MoonGen
 All Files Functions Variables Pages
ipsec.lua File Reference

IPsec (ESP/AH) offloading. More...

Go to the source code of this file.

Functions

function mod enable (port)
 Enable the Hardware Crypto Engine. More...
 
function mod disable (port)
 Disable the Hardware Crypto Engine. More...
 
function mod tx_set_key (port, idx, key, salt)
 Write AES 128 bit Key and Salt into the Hardware TX SA table. More...
 
function mod tx_get_key (port, idx)
 Read AES 128 bit Key and Salt from the Hardware TX SA table. More...
 
function mod rx_set_key (port, idx, key, salt, ip_ver, proto, decrypt)
 Write AES 128 bit Key and Salt into the Hardware RX SA table. More...
 
function mod rx_get_key (port, idx)
 Read AES 128 bit Key and Salt from the Hardware RX SA table. More...
 
function mod rx_set_ip (port, idx, ip_addr)
 Write IP-Address into the Hardware RX IP table. More...
 
function mod rx_get_ip (port, idx, is_ipv4)
 Read IP-Address from the Hardware RX IP table. More...
 
function mod rx_set_spi (port, idx, spi, ip_idx)
 Write SPI into the Hardware RX SPI table This table functions as 'glue' between the received packet (SPI), IP and KEY table. More...
 
function mod rx_get_spi (port, idx)
 Read SPI from the Hardware RX SPI table. More...
 
function mod calc_extra_pad (payload_len)
 Calculate the length of extra padding needed, in order to achive a 4 byte alignment. More...
 
function mod get_extra_pad (buf)
 Calculate the length of extra padding included in this packet for 4 byte alignment. More...
 
function mod add_esp_trailer (buf, payload_len, next_hdr)
 Calculate a ESP Trailer and the corresponding Padding and append to the packet payload. More...
 
function mod esp_vpn_decapsulate (buf, len, eth_mem)
 Decapsulate a hw-decrypted ESP packet. More...
 
function mod esp_vpn_encapsulate (buf, len, esp_mem)
 Encapsulate an IP packet into a new IP header and ESP header and trailer. More...
 

Detailed Description

IPsec (ESP/AH) offloading.

Todo:
Documentation

Definition in file ipsec.lua.

Function Documentation

function mod add_esp_trailer ( buf  ,
payload_len  ,
next_hdr   
)

Calculate a ESP Trailer and the corresponding Padding and append to the packet payload.

Only relevant for ESP/Ecryption mode

Parameters
bufrte_mbuf to add esp trailer to
payload_lenreal payload length in bytes
next_hdrtype of encapsulated packet
function mod calc_extra_pad ( payload_len  )

Calculate the length of extra padding needed, in order to achive a 4 byte alignment.

Parameters
payload_lenThe lenght of the original IP packet
Returns
The number of extra padding bytes needed
function mod disable ( port  )

Disable the Hardware Crypto Engine.

This function should be called after using the other IPSec functions

Parameters
portThe port/interface to use
function mod enable ( port  )

Enable the Hardware Crypto Engine.

This function must be called before using any other IPSec functions

Parameters
portThe port/interface to use
function mod esp_vpn_decapsulate ( buf  ,
len  ,
eth_mem   
)

Decapsulate a hw-decrypted ESP packet.

Parameters
bufThe rte_mbuf containing the hw-decrypted ESP packet
lenLength of the hw-decrypted IP/ESP packet
eth_memmemoryPool to allocate new ethernet packets from
Returns
A new rte_mbuf containing the original (inner) IP packet
function mod esp_vpn_encapsulate ( buf  ,
len  ,
esp_mem   
)

Encapsulate an IP packet into a new IP header and ESP header and trailer.

Parameters
bufThe rte_mbuf containing the original IP packet
lenLength of the original IP packet
esp_memmemoryPool to allocate new esp packets from
Returns
A new rte_mbuf containing the encapsulated IP/ESP packet
function mod get_extra_pad ( buf  )

Calculate the length of extra padding included in this packet for 4 byte alignment.

Parameters
bufThe rte_mbuf containing the hw-decrypted ESP packet
Returns
The number of extra padding bytes included in this packet
function mod rx_get_ip ( port  ,
idx  ,
is_ipv4   
)

Read IP-Address from the Hardware RX IP table.

Parameters
portThe port/interface to use
idxIndex into the RX IP table (0-127)
is_ipv4IP Version expected (true/false)
Returns
The IP(v4/v6)-Address (as string) and a IP Version Flag (true=IPv4, false=IPv6)
function mod rx_get_key ( port  ,
idx   
)

Read AES 128 bit Key and Salt from the Hardware RX SA table.

Parameters
portThe port/interface to use
idxIndex into the RX SA table (0-1023)
Returns
Key and Salt (as hex string), Valid Flag (1=SA is valid, 0=SA is invalid), Proto Flag (1=ESP, 0=AH), Decrypt Flag (1=ESP decrypt and authenticate, 0=ESP authenticate only), IPv6 Flag (1=SA is valid for IPv6, 0=SA is valid for IPv4)
function mod rx_get_spi ( port  ,
idx   
)

Read SPI from the Hardware RX SPI table.

Parameters
portThe port/interface to use
idxIndex into the RX SPI table (0-1023)
Returns
The SPI and the corresponding Index into the IP table
function mod rx_set_ip ( port  ,
idx  ,
ip_addr   
)

Write IP-Address into the Hardware RX IP table.

Parameters
portThe port/interface to use
idxIndex into the RX IP table (0-127).
ip_addrIP(v4/v6)-Address to set (as string)
function mod rx_set_key ( port  ,
idx  ,
key  ,
salt  ,
ip_ver  ,
proto  ,
decrypt   
)

Write AES 128 bit Key and Salt into the Hardware RX SA table.

Parameters
portthe port/interface to use
idxIndex into SA RX table (0-1023)
key128 bit AES key (as hex string)
salt32 bit AES salt (as hex string)
ip_verIP Version for which this SA is valid (4 or 6)
protoIPSec protocol type to use ("esp" or "ah")
decryptESP mode (1=ESP decrypt and authenticate, 0=ESP authenticate only)
function mod rx_set_spi ( port  ,
idx  ,
spi  ,
ip_idx   
)

Write SPI into the Hardware RX SPI table This table functions as 'glue' between the received packet (SPI), IP and KEY table.

Parameters
portThe port/interface to use
idxIndex into the RX SPI table (0-1023). This must match the idx of the corresponding KEY table entry.
spiSPI to write (0-0xFFFFFFFF)
ip_idxReference to the IP table. This must match the idx of the corresponding IP table entry.
function mod tx_get_key ( port  ,
idx   
)

Read AES 128 bit Key and Salt from the Hardware TX SA table.

Parameters
portThe port/interface to use
idxIndex into the TX SA table (0-1023)
Returns
Key and Salt (as hex string)
function mod tx_set_key ( port  ,
idx  ,
key  ,
salt   
)

Write AES 128 bit Key and Salt into the Hardware TX SA table.

Parameters
portThe port/interface to use idx Index into TX SA table (0-1023)
key128 bit AES key (as hex string)
salt32 bit AES salt (as hex string)