Multiple interface routing support updates.
[keystone-rtos/netapi.git] / ti / runtime / netapi / applications / ipsec_offload / ipsecmgr / src / netapilib_interface.c
1 /*
2  * Copyright (C) 2013 Texas Instruments Incorporated - http://www.ti.com/
3  *
4  *
5  *  Redistribution and use in source and binary forms, with or without
6  *  modification, are permitted provided that the following conditions
7  *  are met:
8  *
9  *    Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  *
12  *    Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the
15  *    distribution.
16  *
17  *    Neither the name of Texas Instruments Incorporated nor the names of
18  *    its contributors may be used to endorse or promote products derived
19  *    from this software without specific prior written permission.
20  *
21  *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22  *  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23  *  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
24  *  A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
25  *  OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26  *  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27  *  LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28  *  DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29  *  THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30  *  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31  *  OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32  *
33 */
35 /* Standard includes */
36 #include <stdio.h>
37 #include <arpa/inet.h>
38 #include <inttypes.h>
40 /* ipsecmgr includes */
41 #include <ipsecmgr_snoop.h>
42 #include <ipsecmgr_syslog.h>
44 #include "netapilib_interface.h"
47 extern ipsecMgrMcb_t globalDB;
48 extern NETAPI_T netapi_handle;
50 /**************************************************************************
51  * FUNCTION PURPOSE:  Internal function to find a free slot to store APPID
52  *                    in list
53  **************************************************************************
54  * DESCRIPTION:  Internal internal function to find a free slot in SA list for an SA
55  ********************************************************************/
56 int findFreeAppIdSlot(ipsecMgrAppId_T *pList)
57 {
58     int i;
59     for(i=0;i<64;i++)
60     {                       
61         if (!pList[i].in_use)
62         {
63             if (free)
64             pList[i].in_use = 1; //pending
65             return i;
66         }
67     }
68     return -1;
69 }
71 /********************************************************************
72  * FUNCTION PURPOSE:  Internal function to find a SA app id  in SA list
73  *                    and free SA Slot entry if specified
74  ********************************************************************
75  * DESCRIPTION:  Internal function to find a SA app id  in SA list
76  *                    and free SA Slot entry if specified
77  ********************************************************************/
78 int findAppIdSlot(ipsecMgrAppId_T *pList, uint32_t saAppId, int free)
79 {
80     int i;
81     for(i=0;i<64;i++)
82     {                       
83         if ((pList[i].in_use) && (pList[i].saAppId == saAppId))
84         {
85             if(free)
86                 pList[i].in_use = 0;
87             return i;
88         }
89     }
90     return -1;
91 }
93 /**************************************************************************
94  * FUNCTION PURPOSE: The function is used to translate the SA configuration
95  * parameters received from the IPSec Snopper and call the NETAPI function
96  * to create a security association
97  ********************************************************************/
98 int netapilib_ifAddSA
99 (
100     ipsecmgr_af_t               af,
101     ipsecmgr_sa_id_t            *sa_id,
102     ipsecmgr_sa_info_t          *sa_info,
103     ipsecmgr_sa_dscp_map_cfg_t  *dscp_map_cfg,
104     ipsecmgr_ifname_t           *if_name,
105     ipsecmgr_sa_encap_tmpl_t    *encap,
106     ipsecmgr_fp_handle_t        *sa_handle
109     int i;
110     uint8_t                 auth_key[36];
111     uint8_t                 encr_key[36];
112     int error, index,slot;
113     NETAPI_SEC_SA_INFO_T saInfo;
114     nwalSecKeyParams_t  keyParams;
115     void * p_rx_inflow_mode_handle;
116     void * p_tx_inflow_mode_handle;
117     NETCP_CFG_ROUTE_T  route;
118     NETCP_CFG_FLOW_T flow;
119     NETCP_CFG_SA_HANDLE_T pSaHandle;
120     char* pTok = NULL;
121     ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO, 
122                 "netapilib_ifAddSA:, DEBUG: Translating SA\n");
124     memset((void *)&saInfo, 0, sizeof (NETAPI_SEC_SA_INFO_T));
125     memset((void *)&keyParams, 0, sizeof (nwalSecKeyParams_t));
126     memset((void *)&route, 0, sizeof (NETCP_CFG_ROUTE_T));
127     memset((void *)&flow, 0, sizeof (NETCP_CFG_FLOW_T));
129     /* Initialize the SA Config structure. */
130     /* Get the IP protocol version. */
131     if (af == IPSECMGR_AF_IPV4)
132     {
133         saInfo.ipType = nwal_IPV4;
134         /* Populate the source and destination IP addresses. */
135         for (index = 0; index < NWAL_IPV4_ADDR_SIZE; index++)
136         {
137             saInfo.dst.ipv4[index] = sa_id->daddr.ipv4[index];
138             saInfo.src.ipv4[index] = sa_info->saddr.ipv4[index];
139         }
140     }
141     else if (af == IPSECMGR_AF_IPV6)
142     { 
143         saInfo.ipType = nwal_IPV6;
145         /* Populate the source and destination IP addresses. */
146         for (index = 0; index < NWAL_IPV6_ADDR_SIZE; index++)
147         {
148             saInfo.dst.ipv6[index] = sa_id->daddr.ipv6[index];
149             saInfo.src.ipv6[index] = sa_info->saddr.ipv6[index];
150         }
151     }
152     else
153     {
154         ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
155             "netapilib_ifAddSA: Address family (%d) is invalid\n", af);
156         return -1;
157     }
158     /* Get the SPI. */
159     saInfo.spi = sa_id->spi;
161     /* Get the SA direction. */
162     if (sa_info->dir == DIR_INBOUND)
163     {
164         slot = findFreeAppIdSlot(&globalDB.rx_sa[0]);
165         if (slot == -1)
166         {
167             ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR, 
168                 "netapilib_ifAddSA:, Too many INBOUND SAs already offloaded\n");
169             return -1;
170         }
171         saInfo.dir = NWAL_SA_DIR_INBOUND;
173         flow.dma_engine= 1;
174         flow.flowid = globalDB.flowId;
175         printf("add_sa:flowid: %d\n",flow.flowid);
177         route.p_flow = &flow;
178         route.p_dest_q = globalDB.pktio_channel;
180         printf("add_sa: p_dest_q: 0x%x, flowId: 0x%x\n",
181                 route.p_dest_q, 
182                 route.p_flow->flowid);
183                 route.valid_params |= NETCP_CFG_VALID_PARAM_ROUTE_TYPE;
184                 route.routeType = NWAL_ROUTE_RX_INTF_W_FLOW;
185     }
186     else if (sa_info->dir == DIR_OUTBOUND)
187     {
188         slot = findFreeAppIdSlot(&globalDB.tx_sa[0]);
189         if (slot == -1)
190         {
191             ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR, 
192                 "netapilib_ifAddSA:, Too many OUTBOUND SAs already offloaded\n");
193             return -1;
194         }
195         saInfo.dir = NWAL_SA_DIR_OUTBOUND;
196     }
197     else
198     {
199         ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
200             "netapilib_ifAddSA: IPSec direction (%d) is invalid\n", sa_info->dir);
201         return -1;
202     }
203     
205     /* Get the replay Window */
206     saInfo.replayWindow = sa_info->replay_window;
207    
208     /* Get the IPSec protocol. */
209     if (sa_id->proto == SA_PROTO_AH)
210         saInfo.proto = nwal_IpSecProtoAH;
211     else if (sa_id->proto == SA_PROTO_ESP)
212         saInfo.proto = nwal_IpSecProtoESP;
213     else
214     {
215         ipsecmgr_syslog_msg(SYSLOG_LEVEL_INFO,
216             "netapilib_ifAddSA: IPSec protocol (%d) is invalid.\n", sa_id->proto);
217         return -1;
218     }
219     /* Get the IPSec mode. */
220     if (sa_info->mode == SA_MODE_TRANSPORT)
221         saInfo.saMode = nwal_SA_MODE_TRANSPORT;
222     else if (sa_info->mode == SA_MODE_TUNNEL)
223         saInfo.saMode = nwal_SA_MODE_TUNNEL;
224     else
225     {
226         ipsecmgr_syslog_msg(SYSLOG_LEVEL_INFO,
227             "netapilib_ifAddSA: IPSec mode (%d) is invalid.\n", sa_info->mode);
228         return -1;
229     }
230     /* Get the authentication mode algorithm. */
231     if (sa_info->auth.algo == SA_AALG_HMAC_SHA1)
232         saInfo.authMode = NWAL_SA_AALG_HMAC_SHA1;
233     else if (sa_info->auth.algo == SA_AALG_HMAC_MD5)
234         saInfo.authMode = NWAL_SA_AALG_HMAC_MD5;
235     else if (sa_info->auth.algo == SA_AALG_AES_XCBC)
236         saInfo.authMode = NWAL_SA_AALG_AES_XCBC;
237     else if (sa_info->auth.algo == SA_AALG_NONE || sa_info->auth.algo == SA_AALG_NULL)  
238         saInfo.authMode = NWAL_SA_AALG_NULL;
239     else
240     {
241         ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
242             "netapilib_ifAddSA: Authentication algorithm (%d) is invalid\n", sa_info->auth.algo);
243         return -1;
244     }
246     /* Get the encryption mode algorithm. */
247     if (sa_info->enc.algo == SA_EALG_NULL) 
248         saInfo.cipherMode = NWAL_SA_EALG_NULL;
249     else if (sa_info->enc.algo == SA_EALG_AES_CTR) 
250         saInfo.cipherMode = NWAL_SA_EALG_AES_CTR;
251     else if (sa_info->enc.algo == SA_EALG_AES_CBC)
252         saInfo.cipherMode = NWAL_SA_EALG_AES_CBC;
253     else if (sa_info->enc.algo == SA_EALG_3DES_CBC) 
254         saInfo.cipherMode = NWAL_SA_EALG_3DES_CBC;
255     else if (sa_info->enc.algo == SA_EALG_DES_CBC) 
256         saInfo.cipherMode = NWAL_SA_EALG_DES_CBC;
257     else
258     {
259         ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
260             "netapilib_ifAddSA: Encryption algorithm (%d) is invalid\n", sa_info->enc.algo);
261         return -1;
262     }
263     /* Validate the key lengths. */
264     if ((keyParams.macKeySize = sa_info->auth_key_len) > 32)
265     {
266         ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
267             "netapilib_ifAddSA: Authentication key size (%d) is invalid.\n", sa_info->auth_key_len);
268         return -1;
269     }
270     if ((keyParams.encKeySize = sa_info->enc_key_len) > 32)
271     {
272         ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
273             "netapilib_ifAddSA: Encryption key size (%d) is invalid.\n", sa_info->enc_key_len);
274         return -1;
275     }
277     /* Get the authentication/encryption keys. */
278     keyParams.pAuthKey = &sa_info->auth_key[0];
279     keyParams.pEncKey = &sa_info->enc_key[0];
281     if (saInfo.dir == NWAL_SA_DIR_INBOUND)
282     {
283         /* Inbound == RX */
284         globalDB.rx_sa[slot].saAppId =  netapi_secAddSA(netapi_handle,
285                         NETCP_CFG_NO_INTERFACE,
286                         &saInfo,
287                         &keyParams,
288                         NETAPI_SEC_SA_INFLOW,
289                         (NETCP_CFG_ROUTE_HANDLE_T)&route,
290                         &p_rx_inflow_mode_handle,
291                         &p_tx_inflow_mode_handle,
292                         NULL, &error);
294         if (error == NETAPI_ERR_OK)
295         {
296             *sa_handle = globalDB.rx_sa[slot].saAppId;
297         }
298         else
299         {
300             ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
301                                 "netapilib_ifAddSA: netapi_secAddSA returned error: %d.\n",
302                                  error);
303             return -1;
304         }
305     }
306     else
307     {
308         /* OUTBOUND == TX */
309         globalDB.tx_sa[slot].saAppId = netapi_secAddSA(netapi_handle,
310                         NETCP_CFG_NO_INTERFACE,
311                         &saInfo,
312                         &keyParams,
313                         NETAPI_SEC_SA_INFLOW,
314                         (NETCP_CFG_ROUTE_HANDLE_T)NULL,
315                         &p_rx_inflow_mode_handle,
316                         &p_tx_inflow_mode_handle,
317                         NULL, &error);
318         if (error == NETAPI_ERR_OK)
319         {
320             *sa_handle = globalDB.tx_sa[slot].saAppId;
321         }
322         else
323         {
324             ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
325                                 "netapilib_ifAddSA: netapi_secAddSA returned error: %d.\n",
326                                  error);
327             return -1;
328         }
329     }
330     
331     ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
332     "netapilib_ifAddSA: Translation of SA successful, app_id: 0x%x\n", *sa_handle);
334     /* SA was created successfully. */
335     return 0;
338 /**************************************************************************
339  * FUNCTION PURPOSE: The function is used to translate the SA configuration
340  * parameters received from the IPSec Snopper and call the NETAPI function
341  * to delete a security association
342  ********************************************************************/
343 int netapilib_ifDeleteSA (ipsecmgr_fp_handle_t sa_handle)
345     int error, slot;
346     cpu_set_t cpu_set;
348     slot = findAppIdSlot(&globalDB.rx_sa[0],sa_handle, 1);
350     /* Determine if rx_sa or tx_sa is being deleted */
351     if (slot != -1)
352     {
353         /* found rx SA, see if there is policy assoicated with rx SA
354            if so, then delete it first*/
355         if (globalDB.rx_sa[slot].spAppId)
356         {    
357             netapi_secDelRxPolicy(netapi_handle,
358                               (NETCP_CFG_IPSEC_POLICY_T) globalDB.rx_sa[slot].spAppId,
359                               &error);
360             ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
361                 "netapilib_ifDeleteSA: SP deleted: sp_app_id: 0x%x, slot: %d, error: %d\n", 
362                 globalDB.rx_sa[slot].spAppId, slot, error);
363             netapi_secDelSA(netapi_handle,
364                         NETCP_CFG_NO_INTERFACE,
365                         (NETCP_CFG_SA_T) sa_handle,
366                         &error);
367             ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
368                 "netapilib_ifDeleteSA: SA deleted: sa_app_id: 0x%x, slot: %d, error: %d\n", 
369                 sa_handle, slot, error);
370             
371         }
372     }
373     else
374     {
375         /* not rx SA, check for tx_sa */
376         slot = findAppIdSlot(&globalDB.tx_sa[0], sa_handle, 1);
377     
378         if (slot != -1)
379         {
380             /* found tx SA, delete it now */
381             netapi_secDelSA(netapi_handle,
382                         NETCP_CFG_NO_INTERFACE,
383                         (NETCP_CFG_SA_T) sa_handle,
384                         &error);
385             ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
386                 "netapilib_ifDeleteSA: SA deleted: sa_app_id: 0x%x, slot: %d, error: %d\n", 
387                 sa_handle, slot, error);
388         }
389         else
390         {
391             ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
392             "netapilib_ifDeleteSA: sa_app_id 0x%x not found in internal list\n", 
393                 sa_handle);
394             return -1;
395         }
396     }
398     return error;
401 /**************************************************************************
402  * FUNCTION PURPOSE: The function is used to translate the SP configuration
403  * parameters received from the IPSec Snopper and call the NETAPI function
404  * to create a security policy
405  ********************************************************************/
406 int32_t netapilib_ifAddSP
408     ipsecmgr_af_t           af,
409     ipsecmgr_selector_t     *sel,
410     ipsecmgr_dir_t          dir,
411     uint32_t                reqid,
412     ipsecmgr_fp_handle_t    sa_handle, 
413     ipsecmgr_policy_id_t    policy_id,
414     ipsecmgr_fp_handle_t    *sp_handle
417 #ifdef ENABLE_ADD_POLICY
418 #warning "ENABLE_ADD_POLICY"
419     NETCP_CFG_IPSEC_POLICY_T spAppIdIn;
420     int error, index, slot;
421     nwal_IpType ipType;
422     nwalIpAddr_t src_ip_addr;
423     nwalIpAddr_t dst_ip_addr;
424     nwalIpOpt_t ip_qualifiers;
425     NETCP_CFG_SA_T sa =(NETCP_CFG_SA_T)sa_handle;
426     NETCP_CFG_ROUTE_T  route;
427     NETCP_CFG_FLOW_T flow;
428     NETCP_CFG_PA_HANDLE_T pPaHandleOuterIP;
429     NETCP_CFG_PA_HANDLE_T pPaHandleInnerIP;
430     NETCP_CFG_SA_HANDLE_T pSaHandle;
432     cpu_set_t cpu_set;
433     /* assign main net_test thread to run on core 0 */
434     CPU_ZERO( &cpu_set);
435     CPU_SET( 0, &cpu_set);
436     hplib_utilSetupThread(0, &cpu_set, hplib_spinLock_Type_LOL);
437     ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,"netapilib_ifAddSP: called\n");
440     if (dir == DIR_OUTBOUND)
441     {
442         ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
443             "netapilib_ifAddSP: called for outbound SA, no RX policy required\n");
444         return 0;
445     }
446     slot = findAppIdSlot(&globalDB.rx_sa[0],sa_handle, 0);
447     if (slot == -1)
448     {
449         ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR, 
450             "netapilib_ifAddSA:, SA app_id not found\n");
451         return -1;
452     }
456     flow.dma_engine= 1;
457     flow.flowid = globalDB.flowId;
458     route.p_flow = &flow;
459     route.p_dest_q = globalDB.pktio_channel;
462     /* Get the IP protocol version. */
463     if (af == IPSECMGR_AF_IPV4)
464     {
465         ipType = nwal_IPV4;
466         /* Populate the source and destination IP addresses. */
467         for (index = 0; index < NWAL_IPV4_ADDR_SIZE; index++)
468         {
469             dst_ip_addr.ipv4[index] = sel->daddr.ipv4[index];
470             src_ip_addr.ipv4[index] = sel->saddr.ipv4[index];
471         }
472     }
473     else if (af == IPSECMGR_AF_IPV6)
474     { 
475         ipType = nwal_IPV6;
476         /* Populate the source and destination IP addresses. */
477         for (index = 0; index < NWAL_IPV6_ADDR_SIZE; index++)
478         {
479             dst_ip_addr.ipv6[index] = sel->daddr.ipv6[index];
480             src_ip_addr.ipv6[index] = sel->saddr.ipv6[index];
481         }
482     }
483     else
484     {
485         ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
486             "netapilib_ifAddSP: Address family (%d) is invalid\n", af);
487         return -1;
488     }
490     globalDB.rx_sa[slot].spAppId = netapi_secAddRxPolicy(netapi_handle,
491                                      (NETCP_CFG_SA_T) sa_handle,
492                                      ipType,
493                                      &src_ip_addr,
494                                      &dst_ip_addr,
495                                      NULL,
496                                      (NETCP_CFG_ROUTE_HANDLE_T)&route,
497                                      NULL,
498                                      &error);
500     if (error == NETAPI_ERR_OK)
501     {
502             *sp_handle = globalDB.rx_sa[slot].spAppId;
503     }
504     else
505     {
506         ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
507                       "netapilib_ifAddSA: netapi_secAddRxPolicy returned error: %d.\n",
508                        error);
509         return -1;
510         }
511         ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
512     "netapilib_ifAddSA: Translation of SP successful, app_id: 0x%x\n", *sp_handle);
514 #endif
515     return 0;
518 /**************************************************************************
519  * FUNCTION PURPOSE: The function is used to translate the SP configuration
520  * parameters received from the IPSec Snopper and call the NETAPI function
521  * to delete a security association
522  ********************************************************************/
523 int32_t netapilib_ifDeleteSP
525     ipsecmgr_fp_handle_t    sp_handle,
526     ipsecmgr_policy_id_t    policy_id,
527     ipsecmgr_dir_t          dir
530     /* Security Policy is deleted as part of deleting SA */
531     return 0;
532 #if 0
533     int error =0;
534     ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,"netapilib_ifDeleteSP: called\n");
536     if (dir == DIR_OUTBOUND)
537     {
538         ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
539             "netapilib_ifDeleteSP: called for outbound SA, no RX policy to delete\n");
540             return 0;
541     }
542     netapi_secDelRxPolicy(netapi_handle,
543                           (NETCP_CFG_IPSEC_POLICY_T) sp_handle,
544                           &error);
545                           
546     return 0;
547 #endif
550 /**************************************************************************
551  * FUNCTION PURPOSE: The function is used to translate the SA configuration
552  * parameters received from the IPSec Snopper and retrieve SA context
553  * information for SA.
554  *************************************************************************/
555 int netapilib_ifGetSACtx
557     ipsecmgr_fp_handle_t    sa_handle,
558     ipsecmgr_sa_hw_ctx_t*   hw_ctx
561     uint32_t swInfo0 = 0;
562     uint32_t swInfo1 = 0;
563     nwalGlobCxtInfo_t info;
564     nwal_RetValue retVal;
566     memset(&info, 0, sizeof(nwalGlobCxtInfo_t));
567     NETAPI_HANDLE_T * n = (NETAPI_HANDLE_T *) netapi_handle;
568     ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,"netapilib_ifGetSACtx: called\n");
571     netapip_netcpCfgGetSaInflowInfo(&netapi_get_global()->nwal_context,
572                                     (NETCP_CFG_SA_T) sa_handle,
573                                     &swInfo0,
574                                     &swInfo1);
576     hw_ctx->swinfo_sz = 2;
577     hw_ctx->swinfo[0] = swInfo0;
578     hw_ctx->swinfo[1] = swInfo1;
580     retVal = nwal_getGlobCxtInfo(((NETAPI_GLOBAL_T*) (n->global))->nwal_context.nwalInstHandle,
581         &info);
582     if (retVal != nwal_OK)
583     {
584         ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
585             "netapilib_ifGetSACtx: nwal_getGlobCxtInfo returned error: 0x%x\n", retVal);
586         return -1;
587     }
588     hw_ctx->flow_id = info.rxSaPaFlowId;
590     ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
591             "netapilib_ifGetSACtx: rxPaSaflowId: 0x%x, rxSaPaflowId: 0x%x\n",
592             info.rxPaSaFlowId,
593             info.rxSaPaFlowId);
594     ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
595             "netapilib_ifGetSACtx: swInfo0: 0x%x, swInfo1: 0x%x, flowId: 0x%x\n",
596             hw_ctx->swinfo[0],
597             hw_ctx->swinfo[1],
598             hw_ctx->flow_id);
600    /* return success */
601     return 0;