- u8 *data;
- struct ether_hdr *peth = rte_pktmbuf_mtod(mbuf, struct ether_hdr *);
- struct ipv4_hdr* pip4 = (struct ipv4_hdr *)(peth + 1);
- uint16_t ipv4_length = rte_be_to_cpu_16(pip4->total_length);
- struct rte_crypto_sym_op *sym_cop = cop->sym;
-
- if (unlikely((pip4->version_ihl >> 4) != 4)) {
- plog_info("Received non IPv4 packet at esp enc %i\n", pip4->version_ihl);
- plogdx_info(mbuf, "ENC RX: ");
- return OUT_DISCARD;
- }
- if (pip4->time_to_live) {
- pip4->time_to_live--;
- }
- else {
- plog_info("TTL = 0 => Dropping\n");
- return OUT_DISCARD;
- }
-
- // Remove padding if any (we don't want to encapsulate garbage at end of IPv4 packet)
- int l1 = rte_pktmbuf_pkt_len(mbuf);
- int padding = l1 - (ipv4_length + sizeof(struct ether_hdr));
- if (unlikely(padding > 0)) {
- rte_pktmbuf_trim(mbuf, padding);
- }
-
- l1 = rte_pktmbuf_pkt_len(mbuf);
- int encrypt_len = l1 - sizeof(struct ether_hdr) + 2; // According to RFC4303 table 1, encrypt len is ip+tfc_pad(o)+pad+pad len(1) + next header(1)
- padding = 0;
- if ((encrypt_len & 0xf) != 0)
- {
- padding = 16 - (encrypt_len % 16);
- encrypt_len += padding;
- }
-
- const int extra_space = sizeof(struct ipv4_hdr) + sizeof(struct esp_hdr) + CIPHER_IV_LENGTH_AES_CBC;
-
- struct ether_addr src_mac = peth->s_addr;
- struct ether_addr dst_mac = peth->d_addr;
- uint32_t src_addr = pip4->src_addr;
- uint32_t dst_addr = pip4->dst_addr;
- uint8_t ttl = pip4->time_to_live;
- uint8_t version_ihl = pip4->version_ihl;
-
- peth = (struct ether_hdr *)rte_pktmbuf_prepend(mbuf, extra_space); // encap + prefix
- peth = (struct ether_hdr *)rte_pktmbuf_append(mbuf, 0 + 1 + 1 + padding + 4 + DIGEST_BYTE_LENGTH_SHA1); // padding + pad_len + next_head + seqn + ICV pad + ICV
- peth = rte_pktmbuf_mtod(mbuf, struct ether_hdr *);
- l1 = rte_pktmbuf_pkt_len(mbuf);
- peth->ether_type = ETYPE_IPv4;
+ u8 *data;
+ struct ether_hdr *peth = rte_pktmbuf_mtod(mbuf, struct ether_hdr *);
+ struct ipv4_hdr* pip4 = (struct ipv4_hdr *)(peth + 1);
+ uint16_t ipv4_length = rte_be_to_cpu_16(pip4->total_length);
+ struct rte_crypto_sym_op *sym_cop = cop->sym;
+
+ if (unlikely((pip4->version_ihl >> 4) != 4)) {
+ plog_info("Received non IPv4 packet at esp enc %i\n", pip4->version_ihl);
+ plogdx_info(mbuf, "ENC RX: ");
+ return OUT_DISCARD;
+ }
+ if (pip4->time_to_live) {
+ pip4->time_to_live--;
+ }
+ else {
+ plog_info("TTL = 0 => Dropping\n");
+ return OUT_DISCARD;
+ }
+
+ // Remove padding if any (we don't want to encapsulate garbage at end of IPv4 packet)
+ int l1 = rte_pktmbuf_pkt_len(mbuf);
+ int padding = l1 - (ipv4_length + sizeof(struct ether_hdr));
+ if (unlikely(padding > 0)) {
+ rte_pktmbuf_trim(mbuf, padding);
+ }
+
+ l1 = rte_pktmbuf_pkt_len(mbuf);
+ int encrypt_len = l1 - sizeof(struct ether_hdr) + 2; // According to RFC4303 table 1, encrypt len is ip+tfc_pad(o)+pad+pad len(1) + next header(1)
+ padding = 0;
+ if ((encrypt_len & 0xf) != 0){
+ padding = 16 - (encrypt_len % 16);
+ encrypt_len += padding;
+ }
+
+ const int extra_space = sizeof(struct ipv4_hdr) + sizeof(struct esp_hdr) + CIPHER_IV_LENGTH_AES_CBC;
+
+ struct ether_addr src_mac = peth->s_addr;
+ struct ether_addr dst_mac = peth->d_addr;
+ uint32_t src_addr = pip4->src_addr;
+ uint32_t dst_addr = pip4->dst_addr;
+ uint8_t ttl = pip4->time_to_live;
+ uint8_t version_ihl = pip4->version_ihl;
+
+ peth = (struct ether_hdr *)rte_pktmbuf_prepend(mbuf, extra_space); // encap + prefix
+ peth = (struct ether_hdr *)rte_pktmbuf_append(mbuf, 0 + 1 + 1 + padding + 4 + DIGEST_BYTE_LENGTH_SHA1); // padding + pad_len + next_head + seqn + ICV pad + ICV
+ peth = rte_pktmbuf_mtod(mbuf, struct ether_hdr *);
+ l1 = rte_pktmbuf_pkt_len(mbuf);
+ peth->ether_type = ETYPE_IPv4;