[keystone-rtos/netapi.git] / ti / runtime / netapi / applications / ipsec_offload / ipsecmgr / src / netapilib_interface.c
diff --git a/ti/runtime/netapi/applications/ipsec_offload/ipsecmgr/src/netapilib_interface.c b/ti/runtime/netapi/applications/ipsec_offload/ipsecmgr/src/netapilib_interface.c
index 6256ed596ab6489c130f634178366a7bd80f2174..bf1b8d6715fa9af2094f1e9f54bedc94f92b6dcf 100755 (executable)
#include "netapilib_interface.h"
-extern ipsecMgrMcb_t globalCfg;
+extern ipsecMgrMcb_t globalDB;
extern NETAPI_T netapi_handle;
-NETCP_CFG_SA_T saAppIdOut = 0;
-NETCP_CFG_SA_T saAppIdIn = 0;
+extern ipsecMgrIfConfigEntry_T ipConfigList[];
+
+
+
+int compareIPAddr(unsigned char* ip1, unsigned char* ip2, int ip_type)
+{
+ int found = 1;
+ int i;
+ for (i = 0; i<4; i++)
+ {
+ if (ip1[i] != ip2[i])
+ {
+ found = 0;
+ break;
+ }
+
+ }
+ return found;
+}
+/**************************************************************************
+ * FUNCTION PURPOSE: Internal function to find a free slot to store APPID
+ * in list
+ **************************************************************************
+ * DESCRIPTION: Internal internal function to find a free slot in SA list for an SA
+ ********************************************************************/
+int findFreeAppIdSlot(ipsecMgrAppId_T *pList)
+{
+ int i;
+ for(i=0;i<64;i++)
+ {
+ if (!pList[i].in_use)
+ {
+ if (free)
+ pList[i].in_use = 1; //pending
+ return i;
+ }
+ }
+ return -1;
+}
+
+/********************************************************************
+ * FUNCTION PURPOSE: Internal function to find a SA app id in SA list
+ * and free SA Slot entry if specified
+ ********************************************************************
+ * DESCRIPTION: Internal function to find a SA app id in SA list
+ * and free SA Slot entry if specified
+ ********************************************************************/
+int findAppIdSlot(ipsecMgrAppId_T *pList, uint32_t saAppId, int free)
+{
+ int i;
+ for(i=0;i<64;i++)
+ {
+ if ((pList[i].in_use) && (pList[i].saAppId == saAppId))
+ {
+ if(free)
+ pList[i].in_use = 0;
+ return i;
+ }
+ }
+ return -1;
+}
/**************************************************************************
* FUNCTION PURPOSE: The function is used to translate the SA configuration
ipsecmgr_fp_handle_t *sa_handle
)
{
+ int i;
uint8_t auth_key[36];
uint8_t encr_key[36];
- int error, index;
+ int error, index,slot;
NETAPI_SEC_SA_INFO_T saInfo;
nwalSecKeyParams_t keyParams;
void * p_rx_inflow_mode_handle;
NETCP_CFG_ROUTE_T route;
NETCP_CFG_FLOW_T flow;
NETCP_CFG_SA_HANDLE_T pSaHandle;
+ char* pTok = NULL;
+ int iface;
ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
"netapilib_ifAddSA:, DEBUG: Translating SA\n");
-
memset((void *)&saInfo, 0, sizeof (NETAPI_SEC_SA_INFO_T));
memset((void *)&keyParams, 0, sizeof (nwalSecKeyParams_t));
memset((void *)&route, 0, sizeof (NETCP_CFG_ROUTE_T));
memset((void *)&flow, 0, sizeof (NETCP_CFG_FLOW_T));
- flow.dma_engine= 1;
- flow.flowid = globalCfg.flowId;
- route.p_flow = &flow;
- route.p_dest_q = globalCfg.pktio_channel;
/* Initialize the SA Config structure. */
/* Get the SA direction. */
if (sa_info->dir == DIR_INBOUND)
+ {
+ slot = findFreeAppIdSlot(&globalDB.rx_sa[0]);
+ if (slot == -1)
+ {
+ ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
+ "netapilib_ifAddSA:, Too many INBOUND SAs already offloaded\n");
+ return -1;
+ }
saInfo.dir = NWAL_SA_DIR_INBOUND;
+ /* need to check which interface this SA will be attached to */
+ for (i=0;i<16;i++)
+ {
+ /* get interface for destination ip address */
+ if (compareIPAddr(&ipConfigList[i].ip[0],
+ &saInfo.dst.ipv4[0],
+ saInfo.ipType))
+ {
+ pTok = strtok(ipConfigList[i].name, ":.");
+ /* now we have the interface name, is this eth0 or eth1 */
+ if (pTok)
+ /* now we have eth0 or eth1, now find the i/f number */
+ sscanf(pTok,"eth%d", &iface);
+
+ globalDB.rx_sa[slot].iface = iface;
+ flow.dma_engine= 1;
+ flow.flowid = globalDB.flowId[iface];
+ route.p_flow = &flow;
+ route.p_dest_q = globalDB.pktio_channel[iface];
+ break;
+
+ }
+ }
+
+ }
else if (sa_info->dir == DIR_OUTBOUND)
+ {
+ slot = findFreeAppIdSlot(&globalDB.tx_sa[0]);
+ if (slot == -1)
+ {
+ ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
+ "netapilib_ifAddSA:, Too many OUTBOUND SAs already offloaded\n");
+ return -1;
+ }
saInfo.dir = NWAL_SA_DIR_OUTBOUND;
+ }
else
{
ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
}
/* Get the authentication mode algorithm. */
if (sa_info->auth.algo == SA_AALG_HMAC_SHA1)
- {
saInfo.authMode = NWAL_SA_AALG_HMAC_SHA1;
- ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
- "netapilib_ifAddSA: auth algo is SA_AALG_HMAC_SHA1\n");
- }
else if (sa_info->auth.algo == SA_AALG_HMAC_MD5)
saInfo.authMode = NWAL_SA_AALG_HMAC_MD5;
+ else if (sa_info->auth.algo == SA_AALG_AES_XCBC)
+ saInfo.authMode = NWAL_SA_AALG_AES_XCBC;
else if (sa_info->auth.algo == SA_AALG_NONE || sa_info->auth.algo == SA_AALG_NULL)
saInfo.authMode = NWAL_SA_AALG_NULL;
else
else if (sa_info->enc.algo == SA_EALG_AES_CTR)
saInfo.cipherMode = NWAL_SA_EALG_AES_CTR;
else if (sa_info->enc.algo == SA_EALG_AES_CBC)
- {
saInfo.cipherMode = NWAL_SA_EALG_AES_CBC;
- ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,"encr algo is NWAL_SA_EALG_AES_CBC\n");
- }
else if (sa_info->enc.algo == SA_EALG_3DES_CBC)
saInfo.cipherMode = NWAL_SA_EALG_3DES_CBC;
else if (sa_info->enc.algo == SA_EALG_DES_CBC)
if (saInfo.dir == NWAL_SA_DIR_INBOUND)
{
/* Inbound == RX */
- saAppIdIn = netapi_secAddSA(netapi_handle,
+ globalDB.rx_sa[slot].saAppId = netapi_secAddSA(netapi_handle,
NETCP_CFG_NO_INTERFACE,
&saInfo,
&keyParams,
if (error == NETAPI_ERR_OK)
{
- *sa_handle = saAppIdIn;
+ *sa_handle = globalDB.rx_sa[slot].saAppId;
}
else
{
else
{
/* OUTBOUND == TX */
- saAppIdOut = netapi_secAddSA(netapi_handle,
+ globalDB.tx_sa[slot].saAppId = netapi_secAddSA(netapi_handle,
NETCP_CFG_NO_INTERFACE,
&saInfo,
&keyParams,
NULL, &error);
if (error == NETAPI_ERR_OK)
{
- *sa_handle = saAppIdOut;
-#if 0
- netapi_secGetPaHandle(netapi_handle,
- saAppIdOut,
- NULL,
- &pSaHandle);
-#endif
+ *sa_handle = globalDB.tx_sa[slot].saAppId;
}
else
{
********************************************************************/
int netapilib_ifDeleteSA (ipsecmgr_fp_handle_t sa_handle)
{
- int error;
- ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
- "netapilib_ifDeleteSA: sa_app_id 0x%x\n", sa_handle);
- netapi_secDelSA(netapi_handle,
- NETCP_CFG_NO_INTERFACE,
- (NETCP_CFG_SA_T) sa_handle,
- &error);
+ int error, slot;
+
+ slot = findAppIdSlot(&globalDB.rx_sa[0],sa_handle, 1);
+
+ /* Determine if rx_sa or tx_sa is being deleted */
+ if (slot != -1)
+ {
+ /* found rx SA, see if there is policy assoicated with rx SA
+ if so, then delete it first*/
+ if (globalDB.rx_sa[slot].spAppId)
+ {
+ netapi_secDelRxPolicy(netapi_handle,
+ (NETCP_CFG_IPSEC_POLICY_T) globalDB.rx_sa[slot].spAppId,
+ &error);
+ ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
+ "netapilib_ifDeleteSA: SP deleted: sp_app_id: 0x%x, slot: %d, error: %d\n",
+ globalDB.rx_sa[slot].spAppId, slot, error);
+ netapi_secDelSA(netapi_handle,
+ NETCP_CFG_NO_INTERFACE,
+ (NETCP_CFG_SA_T) sa_handle,
+ &error);
+ ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
+ "netapilib_ifDeleteSA: SA deleted: sa_app_id: 0x%x, slot: %d, error: %d\n",
+ sa_handle, slot, error);
+
+ }
+ }
+ else
+ {
+ /* not rx SA, check for tx_sa */
+ slot = findAppIdSlot(&globalDB.tx_sa[0], sa_handle, 1);
+
+ if (slot != -1)
+ {
+ /* found tx SA, delete it now */
+ netapi_secDelSA(netapi_handle,
+ NETCP_CFG_NO_INTERFACE,
+ (NETCP_CFG_SA_T) sa_handle,
+ &error);
+ ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
+ "netapilib_ifDeleteSA: SA deleted: sa_app_id: 0x%x, slot: %d, error: %d\n",
+ sa_handle, slot, error);
+ }
+ else
+ {
+ ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
+ "netapilib_ifDeleteSA: sa_app_id 0x%x not found in internal list\n",
+ sa_handle);
+ return -1;
+ }
+ }
+
return error;
}
ipsecmgr_fp_handle_t *sp_handle
)
{
+#ifdef ENABLE_ADD_POLICY
NETCP_CFG_IPSEC_POLICY_T spAppIdIn;
- int error, index;
+ int error, index, slot;
nwal_IpType ipType;
nwalIpAddr_t src_ip_addr;
nwalIpAddr_t dst_ip_addr;
NETCP_CFG_SA_T sa =(NETCP_CFG_SA_T)sa_handle;
NETCP_CFG_ROUTE_T route;
NETCP_CFG_FLOW_T flow;
- NETCP_CFG_PA_HANDLE_T* pPaHandle;
- NETCP_CFG_SA_HANDLE_T* pSaHandle;
+ NETCP_CFG_PA_HANDLE_T pPaHandleOuterIP;
+ NETCP_CFG_PA_HANDLE_T pPaHandleInnerIP;
+ NETCP_CFG_SA_HANDLE_T pSaHandle;
ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,"netapilib_ifAddSP: called\n");
"netapilib_ifAddSP: called for outbound SA, no RX policy required\n");
return 0;
}
+ slot = findAppIdSlot(&globalDB.rx_sa[0],sa_handle, 0);
+ if (slot == -1)
+ {
+ ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
+ "netapilib_ifAddSA:, SA app_id not found\n");
+ return -1;
+ }
+
+
+
flow.dma_engine= 1;
- flow.flowid = globalCfg.flowId;
+ flow.flowid = globalDB.flowId[globalDB.rx_sa[slot].iface];
route.p_flow = &flow;
- route.p_dest_q = globalCfg.pktio_channel;
+ route.p_dest_q = globalDB.pktio_channel[globalDB.rx_sa[slot].iface];
+
/* Get the IP protocol version. */
if (af == IPSECMGR_AF_IPV4)
return -1;
}
- ip_qualifiers.flowLabel = 1;
- ip_qualifiers.proto = 1;
- ip_qualifiers.tos = 1;
- ip_qualifiers.validParams = 1;
-
- spAppIdIn = netapi_secAddRxPolicy(netapi_handle,
+ globalDB.rx_sa[slot].spAppId = netapi_secAddRxPolicy(netapi_handle,
(NETCP_CFG_SA_T) sa_handle,
ipType,
&src_ip_addr,
NULL,
&error);
- if (error == NETAPI_ERR_OK)
- {
- *sp_handle = spAppIdIn;
- }
- else
- {
- ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
- "netapilib_ifAddSA: netapi_secAddRxPolicy returned error: %d.\n",
- error);
- return -1;
+ if (error == NETAPI_ERR_OK)
+ {
+ *sp_handle = globalDB.rx_sa[slot].spAppId;
+ }
+ else
+ {
+ ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
+ "netapilib_ifAddSA: netapi_secAddRxPolicy returned error: %d.\n",
+ error);
+ return -1;
}
+ ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
+ "netapilib_ifAddSA: Translation of SP successful, app_id: 0x%x\n", *sp_handle);
- ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
- "netapi_proxy:DEBUG: Translation of SP successful.\n");
-
-#if 0
- netapi_secGetPaHandle(netapi_handle,
- (NETCP_CFG_SA_T)sa_handle,
- pPaHandle,
- pSaHandle);
#endif
return 0;
}
ipsecmgr_dir_t dir
)
{
+ /* Security Policy is deleted as part of deleting SA */
+ return 0;
+#if 0
int error =0;
ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,"netapilib_ifDeleteSP: called\n");
&error);
return 0;
+#endif
}
/**************************************************************************
hw_ctx->flow_id = info.rxSaPaFlowId;
ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
- "netapilib_ifGetSACtx: rxPaSaFlowId: 0x%x, rxSaPaFlowId: 0x%x\n",
+ "netapilib_ifGetSACtx: rxPaSaflowId: 0x%x, rxSaPaflowId: 0x%x\n",
info.rxPaSaFlowId,
info.rxSaPaFlowId);
ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,