1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
/* Copyright (c) 2014-2018, Linaro Limited
* All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef ODP_IPSEC_STREAM_H_
#define ODP_IPSEC_STREAM_H_
#ifdef __cplusplus
extern "C" {
#endif
#include <openssl/evp.h>
#include <odp_api.h>
#include <odp_ipsec_misc.h>
#include <odp_ipsec_cache.h>
/**
* Stream database entry structure
*/
typedef struct stream_db_entry_s {
struct stream_db_entry_s *next; /**< Next entry on list */
int id; /**< Stream ID */
uint32_t src_ip; /**< Source IPv4 address */
uint32_t dst_ip; /**< Destination IPv4 address */
int count; /**< Packet count */
uint32_t length; /**< Packet payload length */
uint32_t created; /**< Number successfully created */
uint32_t verified; /**< Number successfully verified */
const EVP_MD *evp_md; /**< Digest method */
struct {
const char *intf; /**< Input interface name */
odp_pktio_t pktio; /**< Input PktI/O interface */
uint32_t ah_seq; /**< AH sequence number if present */
uint32_t esp_seq; /**< ESP sequence number if present */
ipsec_cache_entry_t *entry; /**< IPsec to apply on input */
} input;
struct {
const char *intf; /**< Output interface name */
odp_pktio_t pktio; /**< Output PktI/O interface */
ipsec_cache_entry_t *entry; /**t IPsec to verify on output */
} output;
} stream_db_entry_t;
/**
* Stream database
*/
typedef struct stream_db_s {
uint32_t index; /**< Index of next available entry */
stream_db_entry_t *list; /**< List of active entries */
stream_db_entry_t array[MAX_DB]; /**< Entry storage */
} stream_db_t;
extern stream_db_t *stream_db;
/** Initialize stream database global control structure */
void init_stream_db(void);
/**
* Create an stream DB entry
*
* String is of the format "SrcIP,DstIP,InInt,OutIntf,Count,Length"
*
* @param input Pointer to string describing stream
*
* @return 0 if successful else -1
*/
int create_stream_db_entry(char *input);
/**
* Resolve the stream DB against the IPsec input and output caches
*
* For each stream, look the source and destination IP address up in the
* input and output IPsec caches. If a hit is found, store the hit in
* the stream DB to be used when creating packets.
*/
void resolve_stream_db(void);
/**
* Create IPv4 packet for stream
*
* Create one ICMP test packet based on the stream structure. If an input
* IPsec cache entry is associated with the stream, build a packet that should
* successfully match that entry and be correctly decoded by it.
*
* @param stream Stream DB entry
* @param dmac Destination MAC address to use
* @param pkt_pool Packet buffer pool to allocate from
* @param max_len Maximum packet length
*
* @return packet else ODP_PACKET_INVALID
*/
odp_packet_t create_ipv4_packet(stream_db_entry_t *stream,
uint8_t *dmac,
odp_pool_t pkt_pool,
uint32_t max_len);
/**
* Verify an IPv4 packet received on a loop output queue
*
* @param stream Stream to verify the packet against
* @param pkt Packet to verify
*
* @return TRUE if packet verifies else FALSE
*/
odp_bool_t verify_ipv4_packet(stream_db_entry_t *stream,
odp_packet_t pkt);
/**
* Create input packets based on the stream DB
*
* Create input packets based on the configured streams and enqueue them
* into loop interface input queues. Once packet processing starts these
* packets will be removed and processed as if they had come from a normal
* packet interface.
*
* @return number of streams successfully processed
* @return <0 on failure
*/
int create_stream_db_inputs(void);
/**
* Verify stream DB outputs
*
* For each stream, poll the output loop interface queue and verify
* any packets found on it
*
* @return TRUE if all packets on all streams verified else FALSE
*/
odp_bool_t verify_stream_db_outputs(void);
#ifdef __cplusplus
}
#endif
#endif
|
