Multiple interface routing support updates.
[keystone-rtos/netapi.git] / ti / runtime / netapi / applications / ipsec_offload / ipsecmgr / src / netapilib_interface.c
index 37a88e5dd1d97a87b2c28a2343c4de25b7dc7a72..9cacf500e7251b93f7f9a0eb35dfa1d227783d96 100755 (executable)
 
 extern ipsecMgrMcb_t globalDB;
 extern NETAPI_T netapi_handle;
-extern ipsecMgrIfConfigEntry_T ipConfigList[];
 
-
-
-int compareIPAddr(unsigned char* ip1, unsigned char* ip2, int ip_type)
-{
-    int found = 1;
-    int i;
-    if (ip_type == nwal_IPV4)
-    {
-        for (i = 0; i < NWAL_IPV4_ADDR_SIZE; i++)
-        {
-            if (ip1[i] != ip2[i])
-            {
-                found = 0;
-                break;
-            }
-        }
-        return found;
-    }
-    else
-    {
-        for (i = 0; i < NWAL_IPV6_ADDR_SIZE; i++)
-        {
-            if (ip1[i] != ip2[i])
-            {
-                found = 0;
-                break;
-            }
-        }
-        return found;
-    }
-}
 /**************************************************************************
  * FUNCTION PURPOSE:  Internal function to find a free slot to store APPID
  *                    in list
@@ -150,17 +118,9 @@ int netapilib_ifAddSA
     NETCP_CFG_FLOW_T flow;
     NETCP_CFG_SA_HANDLE_T pSaHandle;
     char* pTok = NULL;
-    int iface;
-    cpu_set_t cpu_set;
     ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO, 
                 "netapilib_ifAddSA:, DEBUG: Translating SA\n");
 
-
-    /* assign main net_test thread to run on core 0 */
-    CPU_ZERO( &cpu_set);
-    CPU_SET( 0, &cpu_set);
-    hplib_utilSetupThread(0, &cpu_set, hplib_spinLock_Type_LOL);
-
     memset((void *)&saInfo, 0, sizeof (NETAPI_SEC_SA_INFO_T));
     memset((void *)&keyParams, 0, sizeof (nwalSecKeyParams_t));
     memset((void *)&route, 0, sizeof (NETCP_CFG_ROUTE_T));
@@ -209,24 +169,19 @@ int netapilib_ifAddSA
             return -1;
         }
         saInfo.dir = NWAL_SA_DIR_INBOUND;
-        /* need to check which interface this SA will be attached to */
 
-                globalDB.rx_sa[slot].iface = iface;
-                flow.dma_engine= 1;
-                flow.flowid = globalDB.flowId[0];
-                printf("add_sa: iface: %d, flowid: %d\n",
-                    iface,
-                    flow.flowid);
+        flow.dma_engine= 1;
+        flow.flowid = globalDB.flowId;
+        printf("add_sa:flowid: %d\n",flow.flowid);
 
-                route.p_flow = &flow;
-                route.p_dest_q = globalDB.pktio_channel[0];
+        route.p_flow = &flow;
+        route.p_dest_q = globalDB.pktio_channel;
 
-                printf("add_sa: p_dest_q: 0x%x, flowId: 0x%x\n",
+        printf("add_sa: p_dest_q: 0x%x, flowId: 0x%x\n",
                 route.p_dest_q, 
                 route.p_flow->flowid);
-
                 route.valid_params |= NETCP_CFG_VALID_PARAM_ROUTE_TYPE;
-                route.routeType = NWAL_ROUTE_RX_INTF;
+                route.routeType = NWAL_ROUTE_RX_INTF_W_FLOW;
     }
     else if (sa_info->dir == DIR_OUTBOUND)
     {
@@ -380,302 +335,6 @@ int netapilib_ifAddSA
     return 0;
 }
 
-
-#if 0
-/**************************************************************************
- * FUNCTION PURPOSE: The function is used to translate the SA configuration
- * parameters received from the IPSec Snopper and call the NETAPI function
- * to create a security association
- ********************************************************************/
-int netapilib_ifAddSA
-(
-    ipsecmgr_af_t               af,
-    ipsecmgr_sa_id_t            *sa_id,
-    ipsecmgr_sa_info_t          *sa_info,
-    ipsecmgr_sa_dscp_map_cfg_t  *dscp_map_cfg,
-    ipsecmgr_ifname_t           *if_name,
-    ipsecmgr_sa_encap_tmpl_t    *encap,
-    ipsecmgr_fp_handle_t        *sa_handle
-)
-{
-    int i;
-    uint8_t                 auth_key[36];
-    uint8_t                 encr_key[36];
-    int error, index,slot;
-    NETAPI_SEC_SA_INFO_T saInfo;
-    nwalSecKeyParams_t  keyParams;
-    void * p_rx_inflow_mode_handle;
-    void * p_tx_inflow_mode_handle;
-    NETCP_CFG_ROUTE_T  route;
-    NETCP_CFG_FLOW_T flow;
-    NETCP_CFG_SA_HANDLE_T pSaHandle;
-    char* pTok = NULL;
-    int iface;
-    cpu_set_t cpu_set;
-    ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO, 
-                "netapilib_ifAddSA:, DEBUG: Translating SA\n");
-
-
-    /* assign main net_test thread to run on core 0 */
-    CPU_ZERO( &cpu_set);
-    CPU_SET( 0, &cpu_set);
-    hplib_utilSetupThread(0, &cpu_set, hplib_spinLock_Type_LOL);
-
-    memset((void *)&saInfo, 0, sizeof (NETAPI_SEC_SA_INFO_T));
-    memset((void *)&keyParams, 0, sizeof (nwalSecKeyParams_t));
-    memset((void *)&route, 0, sizeof (NETCP_CFG_ROUTE_T));
-    memset((void *)&flow, 0, sizeof (NETCP_CFG_FLOW_T));
-
-    /* Initialize the SA Config structure. */
-    /* Get the IP protocol version. */
-    if (af == IPSECMGR_AF_IPV4)
-    {
-        saInfo.ipType = nwal_IPV4;
-        /* Populate the source and destination IP addresses. */
-        for (index = 0; index < NWAL_IPV4_ADDR_SIZE; index++)
-        {
-            saInfo.dst.ipv4[index] = sa_id->daddr.ipv4[index];
-            saInfo.src.ipv4[index] = sa_info->saddr.ipv4[index];
-        }
-    }
-    else if (af == IPSECMGR_AF_IPV6)
-    { 
-        saInfo.ipType = nwal_IPV6;
-
-        /* Populate the source and destination IP addresses. */
-        for (index = 0; index < NWAL_IPV6_ADDR_SIZE; index++)
-        {
-            saInfo.dst.ipv6[index] = sa_id->daddr.ipv6[index];
-            saInfo.src.ipv6[index] = sa_info->saddr.ipv6[index];
-        }
-    }
-    else
-    {
-        ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
-            "netapilib_ifAddSA: Address family (%d) is invalid\n", af);
-        return -1;
-    }
-    /* Get the SPI. */
-    saInfo.spi = sa_id->spi;
-
-    /* Get the SA direction. */
-    if (sa_info->dir == DIR_INBOUND)
-    {
-        slot = findFreeAppIdSlot(&globalDB.rx_sa[0]);
-        if (slot == -1)
-        {
-            ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR, 
-                "netapilib_ifAddSA:, Too many INBOUND SAs already offloaded\n");
-            return -1;
-        }
-        saInfo.dir = NWAL_SA_DIR_INBOUND;
-        /* need to check which interface this SA will be attached to */
-        for (i=0;i<16;i++)
-        {
-#if 1
-            /* get interface for destination ip address */
-            if (compareIPAddr(&ipConfigList[i].ip[0], 
-                              saInfo.ipType == nwal_IPV4 ?
-                              &saInfo.dst.ipv4[0]:
-                              &saInfo.dst.ipv6[0],
-                              saInfo.ipType))
-            {
-                pTok = strtok(ipConfigList[i].name, ":.");
-                /* now we have the interface name, is this eth0 or eth1 */
-                if (pTok)
-                {
-                    /* now we have interface name, now find the i/f number */
-                    if(strstr(pTok,"eth"))
-                    {
-                        sscanf(pTok,"eth%d", &iface);
-                    }
-                    else if(strstr(pTok,"br"))
-                    {
-                        sscanf(pTok,"br%d", &iface);
-                    }
-                    else
-                    {
-                        ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
-                        "netapilib_ifAddSA: invalid interface\n");
-                        return -1;
-                    }
-                }
-#endif
-                globalDB.rx_sa[slot].iface = iface;
-                flow.dma_engine= 1;
-                flow.flowid = globalDB.flowId[iface];
-                printf("add_sa: iface: %d, flowid: %d\n",
-                    iface,
-                    flow.flowid);
-
-                route.p_flow = &flow;
-                route.p_dest_q = globalDB.pktio_channel[iface];
-
-                printf("add_sa: p_dest_q: 0x%x, flowId: 0x%x\n",
-                route.p_dest_q, 
-                route.p_flow->flowid);
-
-                route.valid_params |= NETCP_CFG_VALID_PARAM_ROUTE_TYPE;
-                route.routeType = NETCP_CFG_ROUTE_RX_INTF_W_FLOW;
-                printf("add_sa: pktio_handle: 0x%x\n", globalDB.pktio_channel[iface]);
-                break;
-            }
-        }
-    }
-    else if (sa_info->dir == DIR_OUTBOUND)
-    {
-        slot = findFreeAppIdSlot(&globalDB.tx_sa[0]);
-        if (slot == -1)
-        {
-            ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR, 
-                "netapilib_ifAddSA:, Too many OUTBOUND SAs already offloaded\n");
-            return -1;
-        }
-        saInfo.dir = NWAL_SA_DIR_OUTBOUND;
-    }
-    else
-    {
-        ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
-            "netapilib_ifAddSA: IPSec direction (%d) is invalid\n", sa_info->dir);
-        return -1;
-    }
-    
-
-    /* Get the replay Window */
-    saInfo.replayWindow = sa_info->replay_window;
-   
-    /* Get the IPSec protocol. */
-    if (sa_id->proto == SA_PROTO_AH)
-        saInfo.proto = nwal_IpSecProtoAH;
-    else if (sa_id->proto == SA_PROTO_ESP)
-        saInfo.proto = nwal_IpSecProtoESP;
-    else
-    {
-        ipsecmgr_syslog_msg(SYSLOG_LEVEL_INFO,
-            "netapilib_ifAddSA: IPSec protocol (%d) is invalid.\n", sa_id->proto);
-        return -1;
-    }
-    /* Get the IPSec mode. */
-    if (sa_info->mode == SA_MODE_TRANSPORT)
-        saInfo.saMode = nwal_SA_MODE_TRANSPORT;
-    else if (sa_info->mode == SA_MODE_TUNNEL)
-        saInfo.saMode = nwal_SA_MODE_TUNNEL;
-    else
-    {
-        ipsecmgr_syslog_msg(SYSLOG_LEVEL_INFO,
-            "netapilib_ifAddSA: IPSec mode (%d) is invalid.\n", sa_info->mode);
-        return -1;
-    }
-    /* Get the authentication mode algorithm. */
-    if (sa_info->auth.algo == SA_AALG_HMAC_SHA1)
-        saInfo.authMode = NWAL_SA_AALG_HMAC_SHA1;
-    else if (sa_info->auth.algo == SA_AALG_HMAC_MD5)
-        saInfo.authMode = NWAL_SA_AALG_HMAC_MD5;
-    else if (sa_info->auth.algo == SA_AALG_AES_XCBC)
-        saInfo.authMode = NWAL_SA_AALG_AES_XCBC;
-    else if (sa_info->auth.algo == SA_AALG_NONE || sa_info->auth.algo == SA_AALG_NULL)  
-        saInfo.authMode = NWAL_SA_AALG_NULL;
-    else
-    {
-        ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
-            "netapilib_ifAddSA: Authentication algorithm (%d) is invalid\n", sa_info->auth.algo);
-        return -1;
-    }
-
-    /* Get the encryption mode algorithm. */
-    if (sa_info->enc.algo == SA_EALG_NULL) 
-        saInfo.cipherMode = NWAL_SA_EALG_NULL;
-    else if (sa_info->enc.algo == SA_EALG_AES_CTR) 
-        saInfo.cipherMode = NWAL_SA_EALG_AES_CTR;
-    else if (sa_info->enc.algo == SA_EALG_AES_CBC)
-        saInfo.cipherMode = NWAL_SA_EALG_AES_CBC;
-    else if (sa_info->enc.algo == SA_EALG_3DES_CBC) 
-        saInfo.cipherMode = NWAL_SA_EALG_3DES_CBC;
-    else if (sa_info->enc.algo == SA_EALG_DES_CBC) 
-        saInfo.cipherMode = NWAL_SA_EALG_DES_CBC;
-    else
-    {
-        ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
-            "netapilib_ifAddSA: Encryption algorithm (%d) is invalid\n", sa_info->enc.algo);
-        return -1;
-    }
-    /* Validate the key lengths. */
-    if ((keyParams.macKeySize = sa_info->auth_key_len) > 32)
-    {
-        ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
-            "netapilib_ifAddSA: Authentication key size (%d) is invalid.\n", sa_info->auth_key_len);
-        return -1;
-    }
-    if ((keyParams.encKeySize = sa_info->enc_key_len) > 32)
-    {
-        ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
-            "netapilib_ifAddSA: Encryption key size (%d) is invalid.\n", sa_info->enc_key_len);
-        return -1;
-    }
-
-    /* Get the authentication/encryption keys. */
-    keyParams.pAuthKey = &sa_info->auth_key[0];
-    keyParams.pEncKey = &sa_info->enc_key[0];
-
-    if (saInfo.dir == NWAL_SA_DIR_INBOUND)
-    {
-        /* Inbound == RX */
-        globalDB.rx_sa[slot].saAppId =  netapi_secAddSA(netapi_handle,
-                        NETCP_CFG_NO_INTERFACE,
-                        &saInfo,
-                        &keyParams,
-                        NETAPI_SEC_SA_INFLOW,
-                        (NETCP_CFG_ROUTE_HANDLE_T)&route,
-                        &p_rx_inflow_mode_handle,
-                        &p_tx_inflow_mode_handle,
-                        NULL, &error);
-
-        if (error == NETAPI_ERR_OK)
-        {
-            *sa_handle = globalDB.rx_sa[slot].saAppId;
-        }
-        else
-        {
-            ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
-                                "netapilib_ifAddSA: netapi_secAddSA returned error: %d.\n",
-                                 error);
-            return -1;
-        }
-    }
-    else
-    {
-        /* OUTBOUND == TX */
-        globalDB.tx_sa[slot].saAppId = netapi_secAddSA(netapi_handle,
-                        NETCP_CFG_NO_INTERFACE,
-                        &saInfo,
-                        &keyParams,
-                        NETAPI_SEC_SA_INFLOW,
-                        (NETCP_CFG_ROUTE_HANDLE_T)NULL,
-                        &p_rx_inflow_mode_handle,
-                        &p_tx_inflow_mode_handle,
-                        NULL, &error);
-        if (error == NETAPI_ERR_OK)
-        {
-            *sa_handle = globalDB.tx_sa[slot].saAppId;
-        }
-        else
-        {
-            ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
-                                "netapilib_ifAddSA: netapi_secAddSA returned error: %d.\n",
-                                 error);
-            return -1;
-        }
-    }
-    
-    ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
-    "netapilib_ifAddSA: Translation of SA successful, app_id: 0x%x\n", *sa_handle);
-
-    /* SA was created successfully. */
-    return 0;
-}
-
-#endif
-
 /**************************************************************************
  * FUNCTION PURPOSE: The function is used to translate the SA configuration
  * parameters received from the IPSec Snopper and call the NETAPI function
@@ -685,11 +344,7 @@ int netapilib_ifDeleteSA (ipsecmgr_fp_handle_t sa_handle)
 {
     int error, slot;
     cpu_set_t cpu_set;
-    
-    /* assign main net_test thread to run on core 0 */
-    CPU_ZERO( &cpu_set);
-    CPU_SET( 0, &cpu_set);
-    hplib_utilSetupThread(0, &cpu_set, hplib_spinLock_Type_LOL);
+
     slot = findAppIdSlot(&globalDB.rx_sa[0],sa_handle, 1);
 
     /* Determine if rx_sa or tx_sa is being deleted */
@@ -799,9 +454,9 @@ int32_t netapilib_ifAddSP
 
 
     flow.dma_engine= 1;
-    flow.flowid = globalDB.flowId[globalDB.rx_sa[slot].iface];
+    flow.flowid = globalDB.flowId;
     route.p_flow = &flow;
-    route.p_dest_q = globalDB.pktio_channel[globalDB.rx_sa[slot].iface];
+    route.p_dest_q = globalDB.pktio_channel;
 
 
     /* Get the IP protocol version. */
@@ -872,11 +527,6 @@ int32_t netapilib_ifDeleteSP
     ipsecmgr_dir_t          dir
 )
 {
-    cpu_set_t cpu_set;
-    /* assign main net_test thread to run on core 0 */
-    CPU_ZERO( &cpu_set);
-    CPU_SET( 0, &cpu_set);
-    hplib_utilSetupThread(0, &cpu_set, hplib_spinLock_Type_LOL);
     /* Security Policy is deleted as part of deleting SA */
     return 0;
 #if 0