instruments Incorporated - http://www.ti.com/
3  *
4  *
5  *  Redistribution and use in source and binary forms, with or without
6  *  modification, are permitted provided that the following conditions
7  *  are met:
8  *
9  *    Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  *
12  *    Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the
15  *    distribution.
16  *
17  *    Neither the name of Texas Instruments Incorporated nor the names of
18  *    its contributors may be used to endorse or promote products derived
19  *    from this software without specific prior written permission.
20  *
21  *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22  *  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23  *  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
24  *  A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
25  *  OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26  *  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27  *  LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28  *  DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29  *  THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30  *  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31  *  OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32  *
33 */
35 /* Standard includes */
36 #include <stdio.h>
37 #include <arpa/inet.h>
38 #include <inttypes.h>
40 /* ipsecmgr includes */
41 #include <ipsecmgr_snoop.h>
42 #include <ipsecmgr_syslog.h>
44 #include "netapilib_interface.h"
47 extern ipsecMgrMcb_t globalDB;
48 extern NETAPI_T netapi_handle;
49 extern ipsecMgrIfConfigEntry_T ipConfigList[];
53 int compareIPAddr(unsigned char* ip1, unsigned char* ip2, int ip_type)
54 {
55     int found = 1;
56     int i;
57     if (ip_type == nwal_IPV4)
58     {
59         for (i = 0; i < NWAL_IPV4_ADDR_SIZE; i++)
60         {
61             if (ip1[i] != ip2[i])
62             {
63                 found = 0;
64                 break;
65             }
66         }
67         return found;
68     }
69     else
70     {
71         for (i = 0; i < NWAL_IPV6_ADDR_SIZE; i++)
72         {
73             if (ip1[i] != ip2[i])
74             {
75                 found = 0;
76                 break;
77             }
78         }
79         return found;
80     }
81 }
82 /**************************************************************************
83  * FUNCTION PURPOSE:  Internal function to find a free slot to store APPID
84  *                    in list
85  **************************************************************************
86  * DESCRIPTION:  Internal internal function to find a free slot in SA list for an SA
87  ********************************************************************/
88 int findFreeAppIdSlot(ipsecMgrAppId_T *pList)
89 {
90     int i;
91     for(i=0;i<64;i++)
92     {                       
93         if (!pList[i].in_use)
94         {
95             if (free)
96             pList[i].in_use = 1; //pending
97             return i;
98         }
99     }
100     return -1;
103 /********************************************************************
104  * FUNCTION PURPOSE:  Internal function to find a SA app id  in SA list
105  *                    and free SA Slot entry if specified
106  ********************************************************************
107  * DESCRIPTION:  Internal function to find a SA app id  in SA list
108  *                    and free SA Slot entry if specified
109  ********************************************************************/
110 int findAppIdSlot(ipsecMgrAppId_T *pList, uint32_t saAppId, int free)
112     int i;
113     for(i=0;i<64;i++)
114     {                       
115         if ((pList[i].in_use) && (pList[i].saAppId == saAppId))
116         {
117             if(free)
118                 pList[i].in_use = 0;
119             return i;
120         }
121     }
122     return -1;
125 /**************************************************************************
126  * FUNCTION PURPOSE: The function is used to translate the SA configuration
127  * parameters received from the IPSec Snopper and call the NETAPI function
128  * to create a security association
129  ********************************************************************/
130 int netapilib_ifAddSA
132     ipsecmgr_af_t               af,
133     ipsecmgr_sa_id_t            *sa_id,
134     ipsecmgr_sa_info_t          *sa_info,
135     ipsecmgr_sa_dscp_map_cfg_t  *dscp_map_cfg,
136     ipsecmgr_ifname_t           *if_name,
137     ipsecmgr_sa_encap_tmpl_t    *encap,
138     ipsecmgr_fp_handle_t        *sa_handle
141     int i;
142     uint8_t                 auth_key[36];
143     uint8_t                 encr_key[36];
144     int error, index,slot;
145     NETAPI_SEC_SA_INFO_T saInfo;
146     nwalSecKeyParams_t  keyParams;
147     void * p_rx_inflow_mode_handle;
148     void * p_tx_inflow_mode_handle;
149     NETCP_CFG_ROUTE_T  route;
150     NETCP_CFG_FLOW_T flow;
151     NETCP_CFG_SA_HANDLE_T pSaHandle;
152     char* pTok = NULL;
153     int iface;
154     ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO, 
155                 "netapilib_ifAddSA:, DEBUG: Translating SA\n");
157     memset((void *)&saInfo, 0, sizeof (NETAPI_SEC_SA_INFO_T));
158     memset((void *)&keyParams, 0, sizeof (nwalSecKeyParams_t));
159     memset((void *)&route, 0, sizeof (NETCP_CFG_ROUTE_T));
160     memset((void *)&flow, 0, sizeof (NETCP_CFG_FLOW_T));
162     /* Initialize the SA Config structure. */
163     /* Get the IP protocol version. */
164     if (af == IPSECMGR_AF_IPV4)
165     {
166         saInfo.ipType = nwal_IPV4;
167         /* Populate the source and destination IP addresses. */
168         for (index = 0; index < NWAL_IPV4_ADDR_SIZE; index++)
169         {
170             saInfo.dst.ipv4[index] = sa_id->daddr.ipv4[index];
171             saInfo.src.ipv4[index] = sa_info->saddr.ipv4[index];
172         }
173     }
174     else if (af == IPSECMGR_AF_IPV6)
175     { 
176         saInfo.ipType = nwal_IPV6;
178         /* Populate the source and destination IP addresses. */
179         for (index = 0; index < NWAL_IPV6_ADDR_SIZE; index++)
180         {
181             saInfo.dst.ipv6[index] = sa_id->daddr.ipv6[index];
182             saInfo.src.ipv6[index] = sa_info->saddr.ipv6[index];
183         }
184     }
185     else
186     {
187         ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
188             "netapilib_ifAddSA: Address family (%d) is invalid\n", af);
189         return -1;
190     }
191     /* Get the SPI. */
192     saInfo.spi = sa_id->spi;
194     /* Get the SA direction. */
195     if (sa_info->dir == DIR_INBOUND)
196     {
197         slot = findFreeAppIdSlot(&globalDB.rx_sa[0]);
198         if (slot == -1)
199         {
200             ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR, 
201                 "netapilib_ifAddSA:, Too many INBOUND SAs already offloaded\n");
202             return -1;
203         }
204         saInfo.dir = NWAL_SA_DIR_INBOUND;
205         /* need to check which interface this SA will be attached to */
206         for (i=0;i<16;i++)
207         {
208             /* get interface for destination ip address */
209             if (compareIPAddr(&ipConfigList[i].ip[0], 
210                               saInfo.ipType == nwal_IPV4 ?
211                               &saInfo.dst.ipv4[0]:
212                               &saInfo.dst.ipv6[0],
213                               saInfo.ipType))
214             {
215                 pTok = strtok(ipConfigList[i].name, ":.");
216                 /* now we have the interface name, is this eth0 or eth1 */
217                 if (pTok)
218                 {
219                     /* now we have interface name, now find the i/f number */
220                     if(strstr(pTok,"eth"))
221                     {
222                         sscanf(pTok,"eth%d", &iface);
223                     }
224                     else if(strstr(pTok,"br"))
225                     {
226                         sscanf(pTok,"br%d", &iface);
227                     }
228                     else
229                     {
230                         ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
231                         "netapilib_ifAddSA: invalid interface\n");
232                         return -1;
233                     }
234                 }
235                 globalDB.rx_sa[slot].iface = iface;
236                 flow.dma_engine= 1;
237                 flow.flowid = globalDB.flowId[iface];
238                 printf("add_sa: iface: %d, flowid: %d\n",
239                     iface,
240                     flow.flowid);
242                 route.p_flow = &flow;
243                 route.p_dest_q = globalDB.pktio_channel[iface];
244                 printf("add_sa: p_dest_q: 0x%x, flowId: 0x%x\n",
245                 route.p_dest_q, route.p_flow->flowid);
246                 printf("add_sa: pktio_handle: 0x%x\n", globalDB.pktio_channel[iface]);
247                 break;
248             }
249         }
250     }
251     else if (sa_info->dir == DIR_OUTBOUND)
252     {
253         slot = findFreeAppIdSlot(&globalDB.tx_sa[0]);
254         if (slot == -1)
255         {
256             ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR, 
257                 "netapilib_ifAddSA:, Too many OUTBOUND SAs already offloaded\n");
258             return -1;
259         }
260         saInfo.dir = NWAL_SA_DIR_OUTBOUND;
261     }
262     else
263     {
264         ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
265             "netapilib_ifAddSA: IPSec direction (%d) is invalid\n", sa_info->dir);
266         return -1;
267     }
268     
270     /* Get the replay Window */
271     saInfo.replayWindow = sa_info->replay_window;
272    
273     /* Get the IPSec protocol. */
274     if (sa_id->proto == SA_PROTO_AH)
275         saInfo.proto = nwal_IpSecProtoAH;
276     else if (sa_id->proto == SA_PROTO_ESP)
277         saInfo.proto = nwal_IpSecProtoESP;
278     else
279     {
280         ipsecmgr_syslog_msg(SYSLOG_LEVEL_INFO,
281             "netapilib_ifAddSA: IPSec protocol (%d) is invalid.\n", sa_id->proto);
282         return -1;
283     }
284     /* Get the IPSec mode. */
285     if (sa_info->mode == SA_MODE_TRANSPORT)
286         saInfo.saMode = nwal_SA_MODE_TRANSPORT;
287     else if (sa_info->mode == SA_MODE_TUNNEL)
288         saInfo.saMode = nwal_SA_MODE_TUNNEL;
289     else
290     {
291         ipsecmgr_syslog_msg(SYSLOG_LEVEL_INFO,
292             "netapilib_ifAddSA: IPSec mode (%d) is invalid.\n", sa_info->mode);
293         return -1;
294     }
295     /* Get the authentication mode algorithm. */
296     if (sa_info->auth.algo == SA_AALG_HMAC_SHA1)
297         saInfo.authMode = NWAL_SA_AALG_HMAC_SHA1;
298     else if (sa_info->auth.algo == SA_AALG_HMAC_MD5)
299         saInfo.authMode = NWAL_SA_AALG_HMAC_MD5;
300     else if (sa_info->auth.algo == SA_AALG_AES_XCBC)
301         saInfo.authMode = NWAL_SA_AALG_AES_XCBC;
302     else if (sa_info->auth.algo == SA_AALG_NONE || sa_info->auth.algo == SA_AALG_NULL)  
303         saInfo.authMode = NWAL_SA_AALG_NULL;
304     else
305     {
306         ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
307             "netapilib_ifAddSA: Authentication algorithm (%d) is invalid\n", sa_info->auth.algo);
308         return -1;
309     }
311     /* Get the encryption mode algorithm. */
312     if (sa_info->enc.algo == SA_EALG_NULL) 
313         saInfo.cipherMode = NWAL_SA_EALG_NULL;
314     else if (sa_info->enc.algo == SA_EALG_AES_CTR) 
315         saInfo.cipherMode = NWAL_SA_EALG_AES_CTR;
316     else if (sa_info->enc.algo == SA_EALG_AES_CBC)
317         saInfo.cipherMode = NWAL_SA_EALG_AES_CBC;
318     else if (sa_info->enc.algo == SA_EALG_3DES_CBC) 
319         saInfo.cipherMode = NWAL_SA_EALG_3DES_CBC;
320     else if (sa_info->enc.algo == SA_EALG_DES_CBC) 
321         saInfo.cipherMode = NWAL_SA_EALG_DES_CBC;
322     else
323     {
324         ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
325             "netapilib_ifAddSA: Encryption algorithm (%d) is invalid\n", sa_info->enc.algo);
326         return -1;
327     }
328     /* Validate the key lengths. */
329     if ((keyParams.macKeySize = sa_info->auth_key_len) > 32)
330     {
331         ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
332             "netapilib_ifAddSA: Authentication key size (%d) is invalid.\n", sa_info->auth_key_len);
333         return -1;
334     }
335     if ((keyParams.encKeySize = sa_info->enc_key_len) > 32)
336     {
337         ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
338             "netapilib_ifAddSA: Encryption key size (%d) is invalid.\n", sa_info->enc_key_len);
339         return -1;
340     }
342     /* Get the authentication/encryption keys. */
343     keyParams.pAuthKey = &sa_info->auth_key[0];
344     keyParams.pEncKey = &sa_info->enc_key[0];
346     if (saInfo.dir == NWAL_SA_DIR_INBOUND)
347     {
348         /* Inbound == RX */
349         globalDB.rx_sa[slot].saAppId =  netapi_secAddSA(netapi_handle,
350                         NETCP_CFG_NO_INTERFACE,
351                         &saInfo,
352                         &keyParams,
353                         NETAPI_SEC_SA_INFLOW,
354                         (NETCP_CFG_ROUTE_HANDLE_T)&route,
355                         &p_rx_inflow_mode_handle,
356                         &p_tx_inflow_mode_handle,
357                         NULL, &error);
359         if (error == NETAPI_ERR_OK)
360         {
361             *sa_handle = globalDB.rx_sa[slot].saAppId;
362         }
363         else
364         {
365             ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
366                                 "netapilib_ifAddSA: netapi_secAddSA returned error: %d.\n",
367                                  error);
368             return -1;
369         }
370     }
371     else
372     {
373         /* OUTBOUND == TX */
374         globalDB.tx_sa[slot].saAppId = netapi_secAddSA(netapi_handle,
375                         NETCP_CFG_NO_INTERFACE,
376                         &saInfo,
377                         &keyParams,
378                         NETAPI_SEC_SA_INFLOW,
379                         (NETCP_CFG_ROUTE_HANDLE_T)NULL,
380                         &p_rx_inflow_mode_handle,
381                         &p_tx_inflow_mode_handle,
382                         NULL, &error);
383         if (error == NETAPI_ERR_OK)
384         {
385             *sa_handle = globalDB.tx_sa[slot].saAppId;
386         }
387         else
388         {
389             ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
390                                 "netapilib_ifAddSA: netapi_secAddSA returned error: %d.\n",
391                                  error);
392             return -1;
393         }
394     }
395     
396     ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
397     "netapilib_ifAddSA: Translation of SA successful, app_id: 0x%x\n", *sa_handle);
399     /* SA was created successfully. */
400     return 0;
402 /**************************************************************************
403  * FUNCTION PURPOSE: The function is used to translate the SA configuration
404  * parameters received from the IPSec Snopper and call the NETAPI function
405  * to delete a security association
406  ********************************************************************/
407 int netapilib_ifDeleteSA (ipsecmgr_fp_handle_t sa_handle)
409     int error, slot;
410     
411     slot = findAppIdSlot(&globalDB.rx_sa[0],sa_handle, 1);
413     /* Determine if rx_sa or tx_sa is being deleted */
414     if (slot != -1)
415     {
416         /* found rx SA, see if there is policy assoicated with rx SA
417            if so, then delete it first*/
418         if (globalDB.rx_sa[slot].spAppId)
419         {    
420             netapi_secDelRxPolicy(netapi_handle,
421                               (NETCP_CFG_IPSEC_POLICY_T) globalDB.rx_sa[slot].spAppId,
422                               &error);
423             ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
424                 "netapilib_ifDeleteSA: SP deleted: sp_app_id: 0x%x, slot: %d, error: %d\n", 
425                 globalDB.rx_sa[slot].spAppId, slot, error);
426             netapi_secDelSA(netapi_handle,
427                         NETCP_CFG_NO_INTERFACE,
428                         (NETCP_CFG_SA_T) sa_handle,
429                         &error);
430             ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
431                 "netapilib_ifDeleteSA: SA deleted: sa_app_id: 0x%x, slot: %d, error: %d\n", 
432                 sa_handle, slot, error);
433             
434         }
435     }
436     else
437     {
438         /* not rx SA, check for tx_sa */
439         slot = findAppIdSlot(&globalDB.tx_sa[0], sa_handle, 1);
440     
441         if (slot != -1)
442         {
443             /* found tx SA, delete it now */
444             netapi_secDelSA(netapi_handle,
445                         NETCP_CFG_NO_INTERFACE,
446                         (NETCP_CFG_SA_T) sa_handle,
447                         &error);
448             ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
449                 "netapilib_ifDeleteSA: SA deleted: sa_app_id: 0x%x, slot: %d, error: %d\n", 
450                 sa_handle, slot, error);
451         }
452         else
453         {
454             ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
455             "netapilib_ifDeleteSA: sa_app_id 0x%x not found in internal list\n", 
456                 sa_handle);
457             return -1;
458         }
459     }
461     return error;
464 /**************************************************************************
465  * FUNCTION PURPOSE: The function is used to translate the SP configuration
466  * parameters received from the IPSec Snopper and call the NETAPI function
467  * to create a security policy
468  ********************************************************************/
469 int32_t netapilib_ifAddSP
471     ipsecmgr_af_t           af,
472     ipsecmgr_selector_t     *sel,
473     ipsecmgr_dir_t          dir,
474     uint32_t                reqid,
475     ipsecmgr_fp_handle_t    sa_handle, 
476     ipsecmgr_policy_id_t    policy_id,
477     ipsecmgr_fp_handle_t    *sp_handle
480 #ifdef ENABLE_ADD_POLICY
481 #warning "ENABLE_ADD_POLICY"
482     NETCP_CFG_IPSEC_POLICY_T spAppIdIn;
483     int error, index, slot;
484     nwal_IpType ipType;
485     nwalIpAddr_t src_ip_addr;
486     nwalIpAddr_t dst_ip_addr;
487     nwalIpOpt_t ip_qualifiers;
488     NETCP_CFG_SA_T sa =(NETCP_CFG_SA_T)sa_handle;
489     NETCP_CFG_ROUTE_T  route;
490     NETCP_CFG_FLOW_T flow;
491     NETCP_CFG_PA_HANDLE_T pPaHandleOuterIP;
492     NETCP_CFG_PA_HANDLE_T pPaHandleInnerIP;
493     NETCP_CFG_SA_HANDLE_T pSaHandle;
494     ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,"netapilib_ifAddSP: called\n");
497     if (dir == DIR_OUTBOUND)
498     {
499         ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
500             "netapilib_ifAddSP: called for outbound SA, no RX policy required\n");
501         return 0;
502     }
503     slot = findAppIdSlot(&globalDB.rx_sa[0],sa_handle, 0);
504     if (slot == -1)
505     {
506         ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR, 
507             "netapilib_ifAddSA:, SA app_id not found\n");
508         return -1;
509     }
513     flow.dma_engine= 1;
514     flow.flowid = globalDB.flowId[globalDB.rx_sa[slot].iface];
515     route.p_flow = &flow;
516     route.p_dest_q = globalDB.pktio_channel[globalDB.rx_sa[slot].iface];
519     /* Get the IP protocol version. */
520     if (af == IPSECMGR_AF_IPV4)
521     {
522         ipType = nwal_IPV4;
523         /* Populate the source and destination IP addresses. */
524         for (index = 0; index < NWAL_IPV4_ADDR_SIZE; index++)
525         {
526             dst_ip_addr.ipv4[index] = sel->daddr.ipv4[index];
527             src_ip_addr.ipv4[index] = sel->saddr.ipv4[index];
528         }
529     }
530     else if (af == IPSECMGR_AF_IPV6)
531     { 
532         ipType = nwal_IPV6;
533         /* Populate the source and destination IP addresses. */
534         for (index = 0; index < NWAL_IPV6_ADDR_SIZE; index++)
535         {
536             dst_ip_addr.ipv6[index] = sel->daddr.ipv6[index];
537             src_ip_addr.ipv6[index] = sel->saddr.ipv6[index];
538         }
539     }
540     else
541     {
542         ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
543             "netapilib_ifAddSP: Address family (%d) is invalid\n", af);
544         return -1;
545     }
547     globalDB.rx_sa[slot].spAppId = netapi_secAddRxPolicy(netapi_handle,
548                                      (NETCP_CFG_SA_T) sa_handle,
549                                      ipType,
550                                      &src_ip_addr,
551                                      &dst_ip_addr,
552                                      NULL,
553                                      (NETCP_CFG_ROUTE_HANDLE_T)&route,
554                                      NULL,
555                                      &error);
557     if (error == NETAPI_ERR_OK)
558     {
559             *sp_handle = globalDB.rx_sa[slot].spAppId;
560     }
561     else
562     {
563         ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
564                       "netapilib_ifAddSA: netapi_secAddRxPolicy returned error: %d.\n",
565                        error);
566         return -1;
567         }
568         ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
569     "netapilib_ifAddSA: Translation of SP successful, app_id: 0x%x\n", *sp_handle);
571 #endif
572     return 0;
575 /**************************************************************************
576  * FUNCTION PURPOSE: The function is used to translate the SP configuration
577  * parameters received from the IPSec Snopper and call the NETAPI function
578  * to delete a security association
579  ********************************************************************/
580 int32_t netapilib_ifDeleteSP
582     ipsecmgr_fp_handle_t    sp_handle,
583     ipsecmgr_policy_id_t    policy_id,
584     ipsecmgr_dir_t          dir
587     /* Security Policy is deleted as part of deleting SA */
588     return 0;
589 #if 0
590     int error =0;
591     ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,"netapilib_ifDeleteSP: called\n");
593     if (dir == DIR_OUTBOUND)
594     {
595         ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
596             "netapilib_ifDeleteSP: called for outbound SA, no RX policy to delete\n");
597             return 0;
598     }
599     netapi_secDelRxPolicy(netapi_handle,
600                           (NETCP_CFG_IPSEC_POLICY_T) sp_handle,
601                           &error);
602                           
603     return 0;
604 #endif
607 /**************************************************************************
608  * FUNCTION PURPOSE: The function is used to translate the SA configuration
609  * parameters received from the IPSec Snopper and retrieve SA context
610  * information for SA.
611  *************************************************************************/
612 int netapilib_ifGetSACtx
614     ipsecmgr_fp_handle_t    sa_handle,
615     ipsecmgr_sa_hw_ctx_t*   hw_ctx
618     uint32_t swInfo0 = 0;
619     uint32_t swInfo1 = 0;
620     nwalGlobCxtInfo_t info;
621     nwal_RetValue retVal;
623     memset(&info, 0, sizeof(nwalGlobCxtInfo_t));
624     NETAPI_HANDLE_T * n = (NETAPI_HANDLE_T *) netapi_handle;
625     ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,"netapilib_ifGetSACtx: called\n");
628     netapip_netcpCfgGetSaInflowInfo(&netapi_get_global()->nwal_context,
629                                     (NETCP_CFG_SA_T) sa_handle,
630                                     &swInfo0,
631                                     &swInfo1);
633     hw_ctx->swinfo_sz = 2;
634     hw_ctx->swinfo[0] = swInfo0;
635     hw_ctx->swinfo[1] = swInfo1;
637     retVal = nwal_getGlobCxtInfo(((NETAPI_GLOBAL_T*) (n->global))->nwal_context.nwalInstHandle,
638         &info);
639     if (retVal != nwal_OK)
640     {
641         ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
642             "netapilib_ifGetSACtx: nwal_getGlobCxtInfo returned error: 0x%x\n", retVal);
643         return -1;
644     }
645     hw_ctx->flow_id = info.rxSaPaFlowId;
647     ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
648             "netapilib_ifGetSACtx: rxPaSaflowId: 0x%x, rxSaPaflowId: 0x%x\n",
649             info.rxPaSaFlowId,
650             info.rxSaPaFlowId);
651     ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
652             "netapilib_ifGetSACtx: swInfo0: 0x%x, swInfo1: 0x%x, flowId: 0x%x\n",
653             hw_ctx->swinfo[0],
654             hw_ctx->swinfo[1],
655             hw_ctx->flow_id);
657    /* return success */
658     return 0;