summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 57ec71d)
raw | patch | inline | side by side (parent: 57ec71d)
| author | Tinku Mannan <tmannan@ti.com> | |
| Tue, 8 Jan 2013 19:44:21 +0000 (14:44 -0500) | ||
| committer | Tinku Mannan <tmannan@ti.com> | |
| Tue, 8 Jan 2013 19:44:21 +0000 (14:44 -0500) |
index 7574bb8b47018f415c5f724ea401a7e0377743f6..c43d68584bc2ab7821a0dd75c7d7b96c7ea6fe36 100755 (executable)
{0}
};
void * mac_handle = netcp_cfgp_get_mac_handle(&netapi_get_global()->nwal_context,iface_no);
-
+ int coreid = Osal_nwalGetProcId();
*perr =0;
if ((!n) || (!sa_info) || (!p_data_mode_handle) ) {*perr = NETAPI_ERR_BAD_INPUT; return -1;}
tunnelId = netcp_cfgp_find_sa_slot(&netapi_get_global()->nwal_context,
iface_no);
- printf("netapi_secAddSA called for tunnelId %d\n", tunnelId);
+ printf("coreid: %d, netapi_secAddSA called for tunnelId %d\n", coreid, tunnelId);
if (tunnelId <0) {*perr= NETAPI_ERR_NOMEM; return -1; }
appId |= (tunnelId<<8);
else if(retValue != nwal_OK)
{
*perr = NETAPI_ERR_NWAL_ERR0;
- printf ("netapi_secAddSA: ERROR: nwal_setSecAssoc returned Error Code %d\n",
- retValue);
+ printf ("coreid: %d, netapi_secAddSA: ERROR: nwal_setSecAssoc returned Error Code %d\n",
+ coreid, retValue);
netapip_FreeTransInfo(pTransInfo);
netcp_cfgp_delete_sa(&netapi_get_global()->nwal_context,tunnelId);
return -1;
return -1;
}
}
- printf ("netapi_secAddSA: SA %d added to mac %d\n", tunnelId, iface_no);
+ printf ("coreid: %d, netapi_secAddSA: SA %d added to mac %d\n", coreid, tunnelId, iface_no);
*p_inflow_mode_handle=pTransInfo->handle;
netapip_FreeTransInfo(pTransInfo);
index 71ada420181fe5411417d512848c1138335cbc5d..6a550d27524c4105ff1891e34ecdfcd5815194c4 100755 (executable)
0x30, 0x31, 0x32, 0x33 };
+ hplib_atomic32_T spi = hplib_mAtomic32Init(0x11111111);
+
/*************************END NETAPI OBJECTS***********************/
#define START_SRC_IP 0x0a00000a
void build_sa_db(int i)
{
+ int coreid = Osal_nwalGetProcId();
long tmp_spi;
- static uint32_t spi = 11111111;
+ //static uint32_t spi = 11111111;
if ((tx_sa[0].authMode == NWAL_SA_AALG_HMAC_SHA1) && (tx_sa[0].cipherMode == NWAL_SA_EALG_AES_CBC))
{
- tx_sa[0].spi = rx_sa[0].spi =spi++;
+
+ tx_sa[0].spi = rx_sa[0].spi = hplib_mAtomic32AddReturn(&spi,1);
+ printf("coreid: %d, build_sa_db: spi %d\n", coreid, spi);
/* static configuration, will not change */
sa_info[i].tx_payload_info.aadSize = 0;
sa_info[i].tx_payload_info.pAad = NULL;
}
else if ((tx_sa[i].authMode == NWAL_SA_AALG_HMAC_SHA2_256) && (tx_sa[i].cipherMode == NWAL_SA_EALG_AES_CTR))
{
- tx_sa[i].spi = rx_sa[i].spi =spi++;
+ tx_sa[i].spi = rx_sa[i].spi = hplib_mAtomic32AddReturn(&spi,1);
/* static configuration, will not change */
sa_info[i].tx_payload_info.aadSize = 0;
sa_info[i].tx_payload_info.pAad = NULL;
}
else if ((tx_sa[i].authMode == NWAL_SA_AALG_HMAC_SHA2_256) && (tx_sa[i].cipherMode == NWAL_SA_EALG_3DES_CBC))
{
- tx_sa[i].spi = rx_sa[i].spi =spi++;
+ tx_sa[i].spi = rx_sa[i].spi = hplib_mAtomic32AddReturn(&spi,1);
/* static configuration, will not change */
sa_info[i].tx_payload_info.aadSize = 0;
sa_info[i].tx_payload_info.pAad = NULL;
}
else if ((tx_sa[i].authMode == NWAL_SA_AALG_HMAC_MD5) && (rx_sa[i].cipherMode == NWAL_SA_EALG_NULL))
{
- tx_sa[i].spi = rx_sa[i].spi =spi++;
+ tx_sa[i].spi = rx_sa[i].spi = hplib_mAtomic32AddReturn(&spi,1);
/* static configuration, will not change */
sa_info[i].tx_payload_info.aadSize = 0;
sa_info[i].tx_payload_info.pAad = NULL;
}
else if ((tx_sa[i].authMode == NWAL_SA_AALG_NULL) && (rx_sa[i].cipherMode == NWAL_SA_EALG_AES_GCM))
{
- tx_sa[i].spi = rx_sa[i].spi =spi++;
+ tx_sa[i].spi = rx_sa[i].spi = hplib_mAtomic32AddReturn(&spi,1);
/* static configuration, will not change */
sa_info[i].tx_payload_info.aadSize = 0;
sa_info[i].tx_payload_info.pAad = NULL;
}
else if ((tx_sa[i].authMode == NWAL_SA_AALG_NULL) && (rx_sa[i].cipherMode == NWAL_SA_EALG_AES_CCM))
{
- tx_sa[i].spi = rx_sa[i].spi =spi++;
+ tx_sa[i].spi = rx_sa[i].spi = hplib_mAtomic32AddReturn(&spi,1);
/* static configuration, will not change */
sa_info[i].tx_payload_info.aadSize = 0;
sa_info[i].tx_payload_info.pAad = NULL;
}
else if ((tx_sa[i].authMode == NWAL_SA_AALG_AES_XCBC) && (rx_sa[i].cipherMode == NWAL_SA_EALG_NULL))
{
- tx_sa[i].spi = rx_sa[i].spi =spi++;
+ tx_sa[i].spi = rx_sa[i].spi = hplib_mAtomic32AddReturn(&spi,1);
/* static configuration, will not change */
sa_info[i].tx_payload_info.aadSize = 0;
sa_info[i].tx_payload_info.pAad = NULL;
&err);
//if (err) {printf("addRxSa failed %d\n",err); exit(1);}
if (err) {printf("addRxSa failed %d\n",err);}
+ sched_yield();
}
&(sa_info[i].tx_inflow_mode_handle),
&err);
if (err) {printf("addTxSa failed %d\n",err); exit(1);}
+ sched_yield();
}
sleep(1);
count = 0;
&err);
//if (err) {printf("addRxSa failed %d\n",err); exit(1);}
if (err) {printf("addRxSa failed %d\n",err);}
-
+ sched_yield();
}
count = 0;
&(sa_info[i].tx_inflow_mode_handle),
&err);
if (err) {printf("addTxSa failed %d\n",err); exit(1);}
+ sched_yield();
}
sleep(1);
count = 0;
-//#ifdef TEST_SA
+
for (i = 32; i < SA_CREATE_LOOP_COUNT-1;i++)
{
if (rx_policy[i])
index 33208dddeb9a17f29067f96793381b3d2ae61b76..f1bbf324b3eeffbfb8f7b79c07eedbda0ba3ee69 100755 (executable)
*****************************************/
#define DAL_REVIEW
-//#define NET_TEST_ENABLE_SIDE_BAND_LOW_LEVEL_API
+#define NET_TEST_ENABLE_SIDE_BAND_LOW_LEVEL_API
#ifdef NET_TEST_ENABLE_SIDE_BAND_LOW_LEVEL_API
#define NWAL_ENABLE_SA
#endif
+#define AH_SUPPORT
//define this for multi-thread
#define MULTI_THREAD
return temp;
}
+
+unsigned long peek(unsigned long * p)
+{
+ return *p;
+}
+
+
/********************************************************************
* FUNCTION PURPOSE: Ones complement addition utility
********************************************************************
{
NWAL_SA_DIR_INBOUND,
0x11111111, //spi
- nwal_IpSecProtoESP, //ESP mode
+ nwal_IpSecProtoAH, //ESP mode
nwal_SA_MODE_TUNNEL, //tunnel mode
nwal_IPV4, //v4
{ 1, 2, 3, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }, /* Src IP (them) -> set below */
{
NWAL_SA_DIR_INBOUND,
0x44444444, //spi
- nwal_IpSecProtoESP, //ESP mode
+ nwal_IpSecProtoAH, //ESP mode
nwal_SA_MODE_TUNNEL, //tunnel mode
nwal_IPV4, //v4
{ 1, 2, 3, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }, /* Src IP (them) -> set below */
{
NWAL_SA_DIR_OUTBOUND,
0x11111111, //spi
- nwal_IpSecProtoESP, //ESP mode
+ nwal_IpSecProtoAH, //ESP mode
nwal_SA_MODE_TUNNEL, //tunnel mode
nwal_IPV4, //v4
{ 1, 2, 3, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }, /* Src IP (us) -> set below */
{
NWAL_SA_DIR_OUTBOUND,
0x44444444, //spi
- nwal_IpSecProtoESP, //ESP mode
+ nwal_IpSecProtoAH, //ESP mode
nwal_SA_MODE_TUNNEL, //tunnel mode
nwal_IPV4, //v4
{ 1, 2, 3, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }, /* Src IP (us) -> set below */
*--------------------back to source----------------------------
* flag=1 => ipsec
*--------------------------------------------------------------*/
-void flip_and_send_pkt(Ti_Pkt *tip, unsigned char * p_pkt, int len, int flag)
+void flip_and_send_pkt(Ti_Pkt *tip, unsigned char * p_pkt, int len, int flag, uint16_t enet_port)
{
unsigned char mac_temp[6];
unsigned char ip_temp[4];
@@ -1122,6 +1130,12 @@ void flip_and_send_pkt(Ti_Pkt *tip, unsigned char * p_pkt, int len, int flag)
uint8_t p_iv[16];
uint8_t p_add[8];
Cppi_HostDesc* pPloadDesc;
+ uint8_t ah_len;
+#ifdef AH_SUPPORT
+ HEAD_T * p_head;
+ HEAD_T temp_head;
+ int pkt_type;
+#endif
#ifdef MULTI_THREAD
int coreid=Osal_nwalGetProcId(); //who we are(thread local)
memcpy(&p_pkt[14+12],&p_pkt[14+12+4],4);
memcpy(&p_pkt[14+12+4],&ip_temp,4);
-
+#ifdef AH_SUPPORT
+ p_head=&temp_head;
+#endif
//outer checksum to 0
if (!flag)
{
//inner ip &udp for ipsec
if (flag)
{
- p_spi = &(p_pkt[netTest_MAC_HEADER_LEN+netTest_IP_HEADER_LEN]);
+#ifdef AH_SUPPORT
+ memcpy(p_head,&p_pkt[14],sizeof(HEAD_T));
+
+ if ((p_head->ip[2]&0x0000ff00)==0x00003300)
+ {
+ p_spi = &(p_pkt[netTest_MAC_HEADER_LEN+netTest_IP_HEADER_LEN + 4]);
+ pkt_type = IPSEC_AH_PKT;
+ printf("flip_and_send_pkt: IPSEC AH packet received\n");
+ }
+ else if ((p_head->ip[2]&0x0000ff00)==0x00003200)
+ {
+ p_spi = &(p_pkt[netTest_MAC_HEADER_LEN+netTest_IP_HEADER_LEN]);
+ pkt_type = IPSEC_ESP_PKT;
+
+ printf("flip_and_send_pkt: IPSEC ESP packet received\n");
+
+ }
+#endif
+
+ //p_spi = &(p_pkt[netTest_MAC_HEADER_LEN+netTest_IP_HEADER_LEN + 4]);
p_sa_info = (netTestSA_t *) trie_lookup(p_trie_sa, (char *)p_spi ,4);
if (p_sa_info == NULL)
{
}
/* flip inner IP */
+ printf("flip_and_send_pkt: encOffSet %d\n", p_sa_info->tx_payload_info.encOffset);
memcpy(&ip_temp, &p_pkt[p_sa_info->tx_payload_info.encOffset+12],4);
memcpy(&p_pkt[p_sa_info->tx_payload_info.encOffset+12],&p_pkt[p_sa_info->tx_payload_info.encOffset+12+4],4);
memcpy(&p_pkt[p_sa_info->tx_payload_info.encOffset+12+4],&ip_temp,4);
-
/* setting udp ports */
memcpy(&p_pkt[p_sa_info->tx_payload_info.encOffset+20+2],&new_dest_port[0],2);
memset(&p_pkt[p_sa_info->tx_payload_info.encOffset+20+6],0,2); //checksum
meta_tx.appCtxId = (nwal_AppId)hplib_mUtilGetPmuCCNT();
meta.u.tx_sb_meta=&meta_tx;
-#ifdef NET_TEST_ENABLE_SIDE_BAND_LOW_LEVEL_API
/* Use the command label which was cached during create time
* Update the Queue to receive output packet from SA to the local
* core Queue. Below information can be saved by application in
pPloadDesc,
NWAL_DESC_SIZE);
-#else
- //printf("flip_and_send_pkt(): sending for encryption\n");
- pktio_send(netcp_sb_tx_chan,tip,&meta,&err);
-#endif
- }
-else
- {
- //INFLOW TX *******************
- //send pkt directly, asking for IP and UDP checksum offloads AND IPSEC to be applied
- PKTIO_METADATA_T meta = {PKTIO_META_TX,{0},0};
- int err;
- nwalTxPktInfo_t meta_tx={0};
+ }
+ else
+ {
+ //INFLOW TX *******************
+ //send pkt directly, asking for IP and UDP checksum offloads AND IPSEC to be applied
+ PKTIO_METADATA_T meta = {PKTIO_META_TX,{0},0};
+ int err;
+ nwalTxPktInfo_t meta_tx={0};
#define USE_COPY
#ifdef USE_COPY
//debug: see if re-using RX descriptor for TX is causing our SA lockup
-{
- int new_len=0;
- Ti_Pkt new_tip = get_pkt(0, &new_len, specialLarge , len+10 , &p_pkt[0] , len);
- if (!new_tip)
- {
- printf("net_test> new_tip NULL\n");
- }
- else
- {
- Pktlib_setPacketLen(new_tip,new_len);
- Pktlib_freePacket(tip);
- tip=new_tip;
- Pktlib_getDataBuffer(tip,(uint8_t**)&p_pkt,&new_len); //reset p_pkt to point to new buffer as its used below
- Cppi_setTimeStamp (Cppi_DescType_HOST, (Cppi_Desc *) tip,stats[coreid].sec_tx);
- }
-}
-if (len <1500)
-{
- eof+=1;
-}
+ {
+ int new_len=0;
+ Ti_Pkt new_tip = get_pkt(0, &new_len, specialLarge , len+10 , &p_pkt[0] , len);
+ if (!new_tip)
+ {
+ printf("net_test> new_tip NULL\n");
+ }
+ else
+ {
+ Pktlib_setPacketLen(new_tip,new_len);
+ Pktlib_freePacket(tip);
+ tip=new_tip;
+ Pktlib_getDataBuffer(tip,(uint8_t**)&p_pkt,&new_len); //reset p_pkt to point to new buffer as its used below
+// Cppi_setTimeStamp (Cppi_DescType_HOST, (Cppi_Desc *) tip,stats[coreid].sec_tx);
+ }
+ }
+ if (len <1500)
+ {
+ eof+=1;
+ }
#endif
- meta.sa_handle=p_sa_info->tx_inflow_mode_handle; //this tells netapi that inflow crypto needs to be applied
- //meta_tx.txFlag1 = (NWAL_TX_FLAG1_DO_IPV4_CHKSUM|NWAL_TX_FLAG1_DO_UDP_CHKSUM| NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO| NWAL_TX_FLAG1_META_DATA_VALID );
- meta_tx.txFlag1 = p_sa_info->tx_pkt_info.txFlag1;
- meta_tx.enetPort=0;
- meta_tx.saOffBytes= p_sa_info->tx_pkt_info.saOffBytes;
- meta_tx.saPayloadLen=len-14-20; //don't include tag, mac and outer header
- meta_tx.startOffset = p_sa_info->tx_pkt_info.startOffset;
- meta_tx.ipOffBytes =p_sa_info->tx_payload_info.encOffset;
- meta_tx.l4OffBytes = p_sa_info->tx_pkt_info.l4OffBytes;
- meta_tx.l4HdrLen = p_sa_info->tx_pkt_info.l4HdrLen;
- meta_tx.ploadLen = (unsigned) ((p_pkt[meta_tx.l4OffBytes+4]<<8)|p_pkt[meta_tx.l4OffBytes+4+1]) -8 ;
- meta_tx.pseudoHdrChecksum =
- test_utilGetIpv4PsudoChkSum(&p_pkt[meta_tx.ipOffBytes],8+ meta_tx.ploadLen);
+ meta.sa_handle=p_sa_info->tx_inflow_mode_handle; //this tells netapi that inflow crypto needs to be applied
+ meta_tx.startOffset = p_sa_info->tx_pkt_info.startOffset;
+ meta_tx.ipOffBytes =p_sa_info->tx_payload_info.encOffset;
+ meta_tx.l4OffBytes = p_sa_info->tx_pkt_info.l4OffBytes;
+ meta_tx.l4HdrLen = p_sa_info->tx_pkt_info.l4HdrLen;
+ meta_tx.ploadLen = (unsigned) ((p_pkt[meta_tx.l4OffBytes+4]<<8)|p_pkt[meta_tx.l4OffBytes+4+1]) -8 ;
+ meta_tx.saOffBytes= p_sa_info->tx_pkt_info.saOffBytes;
+ if (pkt_type == IPSEC_AH_PKT)
+ {
+ memset(&p_pkt[netTest_MAC_HEADER_LEN+netTest_IP_HEADER_LEN+netTest_IPSEC_AH_FIXED_HDR_SIZE],0,netTest_IPSEC_AH_FIXED_HDR_SIZE);
+ meta_tx.txFlag1 = p_sa_info->tx_pkt_info.txFlag1;
+ meta_tx.saPayloadLen=len-netTest_MAC_HEADER_LEN; //don't inlcude mac
+ meta_tx.saAhMacSize = 12;
+ meta_tx.saAhIcvOffBytes = netTest_MAC_HEADER_LEN + netTest_IP_HEADER_LEN + netTest_IPSEC_AH_FIXED_HDR_SIZE;
+ meta_tx.enetPort = enet_port;
+ }
+ else if (pkt_type == IPSEC_ESP_PKT)
+ {
+ meta_tx.txFlag1 = p_sa_info->tx_pkt_info.txFlag1;
+ meta_tx.saPayloadLen=len-netTest_MAC_HEADER_LEN-netTest_IP_HEADER_LEN; //don't include mac and ip outer header
+ meta_tx.enetPort = 0;
+ }
+ else
+ {
+ printf("flip_and_send_pkt: invalid ESP protocol\n");
+ return;
+ }
- /* post it to netcp tx channel*/
- meta.u.tx_meta=&meta_tx;
- if (stats[coreid].sec_tx<20) dump_descr((long *) tip, stats[coreid].sec_tx);
- pktio_send(netcp_tx_chan,tip,&meta,&err);
- stats[coreid].tx +=1;
- stats[coreid].sec_tx +=1;
- }
-}
-else //non ipsec send pkt directly, asking for IP and UDP checksum ofload
-{
- PKTIO_METADATA_T meta2 = {PKTIO_META_TX,{0},0};
- int err;
- nwalTxPktInfo_t meta_tx2={0};
- meta2.sa_handle=nwal_HANDLE_INVALID;
- meta_tx2.txFlag1 = (NWAL_TX_FLAG1_DO_IPV4_CHKSUM|NWAL_TX_FLAG1_DO_UDP_CHKSUM| NWAL_TX_FLAG1_META_DATA_VALID );
- meta_tx2.startOffset = 0;
- meta_tx2.ipOffBytes = 14;
- meta_tx2.l4OffBytes = 14+20;
- meta_tx2.l4HdrLen = 8;
- meta_tx2.ploadLen = (unsigned) ((p_pkt[14+20+4]<<8)|p_pkt[14+20+4+1]) -8 ;
- meta_tx2.pseudoHdrChecksum =
- test_utilGetIpv4PsudoChkSum(&p_pkt[14],8+ meta_tx2.ploadLen);
+ meta_tx.pseudoHdrChecksum =
+ test_utilGetIpv4PsudoChkSum(&p_pkt[meta_tx.ipOffBytes],8+ meta_tx.ploadLen);
- /* post it to netcp tx channel*/
- meta2.u.tx_meta=&meta_tx2;
- pktio_send(netcp_tx_chan,tip,&meta2,&err);
- stats[coreid].tx +=1;
-}
+
+ /* post it to netcp tx channel*/
+ meta.u.tx_meta=&meta_tx;
+ if (stats[coreid].sec_tx<20) dump_descr((long *) tip, stats[coreid].sec_tx);
+ pktio_send(netcp_tx_chan,tip,&meta,&err);
+ stats[coreid].tx +=1;
+ stats[coreid].sec_tx +=1;
+ }
+ }
+ else //non ipsec send pkt directly, asking for IP and UDP checksum ofload
+ {
+ PKTIO_METADATA_T meta2 = {PKTIO_META_TX,{0},0};
+ int err;
+ nwalTxPktInfo_t meta_tx2={0};
+ meta2.sa_handle=nwal_HANDLE_INVALID;
+ meta_tx2.txFlag1 = (NWAL_TX_FLAG1_DO_IPV4_CHKSUM|NWAL_TX_FLAG1_DO_UDP_CHKSUM| NWAL_TX_FLAG1_META_DATA_VALID );
+ meta_tx2.startOffset = 0;
+ meta_tx2.ipOffBytes = 14;
+ meta_tx2.l4OffBytes = 14+20;
+ meta_tx2.l4HdrLen = 8;
+ meta_tx2.ploadLen = (unsigned) ((p_pkt[14+20+4]<<8)|p_pkt[14+20+4+1]) -8 ;
+ meta_tx2.pseudoHdrChecksum =
+ test_utilGetIpv4PsudoChkSum(&p_pkt[14],8+ meta_tx2.ploadLen);
+
+ /* post it to netcp tx channel*/
+ meta2.u.tx_meta=&meta_tx2;
+ pktio_send(netcp_tx_chan,tip,&meta2,&err);
+ stats[coreid].tx +=1;
+ }
}
tag_cmp = memcmp(&p_pkt[len-p_sa_info->auth_tag_size],(char*) &hash[0],p_sa_info->auth_tag_size); //todo, really use meta->authTagLen
stats[coreid].n_auth_ok += !(tag_cmp);
- flip_and_send_pkt(tip, p_pkt, len,1); //flip packet to echo back and send
+ flip_and_send_pkt(tip, p_pkt, len,1, 0); //flip packet to echo back and send
}
//this is an encrypt (tx tunnel) complete
else if((int)meta[i].u.rx_sb_meta->appId== p_sa_info->tx_tunnel )
Cppi_HostDesc* pPloadDesc;
int ifno;
+ uint16_t enet_port = 0;
+
#ifdef MULTI_THREAD
int coreid=Osal_nwalGetProcId(); //who we are(thread local)
//int coreid = our_core;
#else
-int coreid=0;
+ int coreid=0;
#endif
p_head=&temp_head;
for(i=0;i<n_pkts;i++)
{
ifno = ((unsigned int)meta[i].u.rx_meta->appId)&0xff;
+ enet_port = meta[i].u.rx_meta->enetPort;
tip = p_recv[i];
Pktlib_getDataBuffer(tip,(uint8_t**)&p_pkt,&templen);/*ignore templen */
/* check header */
memcpy(p_head,&p_pkt[14],sizeof(HEAD_T));
- /* check for IPSEC packet, 0x32 is ESP tunnel mode */
- if ((p_head->ip[2]&0x0000ff00)==0x00003200)
+ /* check for IPSEC ESP or AH packet, 0x32 is ESP tunnel mode, 0x33 is AH tunnel mode*/
+ if (((p_head->ip[2]&0x0000ff00)==0x00003200) || ((p_head->ip[2]&0x0000ff00)==0x00003300))
{
if (!check_header(p_head,&meta[i]))
{
else
{
//inflow mode. flip and send
- flip_and_send_pkt(tip,p_pkt,len,1);
+ flip_and_send_pkt(tip,p_pkt,len,1, enet_port);
}
}
else if ((p_head->ip[2]&0x0000ff00)!=0x00001100)
send_pkt(tip,len);
#endif
//just flip and send
- flip_and_send_pkt(tip,p_pkt,len,0);
+ flip_and_send_pkt(tip,p_pkt,len,0, enet_port);
}
}
//printf("recv done\n");
sa_info[i].tx_payload_info.aadSize = 0;
sa_info[i].tx_payload_info.pAad = NULL;
sa_info[i].tx_payload_info.pAuthIV = NULL;
- sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN + netTest_IP_HEADER_LEN; /*done: same for all cipher suites */
+ //sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN + netTest_IP_HEADER_LEN + 24; /*done: same for all cipher suites */
+ sa_info[i].tx_payload_info.authOffset = netTest_MAC_HEADER_LEN;
sa_info[i].tx_payload_info.encOffset = netTest_MAC_HEADER_LEN +
netTest_IP_HEADER_LEN +
- netTest_ESP_HEADER_LEN +
- netTest_NULL_IV_LEN;
+ netTest_NULL_ESP_HEADER_LEN +
+ netTest_NULL_IV_LEN +
+ 24;
#ifdef EXPERIMENTAL
sa_info[i].tx_pkt_info.lpbackPass = 0;
sa_info[i].tx_pkt_info.ploadLen = 0; /*sa_info[i].tx_pkt_info.l4OffBytes + 4 */
sa_info[i].tx_pkt_info.pPkt = NULL;
- sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN + netTest_IP_HEADER_LEN;
+ sa_info[i].tx_pkt_info.saOffBytes = netTest_MAC_HEADER_LEN;
sa_info[i].tx_pkt_info.saPayloadLen = 0;
sa_info[i].tx_pkt_info.pseudoHdrChecksum =0;
-
- sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_ESP_CRYPTO| NWAL_TX_FLAG1_DO_UDP_CHKSUM| NWAL_TX_FLAG1_META_DATA_VALID ;
+ sa_info[i].tx_pkt_info.txFlag1 = NWAL_TX_FLAG1_DO_IPSEC_AH_CRYPTO| NWAL_TX_FLAG1_DO_UDP_CHKSUM | NWAL_TX_FLAG1_META_DATA_VALID ;
tmp_spi = htonl((long)(tx_sa[i].spi));
trie_insert(p_trie_sa,(char *)&tmp_spi,4, (void *) &sa_info[i]); //asociate with tx sa SPI
}
index b997b815a7e4bf1875c92b6397fd1649e01a8bad..3148dcd6327ff59eda36a25e68f41dff834458c1 100755 (executable)
#define netTest_AES_GCM_CCM_ICV_LEN 16
#define netTest_AES_GMAC_ICV_LEN 16
+#define IPSEC_AH_PKT 1
+#define IPSEC_ESP_PKT 2
+
+
+#define netTest_IPSEC_AH_FIXED_HDR_SIZE 12
+
+
+#define netTest_NULL_ESP_HEADER_LEN 0
/* The input strings for the input config file is given below */
#define INIT_CONFIG_MAC0 "mac0"
short dst_port;
} KEY_T;
+#define IPSEC_AH_PKT 1
+#define IPSEC_ESP_PKT 2