From patchwork Fri Oct 20 16:59:59 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 116522 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1910566qgn; Fri, 20 Oct 2017 10:04:31 -0700 (PDT) X-Google-Smtp-Source: ABhQp+QdrvfLCUG2xQIkwkdEvEGteOERJ7lLHOb3Yv11y3jk1TkoFgbVHC8gQ0MX9BvD3UuStkGy X-Received: by 10.237.60.148 with SMTP id d20mr8629789qtf.118.1508519071434; Fri, 20 Oct 2017 10:04:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1508519071; cv=none; d=google.com; s=arc-20160816; b=FZWDNrRC3AcTLfskoS6UvTqhVd7sqQ1EpYQ9FtM+4lhB/lTsG3zLOuJn/RlK8sFjpe zk7CL6xRB46ewK3Ks60WmA+aQ3mgGi+vEz5y2WZfivBHMRwPwA0+aNt4hpyMv4fXbKZD T+EfW7sJ+ojyAzGcPLsYCK8Z3JSlYC1zLR3+ZuWXRg+dv6o6p1qctA3uDS5c3nCzLQiG RGHmoBrmS3e1vtzQO/EpTMxuVHh19p3GuMbhv/1h2rSP8aOd5FHIcEl4LhY7TMdwUEpy YDqKlENqSsug3tZkRNPYAK8VRKAcrsb+1Tf6KT+Svh0DOMQ2/u3KfujUIGIsjGhTroK7 JtIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=KbY+EbaLrs3UqTx6UM8NxEziwNWyQaIIVfzGb0Z80oA=; b=chkZKYV58DJ3NiEj6YZHFym4GzCvqRXYNqlxvaj4jpw/gLtJQMOa5NYMJKnhkgEzRa F5+GFYzf7fXgVe3lLCqBy67mfycliNI+rob0ZWURAOJmW8yUZOuk300UU8lQnXDfw1Ai jjQItntfawittm+xaATBL29x4WVsH3IRO7//pzF6zavcaTyq3OX/ia41bzs1Cxv7MdFg l67tJ3p/Oqu53SINwZSZdmdvOq40vGU9XWZED7O3IOLM05onnyRV/BhHFVqbrBZXw0Cp bBA29H5ZV7hRfonLshNCAYCN058GqxgS7r7w5KBl9x6EU+J509tnJG8mkd1v7zszUene aKvQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id r62si1062889qkd.474.2017.10.20.10.04.31; Fri, 20 Oct 2017 10:04:31 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 2482361031; Fri, 20 Oct 2017 17:04:31 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 6472061041; Fri, 20 Oct 2017 17:00:48 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 39F276102B; Fri, 20 Oct 2017 17:00:26 +0000 (UTC) Received: from forward103j.mail.yandex.net (forward103j.mail.yandex.net [5.45.198.246]) by lists.linaro.org (Postfix) with ESMTPS id B8A0060976 for ; Fri, 20 Oct 2017 17:00:18 +0000 (UTC) Received: from mxback19j.mail.yandex.net (mxback19j.mail.yandex.net [IPv6:2a02:6b8:0:1619::95]) by forward103j.mail.yandex.net (Yandex) with ESMTP id 424C934C3527 for ; Fri, 20 Oct 2017 20:00:16 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback19j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 5bu1Rsdpkw-0GlCBkc0; Fri, 20 Oct 2017 20:00:16 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id PUWZGflejI-0FmWAWWN; Fri, 20 Oct 2017 20:00:15 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Fri, 20 Oct 2017 19:59:59 +0300 Message-Id: <1508518809-27877-2-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1508518809-27877-1-git-send-email-odpbot@yandex.ru> References: <1508518809-27877-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v2 1/11] linux-gen: ipsec: use counter instead of random IV for GCM X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Reusing IV block with GCM results in disastrous consequences. Use counter instead of random-generated IV to remove possibility for IV reuse. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: e3108af2f0b58c2ceca422b418439bba5de04b11 ** Merge commit sha: 1ac4107a19a46e35c46e3a96416279c6ef0a33d1 **/ platform/linux-generic/include/odp_ipsec_internal.h | 16 +++++++++++++--- platform/linux-generic/odp_ipsec.c | 19 ++++++++++++++++++- platform/linux-generic/odp_ipsec_sad.c | 6 ++++++ 3 files changed, 37 insertions(+), 4 deletions(-) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index 1340ca7bd..afc2f686e 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -118,9 +118,17 @@ struct ipsec_sa_s { uint8_t salt[IPSEC_MAX_SALT_LEN]; uint32_t salt_length; - unsigned dec_ttl : 1; - unsigned copy_dscp : 1; - unsigned copy_df : 1; + union { + unsigned flags; + struct { + unsigned dec_ttl : 1; + unsigned copy_dscp : 1; + unsigned copy_df : 1; + + /* Only for outbound */ + unsigned use_counter_iv : 1; + }; + }; union { struct { @@ -136,6 +144,8 @@ struct ipsec_sa_s { odp_atomic_u32_t tun_hdr_id; odp_atomic_u32_t seq; + odp_atomic_u64_t counter; /* for CTR/GCM */ + uint8_t tun_ttl; uint8_t tun_dscp; uint8_t tun_df; diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index e57736c2a..1aa437b8e 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -676,7 +676,24 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, ip_data_len + ipsec_sa->icv_len; - if (ipsec_sa->esp_iv_len) { + if (ipsec_sa->use_counter_iv) { + uint64_t ctr; + + /* Both GCM and CTR use 8-bit counters */ + ODP_ASSERT(sizeof(ctr) == ipsec_sa->esp_iv_len); + + ctr = odp_atomic_fetch_add_u64(&ipsec_sa->out.counter, + 1); + /* Check for overrun */ + if (ctr == 0) + goto out; + + memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); + memcpy(iv + ipsec_sa->salt_length, &ctr, + ipsec_sa->esp_iv_len); + + param.override_iv_ptr = iv; + } else if (ipsec_sa->esp_iv_len) { uint32_t len; len = odp_random_data(iv + ipsec_sa->salt_length, diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index f0b5b9e4a..5d20bb66c 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -207,6 +207,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->context = param->context; ipsec_sa->queue = param->dest_queue; ipsec_sa->mode = param->mode; + ipsec_sa->flags = 0; if (ODP_IPSEC_DIR_INBOUND == param->dir) { ipsec_sa->in.lookup_mode = param->inbound.lookup_mode; if (ODP_IPSEC_LOOKUP_DSTADDR_SPI == ipsec_sa->in.lookup_mode) @@ -315,6 +316,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) case ODP_CIPHER_ALG_AES128_GCM: #endif case ODP_CIPHER_ALG_AES_GCM: + ipsec_sa->use_counter_iv = 1; ipsec_sa->esp_iv_len = 8; ipsec_sa->esp_block_len = 16; crypto_param.iv.length = 12; @@ -323,6 +325,10 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) return ODP_IPSEC_SA_INVALID; } + if (1 == ipsec_sa->use_counter_iv && + ODP_IPSEC_DIR_OUTBOUND == param->dir) + odp_atomic_init_u64(&ipsec_sa->out.counter, 1); + crypto_param.auth_digest_len = ipsec_sa->icv_len; if (param->crypto.cipher_key_extra.length) { From patchwork Fri Oct 20 17:00:00 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 116515 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1906343qgn; Fri, 20 Oct 2017 10:01:17 -0700 (PDT) X-Google-Smtp-Source: ABhQp+STjZ57IsM7U138Ay5US/JJbxoydlKqPylNGWEGidSnIWMYK+dsNA53YC2Mng5Wqz6FFvEy X-Received: by 10.200.24.49 with SMTP id q46mr7868420qtj.139.1508518877376; Fri, 20 Oct 2017 10:01:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1508518877; cv=none; d=google.com; s=arc-20160816; b=VzwRhKcNLcU07fWMbp01oLkvT8eDxYfqC2xIPbcz+9f3AqBMfP5F5dOqnjX4TTcE7W V5o+krd3F+ky5He8YT3NadTy47iyHSQUXOaIS3ovwDKdHSyM+ZWebD0Dlx4P86+96FuO 51mvv7GXsBWrx+/B55twfyQlx6wBiSZz78dL9vqg1P5DBrFTx5HzYaDzRvHLhFjB3yTC O1pukg4rZyclhEGXx8Y1rqQh29jesqdFVzQTmUDTOGHKwGU++9cVSYzz9zmVVhIioJiN tLhzxBP+vOX+PKNXiUlHQbWjXXOY5yDIq9Ng84zWajO7sr84eW42RiMjldmFI+0zpSHD FReA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=m/brmaoj5EyB5Gz0Hp60j02RF+QOETe4dOh8f5bzN9g=; b=e/NNSsXOrVbvV3Kzg7GLk6iARbmsmfEA4NIHnk2pNsiLARmUMq79ik+xxR2w4bAFi7 qMMq2ufW908n/iw9e9vGM7Yi25s1feJB1g2CEXImuWPofIYFuuo2G1/yLsRgzve1iQyq qAI8adrg6H+VAXOqTRtGzsBHoUeHeZ8OLmWGV/iQ0km4FmIqycat95sFSDHuwOQCw5gg A7soHPlJsTw4owaIzFOafBiIH6To6squFQL0IhuBgOs7zSFsr3ZGGHsXUqNgzQksTzr8 knjLWJ0bsK7aw84iCaMJftsoYInZkSqPJK2VrtI41ZXmi/YsA+OlzZ4QtQUCw1k680tk oRJg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id t81si1061478qka.87.2017.10.20.10.01.17; Fri, 20 Oct 2017 10:01:17 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 0484D61014; Fri, 20 Oct 2017 17:01:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 6BF5161021; Fri, 20 Oct 2017 17:00:25 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 2D6A761018; Fri, 20 Oct 2017 17:00:21 +0000 (UTC) Received: from forward101p.mail.yandex.net (forward101p.mail.yandex.net [77.88.28.101]) by lists.linaro.org (Postfix) with ESMTPS id 604DC61001 for ; Fri, 20 Oct 2017 17:00:18 +0000 (UTC) Received: from mxback16j.mail.yandex.net (mxback16j.mail.yandex.net [IPv6:2a02:6b8:0:1619::92]) by forward101p.mail.yandex.net (Yandex) with ESMTP id DBF3F6A83657 for ; Fri, 20 Oct 2017 20:00:16 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback16j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 2HSCSscjzq-0GFCUMrp; Fri, 20 Oct 2017 20:00:16 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id PUWZGflejI-0GmuW5gm; Fri, 20 Oct 2017 20:00:16 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Fri, 20 Oct 2017 20:00:00 +0300 Message-Id: <1508518809-27877-3-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1508518809-27877-1-git-send-email-odpbot@yandex.ru> References: <1508518809-27877-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v2 2/11] validation: ipsec: drop unused file X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: e3108af2f0b58c2ceca422b418439bba5de04b11 ** Merge commit sha: 1ac4107a19a46e35c46e3a96416279c6ef0a33d1 **/ .../validation/api/ipsec/ipsec_sync_in.c | 27 ---------------------- 1 file changed, 27 deletions(-) delete mode 100644 test/common_plat/validation/api/ipsec/ipsec_sync_in.c diff --git a/test/common_plat/validation/api/ipsec/ipsec_sync_in.c b/test/common_plat/validation/api/ipsec/ipsec_sync_in.c deleted file mode 100644 index 8a7fc4680..000000000 --- a/test/common_plat/validation/api/ipsec/ipsec_sync_in.c +++ /dev/null @@ -1,27 +0,0 @@ -/* Copyright (c) 2017, Linaro Limited - * All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - -#include "config.h" - -#include "ipsec.h" - -int main(int argc, char *argv[]) -{ - int ret; - - /* parse common options: */ - if (odp_cunit_parse_options(argc, argv)) - return -1; - - odp_cunit_register_global_init(ipsec_init); - odp_cunit_register_global_term(ipsec_term); - - ret = odp_cunit_register(ipsec_suites); - if (ret == 0) - ret = odp_cunit_run(); - - return ret; -} From patchwork Fri Oct 20 17:00:01 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 116517 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1907057qgn; Fri, 20 Oct 2017 10:01:51 -0700 (PDT) X-Google-Smtp-Source: ABhQp+QTYUC92aA3IA2jDYou47DNjhu50juvbOhTRrCySKD+jRtZxeydk/T8Fu3z7iqzFBW6Fo+8 X-Received: by 10.200.38.50 with SMTP id u47mr8138895qtu.112.1508518911004; Fri, 20 Oct 2017 10:01:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1508518910; cv=none; d=google.com; s=arc-20160816; b=MEZIMXvgWyQ5GAiM1kuCKKhzbfWMNg/POjNBfBPKfOuErTFzqi7H2fMJUptVryAau5 dEFQB8+5AzQXtCFJLfg4MHj940SlvBeUAetVBoNz/qxFjsCXUqOs9FjZYIehhwkg7Slo nDPfh2paRiIUMykgpW5gjVvCiPvfLDSAHYgYxUfqjRtd2pwSMUQhwPyaU4hTmwO9xRZw KSELIWtBwfB1Qoi0RET0EFfb7iQQ2yAKITlURNu6rkoi/MR4Cfe9KTDTBOKldFpl2bha ie1ldw02bBVYCAn1fYDiz0Sfkf1gsYaxgjZP4xEMYeYp2O49KKxJPKdeq8IJHJgjs2BC x9cw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=0LVWQDudMOWZMtPmKsHmve7fuGuT7igYfkWE9/6tcyA=; b=V2l3kzgocSQZpTzDzxlOuB0S3NxSoqaUsY2bBWr6ytLCYgogpqrp/UlOh2lBhoHp7p J467LNe1Omm2RFuascgMQtAy8NhmED3zK9zcSDeVEi1YSMsH/qlutF88uven/tC87kaR g1ddH6Uq6Dtj/t49oWxnqHkZ0fqfbqfHLJTPyYz+2Ii+81a5jGkvD23uUdD5EmrGAUyy oCix7sFtJBDAu+1vxzJT/CP3brLnMpS1CZsniXCI6oBG6SBs73NmkvcJO+Pq2SCyhgVV 517NHL+VUtpQD9ADv7HJ9yjazn4UwrHcDTMnnniuv7v56D/HU9HOxhG+agRKiMwnw8RG 376g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id v57si1117033qtk.161.2017.10.20.10.01.50; Fri, 20 Oct 2017 10:01:50 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 96F94610DA; Fri, 20 Oct 2017 17:01:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id C34336102C; Fri, 20 Oct 2017 17:00:29 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id F37CE61000; Fri, 20 Oct 2017 17:00:22 +0000 (UTC) Received: from forward102o.mail.yandex.net (forward102o.mail.yandex.net [37.140.190.182]) by lists.linaro.org (Postfix) with ESMTPS id 2922861000 for ; Fri, 20 Oct 2017 17:00:19 +0000 (UTC) Received: from mxback2g.mail.yandex.net (mxback2g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:163]) by forward102o.mail.yandex.net (Yandex) with ESMTP id 8EB6C5A053B8 for ; Fri, 20 Oct 2017 20:00:17 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback2g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id lcbOW5y0X3-0H5u6C3l; Fri, 20 Oct 2017 20:00:17 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id PUWZGflejI-0HmiMleU; Fri, 20 Oct 2017 20:00:17 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Fri, 20 Oct 2017 20:00:01 +0300 Message-Id: <1508518809-27877-4-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1508518809-27877-1-git-send-email-odpbot@yandex.ru> References: <1508518809-27877-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v2 3/11] validation: ipsec: verify odp_ipsec_sa_context X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: e3108af2f0b58c2ceca422b418439bba5de04b11 ** Merge commit sha: 1ac4107a19a46e35c46e3a96416279c6ef0a33d1 **/ test/common_plat/validation/api/ipsec/ipsec.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/test/common_plat/validation/api/ipsec/ipsec.c b/test/common_plat/validation/api/ipsec/ipsec.c index a8fdf2b14..853bd88a9 100644 --- a/test/common_plat/validation/api/ipsec/ipsec.c +++ b/test/common_plat/validation/api/ipsec/ipsec.c @@ -19,6 +19,9 @@ struct suite_context_s suite_context; #define PKT_POOL_NUM 64 #define PKT_POOL_LEN (1 * 1024) +#define PACKET_USER_PTR ((void *)0x1212fefe) +#define IPSEC_SA_CTX ((void *)0xfefefafa) + static odp_pktio_t pktio_create(odp_pool_t pool) { odp_pktio_t pktio; @@ -300,6 +303,8 @@ void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param, param->dest_queue = suite_context.queue; + param->context = IPSEC_SA_CTX; + param->crypto.cipher_alg = cipher_alg; if (cipher_key) param->crypto.cipher_key = *cipher_key; @@ -317,6 +322,8 @@ void ipsec_sa_destroy(odp_ipsec_sa_t sa) odp_event_t event; odp_ipsec_status_t status; + CU_ASSERT_EQUAL(IPSEC_SA_CTX, odp_ipsec_sa_context(sa)); + CU_ASSERT_EQUAL(ODP_IPSEC_OK, odp_ipsec_sa_disable(sa)); if (ODP_QUEUE_INVALID != suite_context.queue) { @@ -339,8 +346,6 @@ void ipsec_sa_destroy(odp_ipsec_sa_t sa) CU_ASSERT_EQUAL(ODP_IPSEC_OK, odp_ipsec_sa_destroy(sa)); } -#define PACKET_USER_PTR ((void *)0x1212fefe) - odp_packet_t ipsec_packet(const ipsec_test_packet *itp) { odp_packet_t pkt = odp_packet_alloc(suite_context.pool, itp->len); @@ -608,7 +613,13 @@ void ipsec_check_in_one(const ipsec_test_part *part, odp_ipsec_sa_t sa) CU_ASSERT_EQUAL(0, odp_ipsec_result(&result, pkto[i])); CU_ASSERT_EQUAL(part->out[i].status.error.all, result.status.error.all); + CU_ASSERT_EQUAL(suite_context.inbound_op_mode == + ODP_IPSEC_OP_MODE_INLINE, + result.flag.inline_mode); CU_ASSERT_EQUAL(sa, result.sa); + if (ODP_IPSEC_SA_INVALID != sa) + CU_ASSERT_EQUAL(IPSEC_SA_CTX, + odp_ipsec_sa_context(sa)); } ipsec_check_packet(part->out[i].pkt_out, pkto[i]); @@ -642,6 +653,8 @@ void ipsec_check_out_one(const ipsec_test_part *part, odp_ipsec_sa_t sa) CU_ASSERT_EQUAL(part->out[i].status.error.all, result.status.error.all); CU_ASSERT_EQUAL(sa, result.sa); + CU_ASSERT_EQUAL(IPSEC_SA_CTX, + odp_ipsec_sa_context(sa)); } ipsec_check_packet(part->out[i].pkt_out, pkto[i]); @@ -679,6 +692,8 @@ void ipsec_check_out_in_one(const ipsec_test_part *part, CU_ASSERT_EQUAL(part->out[i].status.error.all, result.status.error.all); CU_ASSERT_EQUAL(sa, result.sa); + CU_ASSERT_EQUAL(IPSEC_SA_CTX, + odp_ipsec_sa_context(sa)); } CU_ASSERT_FATAL(odp_packet_len(pkto[i]) <= sizeof(pkt_in.data)); From patchwork Fri Oct 20 17:00:02 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 116520 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1907946qgn; Fri, 20 Oct 2017 10:02:32 -0700 (PDT) X-Google-Smtp-Source: ABhQp+RHceAnNbIBGBPA9rNWM7NqiJP5KjVj9ChS1sSMR48oVu9l78ZbcqpojZhWtaJc1O947t85 X-Received: by 10.200.9.43 with SMTP id t40mr8533772qth.257.1508518952247; Fri, 20 Oct 2017 10:02:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1508518952; cv=none; d=google.com; s=arc-20160816; b=y6Kc0fkf62uxA7B8TiARaOUVMlc/sZvn5fkFAj+tyde7fRyKse62+8WiNmf2Px5iH+ MgBFuQpOyLD5DhmoEIsoYI4iPqOjTX1rJsRJ147p1zCy+qaNkG4oFRMfTkO5JjBcOwOV xGTZ0BU7Ip+04p3W1s7C8l0PzV2REasZnlegtE9ngBdoWAVbqkoxurbhejjfgMmF9VnQ 1MEOLS32R39OH747Z3DQBWdIXZtppiLGI3ndRwN2ZBhIlmIc3C6gq5igQbVOH/3G/Uke /v/tQk0/9Aq/1+ZFYPdoQ355Jm4apTM164sAv6Wse33A8rY0EVRHOVO5Atv33J7zfdXP Nt3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=dNZNEcCB75T2L0RWMAxg20iVmG/ICW+kpuhlWiDchpw=; b=0K6sP1sOmy56h15Qdhdv7hTaHZfLbuo0HVj6VBwUny2lXpqPpPFLITKKIjXMLUtPQw IL6ih0H4w0J7K4/ZQH8NuWPxTiiuuEk2Y8r/8zXFOdaulZXV4xTZMkJeVSWRfZI6wOXg S7db8m929Yd/9kn45mh0U8w3VIz2BO3mkikLI53+Y6NiyXPxG7oE9XPSbhtDgYX0wEoW luZdgv9Hv7hz3DcJNHUAILbZp72p4EJt7RjEtf/7ieoiIPznnsEmc/4lr28ylu8wa4/7 09ygeJMwTWbMyq1SBuebmY/paHfOdXT0yuLptG3362rHsV7jo6o/WTNtGlguANnU0lib eD+Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id r22si891438qta.124.2017.10.20.10.02.32; Fri, 20 Oct 2017 10:02:32 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id EE57E6102E; Fri, 20 Oct 2017 17:02:31 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 29B3B61001; Fri, 20 Oct 2017 17:00:33 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 22F7761021; Fri, 20 Oct 2017 17:00:24 +0000 (UTC) Received: from forward106o.mail.yandex.net (forward106o.mail.yandex.net [37.140.190.187]) by lists.linaro.org (Postfix) with ESMTPS id 7B06861006 for ; Fri, 20 Oct 2017 17:00:19 +0000 (UTC) Received: from mxback9j.mail.yandex.net (mxback9j.mail.yandex.net [IPv6:2a02:6b8:0:1619::112]) by forward106o.mail.yandex.net (Yandex) with ESMTP id 26BB5784350 for ; Fri, 20 Oct 2017 20:00:18 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback9j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id Ib5x6wFm1Y-0Ia4HQMT; Fri, 20 Oct 2017 20:00:18 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id PUWZGflejI-0HmKI0Vh; Fri, 20 Oct 2017 20:00:17 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Fri, 20 Oct 2017 20:00:02 +0300 Message-Id: <1508518809-27877-5-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1508518809-27877-1-git-send-email-odpbot@yandex.ru> References: <1508518809-27877-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v2 4/11] linux-gen: ipsec: fix soft/hard limits check X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Split count expiration check into two phases: - optional precheck, run before crypto, which fails only if hard limit is already breached - update, run after crypto in INBOUND case, so that limits will not be updated for packets failing ICV check. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: e3108af2f0b58c2ceca422b418439bba5de04b11 ** Merge commit sha: 1ac4107a19a46e35c46e3a96416279c6ef0a33d1 **/ .../linux-generic/include/odp_ipsec_internal.h | 10 +++++++++- platform/linux-generic/odp_ipsec.c | 12 +++++------ platform/linux-generic/odp_ipsec_sad.c | 23 +++++++++++++++++++++- 3 files changed, 37 insertions(+), 8 deletions(-) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index afc2f686e..68ab195c7 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -185,11 +185,19 @@ void _odp_ipsec_sa_unuse(ipsec_sa_t *ipsec_sa); ipsec_sa_t *_odp_ipsec_sa_lookup(const ipsec_sa_lookup_t *lookup); /** + * Run pre-check on SA usage statistics. + * + * @retval <0 if hard limits were breached + */ +int _odp_ipsec_sa_stats_precheck(ipsec_sa_t *ipsec_sa, + odp_ipsec_op_status_t *status); + +/** * Update SA usage statistics, filling respective status for the packet. * * @retval <0 if hard limits were breached */ -int _odp_ipsec_sa_update_stats(ipsec_sa_t *ipsec_sa, uint32_t len, +int _odp_ipsec_sa_stats_update(ipsec_sa_t *ipsec_sa, uint32_t len, odp_ipsec_op_status_t *status); /** diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 1aa437b8e..55b60162d 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -412,9 +412,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto out; } - if (_odp_ipsec_sa_update_stats(ipsec_sa, - stats_length, - status) < 0) + if (_odp_ipsec_sa_stats_precheck(ipsec_sa, status) < 0) goto out; param.session = ipsec_sa->session; @@ -449,6 +447,9 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto out; } + if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) + goto out; + ip_offset = odp_packet_l3_offset(pkt); ip = odp_packet_l3_ptr(pkt, NULL); ip_hdr_len = ipv4_hdr_len(ip); @@ -835,9 +836,8 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, goto out; } - if (_odp_ipsec_sa_update_stats(ipsec_sa, - stats_length, - status) < 0) + /* No need to run precheck here, we know that packet is authentic */ + if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) goto out; param.session = ipsec_sa->session; diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 5d20bb66c..fe8dfd0e4 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -476,7 +476,28 @@ ipsec_sa_t *_odp_ipsec_sa_lookup(const ipsec_sa_lookup_t *lookup) return best; } -int _odp_ipsec_sa_update_stats(ipsec_sa_t *ipsec_sa, uint32_t len, +int _odp_ipsec_sa_stats_precheck(ipsec_sa_t *ipsec_sa, + odp_ipsec_op_status_t *status) +{ + uint64_t bytes = odp_atomic_load_u64(&ipsec_sa->bytes); + uint64_t packets = odp_atomic_load_u64(&ipsec_sa->packets); + int rc = 0; + + if (ipsec_sa->hard_limit_bytes > 0 && + bytes > ipsec_sa->hard_limit_bytes) { + status->error.hard_exp_bytes = 1; + rc = -1; + } + if (ipsec_sa->hard_limit_packets > 0 && + packets > ipsec_sa->hard_limit_packets) { + status->error.hard_exp_packets = 1; + rc = -1; + } + + return rc; +} + +int _odp_ipsec_sa_stats_update(ipsec_sa_t *ipsec_sa, uint32_t len, odp_ipsec_op_status_t *status) { uint64_t bytes = odp_atomic_fetch_add_u64(&ipsec_sa->bytes, len) + len; From patchwork Fri Oct 20 17:00:03 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 116521 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1908882qgn; Fri, 20 Oct 2017 10:03:19 -0700 (PDT) X-Google-Smtp-Source: ABhQp+Q4bui4eb4BU5GYKBe+C3k/Gdh/vYIujtA6kjER8/q2N46V7Sh+SvHYbNWoX+TjpPNWc7/Q X-Received: by 10.55.109.195 with SMTP id i186mr8032661qkc.147.1508518999230; Fri, 20 Oct 2017 10:03:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1508518999; cv=none; d=google.com; s=arc-20160816; b=DNmJDON3JS7Ei5jnag8cBseeHrXyCmfAdhZAyom+lyM6ZBedoLqFBeo/GWIU6jEMQc BmpUEAwp1EV4UukBPGbGdYOsXh7A71uJNscQqX09hH3hMUGxvpLFGVaurhoNgn3kHlJi atjUs8DzmXzYG4qX720Z3Suirr04PAh5UdtQcIZyO6dDKFXLkfzNFXLqijVFEj1nljDM +BhVWV4tjuS5xVXlmgTVQlhQD6DZhdf4Sa9DE8OO9D0QtGbHs7ELT1JmD0ug5oPeynFa Em3Twufi37XtpLHYyCoqQjsC9c7jsabClNUbm+g8qUPiA6ThJ8K5dV/EM91XwC5+dKSy /jlQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=4fdr4gZDSUJaggJTvGoUnrev6pUlVYycNrbwZ50Q/rA=; b=MU1dIvmOw872LqLv0rH/fx/+UV1dzdz9loT5uMm4V8ufUIorqhq5xg206AVPjuVLfx owHWZ7TOMFzbR/G5QQKEdAAVF6wGPC35T+4TTw1xOFNHDv/L2H55YQ/zmqkTCbdqyH5G AP+Wsk5ZbPtQLWn3rGl3fqIQmvTsB3jVAEALVeFoN7ra8QnuLAtXy4FC6WSfRtK1gSI8 eIu2C2YD74ef4ceWTQX+MccZJC92fWSCBwGyTEiTI2MBKdWTRoW/xTMNWXy4fnS9qMdV gNtzhP+EHRYiwqIenW/VBADL5AyiqoO98swIddaKe+zWlnfIEF1fADLdOjmfiPYWocSm LTag== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id h2si449628qkf.52.2017.10.20.10.03.18; Fri, 20 Oct 2017 10:03:19 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 85D486102E; Fri, 20 Oct 2017 17:03:18 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 767F761034; Fri, 20 Oct 2017 17:00:35 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id ACE8061025; Fri, 20 Oct 2017 17:00:24 +0000 (UTC) Received: from forward106o.mail.yandex.net (forward106o.mail.yandex.net [37.140.190.187]) by lists.linaro.org (Postfix) with ESMTPS id E44A061015 for ; Fri, 20 Oct 2017 17:00:19 +0000 (UTC) Received: from mxback6j.mail.yandex.net (mxback6j.mail.yandex.net [IPv6:2a02:6b8:0:1619::10f]) by forward106o.mail.yandex.net (Yandex) with ESMTP id CCFAF783EEF for ; Fri, 20 Oct 2017 20:00:18 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback6j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id SCyiRvpXIL-0ITCtJff; Fri, 20 Oct 2017 20:00:18 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id PUWZGflejI-0ImKGiur; Fri, 20 Oct 2017 20:00:18 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Fri, 20 Oct 2017 20:00:03 +0300 Message-Id: <1508518809-27877-6-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1508518809-27877-1-git-send-email-odpbot@yandex.ru> References: <1508518809-27877-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v2 5/11] linux-gen: ipsec: add replay window support to SAD X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: e3108af2f0b58c2ceca422b418439bba5de04b11 ** Merge commit sha: 1ac4107a19a46e35c46e3a96416279c6ef0a33d1 **/ .../linux-generic/include/odp_ipsec_internal.h | 20 ++++++++ platform/linux-generic/odp_ipsec_sad.c | 60 ++++++++++++++++++++++ 2 files changed, 80 insertions(+) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index 68ab195c7..0a7f96256 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -81,6 +81,9 @@ int _odp_ipsec_status_send(odp_queue_t queue, #define IPSEC_MAX_SALT_LEN 4 /**< Maximum salt length in bytes */ +/* 32 is minimum required by the standard. We do not support more */ +#define IPSEC_ANTIREPLAY_WS 32 + /** * Maximum number of available SAs */ @@ -127,6 +130,9 @@ struct ipsec_sa_s { /* Only for outbound */ unsigned use_counter_iv : 1; + + /* Only for inbound */ + unsigned antireplay : 1; }; }; @@ -134,6 +140,7 @@ struct ipsec_sa_s { struct { odp_ipsec_lookup_mode_t lookup_mode; odp_u32be_t lookup_dst_ip; + odp_atomic_u64_t antireplay; } in; struct { @@ -200,6 +207,19 @@ int _odp_ipsec_sa_stats_precheck(ipsec_sa_t *ipsec_sa, int _odp_ipsec_sa_stats_update(ipsec_sa_t *ipsec_sa, uint32_t len, odp_ipsec_op_status_t *status); +/* Run pre-check on sequence number of the packet. + * + * @retval <0 if the packet falls out of window + */ +int _odp_ipsec_sa_replay_precheck(ipsec_sa_t *ipsec_sa, uint32_t seq, + odp_ipsec_op_status_t *status); + +/* Run check on sequence number of the packet and update window if necessary. + * + * @retval <0 if the packet falls out of window + */ +int _odp_ipsec_sa_replay_update(ipsec_sa_t *ipsec_sa, uint32_t seq, + odp_ipsec_op_status_t *status); /** * Try inline IPsec processing of provided packet. * diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index fe8dfd0e4..e010cfaa3 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -215,6 +215,10 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) param->inbound.lookup_param.dst_addr, sizeof(ipsec_sa->in.lookup_dst_ip)); + if (param->inbound.antireplay_ws > IPSEC_ANTIREPLAY_WS) + return ODP_IPSEC_SA_INVALID; + ipsec_sa->antireplay = (param->inbound.antireplay_ws != 0); + odp_atomic_init_u64(&ipsec_sa->in.antireplay, 0); } else { odp_atomic_store_u32(&ipsec_sa->out.seq, 1); } @@ -525,3 +529,59 @@ int _odp_ipsec_sa_stats_update(ipsec_sa_t *ipsec_sa, uint32_t len, return rc; } + +int _odp_ipsec_sa_replay_precheck(ipsec_sa_t *ipsec_sa, uint32_t seq, + odp_ipsec_op_status_t *status) +{ + /* Try to be as quick as possible, we will discard packets later */ + if (ipsec_sa->antireplay && + seq + IPSEC_ANTIREPLAY_WS <= + (odp_atomic_load_u64(&ipsec_sa->in.antireplay) & 0xffffffff)) { + status->error.antireplay = 1; + return -1; + } + + return 0; +} + +int _odp_ipsec_sa_replay_update(ipsec_sa_t *ipsec_sa, uint32_t seq, + odp_ipsec_op_status_t *status) +{ + int cas = 0; + uint64_t state, new_state; + + if (!ipsec_sa->antireplay) + return 0; + + state = odp_atomic_load_u64(&ipsec_sa->in.antireplay); + + while (0 == cas) { + uint32_t max_seq = state & 0xffffffff; + uint32_t mask = state >> 32; + + if (seq + IPSEC_ANTIREPLAY_WS <= max_seq) { + status->error.antireplay = 1; + return -1; + } + + if (seq > max_seq) { + mask <<= seq - max_seq; + mask |= 1; + max_seq = seq; + } else { + if (mask & (1U << (max_seq - seq))) { + status->error.antireplay = 1; + return -1; + } + + mask |= (1U << (max_seq - seq)); + } + + new_state = (((uint64_t)mask) << 32) | max_seq; + + cas = odp_atomic_cas_acq_rel_u64(&ipsec_sa->in.antireplay, + &state, new_state); + } + + return 0; +} From patchwork Fri Oct 20 17:00:04 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 116523 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1911629qgn; Fri, 20 Oct 2017 10:05:21 -0700 (PDT) X-Google-Smtp-Source: ABhQp+SbPyAfCwpi4Yg16/DofwqH9y9MPlrTBqPMGstGvz8BWX8uj7GxukyEbwYcuzmoB0LgkmMW X-Received: by 10.55.120.131 with SMTP id t125mr7857859qkc.63.1508519121544; Fri, 20 Oct 2017 10:05:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1508519121; cv=none; d=google.com; s=arc-20160816; b=d8kAp2g2+MuR8p9AqooJXvW8FUGky2aStBpoiixS4JCQLCTpneuEF2ayciKgoi6kvo tAc5qZf9h+sGK5Lv5Y8i8ntI7hLTLnOKJfZ2/Z1x8aywroCSURIvWdfuvcA4tPaQTZP5 wPweHjP+0+UEVdHPGTRC2SjTAY5G9pUet308xn1IvX+QbyrcLRPYNkslWncBT1PLkizy 614KcVai7y9nO1AC3bjLODdBFBkSVztgBg7mv6VjGI8C1Rn0VQaWfPkCbVkFapmVvMgV bchRhrVcFElxTHiBVMUe9bpstweUbr60gguGg2nqZcSOhvppI3YZoWoRUkHTfBJ6yFrN w8mw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=UpSdxsC8vtr2U+8TBUvuypCU8yImbgwXeqFsGHgypyQ=; b=fnQgrPZmfKN8l4PwBRgyKC+nd6dPr3uoUH4oUwmjf0w8nuS9zO/oiUoBu6PhrAqQUw FhBAnFSxJzBFOdrAoUV4sayPCpQqYmMvPgq/vLwFqfq5yudStAp6GrdtuwQPTU8qNWaL ayBYcXxHBqipP2uwnfWqgctOX6vCGDPHrdpPt3CJ4NQKOrddWtS+edb65w4Y4rgyAKJC OYToGA+wEM7n/NsRIxvIzXkehfd7Ip6JxkuFr77978YUFyNpZKzn789YL4FkhOuqeAiY u3OzY64faqZRAwqkjYFwjUJXVkZcsIEk9WDKXm5ZPkmCkN5qKM0JK3A8yxv0YLbLSKZP EG4w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id l44si1139121qtf.82.2017.10.20.10.05.21; Fri, 20 Oct 2017 10:05:21 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 358C76103F; Fri, 20 Oct 2017 17:05:21 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 9DA2261016; Fri, 20 Oct 2017 17:00:51 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 517F561028; Fri, 20 Oct 2017 17:00:27 +0000 (UTC) Received: from forward102o.mail.yandex.net (forward102o.mail.yandex.net [37.140.190.182]) by lists.linaro.org (Postfix) with ESMTPS id B134660B3F for ; Fri, 20 Oct 2017 17:00:20 +0000 (UTC) Received: from mxback5j.mail.yandex.net (mxback5j.mail.yandex.net [IPv6:2a02:6b8:0:1619::10e]) by forward102o.mail.yandex.net (Yandex) with ESMTP id 925C05A05056 for ; Fri, 20 Oct 2017 20:00:19 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback5j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id tLaOu2rE3O-0J9Svv77; Fri, 20 Oct 2017 20:00:19 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id PUWZGflejI-0ImiXB40; Fri, 20 Oct 2017 20:00:19 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Fri, 20 Oct 2017 20:00:04 +0300 Message-Id: <1508518809-27877-7-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1508518809-27877-1-git-send-email-odpbot@yandex.ru> References: <1508518809-27877-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v2 6/11] linux-gen: ipsec: support replay window checks X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: e3108af2f0b58c2ceca422b418439bba5de04b11 ** Merge commit sha: 1ac4107a19a46e35c46e3a96416279c6ef0a33d1 **/ platform/linux-generic/odp_ipsec.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 55b60162d..5bb8330cb 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -42,6 +42,8 @@ int odp_ipsec_capability(odp_ipsec_capability_t *capa) capa->max_num_sa = ODP_CONFIG_IPSEC_SAS; + capa->max_antireplay_ws = IPSEC_ANTIREPLAY_WS; + rc = odp_crypto_capability(&crypto_capa); if (rc < 0) return rc; @@ -402,6 +404,12 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ip->frag_offset = 0; ip->ttl = 0; + aad.spi = ah.spi; + aad.seq_no = ah.seq_no; + + param.aad.ptr = (uint8_t *)&aad; + param.aad.length = sizeof(aad); + param.auth_range.offset = ip_offset; param.auth_range.length = odp_be_to_cpu_16(ip->tot_len); param.hash_result_offset = ipsec_offset + _ODP_AHHDR_LEN; @@ -412,6 +420,11 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto out; } + if (_odp_ipsec_sa_replay_precheck(ipsec_sa, + odp_be_to_cpu_32(aad.seq_no), + status) < 0) + goto out; + if (_odp_ipsec_sa_stats_precheck(ipsec_sa, status) < 0) goto out; @@ -450,6 +463,11 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) goto out; + if (_odp_ipsec_sa_replay_update(ipsec_sa, + odp_be_to_cpu_32(aad.seq_no), + status) < 0) + goto out; + ip_offset = odp_packet_l3_offset(pkt); ip = odp_packet_l3_ptr(pkt, NULL); ip_hdr_len = ipv4_hdr_len(ip); @@ -814,6 +832,12 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, ah.next_header = ip->proto; ip->proto = _ODP_IPPROTO_AH; + aad.spi = ah.spi; + aad.seq_no = ah.seq_no; + + param.aad.ptr = (uint8_t *)&aad; + param.aad.length = sizeof(aad); + odp_packet_copy_from_mem(pkt, ipsec_offset, _ODP_AHHDR_LEN, &ah); From patchwork Fri Oct 20 17:00:05 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 116524 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1912364qgn; Fri, 20 Oct 2017 10:05:56 -0700 (PDT) X-Google-Smtp-Source: ABhQp+S7FjSChoJWvkA/UhDv8gtqEtRll+6ZvC/v5sp9ULDC0cf8tQTF20C7Fus9utDvCFfVZQFX X-Received: by 10.200.36.68 with SMTP id d4mr8537785qtd.180.1508519155959; Fri, 20 Oct 2017 10:05:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1508519155; cv=none; d=google.com; s=arc-20160816; b=NxZOr39tsvRYvmnkjOpD1USaJ4YNsE5xdeFmm7zCGnscd/Q0iqeFV+LOQD2pBuJbJc nImenTltmWr2TXat5pZ/DjtVKYraMWgDq1V1LFbTbcAj65b2VDLMhO8qK+f+yHmAOTw1 q03mH+S6BM88ux6wEAtPEQ2urE6LyUQU9+7//jHyaDbx2oJq9kL3PxekkUk/VqmEq0oM 3sLSZRcz8vPe27llFC5dLFafWI8Cp5ytg8ga/AnVcNYMmkAw08JXztjQcnDyxM0iQPcQ XlBigYLk6him0nq0U87jQ+9TlZckwcbYSwBX8waVVAtv48N+i/S5bJ7VBZwArv06fvZC iNNw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=JnsFwBcaIfIMrDz09RS+P362TWfXUJ8QUZYaqHE88wQ=; b=boDJ5HCFlJbKSSQj23JgJIyzW7nR5UyJzkDYMjfKJPbN0UjlF5nDjWvISv0UBxHqKK 7lyAHd8F0iJVEikntQsntOB02sLuenzmz1YiM/SgFVkaZfH+DbjCqNrRcDSUP9lFa+e+ NdWl77Jm0Yb3zFpH9aY0EMo5sHyw/S4AH9wGIHZyhMuky6eGXVA7nUPwOk55aQrHO9Jn rRBe6g90HfS8w3YBpVK5h18iuGgkZQtkmfasyW7Xq9KP1Q1jpnBpqizOiNlPWMYtgeME no72LY3K2EQlVqALEn8M22n8YTPNsBvFH0Ie8WG84FoEnHsQfAVz5aOqCUzbwQFEvK12 nVmA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id f7si99945qke.224.2017.10.20.10.05.55; Fri, 20 Oct 2017 10:05:55 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 974B861047; Fri, 20 Oct 2017 17:05:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id E79D261046; Fri, 20 Oct 2017 17:00:54 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id D5BD961001; Fri, 20 Oct 2017 17:00:29 +0000 (UTC) Received: from forward101j.mail.yandex.net (forward101j.mail.yandex.net [5.45.198.241]) by lists.linaro.org (Postfix) with ESMTPS id 830A961001 for ; Fri, 20 Oct 2017 17:00:21 +0000 (UTC) Received: from mxback11g.mail.yandex.net (mxback11g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:90]) by forward101j.mail.yandex.net (Yandex) with ESMTP id 7A8AB12442C8 for ; Fri, 20 Oct 2017 20:00:20 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback11g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id ajrUtWe8UR-0KNqwVaQ; Fri, 20 Oct 2017 20:00:20 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id PUWZGflejI-0JmekIEm; Fri, 20 Oct 2017 20:00:19 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Fri, 20 Oct 2017 20:00:05 +0300 Message-Id: <1508518809-27877-8-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1508518809-27877-1-git-send-email-odpbot@yandex.ru> References: <1508518809-27877-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v2 7/11] validation: ipsec: add replay window checks X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: e3108af2f0b58c2ceca422b418439bba5de04b11 ** Merge commit sha: 1ac4107a19a46e35c46e3a96416279c6ef0a33d1 **/ .../validation/api/ipsec/ipsec_test_in.c | 204 +++++++++++++++++++++ .../validation/api/ipsec/test_vectors.h | 87 +++++++++ 2 files changed, 291 insertions(+) diff --git a/test/common_plat/validation/api/ipsec/ipsec_test_in.c b/test/common_plat/validation/api/ipsec/ipsec_test_in.c index 25fc00e11..598a83e3f 100644 --- a/test/common_plat/validation/api/ipsec/ipsec_test_in.c +++ b/test/common_plat/validation/api/ipsec/ipsec_test_in.c @@ -284,6 +284,202 @@ static void test_in_esp_null_sha256_tun(void) ipsec_sa_destroy(sa); } +static void test_in_ah_sha256_noreplay(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.inbound.antireplay_ws = 0; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_ah_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_test_part test_1235 = { + .pkt_in = &pkt_icmp_0_ah_sha256_1235, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test_1235, sa); + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ah_sha256_replay(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.inbound.antireplay_ws = 32; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_ah_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_test_part test_repl = { + .pkt_in = &pkt_icmp_0_ah_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.antireplay = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_test_part test_1235 = { + .pkt_in = &pkt_icmp_0_ah_sha256_1235, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test_repl, sa); + ipsec_check_in_one(&test_1235, sa); + ipsec_check_in_one(&test_repl, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_esp_null_sha256_noreplay(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.inbound.antireplay_ws = 0; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_test_part test_1235 = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1235, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test_1235, sa); + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_esp_null_sha256_replay(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.inbound.antireplay_ws = 32; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_test_part test_repl = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.antireplay = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_test_part test_1235 = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1235, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test_repl, sa); + ipsec_check_in_one(&test_1235, sa); + ipsec_check_in_one(&test_repl, sa); + + ipsec_sa_destroy(sa); +} + static void test_in_ah_esp_pkt(void) { odp_ipsec_sa_param_t param; @@ -797,6 +993,14 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_tun, ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_noreplay, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_replay, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_noreplay, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_replay, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ah_esp_pkt, ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_esp_ah_pkt, diff --git a/test/common_plat/validation/api/ipsec/test_vectors.h b/test/common_plat/validation/api/ipsec/test_vectors.h index 2fb06b2b7..593a8f450 100644 --- a/test/common_plat/validation/api/ipsec/test_vectors.h +++ b/test/common_plat/validation/api/ipsec/test_vectors.h @@ -278,6 +278,50 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad2 = { }, }; +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1235 = { + .len = 170, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x33, 0xab, 0xd9, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* AH */ + 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x12, 0x35, + 0x04, 0xef, 0x71, 0x73, 0xa1, 0xd4, 0x71, 0x3f, + 0xd6, 0x78, 0xfe, 0xa2, 0x59, 0xe9, 0x93, 0x70, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, + + /* ICMP echo */ + 0x12, 0x34, 0x00, 0x00, + + /* data */ + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b + }, +}; + static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1 = { .len = 170, .l2_offset = 0, @@ -412,6 +456,49 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1_bad1 = { }, }; +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1235 = { + .len = 170, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x32, 0xab, 0xda, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x12, 0x35, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x01, 0x02, 0x02, 0x01, + + /* ICV */ + 0x2f, 0xfb, 0xdd, 0x9d, 0xc0, 0xca, 0xb8, 0x0a, + 0xaa, 0xf1, 0x59, 0x31, 0x4e, 0xef, 0x62, 0x50, + }, +}; + static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_null_1 = { .len = 170, .l2_offset = 0, From patchwork Fri Oct 20 17:00:06 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 116526 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1914843qgn; Fri, 20 Oct 2017 10:08:10 -0700 (PDT) X-Google-Smtp-Source: ABhQp+RS/h8ENF10sASwphwYCXeVCu74lSxwRAElr7uUYR5hVdfKM5jALw0bUEr7W2LCuEf3RG1i X-Received: by 10.200.43.8 with SMTP id 8mr8433416qtu.193.1508519290117; Fri, 20 Oct 2017 10:08:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1508519290; cv=none; d=google.com; s=arc-20160816; b=cCbQgvGFPNILPZNQ8N3fYw2IXrfg4Jg3H+5xUtaAPTPmaRT9MhpdjKxxNaBeqGy8kd bF7RRX1fuxvlWfHUxU9VlwUECTzPAd76gfQnBNN5J+S9sKgRzGbi/2cWfHno38LxQ4Wp mHwTm03WNM3OXhKjjtIoh0z162BD4mEAxcnwMIQQf6X1O8ORcZ6YBGuu7I/1naLc2OJ5 RC0wZ3mTdAuf6bNq2iKUrWnKyvjJptMLfS8Hd9mEFWJJKFdhcpzIU3kEFDB6ayMkNG6x PsoSXmvGd6bk9+XgyuXB03hYn8l5apV/qW3DnVN8aWgDnCdRhH0Y/zCDcc5nGA9jr9GI 1h1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=tbAICmVTXOJmAGe+J9Px7oQ97kLwsdIKckyX7i0TAg8=; b=nOjVqdQzQnbzc8yKsKk8m77Czl+yv/YRjky4rqYeto1+RK9B7Enu0j+WDitmOIXvmh mSuAS4YEwvShVgc33tjM+Ux/2owYpQy0TwLPfvN6dbTcjYxe2SPu6M2y1s9qxfwBCWE1 Yw5eWDXB5NF8XMKkrO5jgv0oHGPUmEy+QTrApzwspeynJqP5a+4CETja7V8dgfCqnQvJ omaDjUNlIuMdzwvibH7C70OyOg4SpUuaIf22sQ8VtxYexhGTYfEO0mUKUxtw0i3Mm0iB p8z0FFp97sJbnmEUxA4MMvnTTTg7Kp3ZR6L8UgHY4yJDGHt1KX6EGQPC7aVcEk3yYBm5 IO1g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id m128si640158qkc.287.2017.10.20.10.08.09; Fri, 20 Oct 2017 10:08:10 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id C059B61027; Fri, 20 Oct 2017 17:08:09 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 1FB7B61053; Fri, 20 Oct 2017 17:01:26 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 7EE976101A; Fri, 20 Oct 2017 17:01:11 +0000 (UTC) Received: from forward104o.mail.yandex.net (forward104o.mail.yandex.net [37.140.190.179]) by lists.linaro.org (Postfix) with ESMTPS id BEFEE61020 for ; Fri, 20 Oct 2017 17:00:22 +0000 (UTC) Received: from mxback14j.mail.yandex.net (mxback14j.mail.yandex.net [IPv6:2a02:6b8:0:1619::90]) by forward104o.mail.yandex.net (Yandex) with ESMTP id 127BC703583 for ; Fri, 20 Oct 2017 20:00:21 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback14j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id oysu5BNcpo-0Lh470Nf; Fri, 20 Oct 2017 20:00:21 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id PUWZGflejI-0KmuHvtK; Fri, 20 Oct 2017 20:00:20 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Fri, 20 Oct 2017 20:00:06 +0300 Message-Id: <1508518809-27877-9-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1508518809-27877-1-git-send-email-odpbot@yandex.ru> References: <1508518809-27877-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v2 8/11] linux-gen: classification: provide _odp_cos_get_entry() function X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Provide function mapping from odp_cos_t to internal cos_t type. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: e3108af2f0b58c2ceca422b418439bba5de04b11 ** Merge commit sha: 1ac4107a19a46e35c46e3a96416279c6ef0a33d1 **/ .../include/odp_classification_datamodel.h | 4 +++ platform/linux-generic/odp_classification.c | 33 +++++++++++----------- 2 files changed, 20 insertions(+), 17 deletions(-) diff --git a/platform/linux-generic/include/odp_classification_datamodel.h b/platform/linux-generic/include/odp_classification_datamodel.h index 29b39f9c3..a40541986 100644 --- a/platform/linux-generic/include/odp_classification_datamodel.h +++ b/platform/linux-generic/include/odp_classification_datamodel.h @@ -123,6 +123,10 @@ typedef union cos_u { uint8_t pad[ROUNDUP_CACHE_LINE(sizeof(struct cos_s))]; } cos_t; +/** + * Get classification entry basing on the id + */ +cos_t *_odp_cos_get_entry(odp_cos_t cos_id); /** Packet Matching Rule diff --git a/platform/linux-generic/odp_classification.c b/platform/linux-generic/odp_classification.c index a5cba56a4..6ece74fca 100644 --- a/platform/linux-generic/odp_classification.c +++ b/platform/linux-generic/odp_classification.c @@ -302,8 +302,7 @@ odp_pmr_t alloc_pmr(pmr_t **pmr) return ODP_PMR_INVAL; } -static -cos_t *get_cos_entry(odp_cos_t cos_id) +cos_t *_odp_cos_get_entry(odp_cos_t cos_id) { if (_odp_typeval(cos_id) >= CLS_COS_MAX_ENTRY || cos_id == ODP_COS_INVALID) @@ -326,7 +325,7 @@ pmr_t *get_pmr_entry(odp_pmr_t pmr_id) int odp_cos_destroy(odp_cos_t cos_id) { - cos_t *cos = get_cos_entry(cos_id); + cos_t *cos = _odp_cos_get_entry(cos_id); if (NULL == cos) { ODP_ERR("Invalid odp_cos_t handle"); @@ -339,7 +338,7 @@ int odp_cos_destroy(odp_cos_t cos_id) int odp_cos_queue_set(odp_cos_t cos_id, odp_queue_t queue_id) { - cos_t *cos = get_cos_entry(cos_id); + cos_t *cos = _odp_cos_get_entry(cos_id); if (cos == NULL) { ODP_ERR("Invalid odp_cos_t handle"); @@ -353,7 +352,7 @@ int odp_cos_queue_set(odp_cos_t cos_id, odp_queue_t queue_id) odp_queue_t odp_cos_queue(odp_cos_t cos_id) { - cos_t *cos = get_cos_entry(cos_id); + cos_t *cos = _odp_cos_get_entry(cos_id); if (!cos) { ODP_ERR("Invalid odp_cos_t handle"); @@ -365,7 +364,7 @@ odp_queue_t odp_cos_queue(odp_cos_t cos_id) uint32_t odp_cls_cos_num_queue(odp_cos_t cos_id) { - cos_t *cos = get_cos_entry(cos_id); + cos_t *cos = _odp_cos_get_entry(cos_id); if (!cos) { ODP_ERR("Invalid odp_cos_t handle"); @@ -383,7 +382,7 @@ uint32_t odp_cls_cos_queues(odp_cos_t cos_id, odp_queue_t queue[], uint32_t tbl_index; uint32_t i; - cos = get_cos_entry(cos_id); + cos = _odp_cos_get_entry(cos_id); if (!cos) { ODP_ERR("Invalid odp_cos_t handle"); return 0; @@ -403,7 +402,7 @@ uint32_t odp_cls_cos_queues(odp_cos_t cos_id, odp_queue_t queue[], int odp_cos_drop_set(odp_cos_t cos_id, odp_cls_drop_t drop_policy) { - cos_t *cos = get_cos_entry(cos_id); + cos_t *cos = _odp_cos_get_entry(cos_id); if (!cos) { ODP_ERR("Invalid odp_cos_t handle"); @@ -417,7 +416,7 @@ int odp_cos_drop_set(odp_cos_t cos_id, odp_cls_drop_t drop_policy) odp_cls_drop_t odp_cos_drop(odp_cos_t cos_id) { - cos_t *cos = get_cos_entry(cos_id); + cos_t *cos = _odp_cos_get_entry(cos_id); if (!cos) { ODP_ERR("Invalid odp_cos_t handle"); @@ -437,7 +436,7 @@ int odp_pktio_default_cos_set(odp_pktio_t pktio_in, odp_cos_t default_cos) ODP_ERR("Invalid odp_pktio_t handle"); return -1; } - cos = get_cos_entry(default_cos); + cos = _odp_cos_get_entry(default_cos); if (cos == NULL) { ODP_ERR("Invalid odp_cos_t handle"); return -1; @@ -458,7 +457,7 @@ int odp_pktio_error_cos_set(odp_pktio_t pktio_in, odp_cos_t error_cos) return -1; } - cos = get_cos_entry(error_cos); + cos = _odp_cos_get_entry(error_cos); if (cos == NULL) { ODP_ERR("Invalid odp_cos_t handle"); return -1; @@ -512,7 +511,7 @@ int odp_cos_with_l2_priority(odp_pktio_t pktio_in, LOCK(&l2_cos->lock); /* Update the L2 QoS table*/ for (i = 0; i < num_qos; i++) { - cos = get_cos_entry(cos_table[i]); + cos = _odp_cos_get_entry(cos_table[i]); if (cos != NULL) { if (CLS_COS_MAX_L2_QOS > qos_table[i]) l2_cos->cos[qos_table[i]] = cos; @@ -544,7 +543,7 @@ int odp_cos_with_l3_qos(odp_pktio_t pktio_in, LOCK(&l3_cos->lock); /* Update the L3 QoS table*/ for (i = 0; i < num_qos; i++) { - cos = get_cos_entry(cos_table[i]); + cos = _odp_cos_get_entry(cos_table[i]); if (cos != NULL) { if (CLS_COS_MAX_L3_QOS > qos_table[i]) l3_cos->cos[qos_table[i]] = cos; @@ -643,8 +642,8 @@ odp_pmr_t odp_cls_pmr_create(const odp_pmr_param_t *terms, int num_terms, odp_pmr_t id; int val_sz; uint32_t loc; - cos_t *cos_src = get_cos_entry(src_cos); - cos_t *cos_dst = get_cos_entry(dst_cos); + cos_t *cos_src = _odp_cos_get_entry(src_cos); + cos_t *cos_dst = _odp_cos_get_entry(dst_cos); if (NULL == cos_src || NULL == cos_dst) { ODP_ERR("Invalid input handle"); @@ -691,7 +690,7 @@ int odp_cls_cos_pool_set(odp_cos_t cos_id, odp_pool_t pool) { cos_t *cos; - cos = get_cos_entry(cos_id); + cos = _odp_cos_get_entry(cos_id); if (cos == NULL) { ODP_ERR("Invalid odp_cos_t handle"); return -1; @@ -706,7 +705,7 @@ odp_pool_t odp_cls_cos_pool(odp_cos_t cos_id) { cos_t *cos; - cos = get_cos_entry(cos_id); + cos = _odp_cos_get_entry(cos_id); if (cos == NULL) { ODP_ERR("Invalid odp_cos_t handle"); return ODP_POOL_INVALID; From patchwork Fri Oct 20 17:00:07 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 116525 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1914270qgn; Fri, 20 Oct 2017 10:07:35 -0700 (PDT) X-Google-Smtp-Source: ABhQp+S2VqrtDBarYoujxFyV0m/mw/D9ftp2aXx37hXUn2cg3rJafEy5YD0ILE+XBqQxget/6zVl X-Received: by 10.200.22.168 with SMTP id r37mr7823340qtj.21.1508519255051; Fri, 20 Oct 2017 10:07:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1508519255; cv=none; d=google.com; s=arc-20160816; b=x/WZ5zLprQZ9CGjiFvXx48ApXm4yRDFWGq17kxvzhBXN6ZndnrIQln0p93mJE1gXQD lvRI7VmQznVvBIx9HGPQ8w3/hguOCtFE3eZxCh95O4nend/hlJ7if4WrLlilVsYxGNJy UhIc+0GZ1WaI/Z17VvRKleAKTiM6qPuDhppoxlypXu9bav6A3lOZ47zO96d+T6y8oANE XEwhRlv7NJGjGAPCPY9FsqUJNiK0vdGMkH7P3gARBf2GY9IIMj5tGWWwpo2fmdXOWqQw oG5xeL9NN47hsBmy8tHKSGRKFAROsl8lBjwzxKmOu9jp+6Ldo0apgSfaix7z2ZsHsD2G 56LA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=e9XiCtqnWbXjZmNowS00pVse1xosVgeKJOoQnYstT/Q=; b=tBRic+FYYFciRYNmePn5wWs9l1FGaMXasGdsYfHODHVXv+K+JyXwx/bBPLC1QfY/lF /1xvK7y6gK1hH02kM8KlJ7exoZ4tASN+KLXjweQV4sYokC/ebcQEnO+l0ImO1fh2kdGB Whr2UIX4qiCBMzhyQEqRgKHijpAaxzuoVOD+KjTMJrawMAhLlUoAG2EigYMSfaIDbA0h 2hVmkz/VCAOHI9D7unOBodXETZX7abj7u6FbvUftwf+W7HGZNvK9FMw4BAvgCn0P+9Pp OgQuFSEXPEAZDll+0IvX6b5+MVR9LNyaUlkSh2SDgTzRwF28HnWhqBPggCSsoTwh4poZ klYg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id k34si1114660qtb.61.2017.10.20.10.07.34; Fri, 20 Oct 2017 10:07:35 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 927FC61027; Fri, 20 Oct 2017 17:07:34 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id C894C6101A; Fri, 20 Oct 2017 17:01:17 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 5C2D96101B; Fri, 20 Oct 2017 17:01:11 +0000 (UTC) Received: from forward106p.mail.yandex.net (forward106p.mail.yandex.net [77.88.28.109]) by lists.linaro.org (Postfix) with ESMTPS id 854B761000 for ; Fri, 20 Oct 2017 17:00:23 +0000 (UTC) Received: from mxback3g.mail.yandex.net (mxback3g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:164]) by forward106p.mail.yandex.net (Yandex) with ESMTP id A65672D83209 for ; Fri, 20 Oct 2017 20:00:21 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback3g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 96z4yB5jmY-0LjWhq21; Fri, 20 Oct 2017 20:00:21 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id PUWZGflejI-0LmiCvkY; Fri, 20 Oct 2017 20:00:21 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Fri, 20 Oct 2017 20:00:07 +0300 Message-Id: <1508518809-27877-10-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1508518809-27877-1-git-send-email-odpbot@yandex.ru> References: <1508518809-27877-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v2 9/11] linux-gen: classification: split cls_pkt_get_queue() function X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Separate function returning destination queue from cos_t instance. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: e3108af2f0b58c2ceca422b418439bba5de04b11 ** Merge commit sha: 1ac4107a19a46e35c46e3a96416279c6ef0a33d1 **/ .../include/odp_classification_internal.h | 7 +++++ platform/linux-generic/odp_classification.c | 34 ++++++++++++++++------ 2 files changed, 32 insertions(+), 9 deletions(-) diff --git a/platform/linux-generic/include/odp_classification_internal.h b/platform/linux-generic/include/odp_classification_internal.h index 8882a7177..4cadb9bdb 100644 --- a/platform/linux-generic/include/odp_classification_internal.h +++ b/platform/linux-generic/include/odp_classification_internal.h @@ -42,6 +42,13 @@ int cls_classify_packet(pktio_entry_t *entry, const uint8_t *base, odp_packet_hdr_t *pkt_hdr); /** + * @internal + * Select packet destination queue basing on provided cos entry + */ +odp_queue_t cls_pkt_get_queue(odp_packet_hdr_t *pkt_hdr, cos_t *cos, + const uint8_t *base); + +/** Packet IO classifier init This function does initialization of classifier object associated with pktio. diff --git a/platform/linux-generic/odp_classification.c b/platform/linux-generic/odp_classification.c index 6ece74fca..317caefbf 100644 --- a/platform/linux-generic/odp_classification.c +++ b/platform/linux-generic/odp_classification.c @@ -961,8 +961,7 @@ int cls_classify_packet(pktio_entry_t *entry, const uint8_t *base, odp_packet_hdr_t *pkt_hdr) { cos_t *cos; - uint32_t tbl_index; - uint32_t hash; + odp_queue_t queue; packet_parse_reset(pkt_hdr); packet_set_len(pkt_hdr, pkt_len); @@ -979,20 +978,37 @@ int cls_classify_packet(pktio_entry_t *entry, const uint8_t *base, return -EFAULT; *pool = cos->s.pool; + pkt_hdr->p.input_flags.dst_queue = 1; - if (!cos->s.queue_group) { - pkt_hdr->dst_queue = queue_fn->from_ext(cos->s.queue); - return 0; - } + queue = cls_pkt_get_queue(pkt_hdr, cos, base); + pkt_hdr->dst_queue = queue_fn->from_ext(queue); + + return 0; +} + +/** + * Set packet destination queue basing on the cos + * + * @param cos + * @param pkt_hdr Packet header + * @param base Packet data + */ +odp_queue_t cls_pkt_get_queue(odp_packet_hdr_t *pkt_hdr, cos_t *cos, + const uint8_t *base) +{ + uint32_t tbl_index; + uint32_t hash; + + if (!cos->s.queue_group) + return cos->s.queue; hash = packet_rss_hash(pkt_hdr, cos->s.hash_proto, base); /* CLS_COS_QUEUE_MAX is a power of 2 */ hash = hash & (CLS_COS_QUEUE_MAX - 1); tbl_index = (cos->s.index * CLS_COS_QUEUE_MAX) + hash; - pkt_hdr->dst_queue = queue_fn->from_ext(queue_grp_tbl-> - s.queue[tbl_index]); - return 0; + + return queue_grp_tbl->s.queue[tbl_index]; } static uint32_t packet_rss_hash(odp_packet_hdr_t *pkt_hdr, From patchwork Fri Oct 20 17:00:08 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 116527 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1915595qgn; Fri, 20 Oct 2017 10:08:54 -0700 (PDT) X-Google-Smtp-Source: ABhQp+Q/f6AaK2kI0wgeKQbQaxaJ1goqXK/8lZ0PEP3FaSnip5kklZTuUgsZ8dnLbhdw9eGx8ijZ X-Received: by 10.200.56.193 with SMTP id g1mr8478700qtc.67.1508519334497; Fri, 20 Oct 2017 10:08:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1508519334; cv=none; d=google.com; s=arc-20160816; b=sW1t6k2a4nCtLJosrLq5QINHkurI8eiDMw5ayTQxMRFjZKZbjoAyWPQgTZ/UHDE/9p vLyacNzOkOP9pLZfiTJSm8zmYmiFMpGqZTm4prkN3Fkb3y2PHWV4UvS9CX00n4SRdFgM /ufN7OilPIUEF/VG4BiNv/4kKpjqzzvkKsgAdD7JV4Tis1cjucdl1Uz50d7+SLdF/470 9u6VJZSLphXi6oJmiNoaeTJH/a1uAY8iP9xEtPKC6Lv3/HJnqgJf6iFN7sjEW/j6xK4t ZEdE7XO4Rw2mIEgM72fOrqhFHylEpkkjPxDwEIkFvt4NC94h7q/WlzGwYmUtDJ1loREI uGmA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=plXt7A2yj+oEgItYJj6FDuKQW61kpGL7JhTRvyhPCyA=; b=qvD4NjPsjsduJhRxzw6L9pSIJowgiq8xhiya03b6QsMqjT8CSq7vKnf/GmxG6Mkxt1 wjXuNIWp6NjIstnAlqhvq1BWg1tBSN/u9soXgE8upFjD6Ch3jkOpS/gDoODGV/PctGd9 FlLUxsuzllnqO+WsuP0VMOvW4bHuUEf+692QsDgirfC/kvMsXp/u1njPDBmSPpzDGKoF /Hxq0bkBVIyHRHX9VtEDya9UVISKbnROARAUrjEcMaGVmQz/CAli9svSJiWpH7v3ovNC 5Qr8BDc/hwVxvPRjzV3bMTWY4IdJc2AbqTGJJLdmA7g80EiezdaH+3OfNgZjtvpTEvC3 lM/Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id x14si252794qta.457.2017.10.20.10.08.54; Fri, 20 Oct 2017 10:08:54 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 358F061046; Fri, 20 Oct 2017 17:08:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 6CEAC610AA; Fri, 20 Oct 2017 17:01:30 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 180096101A; Fri, 20 Oct 2017 17:01:13 +0000 (UTC) Received: from forward100p.mail.yandex.net (forward100p.mail.yandex.net [77.88.28.100]) by lists.linaro.org (Postfix) with ESMTPS id 501E161014 for ; Fri, 20 Oct 2017 17:00:24 +0000 (UTC) Received: from mxback10o.mail.yandex.net (mxback10o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::24]) by forward100p.mail.yandex.net (Yandex) with ESMTP id 5FE1A5102E99 for ; Fri, 20 Oct 2017 20:00:22 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback10o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id Qo2xwe12ci-0Mc4D042; Fri, 20 Oct 2017 20:00:22 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id PUWZGflejI-0Lmi9JtE; Fri, 20 Oct 2017 20:00:21 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Fri, 20 Oct 2017 20:00:08 +0300 Message-Id: <1508518809-27877-11-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1508518809-27877-1-git-send-email-odpbot@yandex.ru> References: <1508518809-27877-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v2 10/11] linux-gen: ipsec: support pipelining to cos_t X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: e3108af2f0b58c2ceca422b418439bba5de04b11 ** Merge commit sha: 1ac4107a19a46e35c46e3a96416279c6ef0a33d1 **/ .../include/odp_classification_datamodel.h | 2 -- .../linux-generic/include/odp_ipsec_internal.h | 7 ++++ platform/linux-generic/odp_ipsec.c | 37 ++++++++++++++++++++-- platform/linux-generic/odp_ipsec_sad.c | 16 +++++++++- 4 files changed, 57 insertions(+), 5 deletions(-) diff --git a/platform/linux-generic/include/odp_classification_datamodel.h b/platform/linux-generic/include/odp_classification_datamodel.h index a40541986..25c488497 100644 --- a/platform/linux-generic/include/odp_classification_datamodel.h +++ b/platform/linux-generic/include/odp_classification_datamodel.h @@ -22,8 +22,6 @@ extern "C" { #include #include #include -#include -#include #include #include diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index 0a7f96256..81ecec08e 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -23,6 +23,7 @@ extern "C" { #include #include #include +#include /** @ingroup odp_ipsec * @{ @@ -141,6 +142,7 @@ struct ipsec_sa_s { odp_ipsec_lookup_mode_t lookup_mode; odp_u32be_t lookup_dst_ip; odp_atomic_u64_t antireplay; + cos_t *cos; } in; struct { @@ -229,6 +231,11 @@ int _odp_ipsec_sa_replay_update(ipsec_sa_t *ipsec_sa, uint32_t seq, int _odp_ipsec_try_inline(odp_packet_t pkt); /** + * Returns ODP IPsec configuration + */ +const odp_ipsec_config_t *_odp_ipsec_config_get(void); + +/** * @} */ diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 5bb8330cb..74a1c5766 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -13,6 +13,7 @@ #include #include #include +#include #include #include @@ -30,6 +31,7 @@ int odp_ipsec_capability(odp_ipsec_capability_t *capa) int rc; odp_crypto_capability_t crypto_capa; odp_queue_capability_t queue_capa; + odp_cls_capability_t cls_capa; memset(capa, 0, sizeof(odp_ipsec_capability_t)); @@ -39,6 +41,7 @@ int odp_ipsec_capability(odp_ipsec_capability_t *capa) capa->op_mode_inline_out = ODP_SUPPORT_PREFERRED; capa->proto_ah = ODP_SUPPORT_YES; + capa->pipeline_cls = ODP_SUPPORT_YES; capa->max_num_sa = ODP_CONFIG_IPSEC_SAS; @@ -57,6 +60,12 @@ int odp_ipsec_capability(odp_ipsec_capability_t *capa) capa->max_queues = queue_capa.max_queues; + rc = odp_cls_capability(&cls_capa); + if (rc < 0) + return rc; + + capa->max_cls_cos = cls_capa.max_cos; + return 0; } @@ -95,6 +104,11 @@ int odp_ipsec_config(const odp_ipsec_config_t *config) return 0; } +const odp_ipsec_config_t *_odp_ipsec_config_get(void) +{ + return &ipsec_config; +} + static odp_ipsec_packet_result_t *ipsec_pkt_result(odp_packet_t packet) { ODP_ASSERT(ODP_EVENT_PACKET_IPSEC == @@ -1060,7 +1074,16 @@ int odp_ipsec_in_enq(const odp_packet_t pkt_in[], int num_in, result->status = status; if (NULL != ipsec_sa) { result->sa = ipsec_sa->ipsec_sa_hdl; - queue = ipsec_sa->queue; + if (ipsec_sa->in.cos && !status.error.all) { + odp_packet_hdr_t *pkt_hdr = odp_packet_hdr(pkt); + const uint8_t *base = odp_packet_data(pkt); + + queue = cls_pkt_get_queue(pkt_hdr, + ipsec_sa->in.cos, + base); + } else { + queue = ipsec_sa->queue; + } } else { result->sa = ODP_IPSEC_SA_INVALID; queue = ipsec_config.inbound.default_queue; @@ -1143,6 +1166,7 @@ int _odp_ipsec_try_inline(odp_packet_t pkt) ipsec_sa_t *ipsec_sa; odp_ipsec_packet_result_t *result; odp_packet_hdr_t *pkt_hdr; + odp_queue_t queue; memset(&status, 0, sizeof(status)); @@ -1160,10 +1184,19 @@ int _odp_ipsec_try_inline(odp_packet_t pkt) memset(result, 0, sizeof(*result)); result->status = status; result->sa = ipsec_sa->ipsec_sa_hdl; + result->flag.inline_mode = 1; pkt_hdr = odp_packet_hdr(pkt); pkt_hdr->p.input_flags.dst_queue = 1; - pkt_hdr->dst_queue = queue_fn->from_ext(ipsec_sa->queue); + if (ipsec_sa->in.cos && !status.error.all) { + odp_packet_hdr_t *pkt_hdr = odp_packet_hdr(pkt); + const uint8_t *base = odp_packet_data(pkt); + + queue = cls_pkt_get_queue(pkt_hdr, ipsec_sa->in.cos, base); + } else { + queue = ipsec_sa->queue; + } + pkt_hdr->dst_queue = queue_fn->from_ext(queue); /* Last thing */ _odp_ipsec_sa_unuse(ipsec_sa); diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index e010cfaa3..6a17a9172 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -13,6 +13,7 @@ #include #include +#include #include @@ -216,9 +217,22 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) sizeof(ipsec_sa->in.lookup_dst_ip)); if (param->inbound.antireplay_ws > IPSEC_ANTIREPLAY_WS) - return ODP_IPSEC_SA_INVALID; + goto error; ipsec_sa->antireplay = (param->inbound.antireplay_ws != 0); odp_atomic_init_u64(&ipsec_sa->in.antireplay, 0); + + if (ODP_IPSEC_PIPELINE_CLS == param->inbound.pipeline) { + if (ODP_IPSEC_OP_MODE_SYNC == + _odp_ipsec_config_get()->inbound_mode) + goto error; + + ipsec_sa->in.cos = + _odp_cos_get_entry(param->inbound.dest_cos); + if (NULL == ipsec_sa->in.cos) + goto error; + } else { + ipsec_sa->in.cos = NULL; + } } else { odp_atomic_store_u32(&ipsec_sa->out.seq, 1); } From patchwork Fri Oct 20 17:00:09 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 116528 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1916387qgn; Fri, 20 Oct 2017 10:09:38 -0700 (PDT) X-Google-Smtp-Source: ABhQp+QOW3xvK5IY9BENBhMp0niBijF2c+uo3Wzc/vocYo1xuO2b8kvaeu2sLihDqhFOT91Grq2v X-Received: by 10.55.70.67 with SMTP id t64mr8090622qka.103.1508519378590; Fri, 20 Oct 2017 10:09:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1508519378; cv=none; d=google.com; s=arc-20160816; b=Hh52MCa9hlmE9L4I1HC4tE1AiitTsTh4nqh++uJCWCZnK6rrRV4kJR99qXFbW72hqS 0xB2egQKmwVR/uYsJux1yaH7fjsx7Bb7ZjMDDEZB8pwcqdk75oH2zbF2iNzaQUW7QyPd nlPGGx4ClQJTBF+b4XJfqOgXkojelplSaibpgerRyl9R9hmn6VqjTwc2oVpfWQvGHg1Z us/zaLag7PrWDBL76L8TgSEPMjASs8SgxAntKC2gQEaXbotlwdfRSncs8360Sz0bnEOr J8LOEUGj35BlN58lNtJV7A9U/kab0Mpzn6WDbTPLDTZrgvJvoZXFSOcCGvNf4SC9QQRp DtzQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=V0aoiGkcSLKEgjEFx4T0NBWCB5DPkg1vQnl1k6uuy0M=; b=wk4QhtN+UFfZEGxJ2/A0Cnr2DT5zJUox800/0uHy9QXVlF4bjrhZZbLYPQtINAKAF1 QLyPxu4I334CnzfdPLxyDFyn99bpdpBwkToY0+B6YCxVArLMZvGI7+n7pcaUNP6e368H 8RbnAWL/J1OyqSBYI4SaS8IpiWnW8TENDY4/E6H+1nMRaKeuMOO75VCjtKIctl48Qrdz 6SbSyTSp85GzM0nKQ73sHJ21OMRS0MmuChx+0lTUhkwAZU0+yS+AKC4vn75Xzhm/F8oZ 7/t8hDassZvU4NTTfXkgXLnOR0xDUwub7FRiFXwRQVNOie2m+DZZ0v6wVdbn87NbPsYm OzNg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id w45si1130847qta.387.2017.10.20.10.09.38; Fri, 20 Oct 2017 10:09:38 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 1CF9661049; Fri, 20 Oct 2017 17:09:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id DD064610B9; Fri, 20 Oct 2017 17:01:34 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 21A0B61006; Fri, 20 Oct 2017 17:01:13 +0000 (UTC) Received: from forward104p.mail.yandex.net (forward104p.mail.yandex.net [77.88.28.107]) by lists.linaro.org (Postfix) with ESMTPS id 499A661006 for ; Fri, 20 Oct 2017 17:00:24 +0000 (UTC) Received: from mxback10o.mail.yandex.net (mxback10o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::24]) by forward104p.mail.yandex.net (Yandex) with ESMTP id 0BA59185E2E for ; Fri, 20 Oct 2017 20:00:23 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback10o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id M1BUKXwvBV-0McSQT0H; Fri, 20 Oct 2017 20:00:22 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id PUWZGflejI-0Mm8Wlqi; Fri, 20 Oct 2017 20:00:22 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Fri, 20 Oct 2017 20:00:09 +0300 Message-Id: <1508518809-27877-12-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1508518809-27877-1-git-send-email-odpbot@yandex.ru> References: <1508518809-27877-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v2 11/11] validation: ipsec: add support for PIPELINE_CLS testing X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: e3108af2f0b58c2ceca422b418439bba5de04b11 ** Merge commit sha: 1ac4107a19a46e35c46e3a96416279c6ef0a33d1 **/ test/common_plat/validation/api/ipsec/ipsec.c | 165 +++++++++++++++++++-- test/common_plat/validation/api/ipsec/ipsec.h | 3 + .../common_plat/validation/api/ipsec/ipsec_async.c | 1 + .../validation/api/ipsec/ipsec_inline_in.c | 1 + 4 files changed, 159 insertions(+), 11 deletions(-) diff --git a/test/common_plat/validation/api/ipsec/ipsec.c b/test/common_plat/validation/api/ipsec/ipsec.c index 853bd88a9..5883f23e2 100644 --- a/test/common_plat/validation/api/ipsec/ipsec.c +++ b/test/common_plat/validation/api/ipsec/ipsec.c @@ -117,6 +117,35 @@ static void pktio_stop(odp_pktio_t pktio) } } +static odp_cos_t ipsec_cos_create(void) +{ + odp_cls_cos_param_t param; + odp_cos_t cos; + + odp_cls_cos_param_init(¶m); + param.pool = suite_context.pool; + param.num_queue = 1; + param.queue = odp_queue_create("ipsec-cos-queue", NULL); + + if (ODP_QUEUE_INVALID == param.queue) + return ODP_COS_INVALID; + + cos = odp_cls_cos_create("ipsec-cos", ¶m); + if (ODP_COS_INVALID != cos) + suite_context.cos_queue = odp_cos_queue(cos); + + return cos; +} + +static void ipsec_cos_destroy(void) +{ + odp_queue_t queue = odp_cos_queue(suite_context.cos); + + suite_context.cos_queue = ODP_QUEUE_INVALID; + odp_cos_destroy(suite_context.cos); + odp_queue_destroy(queue); +} + #define MAX_ALG_CAPA 32 int ipsec_check(odp_bool_t ah, @@ -147,6 +176,11 @@ int ipsec_check(odp_bool_t ah, ODP_SUPPORT_NO == capa.op_mode_inline_out)) return ODP_TEST_INACTIVE; + if (ODP_COS_INVALID != suite_context.cos && + (capa.pipeline_cls == ODP_SUPPORT_NO || + capa.max_cls_cos < 1)) + return ODP_TEST_INACTIVE; + if (ah && (ODP_SUPPORT_NO == capa.proto_ah)) return ODP_TEST_INACTIVE; @@ -288,6 +322,11 @@ void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param, if (in) param->inbound.lookup_mode = ODP_IPSEC_LOOKUP_SPI; + if (in && (ODP_COS_INVALID != suite_context.cos)) { + param->inbound.pipeline = ODP_IPSEC_PIPELINE_CLS; + param->inbound.dest_cos = suite_context.cos; + } + param->proto = ah ? ODP_IPSEC_AH : ODP_IPSEC_ESP; @@ -438,23 +477,53 @@ static int ipsec_send_in_one(const ipsec_test_part *part, pkto, &num_out, ¶m)); CU_ASSERT_EQUAL(num_out, part->out_pkt); - } else if (ODP_IPSEC_OP_MODE_ASYNC == suite_context.inbound_op_mode) { + } else if (ODP_IPSEC_OP_MODE_ASYNC == suite_context.inbound_op_mode && + ODP_QUEUE_INVALID == suite_context.cos_queue) { CU_ASSERT_EQUAL(1, odp_ipsec_in_enq(&pkt, 1, ¶m)); - for (i = 0; i < num_out; i++) { - odp_event_t event; + for (i = 0; i < num_out;) { + odp_event_t ev; odp_event_subtype_t subtype; - do { - event = odp_queue_deq(suite_context.queue); - } while (event == ODP_EVENT_INVALID); + ev = odp_queue_deq(suite_context.queue); + if (ODP_EVENT_INVALID != ev) { + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(ev, &subtype)); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, + subtype); + pkto[i++] = odp_ipsec_packet_from_event(ev); + } + } + } else if (ODP_IPSEC_OP_MODE_ASYNC == suite_context.inbound_op_mode && + ODP_QUEUE_INVALID != suite_context.cos_queue) { + CU_ASSERT_EQUAL(1, odp_ipsec_in_enq(&pkt, 1, ¶m)); - CU_ASSERT_EQUAL(ODP_EVENT_PACKET, - odp_event_types(event, &subtype)); - CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, subtype); - pkto[i] = odp_ipsec_packet_from_event(event); + for (i = 0; i < num_out;) { + odp_event_t ev; + odp_event_subtype_t subtype; + + ev = odp_queue_deq(suite_context.queue); + if (ODP_EVENT_INVALID != ev) { + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(ev, &subtype)); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, + subtype); + CU_ASSERT(part->out[i].status.error.all); + pkto[i++] = odp_ipsec_packet_from_event(ev); + } + + ev = odp_queue_deq(suite_context.cos_queue); + if (ODP_EVENT_INVALID != ev) { + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(ev, &subtype)); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, + subtype); + CU_ASSERT(!part->out[i].status.error.all); + pkto[i++] = odp_ipsec_packet_from_event(ev); + } } - } else { + } else if (ODP_IPSEC_OP_MODE_INLINE == suite_context.inbound_op_mode && + ODP_QUEUE_INVALID == suite_context.cos_queue) { odp_queue_t queue; odp_pktout_queue_t pktout; @@ -495,6 +564,63 @@ static int ipsec_send_in_one(const ipsec_test_part *part, continue; } } + } else if (ODP_IPSEC_OP_MODE_INLINE == suite_context.inbound_op_mode && + ODP_QUEUE_INVALID != suite_context.cos_queue) { + odp_queue_t queue; + odp_pktout_queue_t pktout; + + CU_ASSERT_EQUAL_FATAL(1, odp_pktout_queue(suite_context.pktio, + &pktout, 1)); + + CU_ASSERT_EQUAL(1, odp_pktout_send(pktout, &pkt, 1)); + CU_ASSERT_EQUAL_FATAL(1, + odp_pktin_event_queue(suite_context. + pktio, + &queue, 1)); + + for (i = 0; i < num_out;) { + odp_event_t ev; + odp_event_subtype_t subtype; + + ev = odp_queue_deq(suite_context.cos_queue); + if (ODP_EVENT_INVALID != ev) { + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(ev, &subtype)); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, + subtype); + CU_ASSERT(!part->out[i].status.error.all); + + pkto[i++] = odp_ipsec_packet_from_event(ev); + continue; + } + + ev = odp_queue_deq(queue); + if (ODP_EVENT_INVALID != ev) { + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(ev, &subtype)); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_BASIC, + subtype); + CU_ASSERT(part->out[i].status.error.sa_lookup); + + pkto[i++] = odp_ipsec_packet_from_event(ev); + continue; + } + + ev = odp_queue_deq(suite_context.queue); + if (ODP_EVENT_INVALID != ev) { + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(ev, &subtype)); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, + subtype); + CU_ASSERT(!part->out[i].status.error.sa_lookup); + CU_ASSERT(part->out[i].status.error.all); + + pkto[i++] = odp_ipsec_packet_from_event(ev); + continue; + } + } + } else { + CU_FAIL("Unsupported configuration!\n"); } return num_out; @@ -724,14 +850,31 @@ int ipsec_suite_init(void) if (rc == 0) suite_context.pktio = ODP_PKTIO_INVALID; + suite_context.cos = ODP_COS_INVALID; + return rc < 0 ? -1 : 0; } +int ipsec_suite_cos_init(void) +{ + int ret = ipsec_suite_init(); + + if (ret < 0) + return ret; + + suite_context.cos = ipsec_cos_create(); + + return 0; +} + static int ipsec_suite_term(odp_testinfo_t *suite) { int i; int first = 1; + if (suite_context.cos != ODP_COS_INVALID) + ipsec_cos_destroy(); + if (suite_context.pktio != ODP_PKTIO_INVALID) pktio_stop(suite_context.pktio); diff --git a/test/common_plat/validation/api/ipsec/ipsec.h b/test/common_plat/validation/api/ipsec/ipsec.h index d1c6854b7..472179f91 100644 --- a/test/common_plat/validation/api/ipsec/ipsec.h +++ b/test/common_plat/validation/api/ipsec/ipsec.h @@ -21,6 +21,7 @@ int ipsec_in_inline_init(void); int ipsec_out_inline_init(void); int ipsec_suite_init(void); +int ipsec_suite_cos_init(void); int ipsec_in_term(void); int ipsec_out_term(void); @@ -30,6 +31,8 @@ struct suite_context_s { odp_pool_t pool; odp_queue_t queue; odp_pktio_t pktio; + odp_cos_t cos; + odp_queue_t cos_queue; }; extern struct suite_context_s suite_context; diff --git a/test/common_plat/validation/api/ipsec/ipsec_async.c b/test/common_plat/validation/api/ipsec/ipsec_async.c index 796879230..f5d384392 100644 --- a/test/common_plat/validation/api/ipsec/ipsec_async.c +++ b/test/common_plat/validation/api/ipsec/ipsec_async.c @@ -32,6 +32,7 @@ static int ipsec_async_init(odp_instance_t *inst) odp_suiteinfo_t ipsec_suites[] = { {"IPsec-in", ipsec_suite_init, ipsec_in_term, ipsec_in_suite}, + {"IPsec-cos-in", ipsec_suite_cos_init, ipsec_in_term, ipsec_in_suite}, {"IPsec-out", ipsec_suite_init, ipsec_out_term, ipsec_out_suite}, ODP_SUITE_INFO_NULL, }; diff --git a/test/common_plat/validation/api/ipsec/ipsec_inline_in.c b/test/common_plat/validation/api/ipsec/ipsec_inline_in.c index 2a595353d..c2f6411f0 100644 --- a/test/common_plat/validation/api/ipsec/ipsec_inline_in.c +++ b/test/common_plat/validation/api/ipsec/ipsec_inline_in.c @@ -34,6 +34,7 @@ static int ipsec_sync_init(odp_instance_t *inst) odp_suiteinfo_t ipsec_suites[] = { {"IPsec-in", ipsec_suite_init, ipsec_in_term, ipsec_in_suite}, + {"IPsec-cos-in", ipsec_suite_cos_init, ipsec_in_term, ipsec_in_suite}, ODP_SUITE_INFO_NULL, };