bf1b8d6715fa9af2094f1e9f54bedc94f92b6dcf
[keystone-rtos/netapi.git] / ti / runtime / netapi / applications / ipsec_offload / ipsecmgr / src / netapilib_interface.c
1 /*
2 * Copyright (C) 2013 Texas Instruments Incorporated - http://www.ti.com/
3 *
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the
15 * distribution.
16 *
17 * Neither the name of Texas Instruments Incorporated nor the names of
18 * its contributors may be used to endorse or promote products derived
19 * from this software without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
24 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
25 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 *
33 */
35 /* Standard includes */
36 #include <stdio.h>
37 #include <arpa/inet.h>
38 #include <inttypes.h>
40 /* ipsecmgr includes */
41 #include <ipsecmgr_snoop.h>
42 #include <ipsecmgr_syslog.h>
44 #include "netapilib_interface.h"
47 extern ipsecMgrMcb_t globalDB;
48 extern NETAPI_T netapi_handle;
49 extern ipsecMgrIfConfigEntry_T ipConfigList[];
53 int compareIPAddr(unsigned char* ip1, unsigned char* ip2, int ip_type)
54 {
55 int found = 1;
56 int i;
57 for (i = 0; i<4; i++)
58 {
59 if (ip1[i] != ip2[i])
60 {
61 found = 0;
62 break;
63 }
65 }
66 return found;
67 }
68 /**************************************************************************
69 * FUNCTION PURPOSE: Internal function to find a free slot to store APPID
70 * in list
71 **************************************************************************
72 * DESCRIPTION: Internal internal function to find a free slot in SA list for an SA
73 ********************************************************************/
74 int findFreeAppIdSlot(ipsecMgrAppId_T *pList)
75 {
76 int i;
77 for(i=0;i<64;i++)
78 {
79 if (!pList[i].in_use)
80 {
81 if (free)
82 pList[i].in_use = 1; //pending
83 return i;
84 }
85 }
86 return -1;
87 }
89 /********************************************************************
90 * FUNCTION PURPOSE: Internal function to find a SA app id in SA list
91 * and free SA Slot entry if specified
92 ********************************************************************
93 * DESCRIPTION: Internal function to find a SA app id in SA list
94 * and free SA Slot entry if specified
95 ********************************************************************/
96 int findAppIdSlot(ipsecMgrAppId_T *pList, uint32_t saAppId, int free)
97 {
98 int i;
99 for(i=0;i<64;i++)
100 {
101 if ((pList[i].in_use) && (pList[i].saAppId == saAppId))
102 {
103 if(free)
104 pList[i].in_use = 0;
105 return i;
106 }
107 }
108 return -1;
109 }
111 /**************************************************************************
112 * FUNCTION PURPOSE: The function is used to translate the SA configuration
113 * parameters received from the IPSec Snopper and call the NETAPI function
114 * to create a security association
115 ********************************************************************/
116 int netapilib_ifAddSA
117 (
118 ipsecmgr_af_t af,
119 ipsecmgr_sa_id_t *sa_id,
120 ipsecmgr_sa_info_t *sa_info,
121 ipsecmgr_sa_dscp_map_cfg_t *dscp_map_cfg,
122 ipsecmgr_ifname_t *if_name,
123 ipsecmgr_sa_encap_tmpl_t *encap,
124 ipsecmgr_fp_handle_t *sa_handle
125 )
126 {
127 int i;
128 uint8_t auth_key[36];
129 uint8_t encr_key[36];
130 int error, index,slot;
131 NETAPI_SEC_SA_INFO_T saInfo;
132 nwalSecKeyParams_t keyParams;
133 void * p_rx_inflow_mode_handle;
134 void * p_tx_inflow_mode_handle;
135 NETCP_CFG_ROUTE_T route;
136 NETCP_CFG_FLOW_T flow;
137 NETCP_CFG_SA_HANDLE_T pSaHandle;
138 char* pTok = NULL;
139 int iface;
140 ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
141 "netapilib_ifAddSA:, DEBUG: Translating SA\n");
143 memset((void *)&saInfo, 0, sizeof (NETAPI_SEC_SA_INFO_T));
144 memset((void *)&keyParams, 0, sizeof (nwalSecKeyParams_t));
145 memset((void *)&route, 0, sizeof (NETCP_CFG_ROUTE_T));
146 memset((void *)&flow, 0, sizeof (NETCP_CFG_FLOW_T));
150 /* Initialize the SA Config structure. */
151 /* Get the IP protocol version. */
152 if (af == IPSECMGR_AF_IPV4)
153 {
154 saInfo.ipType = nwal_IPV4;
155 /* Populate the source and destination IP addresses. */
156 for (index = 0; index < 4; index++)
157 {
158 saInfo.dst.ipv4[index] = sa_id->daddr.ipv4[index];
159 saInfo.src.ipv4[index] = sa_info->saddr.ipv4[index];
160 }
161 }
162 else if (af == IPSECMGR_AF_IPV6)
163 {
164 saInfo.ipType = nwal_IPV6;
166 /* Populate the source and destination IP addresses. */
167 for (index = 0; index < 16; index++)
168 {
169 saInfo.dst.ipv6[index] = sa_id->daddr.ipv6[index];
170 saInfo.src.ipv6[index] = sa_info->saddr.ipv6[index];
171 }
172 }
173 else
174 {
175 ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
176 "netapilib_ifAddSA: Address family (%d) is invalid\n", af);
177 return -1;
178 }
179 /* Get the SPI. */
180 saInfo.spi = sa_id->spi;
182 /* Get the SA direction. */
183 if (sa_info->dir == DIR_INBOUND)
184 {
185 slot = findFreeAppIdSlot(&globalDB.rx_sa[0]);
186 if (slot == -1)
187 {
188 ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
189 "netapilib_ifAddSA:, Too many INBOUND SAs already offloaded\n");
190 return -1;
191 }
192 saInfo.dir = NWAL_SA_DIR_INBOUND;
193 /* need to check which interface this SA will be attached to */
194 for (i=0;i<16;i++)
195 {
196 /* get interface for destination ip address */
197 if (compareIPAddr(&ipConfigList[i].ip[0],
198 &saInfo.dst.ipv4[0],
199 saInfo.ipType))
200 {
201 pTok = strtok(ipConfigList[i].name, ":.");
202 /* now we have the interface name, is this eth0 or eth1 */
203 if (pTok)
204 /* now we have eth0 or eth1, now find the i/f number */
205 sscanf(pTok,"eth%d", &iface);
207 globalDB.rx_sa[slot].iface = iface;
208 flow.dma_engine= 1;
209 flow.flowid = globalDB.flowId[iface];
210 route.p_flow = &flow;
211 route.p_dest_q = globalDB.pktio_channel[iface];
212 break;
214 }
215 }
217 }
218 else if (sa_info->dir == DIR_OUTBOUND)
219 {
220 slot = findFreeAppIdSlot(&globalDB.tx_sa[0]);
221 if (slot == -1)
222 {
223 ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
224 "netapilib_ifAddSA:, Too many OUTBOUND SAs already offloaded\n");
225 return -1;
226 }
227 saInfo.dir = NWAL_SA_DIR_OUTBOUND;
228 }
229 else
230 {
231 ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
232 "netapilib_ifAddSA: IPSec direction (%d) is invalid\n", sa_info->dir);
233 return -1;
234 }
237 /* Get the replay Window */
238 saInfo.replayWindow = sa_info->replay_window;
240 /* Get the IPSec protocol. */
241 if (sa_id->proto == SA_PROTO_AH)
242 saInfo.proto = nwal_IpSecProtoAH;
243 else if (sa_id->proto == SA_PROTO_ESP)
244 saInfo.proto = nwal_IpSecProtoESP;
245 else
246 {
247 ipsecmgr_syslog_msg(SYSLOG_LEVEL_INFO,
248 "netapilib_ifAddSA: IPSec protocol (%d) is invalid.\n", sa_id->proto);
249 return -1;
250 }
251 /* Get the IPSec mode. */
252 if (sa_info->mode == SA_MODE_TRANSPORT)
253 saInfo.saMode = nwal_SA_MODE_TRANSPORT;
254 else if (sa_info->mode == SA_MODE_TUNNEL)
255 saInfo.saMode = nwal_SA_MODE_TUNNEL;
256 else
257 {
258 ipsecmgr_syslog_msg(SYSLOG_LEVEL_INFO,
259 "netapilib_ifAddSA: IPSec mode (%d) is invalid.\n", sa_info->mode);
260 return -1;
261 }
262 /* Get the authentication mode algorithm. */
263 if (sa_info->auth.algo == SA_AALG_HMAC_SHA1)
264 saInfo.authMode = NWAL_SA_AALG_HMAC_SHA1;
265 else if (sa_info->auth.algo == SA_AALG_HMAC_MD5)
266 saInfo.authMode = NWAL_SA_AALG_HMAC_MD5;
267 else if (sa_info->auth.algo == SA_AALG_AES_XCBC)
268 saInfo.authMode = NWAL_SA_AALG_AES_XCBC;
269 else if (sa_info->auth.algo == SA_AALG_NONE || sa_info->auth.algo == SA_AALG_NULL)
270 saInfo.authMode = NWAL_SA_AALG_NULL;
271 else
272 {
273 ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
274 "netapilib_ifAddSA: Authentication algorithm (%d) is invalid\n", sa_info->auth.algo);
275 return -1;
276 }
278 /* Get the encryption mode algorithm. */
279 if (sa_info->enc.algo == SA_EALG_NULL)
280 saInfo.cipherMode = NWAL_SA_EALG_NULL;
281 else if (sa_info->enc.algo == SA_EALG_AES_CTR)
282 saInfo.cipherMode = NWAL_SA_EALG_AES_CTR;
283 else if (sa_info->enc.algo == SA_EALG_AES_CBC)
284 saInfo.cipherMode = NWAL_SA_EALG_AES_CBC;
285 else if (sa_info->enc.algo == SA_EALG_3DES_CBC)
286 saInfo.cipherMode = NWAL_SA_EALG_3DES_CBC;
287 else if (sa_info->enc.algo == SA_EALG_DES_CBC)
288 saInfo.cipherMode = NWAL_SA_EALG_DES_CBC;
289 else
290 {
291 ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
292 "netapilib_ifAddSA: Encryption algorithm (%d) is invalid\n", sa_info->enc.algo);
293 return -1;
294 }
295 /* Validate the key lengths. */
296 if ((keyParams.macKeySize = sa_info->auth_key_len) > 32)
297 {
298 ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
299 "netapilib_ifAddSA: Authentication key size (%d) is invalid.\n", sa_info->auth_key_len);
300 return -1;
301 }
302 if ((keyParams.encKeySize = sa_info->enc_key_len) > 32)
303 {
304 ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
305 "netapilib_ifAddSA: Encryption key size (%d) is invalid.\n", sa_info->enc_key_len);
306 return -1;
307 }
309 /* Get the authentication/encryption keys. */
310 keyParams.pAuthKey = &sa_info->auth_key[0];
311 keyParams.pEncKey = &sa_info->enc_key[0];
313 if (saInfo.dir == NWAL_SA_DIR_INBOUND)
314 {
315 /* Inbound == RX */
316 globalDB.rx_sa[slot].saAppId = netapi_secAddSA(netapi_handle,
317 NETCP_CFG_NO_INTERFACE,
318 &saInfo,
319 &keyParams,
320 NETAPI_SEC_SA_INFLOW,
321 (NETCP_CFG_ROUTE_HANDLE_T)&route,
322 &p_rx_inflow_mode_handle,
323 &p_tx_inflow_mode_handle,
324 NULL, &error);
326 if (error == NETAPI_ERR_OK)
327 {
328 *sa_handle = globalDB.rx_sa[slot].saAppId;
329 }
330 else
331 {
332 ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
333 "netapilib_ifAddSA: netapi_secAddSA returned error: %d.\n",
334 error);
335 return -1;
336 }
337 }
338 else
339 {
340 /* OUTBOUND == TX */
341 globalDB.tx_sa[slot].saAppId = netapi_secAddSA(netapi_handle,
342 NETCP_CFG_NO_INTERFACE,
343 &saInfo,
344 &keyParams,
345 NETAPI_SEC_SA_INFLOW,
346 (NETCP_CFG_ROUTE_HANDLE_T)NULL,
347 &p_rx_inflow_mode_handle,
348 &p_tx_inflow_mode_handle,
349 NULL, &error);
350 if (error == NETAPI_ERR_OK)
351 {
352 *sa_handle = globalDB.tx_sa[slot].saAppId;
353 }
354 else
355 {
356 ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
357 "netapilib_ifAddSA: netapi_secAddSA returned error: %d.\n",
358 error);
359 return -1;
360 }
361 }
363 ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
364 "netapilib_ifAddSA: Translation of SA successful, app_id: 0x%x\n", *sa_handle);
366 /* SA was created successfully. */
367 return 0;
368 }
369 /**************************************************************************
370 * FUNCTION PURPOSE: The function is used to translate the SA configuration
371 * parameters received from the IPSec Snopper and call the NETAPI function
372 * to delete a security association
373 ********************************************************************/
374 int netapilib_ifDeleteSA (ipsecmgr_fp_handle_t sa_handle)
375 {
376 int error, slot;
378 slot = findAppIdSlot(&globalDB.rx_sa[0],sa_handle, 1);
380 /* Determine if rx_sa or tx_sa is being deleted */
381 if (slot != -1)
382 {
383 /* found rx SA, see if there is policy assoicated with rx SA
384 if so, then delete it first*/
385 if (globalDB.rx_sa[slot].spAppId)
386 {
387 netapi_secDelRxPolicy(netapi_handle,
388 (NETCP_CFG_IPSEC_POLICY_T) globalDB.rx_sa[slot].spAppId,
389 &error);
390 ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
391 "netapilib_ifDeleteSA: SP deleted: sp_app_id: 0x%x, slot: %d, error: %d\n",
392 globalDB.rx_sa[slot].spAppId, slot, error);
393 netapi_secDelSA(netapi_handle,
394 NETCP_CFG_NO_INTERFACE,
395 (NETCP_CFG_SA_T) sa_handle,
396 &error);
397 ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
398 "netapilib_ifDeleteSA: SA deleted: sa_app_id: 0x%x, slot: %d, error: %d\n",
399 sa_handle, slot, error);
401 }
402 }
403 else
404 {
405 /* not rx SA, check for tx_sa */
406 slot = findAppIdSlot(&globalDB.tx_sa[0], sa_handle, 1);
408 if (slot != -1)
409 {
410 /* found tx SA, delete it now */
411 netapi_secDelSA(netapi_handle,
412 NETCP_CFG_NO_INTERFACE,
413 (NETCP_CFG_SA_T) sa_handle,
414 &error);
415 ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
416 "netapilib_ifDeleteSA: SA deleted: sa_app_id: 0x%x, slot: %d, error: %d\n",
417 sa_handle, slot, error);
418 }
419 else
420 {
421 ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
422 "netapilib_ifDeleteSA: sa_app_id 0x%x not found in internal list\n",
423 sa_handle);
424 return -1;
425 }
426 }
428 return error;
429 }
431 /**************************************************************************
432 * FUNCTION PURPOSE: The function is used to translate the SP configuration
433 * parameters received from the IPSec Snopper and call the NETAPI function
434 * to create a security policy
435 ********************************************************************/
436 int32_t netapilib_ifAddSP
437 (
438 ipsecmgr_af_t af,
439 ipsecmgr_selector_t *sel,
440 ipsecmgr_dir_t dir,
441 uint32_t reqid,
442 ipsecmgr_fp_handle_t sa_handle,
443 ipsecmgr_policy_id_t policy_id,
444 ipsecmgr_fp_handle_t *sp_handle
445 )
446 {
447 #ifdef ENABLE_ADD_POLICY
448 NETCP_CFG_IPSEC_POLICY_T spAppIdIn;
449 int error, index, slot;
450 nwal_IpType ipType;
451 nwalIpAddr_t src_ip_addr;
452 nwalIpAddr_t dst_ip_addr;
453 nwalIpOpt_t ip_qualifiers;
454 NETCP_CFG_SA_T sa =(NETCP_CFG_SA_T)sa_handle;
455 NETCP_CFG_ROUTE_T route;
456 NETCP_CFG_FLOW_T flow;
457 NETCP_CFG_PA_HANDLE_T pPaHandleOuterIP;
458 NETCP_CFG_PA_HANDLE_T pPaHandleInnerIP;
459 NETCP_CFG_SA_HANDLE_T pSaHandle;
460 ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,"netapilib_ifAddSP: called\n");
463 if (dir == DIR_OUTBOUND)
464 {
465 ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
466 "netapilib_ifAddSP: called for outbound SA, no RX policy required\n");
467 return 0;
468 }
469 slot = findAppIdSlot(&globalDB.rx_sa[0],sa_handle, 0);
470 if (slot == -1)
471 {
472 ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
473 "netapilib_ifAddSA:, SA app_id not found\n");
474 return -1;
475 }
479 flow.dma_engine= 1;
480 flow.flowid = globalDB.flowId[globalDB.rx_sa[slot].iface];
481 route.p_flow = &flow;
482 route.p_dest_q = globalDB.pktio_channel[globalDB.rx_sa[slot].iface];
485 /* Get the IP protocol version. */
486 if (af == IPSECMGR_AF_IPV4)
487 {
488 ipType = nwal_IPV4;
489 /* Populate the source and destination IP addresses. */
490 for (index = 0; index < 4; index++)
491 {
492 dst_ip_addr.ipv4[index] = sel->daddr.ipv4[index];
493 src_ip_addr.ipv4[index] = sel->saddr.ipv4[index];
494 }
495 }
496 else if (af == IPSECMGR_AF_IPV6)
497 {
498 ipType = nwal_IPV6;
499 /* Populate the source and destination IP addresses. */
500 for (index = 0; index < 16; index++)
501 {
502 dst_ip_addr.ipv6[index] = sel->daddr.ipv6[index];
503 src_ip_addr.ipv6[index] = sel->saddr.ipv6[index];
504 }
505 }
506 else
507 {
508 ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
509 "netapilib_ifAddSP: Address family (%d) is invalid\n", af);
510 return -1;
511 }
513 globalDB.rx_sa[slot].spAppId = netapi_secAddRxPolicy(netapi_handle,
514 (NETCP_CFG_SA_T) sa_handle,
515 ipType,
516 &src_ip_addr,
517 &dst_ip_addr,
518 NULL,
519 (NETCP_CFG_ROUTE_HANDLE_T)&route,
520 NULL,
521 &error);
523 if (error == NETAPI_ERR_OK)
524 {
525 *sp_handle = globalDB.rx_sa[slot].spAppId;
526 }
527 else
528 {
529 ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
530 "netapilib_ifAddSA: netapi_secAddRxPolicy returned error: %d.\n",
531 error);
532 return -1;
533 }
534 ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
535 "netapilib_ifAddSA: Translation of SP successful, app_id: 0x%x\n", *sp_handle);
537 #endif
538 return 0;
539 }
541 /**************************************************************************
542 * FUNCTION PURPOSE: The function is used to translate the SP configuration
543 * parameters received from the IPSec Snopper and call the NETAPI function
544 * to delete a security association
545 ********************************************************************/
546 int32_t netapilib_ifDeleteSP
547 (
548 ipsecmgr_fp_handle_t sp_handle,
549 ipsecmgr_policy_id_t policy_id,
550 ipsecmgr_dir_t dir
551 )
552 {
553 /* Security Policy is deleted as part of deleting SA */
554 return 0;
555 #if 0
556 int error =0;
557 ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,"netapilib_ifDeleteSP: called\n");
559 if (dir == DIR_OUTBOUND)
560 {
561 ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
562 "netapilib_ifDeleteSP: called for outbound SA, no RX policy to delete\n");
563 return 0;
564 }
565 netapi_secDelRxPolicy(netapi_handle,
566 (NETCP_CFG_IPSEC_POLICY_T) sp_handle,
567 &error);
569 return 0;
570 #endif
571 }
573 /**************************************************************************
574 * FUNCTION PURPOSE: The function is used to translate the SA configuration
575 * parameters received from the IPSec Snopper and retrieve SA context
576 * information for SA.
577 *************************************************************************/
578 int netapilib_ifGetSACtx
579 (
580 ipsecmgr_fp_handle_t sa_handle,
581 ipsecmgr_sa_hw_ctx_t* hw_ctx
582 )
583 {
584 uint32_t swInfo0 = 0;
585 uint32_t swInfo1 = 0;
586 nwalGlobCxtInfo_t info;
587 nwal_RetValue retVal;
589 memset(&info, 0, sizeof(nwalGlobCxtInfo_t));
590 NETAPI_HANDLE_T * n = (NETAPI_HANDLE_T *) netapi_handle;
591 ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,"netapilib_ifGetSACtx: called\n");
594 netapip_netcpCfgGetSaInflowInfo(&netapi_get_global()->nwal_context,
595 (NETCP_CFG_SA_T) sa_handle,
596 &swInfo0,
597 &swInfo1);
599 hw_ctx->swinfo_sz = 2;
600 hw_ctx->swinfo[0] = swInfo0;
601 hw_ctx->swinfo[1] = swInfo1;
603 retVal = nwal_getGlobCxtInfo(((NETAPI_GLOBAL_T*) (n->global))->nwal_context.nwalInstHandle,
604 &info);
605 if (retVal != nwal_OK)
606 {
607 ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
608 "netapilib_ifGetSACtx: nwal_getGlobCxtInfo returned error: 0x%x\n", retVal);
609 return -1;
610 }
611 hw_ctx->flow_id = info.rxSaPaFlowId;
613 ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
614 "netapilib_ifGetSACtx: rxPaSaflowId: 0x%x, rxSaPaflowId: 0x%x\n",
615 info.rxPaSaFlowId,
616 info.rxSaPaFlowId);
617 ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
618 "netapilib_ifGetSACtx: swInfo0: 0x%x, swInfo1: 0x%x, flowId: 0x%x\n",
619 hw_ctx->swinfo[0],
620 hw_ctx->swinfo[1],
621 hw_ctx->flow_id);
623 /* return success */
624 return 0;
625 }