Multiple interface routing support updates.
authorTinku Mannan <tmannan@ti.com>
Tue, 5 Nov 2013 17:33:33 +0000 (12:33 -0500)
committerTinku Mannan <tmannan@ti.com>
Tue, 5 Nov 2013 17:33:33 +0000 (12:33 -0500)
ti/runtime/netapi/applications/ipsec_offload/ipsecmgr/src/netapi_ipsecmgr.c
ti/runtime/netapi/applications/ipsec_offload/ipsecmgr/src/netapilib_interface.c
ti/runtime/netapi/applications/ipsec_offload/ipsecmgr/src/netapilib_interface.h

index 943018216b2e3663effd9b0d831032ef080b1f99..8e95419a79c7205791056d7c74f0ae03b821c45e 100755 (executable)
  **********************************************************************/
 char*  DTS_LOG_FILE_QUEUE_ETHx[] = {
  "/proc/device-tree/soc/pktdma@2004000/channels/netrx0/complete-queue"};
-
-#if 0
- "/proc/device-tree/soc/pktdma@2004000/channels/netrx1/complete-queue",
- "/proc/device-tree/soc/pktdma@2004000/channels/netrx2/complete-queue",
- "/proc/device-tree/soc/pktdma@2004000/channels/netrx3/complete-queue",
- "/proc/device-tree/soc/pktdma@2004000/channels/netrx4/complete-queue",
- "/proc/device-tree/soc/pktdma@2004000/channels/netrx5/complete-queue",
- "/proc/device-tree/soc/pktdma@2004000/channels/netrx6/complete-queue",
- "/proc/device-tree/soc/pktdma@2004000/channels/netrx7/complete-queue",
- "/proc/device-tree/soc/pktdma@2004000/channels/netrx8/complete-queue",
- "/proc/device-tree/soc/pktdma@2004000/channels/netrx9/complete-queue",
- "/proc/device-tree/soc/pktdma@2004000/channels/netrx10/complete-queue",
- "/proc/device-tree/soc/pktdma@2004000/channels/netrx11/complete-queue",
- "/proc/device-tree/soc/pktdma@2004000/channels/netrx12/complete-queue",
- "/proc/device-tree/soc/pktdma@2004000/channels/netrx13/complete-queue",
- "/proc/device-tree/soc/pktdma@2004000/channels/netrx14/complete-queue",
- "/proc/device-tree/soc/pktdma@2004000/channels/netrx15/complete-queue"
-};
-#endif
 char*  DTS_LOG_FILE_FLOW_ETHx[] = {
 "/proc/device-tree/soc/pktdma@2004000/channels/netrx0/flow"};
-#if 0
-"/proc/device-tree/soc/pktdma@2004000/channels/netrx1/flow",
-"/proc/device-tree/soc/pktdma@2004000/channels/netrx2/flow",
-"/proc/device-tree/soc/pktdma@2004000/channels/netrx3/flow",
-"/proc/device-tree/soc/pktdma@2004000/channels/netrx4/flow",
-"/proc/device-tree/soc/pktdma@2004000/channels/netrx5/flow",
-"/proc/device-tree/soc/pktdma@2004000/channels/netrx6/flow",
-"/proc/device-tree/soc/pktdma@2004000/channels/netrx7/flow",
-"/proc/device-tree/soc/pktdma@2004000/channels/netrx8/flow",
-"/proc/device-tree/soc/pktdma@2004000/channels/netrx9/flow",
-"/proc/device-tree/soc/pktdma@2004000/channels/netrx10/flow",
-"/proc/device-tree/soc/pktdma@2004000/channels/netrx11/flow",
-"/proc/device-tree/soc/pktdma@2004000/channels/netrx12/flow",
-"/proc/device-tree/soc/pktdma@2004000/channels/netrx13/flow",
-"/proc/device-tree/soc/pktdma@2004000/channels/netrx14/flow",
-"/proc/device-tree/soc/pktdma@2004000/channels/netrx15/flow",
-};
-#endif
+
+
 /**********************************************************************
  ************************** Global Variables **************************
  **********************************************************************/
@@ -113,7 +78,6 @@ NETAPI_T netapi_handle;
 
 //paSysStats_t netcp_stats;
 ipsecMgrMcb_t globalDB;
-ipsecMgrIfConfigEntry_T ipConfigList[16];
 
 /* Lock file for the daemon */
 #define LOCK_FILE   "/var/lock/ipsecmgr_daemon"
@@ -131,7 +95,7 @@ static NETAPI_CFG_T our_netapi_default_cfg=
     64, //#descriptors w/o buffers in default heap
     TUNE_NETAPI_DEFAULT_BUFFER_SIZE+128+128,  //size of buffers in default heap
     128,    //tail room
-    256,    //extra room,
+    256,    //extra room
     0
 };
 
@@ -275,7 +239,13 @@ void utilsStatsCb(NETAPI_T h)
 }
 static void* snoop_run_thread (void* arg)
 {
-    printf(        "snoop_run_thread: daemon entering forever event loop\n");
+    cpu_set_t cpu_set;
+    CPU_ZERO( &cpu_set);
+    CPU_SET( 0, &cpu_set);
+
+    hplib_utilSetupThread(0, &cpu_set, hplib_spinLock_Type_LOL);
+    ipsecmgr_syslog_msg(SYSLOG_LEVEL_INFO,
+        "snoop_run_thread: daemon entering forever event loop\n");
     int count=0;
     int sat=500000;
     while (1)
@@ -286,7 +256,7 @@ static void* snoop_run_thread (void* arg)
         /* Poll for message from Kernel */
         ipsecmgr_snoop_run();
 #if 1
-        if((count % 50000) == 0)
+        if((count % 500000) == 0)
             utilsStatsCb(netapi_handle);
         
 #endif
@@ -602,6 +572,11 @@ static int32_t init_ipsecmgr (void)
         return -1;
     }
 
+
+
+#ifdef GDB_DEBUG
+    snoop_run_thread(NULL);
+#else
     /* Create the task context for snoop library */
     pthread_attr_init(&threadAttr);
     pthread_attr_setstacksize(&threadAttr, 0x10000);
@@ -619,7 +594,7 @@ static int32_t init_ipsecmgr (void)
     }
     /* Wait for the NETAPI Proxy task to finish its processing and exit. */
     pthread_join (snoop_run_th, NULL);
-
+#endif
     return 0;
 }
 
@@ -721,84 +696,48 @@ static void daemonize (const char *lock_file)
     return;
 }
 
-/* FUNCTION PURPOSE:validate and process inputs to the application */
-int32_t parse_cmd_line_args(int argc, char** argv)
-{
-    int32_t             i;
-
-    /* Valid command line options */
-    if (argc == 1)
-    {
-        printf("netapi_proxyParseCommandLineArgs, argc =1\n");
-        return 0;
-    }
-    else
-    {
-           printf("netapi_proxyParseCommandLineArgs, argc=%d\n", argc);
-    }
-
-    /* Scan and parse the command line options */
-    for (i = 1; i < argc; i ++)
-    {
-        if (argv[i][0] == '-' && argv[i][1] == 'f')
-        {
-            /* Log file name */                
-            if (i+1 >= argc || argv[i+1] == NULL)
-                return -1;
-            i++;
-        }
-        else
-        {
-            /* Invalid options */
-            return -1;
-        }
-    }
-    /* Success */
-    return 0;
-}
-
-int get_kernel_config(int index)
+int get_kernel_config()
 {
     uint32_t temp=0;
     FILE *pDts = NULL;
 
-    pDts = fopen(DTS_LOG_FILE_QUEUE_ETHx[index], "rb");
+    pDts = fopen(DTS_LOG_FILE_QUEUE_ETHx[0], "rb");
 
     if(pDts)
     {
         fread((void*)&temp, sizeof(uint32_t), 1, pDts);
-        globalDB.qNum[index]= (int)swap32(temp);
+        globalDB.qNum = (int)swap32(temp);
         fclose(pDts);
     }
     else
     {
         ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
-            "main: error opening device tree file: %s\n",DTS_LOG_FILE_QUEUE_ETHx[index]);
+            "main: error opening device tree file: %s\n",DTS_LOG_FILE_QUEUE_ETHx[0]);
         return -1;
     }
 
     pDts = NULL;
-    pDts = fopen(DTS_LOG_FILE_FLOW_ETHx[index], "rb");
+    pDts = fopen(DTS_LOG_FILE_FLOW_ETHx[0], "rb");
 
     if(pDts)
     {
         fread((void*)&temp, sizeof(uint32_t), 1, pDts);
-        globalDB.flowId[index] = (int)swap32(temp);
+        globalDB.flowId = (int)swap32(temp);
         fclose(pDts);
     }
     else
     {
         ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
-            "main: error opening device tree file: %s\n",DTS_LOG_FILE_FLOW_ETHx[index]);
+            "main: error opening device tree file: %s\n",DTS_LOG_FILE_FLOW_ETHx[0]);
         return -1;
     }
     ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
-            "get_kernel_config(%d): flow: 0x%x, qNum: 0x%x\n", 
-                    index, globalDB.flowId[index], globalDB.qNum[index]);
+            "get_kernel_config: flow: 0x%x, qNum: 0x%x\n", 
+             globalDB.flowId, globalDB.qNum);
     return 0;
 }
 
-int create_pktio_channel(int index)
+int create_pktio_channel()
 {
     static int count = 0;
     int error = 0;
@@ -813,38 +752,34 @@ int create_pktio_channel(int index)
     memset((void *)&route, 0, sizeof (NETCP_CFG_ROUTE_T));
     memset((void *)&flow, 0, sizeof (NETCP_CFG_FLOW_T));
 
-    sprintf(&name[0],"%s%d","offload_", index);
-    pktio_cfg.qnum = globalDB.qNum[index];
+    sprintf(&name[0],"%s","offload_0");
+    pktio_cfg.qnum = globalDB.qNum;
     pktio_cfg.flags1 = PKTIO_RX;
     pktio_cfg.flags2 = PKTIO_GLOBAL | PKTIO_PKT;
     pktio_cfg.max_n = 8;
 
-    globalDB.pktio_channel[index] = netapi_pktioCreate(netapi_handle,
+    globalDB.pktio_channel = netapi_pktioCreate(netapi_handle,
                                                &name[0],
                                                (PKTIO_CB)recv_cb,
                                                &pktio_cfg,
                                                &error);
-    if (!globalDB.pktio_channel[index])
+    if (!globalDB.pktio_channel)
     {
         ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
             "create_pktio_channel: failed\n");
         return -1;
     }
 
-    ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
-            "create_pktio_channel: index: %d, qnum: %d, pktio_handle: 0x%x\n",
-            index, 
+    printf("create_pktio_channel: qnum: %d, pktio_handle: 0x%x\n",
             pktio_cfg.qnum,
-            globalDB.pktio_channel[index]);
+            globalDB.pktio_channel);
 
-    /* Only want to create exception route for 1st interface */
-    if (index != 0)
-        return 0;
     flow.dma_engine= 1;
-    flow.flowid = globalDB.flowId[index];
-    route.p_dest_q = globalDB.pktio_channel[index];
+    flow.flowid = globalDB.flowId;
+    route.p_dest_q = globalDB.pktio_channel;
     route.p_flow = &flow;
-
+    route.valid_params |= NETCP_CFG_VALID_PARAM_ROUTE_TYPE;
+    route.routeType = NWAL_ROUTE_RX_INTF_W_FLOW;
     /* enable exception packet handling for fragmented packets */
     expPkt_appid = netapi_netcpCfgExceptions(netapi_handle,
                                              7,
@@ -883,150 +818,46 @@ int32_t main (int argc, char* argv[])
     ipsecmgr_syslog_init();
 
     memset(&globalDB, 0, sizeof(globalDB));
-    memset(&ipConfigList, 0, sizeof(ipConfigList));
 
-        /* assign main net_test thread to run on core 0 */
+    /* assign main net_test thread to run on core 0 */
     CPU_ZERO( &cpu_set);
     CPU_SET( 0, &cpu_set);
     hplib_utilSetupThread(0, &cpu_set, hplib_spinLock_Type_LOL);
     /* create netapi */
-    netapi_handle = netapi_init(NETAPI_SYS_MASTER, &our_netapi_default_cfg);
-
+    netapi_handle = netapi_init(NETAPI_SYS_MASTER,
+                                &our_netapi_default_cfg);
     if(netapi_handle == NULL)
     {
-        ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR, "ERROR: netapi_init failed\n");
+        ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
+                             "ERROR: netapi_init failed\n");
         return -1;
     }
     else
-        netapi_netcpCfgExceptions(netapi_handle, NETCP_CFG_ALL_EXCEPTIONS, NETCP_CFG_ACTION_DISCARD, (NETCP_CFG_ROUTE_HANDLE_T) NULL);
-
-    for (i = 0; i < 1; i++)
-    {
-        if (get_kernel_config(i))
-        {
-            ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
-                                "ERROR: main: get_kernel_config() failed\n");
-            continue;
-        }
-        else
-        {
-            /* create pktio channel */
-            if(create_pktio_channel(i))
-            {
-                ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
-                                "ERROR: main: pktio channel creation failed\n");
-            }
-        }
-    }
-    /* Read and parse command line options */
-    if (parse_cmd_line_args (argc, argv) < 0)
-    {
-        printf ("Usage format: netfpproxy.out [-f <log_file>]\n");
-        return -1;
-    }
-    
-
-    /* Create the proxy daemon. */
-    /*printf("main: calling daemonize\n");
-    daemonize (LOCK_FILE); */
+        netapi_netcpCfgExceptions(netapi_handle,
+                                  NETCP_CFG_ALL_EXCEPTIONS,
+                                  NETCP_CFG_ACTION_DISCARD,
+                                  (NETCP_CFG_ROUTE_HANDLE_T) NULL);
 
-
-#if to_delete
-    if (getifaddrs(&ifaddr) == -1)
+    if (get_kernel_config())
     {
         ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
-                                "main: getifaddrs failure\n");
+                            "ERROR: main: get_kernel_config() failed\n");
         return -1;
     }
-
-    for (ifa = ifaddr; ifa != NULL; ifa = ifa->ifa_next)
+    else
     {
-        if (ifa->ifa_addr == NULL)
-            continue;
-
-        family = ifa->ifa_addr->sa_family;
-
-        ipsecmgr_syslog_msg(SYSLOG_LEVEL_INFO,
-                        "%s  address family: %d%s\n",
-                        ifa->ifa_name, family,
-                        (family == AF_PACKET) ? " (AF_PACKET)" :
-                        (family == AF_INET) ?   " (AF_INET)" :
-                        (family == AF_INET6) ?  " (AF_INET6)" : "");
-        if ((family == AF_INET) ||(family == AF_INET6))
+        /* create pktio channel */
+        if(create_pktio_channel())
         {
-            s = getnameinfo(ifa->ifa_addr,
-                (family == AF_INET) ? sizeof(struct sockaddr_in):
-                                      sizeof(struct sockaddr_in6),
-                host,
-                NI_MAXHOST,
-                NULL,
-                0,
-                NI_NUMERICHOST);
-
-            if (s != 0)
-            {
-                ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
-                    "getnameinfo() failed: %s\n", gai_strerror(s));
-                    continue;
-            }
-            if (family == AF_INET)
-            {
-                ipsecmgr_syslog_msg(SYSLOG_LEVEL_INFO,
-                                    "ipv4 string %s\n", host);
-                for (i=0;i<NWAL_IPV4_ADDR_SIZE;i++)
-                {
-                    ipConfigList[ip_entry_count].ip[i] =
-                                    ifa->ifa_addr->sa_data[i+2];
-                }
-            }
-            else
-            {
-                pTok = strtok(host,"%");
-                for (i=0;i<NWAL_IPV6_ADDR_SIZE;i++)
-                {
-                    inet_pton(AF_INET6, pTok, &(ipv6_addr.sin6_addr));
-
-                    ipConfigList[ip_entry_count].ip[i] =
-                        ipv6_addr.sin6_addr.s6_addr[i];
-                    ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
-                        "ipv6[%d]: 0x%x\n",
-                        i,
-                        ipConfigList[ip_entry_count].ip[i]);
-                }
-            }
-            memcpy(&ipConfigList[ip_entry_count].name[0],
-                    ifa->ifa_name,
-                    strlen(ifa->ifa_name));
-            pTok = strtok(ifa->ifa_name, ":.");
-            /* now we have the interface name, is this eth0, eth1 or bridge i/f */
-            if (pTok)
-            {
-                if(strstr(pTok,"eth"))
-                {
-                    sscanf(pTok,"eth%d", &iface);
-                    ipConfigList[ip_entry_count].iface = iface;
-                    ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
-                        "eth i/f found with iface %d\n", iface);
-                }
-                else if(strstr(pTok,"br"))
-                {
-                    sscanf(pTok,"br%d", &iface);
-                    ipConfigList[ip_entry_count].iface = iface;
-                    ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
-                        "bridge i/f found with iface %d\n", iface);
-                }
-                else
-                {
-                    ipConfigList[ip_entry_count].iface = -1;
-                }
-                ip_entry_count++;
-            }
+            ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
+                            "ERROR: main: pktio channel creation failed\n");
+            return -1;
         }
     }
+     /*Create the proxy daemon. */
+    printf("main: calling daemonize\n");
+    daemonize (LOCK_FILE); 
 
-    if (ifaddr)
-        freeifaddrs(ifaddr);
-#endif
     /* Initialize and start the IPSec Mgr Snoop functionality */
     if ((retVal = init_ipsecmgr ()) < 0)
     {
index 37a88e5dd1d97a87b2c28a2343c4de25b7dc7a72..9cacf500e7251b93f7f9a0eb35dfa1d227783d96 100755 (executable)
 
 extern ipsecMgrMcb_t globalDB;
 extern NETAPI_T netapi_handle;
-extern ipsecMgrIfConfigEntry_T ipConfigList[];
 
-
-
-int compareIPAddr(unsigned char* ip1, unsigned char* ip2, int ip_type)
-{
-    int found = 1;
-    int i;
-    if (ip_type == nwal_IPV4)
-    {
-        for (i = 0; i < NWAL_IPV4_ADDR_SIZE; i++)
-        {
-            if (ip1[i] != ip2[i])
-            {
-                found = 0;
-                break;
-            }
-        }
-        return found;
-    }
-    else
-    {
-        for (i = 0; i < NWAL_IPV6_ADDR_SIZE; i++)
-        {
-            if (ip1[i] != ip2[i])
-            {
-                found = 0;
-                break;
-            }
-        }
-        return found;
-    }
-}
 /**************************************************************************
  * FUNCTION PURPOSE:  Internal function to find a free slot to store APPID
  *                    in list
@@ -150,17 +118,9 @@ int netapilib_ifAddSA
     NETCP_CFG_FLOW_T flow;
     NETCP_CFG_SA_HANDLE_T pSaHandle;
     char* pTok = NULL;
-    int iface;
-    cpu_set_t cpu_set;
     ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO, 
                 "netapilib_ifAddSA:, DEBUG: Translating SA\n");
 
-
-    /* assign main net_test thread to run on core 0 */
-    CPU_ZERO( &cpu_set);
-    CPU_SET( 0, &cpu_set);
-    hplib_utilSetupThread(0, &cpu_set, hplib_spinLock_Type_LOL);
-
     memset((void *)&saInfo, 0, sizeof (NETAPI_SEC_SA_INFO_T));
     memset((void *)&keyParams, 0, sizeof (nwalSecKeyParams_t));
     memset((void *)&route, 0, sizeof (NETCP_CFG_ROUTE_T));
@@ -209,24 +169,19 @@ int netapilib_ifAddSA
             return -1;
         }
         saInfo.dir = NWAL_SA_DIR_INBOUND;
-        /* need to check which interface this SA will be attached to */
 
-                globalDB.rx_sa[slot].iface = iface;
-                flow.dma_engine= 1;
-                flow.flowid = globalDB.flowId[0];
-                printf("add_sa: iface: %d, flowid: %d\n",
-                    iface,
-                    flow.flowid);
+        flow.dma_engine= 1;
+        flow.flowid = globalDB.flowId;
+        printf("add_sa:flowid: %d\n",flow.flowid);
 
-                route.p_flow = &flow;
-                route.p_dest_q = globalDB.pktio_channel[0];
+        route.p_flow = &flow;
+        route.p_dest_q = globalDB.pktio_channel;
 
-                printf("add_sa: p_dest_q: 0x%x, flowId: 0x%x\n",
+        printf("add_sa: p_dest_q: 0x%x, flowId: 0x%x\n",
                 route.p_dest_q, 
                 route.p_flow->flowid);
-
                 route.valid_params |= NETCP_CFG_VALID_PARAM_ROUTE_TYPE;
-                route.routeType = NWAL_ROUTE_RX_INTF;
+                route.routeType = NWAL_ROUTE_RX_INTF_W_FLOW;
     }
     else if (sa_info->dir == DIR_OUTBOUND)
     {
@@ -380,302 +335,6 @@ int netapilib_ifAddSA
     return 0;
 }
 
-
-#if 0
-/**************************************************************************
- * FUNCTION PURPOSE: The function is used to translate the SA configuration
- * parameters received from the IPSec Snopper and call the NETAPI function
- * to create a security association
- ********************************************************************/
-int netapilib_ifAddSA
-(
-    ipsecmgr_af_t               af,
-    ipsecmgr_sa_id_t            *sa_id,
-    ipsecmgr_sa_info_t          *sa_info,
-    ipsecmgr_sa_dscp_map_cfg_t  *dscp_map_cfg,
-    ipsecmgr_ifname_t           *if_name,
-    ipsecmgr_sa_encap_tmpl_t    *encap,
-    ipsecmgr_fp_handle_t        *sa_handle
-)
-{
-    int i;
-    uint8_t                 auth_key[36];
-    uint8_t                 encr_key[36];
-    int error, index,slot;
-    NETAPI_SEC_SA_INFO_T saInfo;
-    nwalSecKeyParams_t  keyParams;
-    void * p_rx_inflow_mode_handle;
-    void * p_tx_inflow_mode_handle;
-    NETCP_CFG_ROUTE_T  route;
-    NETCP_CFG_FLOW_T flow;
-    NETCP_CFG_SA_HANDLE_T pSaHandle;
-    char* pTok = NULL;
-    int iface;
-    cpu_set_t cpu_set;
-    ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO, 
-                "netapilib_ifAddSA:, DEBUG: Translating SA\n");
-
-
-    /* assign main net_test thread to run on core 0 */
-    CPU_ZERO( &cpu_set);
-    CPU_SET( 0, &cpu_set);
-    hplib_utilSetupThread(0, &cpu_set, hplib_spinLock_Type_LOL);
-
-    memset((void *)&saInfo, 0, sizeof (NETAPI_SEC_SA_INFO_T));
-    memset((void *)&keyParams, 0, sizeof (nwalSecKeyParams_t));
-    memset((void *)&route, 0, sizeof (NETCP_CFG_ROUTE_T));
-    memset((void *)&flow, 0, sizeof (NETCP_CFG_FLOW_T));
-
-    /* Initialize the SA Config structure. */
-    /* Get the IP protocol version. */
-    if (af == IPSECMGR_AF_IPV4)
-    {
-        saInfo.ipType = nwal_IPV4;
-        /* Populate the source and destination IP addresses. */
-        for (index = 0; index < NWAL_IPV4_ADDR_SIZE; index++)
-        {
-            saInfo.dst.ipv4[index] = sa_id->daddr.ipv4[index];
-            saInfo.src.ipv4[index] = sa_info->saddr.ipv4[index];
-        }
-    }
-    else if (af == IPSECMGR_AF_IPV6)
-    { 
-        saInfo.ipType = nwal_IPV6;
-
-        /* Populate the source and destination IP addresses. */
-        for (index = 0; index < NWAL_IPV6_ADDR_SIZE; index++)
-        {
-            saInfo.dst.ipv6[index] = sa_id->daddr.ipv6[index];
-            saInfo.src.ipv6[index] = sa_info->saddr.ipv6[index];
-        }
-    }
-    else
-    {
-        ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
-            "netapilib_ifAddSA: Address family (%d) is invalid\n", af);
-        return -1;
-    }
-    /* Get the SPI. */
-    saInfo.spi = sa_id->spi;
-
-    /* Get the SA direction. */
-    if (sa_info->dir == DIR_INBOUND)
-    {
-        slot = findFreeAppIdSlot(&globalDB.rx_sa[0]);
-        if (slot == -1)
-        {
-            ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR, 
-                "netapilib_ifAddSA:, Too many INBOUND SAs already offloaded\n");
-            return -1;
-        }
-        saInfo.dir = NWAL_SA_DIR_INBOUND;
-        /* need to check which interface this SA will be attached to */
-        for (i=0;i<16;i++)
-        {
-#if 1
-            /* get interface for destination ip address */
-            if (compareIPAddr(&ipConfigList[i].ip[0], 
-                              saInfo.ipType == nwal_IPV4 ?
-                              &saInfo.dst.ipv4[0]:
-                              &saInfo.dst.ipv6[0],
-                              saInfo.ipType))
-            {
-                pTok = strtok(ipConfigList[i].name, ":.");
-                /* now we have the interface name, is this eth0 or eth1 */
-                if (pTok)
-                {
-                    /* now we have interface name, now find the i/f number */
-                    if(strstr(pTok,"eth"))
-                    {
-                        sscanf(pTok,"eth%d", &iface);
-                    }
-                    else if(strstr(pTok,"br"))
-                    {
-                        sscanf(pTok,"br%d", &iface);
-                    }
-                    else
-                    {
-                        ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
-                        "netapilib_ifAddSA: invalid interface\n");
-                        return -1;
-                    }
-                }
-#endif
-                globalDB.rx_sa[slot].iface = iface;
-                flow.dma_engine= 1;
-                flow.flowid = globalDB.flowId[iface];
-                printf("add_sa: iface: %d, flowid: %d\n",
-                    iface,
-                    flow.flowid);
-
-                route.p_flow = &flow;
-                route.p_dest_q = globalDB.pktio_channel[iface];
-
-                printf("add_sa: p_dest_q: 0x%x, flowId: 0x%x\n",
-                route.p_dest_q, 
-                route.p_flow->flowid);
-
-                route.valid_params |= NETCP_CFG_VALID_PARAM_ROUTE_TYPE;
-                route.routeType = NETCP_CFG_ROUTE_RX_INTF_W_FLOW;
-                printf("add_sa: pktio_handle: 0x%x\n", globalDB.pktio_channel[iface]);
-                break;
-            }
-        }
-    }
-    else if (sa_info->dir == DIR_OUTBOUND)
-    {
-        slot = findFreeAppIdSlot(&globalDB.tx_sa[0]);
-        if (slot == -1)
-        {
-            ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR, 
-                "netapilib_ifAddSA:, Too many OUTBOUND SAs already offloaded\n");
-            return -1;
-        }
-        saInfo.dir = NWAL_SA_DIR_OUTBOUND;
-    }
-    else
-    {
-        ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
-            "netapilib_ifAddSA: IPSec direction (%d) is invalid\n", sa_info->dir);
-        return -1;
-    }
-    
-
-    /* Get the replay Window */
-    saInfo.replayWindow = sa_info->replay_window;
-   
-    /* Get the IPSec protocol. */
-    if (sa_id->proto == SA_PROTO_AH)
-        saInfo.proto = nwal_IpSecProtoAH;
-    else if (sa_id->proto == SA_PROTO_ESP)
-        saInfo.proto = nwal_IpSecProtoESP;
-    else
-    {
-        ipsecmgr_syslog_msg(SYSLOG_LEVEL_INFO,
-            "netapilib_ifAddSA: IPSec protocol (%d) is invalid.\n", sa_id->proto);
-        return -1;
-    }
-    /* Get the IPSec mode. */
-    if (sa_info->mode == SA_MODE_TRANSPORT)
-        saInfo.saMode = nwal_SA_MODE_TRANSPORT;
-    else if (sa_info->mode == SA_MODE_TUNNEL)
-        saInfo.saMode = nwal_SA_MODE_TUNNEL;
-    else
-    {
-        ipsecmgr_syslog_msg(SYSLOG_LEVEL_INFO,
-            "netapilib_ifAddSA: IPSec mode (%d) is invalid.\n", sa_info->mode);
-        return -1;
-    }
-    /* Get the authentication mode algorithm. */
-    if (sa_info->auth.algo == SA_AALG_HMAC_SHA1)
-        saInfo.authMode = NWAL_SA_AALG_HMAC_SHA1;
-    else if (sa_info->auth.algo == SA_AALG_HMAC_MD5)
-        saInfo.authMode = NWAL_SA_AALG_HMAC_MD5;
-    else if (sa_info->auth.algo == SA_AALG_AES_XCBC)
-        saInfo.authMode = NWAL_SA_AALG_AES_XCBC;
-    else if (sa_info->auth.algo == SA_AALG_NONE || sa_info->auth.algo == SA_AALG_NULL)  
-        saInfo.authMode = NWAL_SA_AALG_NULL;
-    else
-    {
-        ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
-            "netapilib_ifAddSA: Authentication algorithm (%d) is invalid\n", sa_info->auth.algo);
-        return -1;
-    }
-
-    /* Get the encryption mode algorithm. */
-    if (sa_info->enc.algo == SA_EALG_NULL) 
-        saInfo.cipherMode = NWAL_SA_EALG_NULL;
-    else if (sa_info->enc.algo == SA_EALG_AES_CTR) 
-        saInfo.cipherMode = NWAL_SA_EALG_AES_CTR;
-    else if (sa_info->enc.algo == SA_EALG_AES_CBC)
-        saInfo.cipherMode = NWAL_SA_EALG_AES_CBC;
-    else if (sa_info->enc.algo == SA_EALG_3DES_CBC) 
-        saInfo.cipherMode = NWAL_SA_EALG_3DES_CBC;
-    else if (sa_info->enc.algo == SA_EALG_DES_CBC) 
-        saInfo.cipherMode = NWAL_SA_EALG_DES_CBC;
-    else
-    {
-        ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
-            "netapilib_ifAddSA: Encryption algorithm (%d) is invalid\n", sa_info->enc.algo);
-        return -1;
-    }
-    /* Validate the key lengths. */
-    if ((keyParams.macKeySize = sa_info->auth_key_len) > 32)
-    {
-        ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
-            "netapilib_ifAddSA: Authentication key size (%d) is invalid.\n", sa_info->auth_key_len);
-        return -1;
-    }
-    if ((keyParams.encKeySize = sa_info->enc_key_len) > 32)
-    {
-        ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
-            "netapilib_ifAddSA: Encryption key size (%d) is invalid.\n", sa_info->enc_key_len);
-        return -1;
-    }
-
-    /* Get the authentication/encryption keys. */
-    keyParams.pAuthKey = &sa_info->auth_key[0];
-    keyParams.pEncKey = &sa_info->enc_key[0];
-
-    if (saInfo.dir == NWAL_SA_DIR_INBOUND)
-    {
-        /* Inbound == RX */
-        globalDB.rx_sa[slot].saAppId =  netapi_secAddSA(netapi_handle,
-                        NETCP_CFG_NO_INTERFACE,
-                        &saInfo,
-                        &keyParams,
-                        NETAPI_SEC_SA_INFLOW,
-                        (NETCP_CFG_ROUTE_HANDLE_T)&route,
-                        &p_rx_inflow_mode_handle,
-                        &p_tx_inflow_mode_handle,
-                        NULL, &error);
-
-        if (error == NETAPI_ERR_OK)
-        {
-            *sa_handle = globalDB.rx_sa[slot].saAppId;
-        }
-        else
-        {
-            ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
-                                "netapilib_ifAddSA: netapi_secAddSA returned error: %d.\n",
-                                 error);
-            return -1;
-        }
-    }
-    else
-    {
-        /* OUTBOUND == TX */
-        globalDB.tx_sa[slot].saAppId = netapi_secAddSA(netapi_handle,
-                        NETCP_CFG_NO_INTERFACE,
-                        &saInfo,
-                        &keyParams,
-                        NETAPI_SEC_SA_INFLOW,
-                        (NETCP_CFG_ROUTE_HANDLE_T)NULL,
-                        &p_rx_inflow_mode_handle,
-                        &p_tx_inflow_mode_handle,
-                        NULL, &error);
-        if (error == NETAPI_ERR_OK)
-        {
-            *sa_handle = globalDB.tx_sa[slot].saAppId;
-        }
-        else
-        {
-            ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
-                                "netapilib_ifAddSA: netapi_secAddSA returned error: %d.\n",
-                                 error);
-            return -1;
-        }
-    }
-    
-    ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
-    "netapilib_ifAddSA: Translation of SA successful, app_id: 0x%x\n", *sa_handle);
-
-    /* SA was created successfully. */
-    return 0;
-}
-
-#endif
-
 /**************************************************************************
  * FUNCTION PURPOSE: The function is used to translate the SA configuration
  * parameters received from the IPSec Snopper and call the NETAPI function
@@ -685,11 +344,7 @@ int netapilib_ifDeleteSA (ipsecmgr_fp_handle_t sa_handle)
 {
     int error, slot;
     cpu_set_t cpu_set;
-    
-    /* assign main net_test thread to run on core 0 */
-    CPU_ZERO( &cpu_set);
-    CPU_SET( 0, &cpu_set);
-    hplib_utilSetupThread(0, &cpu_set, hplib_spinLock_Type_LOL);
+
     slot = findAppIdSlot(&globalDB.rx_sa[0],sa_handle, 1);
 
     /* Determine if rx_sa or tx_sa is being deleted */
@@ -799,9 +454,9 @@ int32_t netapilib_ifAddSP
 
 
     flow.dma_engine= 1;
-    flow.flowid = globalDB.flowId[globalDB.rx_sa[slot].iface];
+    flow.flowid = globalDB.flowId;
     route.p_flow = &flow;
-    route.p_dest_q = globalDB.pktio_channel[globalDB.rx_sa[slot].iface];
+    route.p_dest_q = globalDB.pktio_channel;
 
 
     /* Get the IP protocol version. */
@@ -872,11 +527,6 @@ int32_t netapilib_ifDeleteSP
     ipsecmgr_dir_t          dir
 )
 {
-    cpu_set_t cpu_set;
-    /* assign main net_test thread to run on core 0 */
-    CPU_ZERO( &cpu_set);
-    CPU_SET( 0, &cpu_set);
-    hplib_utilSetupThread(0, &cpu_set, hplib_spinLock_Type_LOL);
     /* Security Policy is deleted as part of deleting SA */
     return 0;
 #if 0
index 92c7be813b31d77a88e9d6437b44c7389d05c951..99b501c513c284c1ea0948d643748dc2a3b5a550 100755 (executable)
@@ -44,13 +44,12 @@ typedef struct {
     int         in_use;
     uint32_t    saAppId;
     uint32_t    spAppId;
-    int         iface;
 } ipsecMgrAppId_T;
 
 typedef struct {
-    int                 flowId[16];
-    int                 qNum[16];
-    PKTIO_HANDLE_T*     pktio_channel[16];
+    int                 flowId;
+    int                 qNum;
+    PKTIO_HANDLE_T*     pktio_channel;
 
     /* list to store offloaded RX SA appIds and RX Policies */
     ipsecMgrAppId_T rx_sa[64];
@@ -58,17 +57,6 @@ typedef struct {
     ipsecMgrAppId_T tx_sa[64];
 } ipsecMgrMcb_t;
 
-
-/* Container for applicaion ID's for offloaded SA's */
-typedef struct {
-    char    name[NI_MAXHOST];
-    char    ip[16];
-    int     iface;
-} ipsecMgrIfConfigEntry_T;
-
-
-
-
 int netapilib_ifAddSA
 (
     ipsecmgr_af_t           af,