[keystone-rtos/netapi.git] / ti / runtime / netapi / applications / ipsec_offload / ipsecmgr / src / netapilib_interface.c
diff --git a/ti/runtime/netapi/applications/ipsec_offload/ipsecmgr/src/netapilib_interface.c b/ti/runtime/netapi/applications/ipsec_offload/ipsecmgr/src/netapilib_interface.c
index 37a88e5dd1d97a87b2c28a2343c4de25b7dc7a72..9cacf500e7251b93f7f9a0eb35dfa1d227783d96 100755 (executable)
extern ipsecMgrMcb_t globalDB;
extern NETAPI_T netapi_handle;
-extern ipsecMgrIfConfigEntry_T ipConfigList[];
-
-
-int compareIPAddr(unsigned char* ip1, unsigned char* ip2, int ip_type)
-{
- int found = 1;
- int i;
- if (ip_type == nwal_IPV4)
- {
- for (i = 0; i < NWAL_IPV4_ADDR_SIZE; i++)
- {
- if (ip1[i] != ip2[i])
- {
- found = 0;
- break;
- }
- }
- return found;
- }
- else
- {
- for (i = 0; i < NWAL_IPV6_ADDR_SIZE; i++)
- {
- if (ip1[i] != ip2[i])
- {
- found = 0;
- break;
- }
- }
- return found;
- }
-}
/**************************************************************************
* FUNCTION PURPOSE: Internal function to find a free slot to store APPID
* in list
NETCP_CFG_FLOW_T flow;
NETCP_CFG_SA_HANDLE_T pSaHandle;
char* pTok = NULL;
- int iface;
- cpu_set_t cpu_set;
ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
"netapilib_ifAddSA:, DEBUG: Translating SA\n");
-
- /* assign main net_test thread to run on core 0 */
- CPU_ZERO( &cpu_set);
- CPU_SET( 0, &cpu_set);
- hplib_utilSetupThread(0, &cpu_set, hplib_spinLock_Type_LOL);
-
memset((void *)&saInfo, 0, sizeof (NETAPI_SEC_SA_INFO_T));
memset((void *)&keyParams, 0, sizeof (nwalSecKeyParams_t));
memset((void *)&route, 0, sizeof (NETCP_CFG_ROUTE_T));
return -1;
}
saInfo.dir = NWAL_SA_DIR_INBOUND;
- /* need to check which interface this SA will be attached to */
- globalDB.rx_sa[slot].iface = iface;
- flow.dma_engine= 1;
- flow.flowid = globalDB.flowId[0];
- printf("add_sa: iface: %d, flowid: %d\n",
- iface,
- flow.flowid);
+ flow.dma_engine= 1;
+ flow.flowid = globalDB.flowId;
+ printf("add_sa:flowid: %d\n",flow.flowid);
- route.p_flow = &flow;
- route.p_dest_q = globalDB.pktio_channel[0];
+ route.p_flow = &flow;
+ route.p_dest_q = globalDB.pktio_channel;
- printf("add_sa: p_dest_q: 0x%x, flowId: 0x%x\n",
+ printf("add_sa: p_dest_q: 0x%x, flowId: 0x%x\n",
route.p_dest_q,
route.p_flow->flowid);
-
route.valid_params |= NETCP_CFG_VALID_PARAM_ROUTE_TYPE;
- route.routeType = NWAL_ROUTE_RX_INTF;
+ route.routeType = NWAL_ROUTE_RX_INTF_W_FLOW;
}
else if (sa_info->dir == DIR_OUTBOUND)
{
return 0;
}
-
-#if 0
-/**************************************************************************
- * FUNCTION PURPOSE: The function is used to translate the SA configuration
- * parameters received from the IPSec Snopper and call the NETAPI function
- * to create a security association
- ********************************************************************/
-int netapilib_ifAddSA
-(
- ipsecmgr_af_t af,
- ipsecmgr_sa_id_t *sa_id,
- ipsecmgr_sa_info_t *sa_info,
- ipsecmgr_sa_dscp_map_cfg_t *dscp_map_cfg,
- ipsecmgr_ifname_t *if_name,
- ipsecmgr_sa_encap_tmpl_t *encap,
- ipsecmgr_fp_handle_t *sa_handle
-)
-{
- int i;
- uint8_t auth_key[36];
- uint8_t encr_key[36];
- int error, index,slot;
- NETAPI_SEC_SA_INFO_T saInfo;
- nwalSecKeyParams_t keyParams;
- void * p_rx_inflow_mode_handle;
- void * p_tx_inflow_mode_handle;
- NETCP_CFG_ROUTE_T route;
- NETCP_CFG_FLOW_T flow;
- NETCP_CFG_SA_HANDLE_T pSaHandle;
- char* pTok = NULL;
- int iface;
- cpu_set_t cpu_set;
- ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
- "netapilib_ifAddSA:, DEBUG: Translating SA\n");
-
-
- /* assign main net_test thread to run on core 0 */
- CPU_ZERO( &cpu_set);
- CPU_SET( 0, &cpu_set);
- hplib_utilSetupThread(0, &cpu_set, hplib_spinLock_Type_LOL);
-
- memset((void *)&saInfo, 0, sizeof (NETAPI_SEC_SA_INFO_T));
- memset((void *)&keyParams, 0, sizeof (nwalSecKeyParams_t));
- memset((void *)&route, 0, sizeof (NETCP_CFG_ROUTE_T));
- memset((void *)&flow, 0, sizeof (NETCP_CFG_FLOW_T));
-
- /* Initialize the SA Config structure. */
- /* Get the IP protocol version. */
- if (af == IPSECMGR_AF_IPV4)
- {
- saInfo.ipType = nwal_IPV4;
- /* Populate the source and destination IP addresses. */
- for (index = 0; index < NWAL_IPV4_ADDR_SIZE; index++)
- {
- saInfo.dst.ipv4[index] = sa_id->daddr.ipv4[index];
- saInfo.src.ipv4[index] = sa_info->saddr.ipv4[index];
- }
- }
- else if (af == IPSECMGR_AF_IPV6)
- {
- saInfo.ipType = nwal_IPV6;
-
- /* Populate the source and destination IP addresses. */
- for (index = 0; index < NWAL_IPV6_ADDR_SIZE; index++)
- {
- saInfo.dst.ipv6[index] = sa_id->daddr.ipv6[index];
- saInfo.src.ipv6[index] = sa_info->saddr.ipv6[index];
- }
- }
- else
- {
- ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
- "netapilib_ifAddSA: Address family (%d) is invalid\n", af);
- return -1;
- }
- /* Get the SPI. */
- saInfo.spi = sa_id->spi;
-
- /* Get the SA direction. */
- if (sa_info->dir == DIR_INBOUND)
- {
- slot = findFreeAppIdSlot(&globalDB.rx_sa[0]);
- if (slot == -1)
- {
- ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
- "netapilib_ifAddSA:, Too many INBOUND SAs already offloaded\n");
- return -1;
- }
- saInfo.dir = NWAL_SA_DIR_INBOUND;
- /* need to check which interface this SA will be attached to */
- for (i=0;i<16;i++)
- {
-#if 1
- /* get interface for destination ip address */
- if (compareIPAddr(&ipConfigList[i].ip[0],
- saInfo.ipType == nwal_IPV4 ?
- &saInfo.dst.ipv4[0]:
- &saInfo.dst.ipv6[0],
- saInfo.ipType))
- {
- pTok = strtok(ipConfigList[i].name, ":.");
- /* now we have the interface name, is this eth0 or eth1 */
- if (pTok)
- {
- /* now we have interface name, now find the i/f number */
- if(strstr(pTok,"eth"))
- {
- sscanf(pTok,"eth%d", &iface);
- }
- else if(strstr(pTok,"br"))
- {
- sscanf(pTok,"br%d", &iface);
- }
- else
- {
- ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
- "netapilib_ifAddSA: invalid interface\n");
- return -1;
- }
- }
-#endif
- globalDB.rx_sa[slot].iface = iface;
- flow.dma_engine= 1;
- flow.flowid = globalDB.flowId[iface];
- printf("add_sa: iface: %d, flowid: %d\n",
- iface,
- flow.flowid);
-
- route.p_flow = &flow;
- route.p_dest_q = globalDB.pktio_channel[iface];
-
- printf("add_sa: p_dest_q: 0x%x, flowId: 0x%x\n",
- route.p_dest_q,
- route.p_flow->flowid);
-
- route.valid_params |= NETCP_CFG_VALID_PARAM_ROUTE_TYPE;
- route.routeType = NETCP_CFG_ROUTE_RX_INTF_W_FLOW;
- printf("add_sa: pktio_handle: 0x%x\n", globalDB.pktio_channel[iface]);
- break;
- }
- }
- }
- else if (sa_info->dir == DIR_OUTBOUND)
- {
- slot = findFreeAppIdSlot(&globalDB.tx_sa[0]);
- if (slot == -1)
- {
- ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
- "netapilib_ifAddSA:, Too many OUTBOUND SAs already offloaded\n");
- return -1;
- }
- saInfo.dir = NWAL_SA_DIR_OUTBOUND;
- }
- else
- {
- ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
- "netapilib_ifAddSA: IPSec direction (%d) is invalid\n", sa_info->dir);
- return -1;
- }
-
-
- /* Get the replay Window */
- saInfo.replayWindow = sa_info->replay_window;
-
- /* Get the IPSec protocol. */
- if (sa_id->proto == SA_PROTO_AH)
- saInfo.proto = nwal_IpSecProtoAH;
- else if (sa_id->proto == SA_PROTO_ESP)
- saInfo.proto = nwal_IpSecProtoESP;
- else
- {
- ipsecmgr_syslog_msg(SYSLOG_LEVEL_INFO,
- "netapilib_ifAddSA: IPSec protocol (%d) is invalid.\n", sa_id->proto);
- return -1;
- }
- /* Get the IPSec mode. */
- if (sa_info->mode == SA_MODE_TRANSPORT)
- saInfo.saMode = nwal_SA_MODE_TRANSPORT;
- else if (sa_info->mode == SA_MODE_TUNNEL)
- saInfo.saMode = nwal_SA_MODE_TUNNEL;
- else
- {
- ipsecmgr_syslog_msg(SYSLOG_LEVEL_INFO,
- "netapilib_ifAddSA: IPSec mode (%d) is invalid.\n", sa_info->mode);
- return -1;
- }
- /* Get the authentication mode algorithm. */
- if (sa_info->auth.algo == SA_AALG_HMAC_SHA1)
- saInfo.authMode = NWAL_SA_AALG_HMAC_SHA1;
- else if (sa_info->auth.algo == SA_AALG_HMAC_MD5)
- saInfo.authMode = NWAL_SA_AALG_HMAC_MD5;
- else if (sa_info->auth.algo == SA_AALG_AES_XCBC)
- saInfo.authMode = NWAL_SA_AALG_AES_XCBC;
- else if (sa_info->auth.algo == SA_AALG_NONE || sa_info->auth.algo == SA_AALG_NULL)
- saInfo.authMode = NWAL_SA_AALG_NULL;
- else
- {
- ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
- "netapilib_ifAddSA: Authentication algorithm (%d) is invalid\n", sa_info->auth.algo);
- return -1;
- }
-
- /* Get the encryption mode algorithm. */
- if (sa_info->enc.algo == SA_EALG_NULL)
- saInfo.cipherMode = NWAL_SA_EALG_NULL;
- else if (sa_info->enc.algo == SA_EALG_AES_CTR)
- saInfo.cipherMode = NWAL_SA_EALG_AES_CTR;
- else if (sa_info->enc.algo == SA_EALG_AES_CBC)
- saInfo.cipherMode = NWAL_SA_EALG_AES_CBC;
- else if (sa_info->enc.algo == SA_EALG_3DES_CBC)
- saInfo.cipherMode = NWAL_SA_EALG_3DES_CBC;
- else if (sa_info->enc.algo == SA_EALG_DES_CBC)
- saInfo.cipherMode = NWAL_SA_EALG_DES_CBC;
- else
- {
- ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
- "netapilib_ifAddSA: Encryption algorithm (%d) is invalid\n", sa_info->enc.algo);
- return -1;
- }
- /* Validate the key lengths. */
- if ((keyParams.macKeySize = sa_info->auth_key_len) > 32)
- {
- ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
- "netapilib_ifAddSA: Authentication key size (%d) is invalid.\n", sa_info->auth_key_len);
- return -1;
- }
- if ((keyParams.encKeySize = sa_info->enc_key_len) > 32)
- {
- ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
- "netapilib_ifAddSA: Encryption key size (%d) is invalid.\n", sa_info->enc_key_len);
- return -1;
- }
-
- /* Get the authentication/encryption keys. */
- keyParams.pAuthKey = &sa_info->auth_key[0];
- keyParams.pEncKey = &sa_info->enc_key[0];
-
- if (saInfo.dir == NWAL_SA_DIR_INBOUND)
- {
- /* Inbound == RX */
- globalDB.rx_sa[slot].saAppId = netapi_secAddSA(netapi_handle,
- NETCP_CFG_NO_INTERFACE,
- &saInfo,
- &keyParams,
- NETAPI_SEC_SA_INFLOW,
- (NETCP_CFG_ROUTE_HANDLE_T)&route,
- &p_rx_inflow_mode_handle,
- &p_tx_inflow_mode_handle,
- NULL, &error);
-
- if (error == NETAPI_ERR_OK)
- {
- *sa_handle = globalDB.rx_sa[slot].saAppId;
- }
- else
- {
- ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
- "netapilib_ifAddSA: netapi_secAddSA returned error: %d.\n",
- error);
- return -1;
- }
- }
- else
- {
- /* OUTBOUND == TX */
- globalDB.tx_sa[slot].saAppId = netapi_secAddSA(netapi_handle,
- NETCP_CFG_NO_INTERFACE,
- &saInfo,
- &keyParams,
- NETAPI_SEC_SA_INFLOW,
- (NETCP_CFG_ROUTE_HANDLE_T)NULL,
- &p_rx_inflow_mode_handle,
- &p_tx_inflow_mode_handle,
- NULL, &error);
- if (error == NETAPI_ERR_OK)
- {
- *sa_handle = globalDB.tx_sa[slot].saAppId;
- }
- else
- {
- ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
- "netapilib_ifAddSA: netapi_secAddSA returned error: %d.\n",
- error);
- return -1;
- }
- }
-
- ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
- "netapilib_ifAddSA: Translation of SA successful, app_id: 0x%x\n", *sa_handle);
-
- /* SA was created successfully. */
- return 0;
-}
-
-#endif
-
/**************************************************************************
* FUNCTION PURPOSE: The function is used to translate the SA configuration
* parameters received from the IPSec Snopper and call the NETAPI function
{
int error, slot;
cpu_set_t cpu_set;
-
- /* assign main net_test thread to run on core 0 */
- CPU_ZERO( &cpu_set);
- CPU_SET( 0, &cpu_set);
- hplib_utilSetupThread(0, &cpu_set, hplib_spinLock_Type_LOL);
+
slot = findAppIdSlot(&globalDB.rx_sa[0],sa_handle, 1);
/* Determine if rx_sa or tx_sa is being deleted */
flow.dma_engine= 1;
- flow.flowid = globalDB.flowId[globalDB.rx_sa[slot].iface];
+ flow.flowid = globalDB.flowId;
route.p_flow = &flow;
- route.p_dest_q = globalDB.pktio_channel[globalDB.rx_sa[slot].iface];
+ route.p_dest_q = globalDB.pktio_channel;
/* Get the IP protocol version. */
ipsecmgr_dir_t dir
)
{
- cpu_set_t cpu_set;
- /* assign main net_test thread to run on core 0 */
- CPU_ZERO( &cpu_set);
- CPU_SET( 0, &cpu_set);
- hplib_utilSetupThread(0, &cpu_set, hplib_spinLock_Type_LOL);
/* Security Policy is deleted as part of deleting SA */
return 0;
#if 0