From patchwork Sun Nov 12 12:00:06 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118646 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp682905qgn; Sun, 12 Nov 2017 04:10:23 -0800 (PST) X-Google-Smtp-Source: AGs4zMbtQCVGUUGA6oWATYNFeoIbg+HemankI9GqxAL2hfGdvOYHjaSQEcMyF5Rc4deTx8Nw5emn X-Received: by 10.55.201.11 with SMTP id q11mr8768967qki.303.1510488623156; Sun, 12 Nov 2017 04:10:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510488623; cv=none; d=google.com; s=arc-20160816; b=Q5Zx2TkoDERPlEEGD0VVhzAgJDoCsUfBrh39PRQ8O92Q96Y+tY7cmTQknvCGOwaB0V ee+vrwYoS3D6pdXFatoe19z5+gqN7Feo6omHWVckSTJNOMYaZqLyR3E10uEl56z1M5EB EGmFzr9yV+2CHDyduTukTfx4+HPFOjFCDHIWQEIM6wO8xRAhI3jJvZDkEGAQ2IAj0D4m X6flxU9QYJfgmVV1jhZMuZtPKU0GRQFvgmhULu5+qPrvTWiVscyrTjxnNS52S1iOqBBh GHthYPeJWRS9ZSubX4cIgU4DhKZwjfHZ/vmVrcIqQ8h+UvwyoKP5DzBXpLpLkZmFf/+B kbUA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=ExioOPebjy+sy7kcr7M4hFy1phaFubxS++C3lfFhA20=; b=HMYRyTX2xyAzh/8grgulZ618a4yCnpeygfJNtxmYdKMyy7LXy8q3SwI1VOne7iFbRv v8NUOmv5TEi30ZOrxOUKsXwP9FvfqHvg/1BgFwR5teBzQfb5AXeR2Oteixdjy4l0NV83 tZbc//ASvAGvLrGbmVAxOa6ezFIVe4VC1ZYvzcYNjy11Sfyk4Mm4tj0THCK5QW09/iBD QqDy6Wk9ohHu8/1UhOAWukklhSqg9FdkKcEhYrViWnl7BZtyHuj2gIdneBh7nNYugoPy InG0QUSrYQkLcQ9p4SR/H4t0dL8CEDcUnPuql8JKDECyxCioR7IbQPb+nnSRQj3+DRFH V9Bg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id s189si3743428qkh.289.2017.11.12.04.10.22; Sun, 12 Nov 2017 04:10:23 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id B795B60630; Sun, 12 Nov 2017 12:10:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id DB36A606A0; Sun, 12 Nov 2017 12:01:49 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id D03806069B; Sun, 12 Nov 2017 12:01:03 +0000 (UTC) Received: from forward105j.mail.yandex.net (forward105j.mail.yandex.net [5.45.198.248]) by lists.linaro.org (Postfix) with ESMTPS id 1D5D460A54 for ; Sun, 12 Nov 2017 12:00:26 +0000 (UTC) Received: from mxback5j.mail.yandex.net (mxback5j.mail.yandex.net [IPv6:2a02:6b8:0:1619::10e]) by forward105j.mail.yandex.net (Yandex) with ESMTP id A0C1B18235D for ; Sun, 12 Nov 2017 15:00:24 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback5j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id wSAE4cH10K-0OYuSqdk; Sun, 12 Nov 2017 15:00:24 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3w91frotLT-0Ov0NTgE; Sun, 12 Nov 2017 15:00:24 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 15:00:06 +0300 Message-Id: <1510488023-21204-2-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> References: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v12 1/18] linux-gen: ipsec: use counter instead of random IV for GCM X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Reusing IV block with GCM results in disastrous consequences. Use counter instead of random-generated IV to remove possibility for IV reuse. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: e8722a0cdda227e01e7d308573aec08112d3c5b0 **/ .../linux-generic/include/odp_ipsec_internal.h | 16 ++++++++++--- platform/linux-generic/odp_ipsec.c | 28 +++++++++++++++------- platform/linux-generic/odp_ipsec_sad.c | 9 +++++++ 3 files changed, 42 insertions(+), 11 deletions(-) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index 1340ca7bd..afc2f686e 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -118,9 +118,17 @@ struct ipsec_sa_s { uint8_t salt[IPSEC_MAX_SALT_LEN]; uint32_t salt_length; - unsigned dec_ttl : 1; - unsigned copy_dscp : 1; - unsigned copy_df : 1; + union { + unsigned flags; + struct { + unsigned dec_ttl : 1; + unsigned copy_dscp : 1; + unsigned copy_df : 1; + + /* Only for outbound */ + unsigned use_counter_iv : 1; + }; + }; union { struct { @@ -136,6 +144,8 @@ struct ipsec_sa_s { odp_atomic_u32_t tun_hdr_id; odp_atomic_u32_t seq; + odp_atomic_u64_t counter; /* for CTR/GCM */ + uint8_t tun_ttl; uint8_t tun_dscp; uint8_t tun_df; diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index e57736c2a..6a731e999 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -676,23 +676,36 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, ip_data_len + ipsec_sa->icv_len; - if (ipsec_sa->esp_iv_len) { + if (ipsec_sa->use_counter_iv) { + uint64_t ctr; + + /* Both GCM and CTR use 8-bit counters */ + ODP_ASSERT(sizeof(ctr) == ipsec_sa->esp_iv_len); + + ctr = odp_atomic_fetch_add_u64(&ipsec_sa->out.counter, + 1); + /* Check for overrun */ + if (ctr == 0) + goto out; + + memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); + memcpy(iv + ipsec_sa->salt_length, &ctr, + ipsec_sa->esp_iv_len); + + } else if (ipsec_sa->esp_iv_len) { uint32_t len; - len = odp_random_data(iv + ipsec_sa->salt_length, - ipsec_sa->esp_iv_len, + len = odp_random_data(iv, ipsec_sa->esp_iv_len, ODP_RANDOM_CRYPTO); if (len != ipsec_sa->esp_iv_len) { status->error.alg = 1; goto out; } - - memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); - - param.override_iv_ptr = iv; } + param.override_iv_ptr = iv; + if (odp_packet_extend_tail(&pkt, trl_len, NULL, NULL) < 0) { status->error.alg = 1; goto out; @@ -734,7 +747,6 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, odp_packet_copy_from_mem(pkt, ipsec_offset, _ODP_ESPHDR_LEN, &esp); - memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); odp_packet_copy_from_mem(pkt, ipsec_offset + _ODP_ESPHDR_LEN, ipsec_sa->esp_iv_len, diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index f0b5b9e4a..dc338bfcd 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -207,6 +207,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->context = param->context; ipsec_sa->queue = param->dest_queue; ipsec_sa->mode = param->mode; + ipsec_sa->flags = 0; if (ODP_IPSEC_DIR_INBOUND == param->dir) { ipsec_sa->in.lookup_mode = param->inbound.lookup_mode; if (ODP_IPSEC_LOOKUP_DSTADDR_SPI == ipsec_sa->in.lookup_mode) @@ -298,11 +299,13 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) case ODP_CIPHER_ALG_NULL: ipsec_sa->esp_iv_len = 0; ipsec_sa->esp_block_len = 1; + crypto_param.iv.length = 0; break; case ODP_CIPHER_ALG_DES: case ODP_CIPHER_ALG_3DES_CBC: ipsec_sa->esp_iv_len = 8; ipsec_sa->esp_block_len = 8; + crypto_param.iv.length = 8; break; #if ODP_DEPRECATED_API case ODP_CIPHER_ALG_AES128_CBC: @@ -310,11 +313,13 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) case ODP_CIPHER_ALG_AES_CBC: ipsec_sa->esp_iv_len = 16; ipsec_sa->esp_block_len = 16; + crypto_param.iv.length = 16; break; #if ODP_DEPRECATED_API case ODP_CIPHER_ALG_AES128_GCM: #endif case ODP_CIPHER_ALG_AES_GCM: + ipsec_sa->use_counter_iv = 1; ipsec_sa->esp_iv_len = 8; ipsec_sa->esp_block_len = 16; crypto_param.iv.length = 12; @@ -323,6 +328,10 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) return ODP_IPSEC_SA_INVALID; } + if (1 == ipsec_sa->use_counter_iv && + ODP_IPSEC_DIR_OUTBOUND == param->dir) + odp_atomic_init_u64(&ipsec_sa->out.counter, 1); + crypto_param.auth_digest_len = ipsec_sa->icv_len; if (param->crypto.cipher_key_extra.length) { From patchwork Sun Nov 12 12:00:07 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118645 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp682440qgn; Sun, 12 Nov 2017 04:09:45 -0800 (PST) X-Google-Smtp-Source: AGs4zMboVtBHyWw+sNyAHotXwh1rHIEvtOYS25CXvUGOSWOeOorlDRW3LwVeeC95dZ9h5b8I9EE4 X-Received: by 10.200.38.118 with SMTP id v51mr9686620qtv.205.1510488585444; Sun, 12 Nov 2017 04:09:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510488585; cv=none; d=google.com; s=arc-20160816; b=SluDbI2Q0sjwuXz3rlRVKplCMtQfrqrr3X/1yKtRElR6+n7ZRllSfHzwOhzU+CTRZ3 H4H+BtokK9OEY2S8glkzp1/2vGrUqzawGkaH4VZ/MreHTB1kKoyALAqUhRc1pRrMVIOR 8rPozH3Un900NWQTT199pWgYhUq6aUwH46Fg6xJdCXj2w9Pp7axcrPb3u0iFZVdCTIP6 R8KA92c4RoBRo/l+TxfspGvSJOJ4GscWFkMFzPNn8odoEgZ8gh2Nd28zJLKpEZ3JS7UT TFaDKplcjn/qUK1wY0doN+AsRjzZtgTLOdagdMDWFfLEVkdc97zBVs31tiFXc7052AIX /qeQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=I7qfMdafWcM9u/ntqb+fEyUCvrzKIP1egn8r0ArcJlM=; b=Ylroh1HCvbIlGBhQxa88z1HnEkkQeSlXXax08KDDvWWE43LzehkXxixDjDck6Jo/FE Jin6yuh4A27kS2m421G3CgxkJo1+8PxGD0ArbBHl8rtLHqFFvrWHLMk9RN5HChb+MhOo GbLkw8ZhQxuL3UKxrEHAqMVDxfkrfH08kmoAZB6WjpdnTbI8pj7sfIr1yYqhwHuvz/ey ezjPS0290ypIFAC8buXwcpCnVJoT9l4z3z9XogmdxuI0SVCESnbBUZo2HR+SD+dmnnqv JMssylRRHmmdcFlFXKDQxNs7DXvj17gNicrMDIyccyR9HXOFXPekgYLJpxi80A6qLGO5 B6gw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id x8si4132235qkl.140.2017.11.12.04.09.45; Sun, 12 Nov 2017 04:09:45 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 1C41E60A35; Sun, 12 Nov 2017 12:09:45 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 89538609FD; Sun, 12 Nov 2017 12:01:46 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id EC10160A12; Sun, 12 Nov 2017 12:01:02 +0000 (UTC) Received: from forward103p.mail.yandex.net (forward103p.mail.yandex.net [77.88.28.106]) by lists.linaro.org (Postfix) with ESMTPS id 188D16069B for ; Sun, 12 Nov 2017 12:00:26 +0000 (UTC) Received: from mxback11g.mail.yandex.net (mxback11g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:90]) by forward103p.mail.yandex.net (Yandex) with ESMTP id 0C43A2188399 for ; Sun, 12 Nov 2017 15:00:25 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback11g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id XyWp6CjamP-0OLWqbFe; Sun, 12 Nov 2017 15:00:24 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3w91frotLT-0OvCKJeW; Sun, 12 Nov 2017 15:00:24 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 15:00:07 +0300 Message-Id: <1510488023-21204-3-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> References: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v12 2/18] validation: ipsec: drop unused file X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: e8722a0cdda227e01e7d308573aec08112d3c5b0 **/ test/validation/api/ipsec/ipsec_sync_in.c | 27 --------------------------- 1 file changed, 27 deletions(-) delete mode 100644 test/validation/api/ipsec/ipsec_sync_in.c diff --git a/test/validation/api/ipsec/ipsec_sync_in.c b/test/validation/api/ipsec/ipsec_sync_in.c deleted file mode 100644 index 8a7fc4680..000000000 --- a/test/validation/api/ipsec/ipsec_sync_in.c +++ /dev/null @@ -1,27 +0,0 @@ -/* Copyright (c) 2017, Linaro Limited - * All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - -#include "config.h" - -#include "ipsec.h" - -int main(int argc, char *argv[]) -{ - int ret; - - /* parse common options: */ - if (odp_cunit_parse_options(argc, argv)) - return -1; - - odp_cunit_register_global_init(ipsec_init); - odp_cunit_register_global_term(ipsec_term); - - ret = odp_cunit_register(ipsec_suites); - if (ret == 0) - ret = odp_cunit_run(); - - return ret; -} From patchwork Sun Nov 12 12:00:08 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118648 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp684209qgn; Sun, 12 Nov 2017 04:11:57 -0800 (PST) X-Google-Smtp-Source: AGs4zMaTrhetLXSOcv2ILIO10bNOQWY4U+7Zce8ETh2SwiDUhShAz3A7nWXQeH49gnfrWE2L54Kn X-Received: by 10.55.66.84 with SMTP id p81mr9706005qka.182.1510488717914; Sun, 12 Nov 2017 04:11:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510488717; cv=none; d=google.com; s=arc-20160816; b=yfZ4nUaGrNuK8TFBl6KHXFEt80vi/ucgE+pc6tA0WDUS2tPU5IRWdTI6Gri0HquQ0h 9FCbft04dcK+W3J/yU3+ZEI7NedIwVIJ/LVrFKucFrDB6ILGk0i7CzfJFPq0JbiPqM/P mvkNISVucaZ7WaGGc1lUo6KIvTEGfsmaX9bDBDM0QW1J4ThMeLhJQWTXRqPSMif7MNCe xffoN71xfBbNfzcJz20IjjXtixAG4/YTNs0k/h3WRfoeiZRMfXbm+o2VdChYqO4HpSY0 jaeuqhnLxV4It6+j0n2Dn+KMsQCpg83QCujWCp0nnZU1UyTg5y124xMvHss3ItGV5AAr lOGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=/mMlPpFeehosLhgY1p2+OBiFNOL7w9AECti7pJfAwXQ=; b=hcO67uu2ayjus/Xfpygzc7qXCBNbSwrv0bhk2IyrXRP8v47LMIdfpBfQA5px4BJ7Vx HCUxJ+kkSr92kJHgBQ435XSeIh9G7E8LCFWkiR3nZnYIU9Et2kEsfUa09lzBZSKTcXEe YjOmRGQdLGAAZyRTHvD0hIwRmpyJboF1GQwUTundQTd8mPl3+91eJothXArQjZiozwhW fK3DMDilVHYl9sHk3MgIZOAXdmSwYqgnmrC0BhVVIvMa7YWOCrKoLofj/hrVuZcG9nz+ tJ3G6/OFvUUaZ93yVYsx1k0ARz44n2SpHjWs7v4WT2r1ClaYAEiMBCpgG+0/OvZXwdMp LXTg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id e5si9555918qkf.27.2017.11.12.04.11.57; Sun, 12 Nov 2017 04:11:57 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 8B1AC6069B; Sun, 12 Nov 2017 12:11:57 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 7C42560BEF; Sun, 12 Nov 2017 12:01:56 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 885DE60A12; Sun, 12 Nov 2017 12:01:06 +0000 (UTC) Received: from forward105j.mail.yandex.net (forward105j.mail.yandex.net [5.45.198.248]) by lists.linaro.org (Postfix) with ESMTPS id 7678D60A56 for ; Sun, 12 Nov 2017 12:00:26 +0000 (UTC) Received: from mxback9j.mail.yandex.net (mxback9j.mail.yandex.net [IPv6:2a02:6b8:0:1619::112]) by forward105j.mail.yandex.net (Yandex) with ESMTP id 6A89F1859CC for ; Sun, 12 Nov 2017 15:00:25 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback9j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id n7LQbOzSU5-0PPea9ca; Sun, 12 Nov 2017 15:00:25 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3w91frotLT-0PvmSipR; Sun, 12 Nov 2017 15:00:25 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 15:00:08 +0300 Message-Id: <1510488023-21204-4-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> References: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v12 3/18] validation: ipsec: verify odp_ipsec_sa_context X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: e8722a0cdda227e01e7d308573aec08112d3c5b0 **/ test/validation/api/ipsec/ipsec.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c index a8fdf2b14..853bd88a9 100644 --- a/test/validation/api/ipsec/ipsec.c +++ b/test/validation/api/ipsec/ipsec.c @@ -19,6 +19,9 @@ struct suite_context_s suite_context; #define PKT_POOL_NUM 64 #define PKT_POOL_LEN (1 * 1024) +#define PACKET_USER_PTR ((void *)0x1212fefe) +#define IPSEC_SA_CTX ((void *)0xfefefafa) + static odp_pktio_t pktio_create(odp_pool_t pool) { odp_pktio_t pktio; @@ -300,6 +303,8 @@ void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param, param->dest_queue = suite_context.queue; + param->context = IPSEC_SA_CTX; + param->crypto.cipher_alg = cipher_alg; if (cipher_key) param->crypto.cipher_key = *cipher_key; @@ -317,6 +322,8 @@ void ipsec_sa_destroy(odp_ipsec_sa_t sa) odp_event_t event; odp_ipsec_status_t status; + CU_ASSERT_EQUAL(IPSEC_SA_CTX, odp_ipsec_sa_context(sa)); + CU_ASSERT_EQUAL(ODP_IPSEC_OK, odp_ipsec_sa_disable(sa)); if (ODP_QUEUE_INVALID != suite_context.queue) { @@ -339,8 +346,6 @@ void ipsec_sa_destroy(odp_ipsec_sa_t sa) CU_ASSERT_EQUAL(ODP_IPSEC_OK, odp_ipsec_sa_destroy(sa)); } -#define PACKET_USER_PTR ((void *)0x1212fefe) - odp_packet_t ipsec_packet(const ipsec_test_packet *itp) { odp_packet_t pkt = odp_packet_alloc(suite_context.pool, itp->len); @@ -608,7 +613,13 @@ void ipsec_check_in_one(const ipsec_test_part *part, odp_ipsec_sa_t sa) CU_ASSERT_EQUAL(0, odp_ipsec_result(&result, pkto[i])); CU_ASSERT_EQUAL(part->out[i].status.error.all, result.status.error.all); + CU_ASSERT_EQUAL(suite_context.inbound_op_mode == + ODP_IPSEC_OP_MODE_INLINE, + result.flag.inline_mode); CU_ASSERT_EQUAL(sa, result.sa); + if (ODP_IPSEC_SA_INVALID != sa) + CU_ASSERT_EQUAL(IPSEC_SA_CTX, + odp_ipsec_sa_context(sa)); } ipsec_check_packet(part->out[i].pkt_out, pkto[i]); @@ -642,6 +653,8 @@ void ipsec_check_out_one(const ipsec_test_part *part, odp_ipsec_sa_t sa) CU_ASSERT_EQUAL(part->out[i].status.error.all, result.status.error.all); CU_ASSERT_EQUAL(sa, result.sa); + CU_ASSERT_EQUAL(IPSEC_SA_CTX, + odp_ipsec_sa_context(sa)); } ipsec_check_packet(part->out[i].pkt_out, pkto[i]); @@ -679,6 +692,8 @@ void ipsec_check_out_in_one(const ipsec_test_part *part, CU_ASSERT_EQUAL(part->out[i].status.error.all, result.status.error.all); CU_ASSERT_EQUAL(sa, result.sa); + CU_ASSERT_EQUAL(IPSEC_SA_CTX, + odp_ipsec_sa_context(sa)); } CU_ASSERT_FATAL(odp_packet_len(pkto[i]) <= sizeof(pkt_in.data)); From patchwork Sun Nov 12 12:00:09 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118650 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp684785qgn; Sun, 12 Nov 2017 04:12:37 -0800 (PST) X-Google-Smtp-Source: AGs4zMatLXRaZ9nhsOb6FvJz3DT1ai20bboFv0XiYR+exKhaWet/h5d+uOS03qADzuCp7H4Jd66j X-Received: by 10.55.56.147 with SMTP id f141mr8416899qka.310.1510488756919; Sun, 12 Nov 2017 04:12:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510488756; cv=none; d=google.com; s=arc-20160816; b=eFwWhu+C9UXQt+zaq56O6GlXgjNgN/n8g073lmmien3FE+oWt+b4AubatNcfyTOIP5 BgVoA8FqmY67Bvd1AShs07Y/yYdcNlvpFRMtKNrQvD0mY9LRpTEuCDk9O9ZYcijvocwS vI+d8SeM25HcspYkNJ8GBy4S7myrhm0qN1+4A3MYRjIDzxg+ytGFix2aseQ7u3ufiiaS gv81ITBfFTsSHED2AXvUSJxuGJE28vHweZ/hnTJyaaCjWjlIWhWZmk5bzkADiTDSMdDq +uDisRU7Pu2O/V311mJaF++up3wGq5iWvTjkDxF3ngy2R/zydP0i9Z5mCVWTPcBA7fxB Uc2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=iQEkYW2Hb+mIRexmMIARRHCwWbj5EAdpxxPNbZKkGH0=; b=DSmBdSI1MxW/5ToRFmSZ0v7s9VuELs+ziERXjjsPWG0nFfm9TX2d2GAPun6RKDqtmD 4KF12569ACqujZcfJ93rOV1bRePr3b7ZhYxgL7B0fl1AXKreZX3Nl+jVeBhUyjOGAUcz qUU7wIf841+hTNepjV9raaOv+7NCWMrKT2cdovmfLOpBCOYBTFEFM3KfM/yv0/e+9pzf gAG15B8D4mUwmz9TkDvJa+urn2xrl4Xx770VE3z0TkHS4OYhC10Xm4f9V+BSDZzFg5S+ QrbuwzQrja61PXHOnxhhLABY8foH4HbsZCO7p5aiQ280qNMsE4cW3XYPG+cNIQs0589P deMw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id q29si117348qtb.192.2017.11.12.04.12.36; Sun, 12 Nov 2017 04:12:36 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 91C1560A81; Sun, 12 Nov 2017 12:12:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id EB83D60BFE; Sun, 12 Nov 2017 12:02:01 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 4634B609FD; Sun, 12 Nov 2017 12:01:46 +0000 (UTC) Received: from forward105o.mail.yandex.net (forward105o.mail.yandex.net [37.140.190.183]) by lists.linaro.org (Postfix) with ESMTPS id C5C5E60A81 for ; Sun, 12 Nov 2017 12:00:27 +0000 (UTC) Received: from mxback7o.mail.yandex.net (mxback7o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::21]) by forward105o.mail.yandex.net (Yandex) with ESMTP id 0ABCD4447C80 for ; Sun, 12 Nov 2017 15:00:26 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback7o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id zzcLSKHlkj-0PNKpQ2R; Sun, 12 Nov 2017 15:00:25 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3w91frotLT-0PvC6tH7; Sun, 12 Nov 2017 15:00:25 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 15:00:09 +0300 Message-Id: <1510488023-21204-5-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> References: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v12 4/18] linux-gen: ipsec: fix soft/hard limits check X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Split count expiration check into two phases: - optional precheck, run before crypto, which fails only if hard limit is already breached - update, run after crypto in INBOUND case, so that limits will not be updated for packets failing ICV check. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: e8722a0cdda227e01e7d308573aec08112d3c5b0 **/ .../linux-generic/include/odp_ipsec_internal.h | 10 +++++++++- platform/linux-generic/odp_ipsec.c | 12 +++++------ platform/linux-generic/odp_ipsec_sad.c | 23 +++++++++++++++++++++- 3 files changed, 37 insertions(+), 8 deletions(-) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index afc2f686e..68ab195c7 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -185,11 +185,19 @@ void _odp_ipsec_sa_unuse(ipsec_sa_t *ipsec_sa); ipsec_sa_t *_odp_ipsec_sa_lookup(const ipsec_sa_lookup_t *lookup); /** + * Run pre-check on SA usage statistics. + * + * @retval <0 if hard limits were breached + */ +int _odp_ipsec_sa_stats_precheck(ipsec_sa_t *ipsec_sa, + odp_ipsec_op_status_t *status); + +/** * Update SA usage statistics, filling respective status for the packet. * * @retval <0 if hard limits were breached */ -int _odp_ipsec_sa_update_stats(ipsec_sa_t *ipsec_sa, uint32_t len, +int _odp_ipsec_sa_stats_update(ipsec_sa_t *ipsec_sa, uint32_t len, odp_ipsec_op_status_t *status); /** diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 6a731e999..8810d73be 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -412,9 +412,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto out; } - if (_odp_ipsec_sa_update_stats(ipsec_sa, - stats_length, - status) < 0) + if (_odp_ipsec_sa_stats_precheck(ipsec_sa, status) < 0) goto out; param.session = ipsec_sa->session; @@ -449,6 +447,9 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto out; } + if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) + goto out; + ip_offset = odp_packet_l3_offset(pkt); ip = odp_packet_l3_ptr(pkt, NULL); ip_hdr_len = ipv4_hdr_len(ip); @@ -830,9 +831,8 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, goto out; } - if (_odp_ipsec_sa_update_stats(ipsec_sa, - stats_length, - status) < 0) + /* No need to run precheck here, we know that packet is authentic */ + if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) goto out; param.session = ipsec_sa->session; diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index dc338bfcd..87feb1139 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -479,7 +479,28 @@ ipsec_sa_t *_odp_ipsec_sa_lookup(const ipsec_sa_lookup_t *lookup) return best; } -int _odp_ipsec_sa_update_stats(ipsec_sa_t *ipsec_sa, uint32_t len, +int _odp_ipsec_sa_stats_precheck(ipsec_sa_t *ipsec_sa, + odp_ipsec_op_status_t *status) +{ + uint64_t bytes = odp_atomic_load_u64(&ipsec_sa->bytes); + uint64_t packets = odp_atomic_load_u64(&ipsec_sa->packets); + int rc = 0; + + if (ipsec_sa->hard_limit_bytes > 0 && + bytes > ipsec_sa->hard_limit_bytes) { + status->error.hard_exp_bytes = 1; + rc = -1; + } + if (ipsec_sa->hard_limit_packets > 0 && + packets > ipsec_sa->hard_limit_packets) { + status->error.hard_exp_packets = 1; + rc = -1; + } + + return rc; +} + +int _odp_ipsec_sa_stats_update(ipsec_sa_t *ipsec_sa, uint32_t len, odp_ipsec_op_status_t *status) { uint64_t bytes = odp_atomic_fetch_add_u64(&ipsec_sa->bytes, len) + len; From patchwork Sun Nov 12 12:00:10 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118647 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp683632qgn; Sun, 12 Nov 2017 04:11:15 -0800 (PST) X-Google-Smtp-Source: AGs4zMY+eYUs3UKoimK2bMFnxVVKFG/R/FQEp7nWPj8hYHZSkr1tVcrn5BI5IZxXTWHmpZA8hfGc X-Received: by 10.200.44.9 with SMTP id d9mr9261145qta.173.1510488675724; Sun, 12 Nov 2017 04:11:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510488675; cv=none; d=google.com; s=arc-20160816; b=LiF+16UDdxd+G6AlgbFU2GNv6WT0MkNXdH7bbYBLUqiLB0xIfHHtqOkEVKjHpR4Ugx kieSQN/PAMkGS3tDEwbFw1djvJunPEbpy3Jm3e5HOaaRqom834zqkmfzIp9/5iBo/52t F/rpPLpiZpR2yhS7bWz73A9WPoJXy6duxOrr2i7n6LKL1wE58CpidxoQA5/AxgiHcqLC rVj2i4PMiozr4V0d37LD2PLZ4abSeCBKlbTwl3C2Bb/4qV4URMu0eNS9cLPKKfp2tglP PiBMhDtg2M/9cpihfa69UxitahWkcuK4DP4PfQlgHc9+7dhyE4oO0H4D4DJSt/MF3t6f b0Aw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=CGkoz2e0Bglo/0DzR8Jvwe7dkVaQjYp8HG0ADKzeS3c=; b=ueJFwgUnFbJ9AcU79OT89T/Ok8xP7VYt13Xr/AUeDPX1JtWZfe9tQq1Fz5bIA3dS8i 6szhSkaDVKwekEHP2wBMy2YjY7F7ehH53KjArC8YK3OYWE7yPOx6FzlGydYwjs0YAwwa 6yc0IW58n8xJVhfo8jX54breLT0OnKPBMe/yLTHANbtrUUJHwciMw8Ab1umVM66WHW/G 3/OrU24T8kVr6dVcbGIkgFMPGe3WXKUdrxQkPWDW7AcWct9ArDOVu8DweOWvYmSwz2YD lHfx1vweMawghpBRmIIFFcnw4GKaUY7KXMOUqIowXOb74FXzRyp+oU8pcexjlmczfD1v uexQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id c14si912523qtd.55.2017.11.12.04.11.15; Sun, 12 Nov 2017 04:11:15 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 4D9B260AD3; Sun, 12 Nov 2017 12:11:15 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 3C23760BDF; Sun, 12 Nov 2017 12:01:53 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 83CF66069B; Sun, 12 Nov 2017 12:01:05 +0000 (UTC) Received: from forward102p.mail.yandex.net (forward102p.mail.yandex.net [77.88.28.102]) by lists.linaro.org (Postfix) with ESMTPS id 7C2F560A58 for ; Sun, 12 Nov 2017 12:00:27 +0000 (UTC) Received: from mxback17j.mail.yandex.net (mxback17j.mail.yandex.net [IPv6:2a02:6b8:0:1619::93]) by forward102p.mail.yandex.net (Yandex) with ESMTP id 7282843083EF for ; Sun, 12 Nov 2017 15:00:26 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback17j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id lSxbszY2A2-0Q3eldjk; Sun, 12 Nov 2017 15:00:26 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3w91frotLT-0QvOkBLt; Sun, 12 Nov 2017 15:00:26 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 15:00:10 +0300 Message-Id: <1510488023-21204-6-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> References: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v12 5/18] linux-gen: ipsec: add replay window support to SAD X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: e8722a0cdda227e01e7d308573aec08112d3c5b0 **/ .../linux-generic/include/odp_ipsec_internal.h | 20 ++++++++ platform/linux-generic/odp_ipsec_sad.c | 60 ++++++++++++++++++++++ 2 files changed, 80 insertions(+) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index 68ab195c7..0a7f96256 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -81,6 +81,9 @@ int _odp_ipsec_status_send(odp_queue_t queue, #define IPSEC_MAX_SALT_LEN 4 /**< Maximum salt length in bytes */ +/* 32 is minimum required by the standard. We do not support more */ +#define IPSEC_ANTIREPLAY_WS 32 + /** * Maximum number of available SAs */ @@ -127,6 +130,9 @@ struct ipsec_sa_s { /* Only for outbound */ unsigned use_counter_iv : 1; + + /* Only for inbound */ + unsigned antireplay : 1; }; }; @@ -134,6 +140,7 @@ struct ipsec_sa_s { struct { odp_ipsec_lookup_mode_t lookup_mode; odp_u32be_t lookup_dst_ip; + odp_atomic_u64_t antireplay; } in; struct { @@ -200,6 +207,19 @@ int _odp_ipsec_sa_stats_precheck(ipsec_sa_t *ipsec_sa, int _odp_ipsec_sa_stats_update(ipsec_sa_t *ipsec_sa, uint32_t len, odp_ipsec_op_status_t *status); +/* Run pre-check on sequence number of the packet. + * + * @retval <0 if the packet falls out of window + */ +int _odp_ipsec_sa_replay_precheck(ipsec_sa_t *ipsec_sa, uint32_t seq, + odp_ipsec_op_status_t *status); + +/* Run check on sequence number of the packet and update window if necessary. + * + * @retval <0 if the packet falls out of window + */ +int _odp_ipsec_sa_replay_update(ipsec_sa_t *ipsec_sa, uint32_t seq, + odp_ipsec_op_status_t *status); /** * Try inline IPsec processing of provided packet. * diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 87feb1139..28092ac31 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -215,6 +215,10 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) param->inbound.lookup_param.dst_addr, sizeof(ipsec_sa->in.lookup_dst_ip)); + if (param->inbound.antireplay_ws > IPSEC_ANTIREPLAY_WS) + return ODP_IPSEC_SA_INVALID; + ipsec_sa->antireplay = (param->inbound.antireplay_ws != 0); + odp_atomic_init_u64(&ipsec_sa->in.antireplay, 0); } else { odp_atomic_store_u32(&ipsec_sa->out.seq, 1); } @@ -528,3 +532,59 @@ int _odp_ipsec_sa_stats_update(ipsec_sa_t *ipsec_sa, uint32_t len, return rc; } + +int _odp_ipsec_sa_replay_precheck(ipsec_sa_t *ipsec_sa, uint32_t seq, + odp_ipsec_op_status_t *status) +{ + /* Try to be as quick as possible, we will discard packets later */ + if (ipsec_sa->antireplay && + seq + IPSEC_ANTIREPLAY_WS <= + (odp_atomic_load_u64(&ipsec_sa->in.antireplay) & 0xffffffff)) { + status->error.antireplay = 1; + return -1; + } + + return 0; +} + +int _odp_ipsec_sa_replay_update(ipsec_sa_t *ipsec_sa, uint32_t seq, + odp_ipsec_op_status_t *status) +{ + int cas = 0; + uint64_t state, new_state; + + if (!ipsec_sa->antireplay) + return 0; + + state = odp_atomic_load_u64(&ipsec_sa->in.antireplay); + + while (0 == cas) { + uint32_t max_seq = state & 0xffffffff; + uint32_t mask = state >> 32; + + if (seq + IPSEC_ANTIREPLAY_WS <= max_seq) { + status->error.antireplay = 1; + return -1; + } + + if (seq > max_seq) { + mask <<= seq - max_seq; + mask |= 1; + max_seq = seq; + } else { + if (mask & (1U << (max_seq - seq))) { + status->error.antireplay = 1; + return -1; + } + + mask |= (1U << (max_seq - seq)); + } + + new_state = (((uint64_t)mask) << 32) | max_seq; + + cas = odp_atomic_cas_acq_rel_u64(&ipsec_sa->in.antireplay, + &state, new_state); + } + + return 0; +} From patchwork Sun Nov 12 12:00:11 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118649 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp684245qgn; Sun, 12 Nov 2017 04:12:01 -0800 (PST) X-Google-Smtp-Source: AGs4zMZKI//Q0t7ESlvV+xoo13NV0wGvI+vy7tyIgTSUNxjiA4FUyA4+NQf0NBWYQ6kSxdGY23dL X-Received: by 10.200.3.150 with SMTP id t22mr9896862qtg.156.1510488721000; Sun, 12 Nov 2017 04:12:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510488720; cv=none; d=google.com; s=arc-20160816; b=uOpolp94F5c7iuapAlGVrtKE5+mheMOYq186XGRFFFp9H3hX2eSGF6gjSLbY6oxup4 CPCrO2iI3qcrGQOJhmJ5ywnSNitTHlfwuf/jUBaBlRJ8mG1syV5fnw58gm2UtLpInbhr md9DHT97qGNVi0Ey3PwEffztL8fTN+VUNVl4MPnghJWru3rAohV2iioZinU9Tf7nPyzx drhHSmPFB+x5+qPRJ9NdMdGkZyO+UaE3kktqbddwLlIdu4xFWV7jIaq84ATzXL+zZ4e0 jlaNxQfytKCd8H1rNJnfNbvyRzUklo1p8SNX4Z7og8A22rDlvGkhBnQ9DO7tA9xXhBGf 0CYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=gw1x8YblN/2BNcMmJMYsspEQ+n56llxehheYAobQ8eg=; b=PM/5jb4I4us5F1Er8H0NpjeInJ5LHKYN0yroEfTzgg1ZUgrha99PwPgNUcnFY3Iz67 vwDCdk67WaUf2mfOSZk9kxX937qritaZcVQTgTr0ng/vZTA+VMdnnTU2ZtTepA7JmXx9 cbmKetl7YutzpmcQZ+NAL+xr11UZJGU7N47HTyfQBdZPKzsmp9YtlYCJi4OsCcaM7MC2 nSqXC3b4dZzK7q7iEOknrKzfp+UteH72QAW2+XiV6u7roicNkgAicSX2pVjooSWDx4oZ l2lN6WLHK7NDKxiEz/slsCmcg5tr8DqsZMDdv0bLsq63hQkpQWZzHAVn+kXyZikAWXpQ 8EEw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id 26si1502818qtt.15.2017.11.12.04.12.00; Sun, 12 Nov 2017 04:12:00 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id B2BC160B1A; Sun, 12 Nov 2017 12:12:00 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id B891860BF7; Sun, 12 Nov 2017 12:01:58 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 373D460B56; Sun, 12 Nov 2017 12:01:45 +0000 (UTC) Received: from forward102o.mail.yandex.net (forward102o.mail.yandex.net [37.140.190.182]) by lists.linaro.org (Postfix) with ESMTPS id 77A066050B for ; Sun, 12 Nov 2017 12:00:28 +0000 (UTC) Received: from mxback6g.mail.yandex.net (mxback6g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:167]) by forward102o.mail.yandex.net (Yandex) with ESMTP id 08AAC5A0882F for ; Sun, 12 Nov 2017 15:00:27 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback6g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 2kKLH6Icdj-0QCaPPIL; Sun, 12 Nov 2017 15:00:26 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3w91frotLT-0QvCpKgK; Sun, 12 Nov 2017 15:00:26 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 15:00:11 +0300 Message-Id: <1510488023-21204-7-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> References: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v12 6/18] linux-gen: ipsec: support replay window checks X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: e8722a0cdda227e01e7d308573aec08112d3c5b0 **/ platform/linux-generic/odp_ipsec.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 8810d73be..ef6a60249 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -42,6 +42,8 @@ int odp_ipsec_capability(odp_ipsec_capability_t *capa) capa->max_num_sa = ODP_CONFIG_IPSEC_SAS; + capa->max_antireplay_ws = IPSEC_ANTIREPLAY_WS; + rc = odp_crypto_capability(&crypto_capa); if (rc < 0) return rc; @@ -402,6 +404,12 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ip->frag_offset = 0; ip->ttl = 0; + aad.spi = ah.spi; + aad.seq_no = ah.seq_no; + + param.aad.ptr = (uint8_t *)&aad; + param.aad.length = sizeof(aad); + param.auth_range.offset = ip_offset; param.auth_range.length = odp_be_to_cpu_16(ip->tot_len); param.hash_result_offset = ipsec_offset + _ODP_AHHDR_LEN; @@ -412,6 +420,11 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto out; } + if (_odp_ipsec_sa_replay_precheck(ipsec_sa, + odp_be_to_cpu_32(aad.seq_no), + status) < 0) + goto out; + if (_odp_ipsec_sa_stats_precheck(ipsec_sa, status) < 0) goto out; @@ -450,6 +463,11 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) goto out; + if (_odp_ipsec_sa_replay_update(ipsec_sa, + odp_be_to_cpu_32(aad.seq_no), + status) < 0) + goto out; + ip_offset = odp_packet_l3_offset(pkt); ip = odp_packet_l3_ptr(pkt, NULL); ip_hdr_len = ipv4_hdr_len(ip); @@ -809,6 +827,12 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, ah.next_header = ip->proto; ip->proto = _ODP_IPPROTO_AH; + aad.spi = ah.spi; + aad.seq_no = ah.seq_no; + + param.aad.ptr = (uint8_t *)&aad; + param.aad.length = sizeof(aad); + odp_packet_copy_from_mem(pkt, ipsec_offset, _ODP_AHHDR_LEN, &ah); From patchwork Sun Nov 12 12:00:12 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118653 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp686338qgn; Sun, 12 Nov 2017 04:14:35 -0800 (PST) X-Google-Smtp-Source: AGs4zMZE6sdgXfEAGUpTZ7GNNqoAQXz33vRW3wIErCCymi92mDEdDiTx4CDefE8kk9DHg9AdPL2i X-Received: by 10.55.176.68 with SMTP id z65mr9262285qke.75.1510488875003; Sun, 12 Nov 2017 04:14:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510488874; cv=none; d=google.com; s=arc-20160816; b=h40wVLyjaTT+wnhRbgNRcm03TS2YJQnRBv/a7v5EnnDgSS+epEiHPFJRMYox0fBi5r TlW6AGzc62DBxLAITuIHH0TOXvu50ygQACWpFvjzNyUM7ZKhtmNVONVuWAT/Q/vUW21w HQWz4igWb3mwEs5WaZB6UKNme1lWDjrxWvCa156b1pN1K22pJVR8gepb/Xhq9hTLkqKp 4wkbYQCysez3ttLkAqFehquDrtITHyfRAJBRr0smPrp+k08nPyLxfVFcIvmz5LKWRbdF rj6Aru3LPZuSK46czwaQ9PMtAGq9MmxMrM8aPrMrFMAvJW4rPixGqwFEFGQ/J6tb3cU3 SgSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=TWAxx/jZezibCMzbBK+5LDTNoQwqWUpWG2j9iJDt6CQ=; b=RgXpulcVSVU2OM06lenhUJIubD5stnN6JGuiX7i+orw+f6p9uoexHmydFqCj0NHopp 3UCyiYDh6Qx44eovEc2PxjnJEkl2zP+JlvyMYKeFutmpU2qosanCl/MASWv14mRuQ4Gg 3Nhk/F0kp8b53RQy+Z4FZCs0teVWA+YB+SBlP+QQMiQKGE1DyS/1v9U+r5s+GheiaN3r K/d6msgW3QX2CETOM1CUoEYpDQ5ILi5Hdc8vWreIFMpiJYPulGq+qv8skfi5O8raURP5 J7+QVq5BIEnPMRXAgd3Rd2cFoWX81scTI/e73jbPfLtIK/YnBG3xprbonO8oDshgCmsZ LOig== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id m34si7758466qtm.3.2017.11.12.04.14.34; Sun, 12 Nov 2017 04:14:34 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 8E382606A0; Sun, 12 Nov 2017 12:14:34 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id DD7F260A76; Sun, 12 Nov 2017 12:02:14 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id EAB2660BDF; Sun, 12 Nov 2017 12:01:49 +0000 (UTC) Received: from forward101p.mail.yandex.net (forward101p.mail.yandex.net [77.88.28.101]) by lists.linaro.org (Postfix) with ESMTPS id 2133F60695 for ; Sun, 12 Nov 2017 12:00:29 +0000 (UTC) Received: from mxback5o.mail.yandex.net (mxback5o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::1f]) by forward101p.mail.yandex.net (Yandex) with ESMTP id 852666A86CAB for ; Sun, 12 Nov 2017 15:00:27 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback5o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id x5stVCpYlc-0Rl8S7Vl; Sun, 12 Nov 2017 15:00:27 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3w91frotLT-0RvObC5p; Sun, 12 Nov 2017 15:00:27 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 15:00:12 +0300 Message-Id: <1510488023-21204-8-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> References: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v12 7/18] validation: ipsec: add replay window checks X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: e8722a0cdda227e01e7d308573aec08112d3c5b0 **/ test/validation/api/ipsec/ipsec_test_in.c | 204 ++++++++++++++++++++++++++++++ test/validation/api/ipsec/test_vectors.h | 87 +++++++++++++ 2 files changed, 291 insertions(+) diff --git a/test/validation/api/ipsec/ipsec_test_in.c b/test/validation/api/ipsec/ipsec_test_in.c index 25fc00e11..598a83e3f 100644 --- a/test/validation/api/ipsec/ipsec_test_in.c +++ b/test/validation/api/ipsec/ipsec_test_in.c @@ -284,6 +284,202 @@ static void test_in_esp_null_sha256_tun(void) ipsec_sa_destroy(sa); } +static void test_in_ah_sha256_noreplay(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.inbound.antireplay_ws = 0; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_ah_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_test_part test_1235 = { + .pkt_in = &pkt_icmp_0_ah_sha256_1235, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test_1235, sa); + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ah_sha256_replay(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.inbound.antireplay_ws = 32; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_ah_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_test_part test_repl = { + .pkt_in = &pkt_icmp_0_ah_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.antireplay = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_test_part test_1235 = { + .pkt_in = &pkt_icmp_0_ah_sha256_1235, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test_repl, sa); + ipsec_check_in_one(&test_1235, sa); + ipsec_check_in_one(&test_repl, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_esp_null_sha256_noreplay(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.inbound.antireplay_ws = 0; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_test_part test_1235 = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1235, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test_1235, sa); + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_esp_null_sha256_replay(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.inbound.antireplay_ws = 32; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_test_part test_repl = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.antireplay = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_test_part test_1235 = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1235, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test_repl, sa); + ipsec_check_in_one(&test_1235, sa); + ipsec_check_in_one(&test_repl, sa); + + ipsec_sa_destroy(sa); +} + static void test_in_ah_esp_pkt(void) { odp_ipsec_sa_param_t param; @@ -797,6 +993,14 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_tun, ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_noreplay, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_replay, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_noreplay, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_replay, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ah_esp_pkt, ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_esp_ah_pkt, diff --git a/test/validation/api/ipsec/test_vectors.h b/test/validation/api/ipsec/test_vectors.h index 2fb06b2b7..593a8f450 100644 --- a/test/validation/api/ipsec/test_vectors.h +++ b/test/validation/api/ipsec/test_vectors.h @@ -278,6 +278,50 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad2 = { }, }; +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1235 = { + .len = 170, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x33, 0xab, 0xd9, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* AH */ + 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x12, 0x35, + 0x04, 0xef, 0x71, 0x73, 0xa1, 0xd4, 0x71, 0x3f, + 0xd6, 0x78, 0xfe, 0xa2, 0x59, 0xe9, 0x93, 0x70, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, + + /* ICMP echo */ + 0x12, 0x34, 0x00, 0x00, + + /* data */ + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b + }, +}; + static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1 = { .len = 170, .l2_offset = 0, @@ -412,6 +456,49 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1_bad1 = { }, }; +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1235 = { + .len = 170, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x32, 0xab, 0xda, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x12, 0x35, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x01, 0x02, 0x02, 0x01, + + /* ICV */ + 0x2f, 0xfb, 0xdd, 0x9d, 0xc0, 0xca, 0xb8, 0x0a, + 0xaa, 0xf1, 0x59, 0x31, 0x4e, 0xef, 0x62, 0x50, + }, +}; + static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_null_1 = { .len = 170, .l2_offset = 0, From patchwork Sun Nov 12 12:00:13 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118651 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp685258qgn; Sun, 12 Nov 2017 04:13:11 -0800 (PST) X-Google-Smtp-Source: AGs4zMY21QDqar6+38R6r/z3E4BWbMATuSkjOdmdxMPINhaqVU1Vbo2h0qt/fWY7wCPMDU5ybu+F X-Received: by 10.200.51.91 with SMTP id u27mr5363431qta.0.1510488791114; Sun, 12 Nov 2017 04:13:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510488791; cv=none; d=google.com; s=arc-20160816; b=YJ1CHewhXrD9rHodbWqjd4IS0qHNo8nGjvknUTxOOMdYYPPZLJjHreS5bcr8Z9FGbT J4yizZu84A6THCw8Dy+5CyYzKvUxMZaeQpI3beZePlTnPfjZ8dC/LbF8Sxe1nUM9ZWkT VAOxCqk65GCLiEZiVWfBjjaL0j5zEVME9BO3niEGFN9AnzegqR7Lt+YBDvLmO0puuk4w FGy5pNazTc1NiuGbsUrMi0M6JQL4Vq2u6J9h5nnZqd6gLFDSGo5LwC3J0zfyzkSxx2yl 8JZcD76v7FdD+O1xWKxcaw8jffNHBpJt1ne1PgUjY6EHrFQq7WcMDLEqIc0v9MfIQR48 WsaQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=Hwaa0Seinxk1Rp0knDbZGLtS9Hg1K6gLj1k5TjW3nO8=; b=KbclWqfCum/Bil7252ymdM5dHfB1Pu2g0/uw0a3WX0HUEQp7EtVIJsIOQ3K3Kos09n 91olBpg5wObwdbcFBYcrfesoT/3f9wDrAAWn1TyIENBNJT9BASKsOdmrn6UGui7OzAgu 15YbPSLtgOMdUHh85reUZtwPL4JXHAAfnM0NGQlT2HjrDuLow5tu9vy3VhAsRdKqmE2+ 5QqTl2iwswvwDI54DFowIsniew0Cjl/ru2Xi2L3YQinYWC20JZ9aZlKbTq+mETclQx5j JQRcIXafAluHD9EB8wtfOay1G8+ACQwJjR5q1Cd6wta+llg8hogdKpF9tiGdcMT/quUI Yvhg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id x57si1800686qtk.42.2017.11.12.04.13.10; Sun, 12 Nov 2017 04:13:11 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id B6C4060AF4; Sun, 12 Nov 2017 12:13:10 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 3EF1E60A0A; Sun, 12 Nov 2017 12:02:05 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 355E960BDF; Sun, 12 Nov 2017 12:01:49 +0000 (UTC) Received: from forward103j.mail.yandex.net (forward103j.mail.yandex.net [5.45.198.246]) by lists.linaro.org (Postfix) with ESMTPS id 379A7606A0 for ; Sun, 12 Nov 2017 12:00:29 +0000 (UTC) Received: from mxback1j.mail.yandex.net (mxback1j.mail.yandex.net [IPv6:2a02:6b8:0:1619::10a]) by forward103j.mail.yandex.net (Yandex) with ESMTP id 34F3134CF49F for ; Sun, 12 Nov 2017 15:00:28 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback1j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id vcNMKX4U2R-0R6afPHJ; Sun, 12 Nov 2017 15:00:28 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3w91frotLT-0RvmlcQ8; Sun, 12 Nov 2017 15:00:27 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 15:00:13 +0300 Message-Id: <1510488023-21204-9-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> References: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v12 8/18] linux-gen: classification: provide _odp_cos_get_entry() function X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Provide function mapping from odp_cos_t to internal cos_t type. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: e8722a0cdda227e01e7d308573aec08112d3c5b0 **/ .../include/odp_classification_datamodel.h | 4 +++ platform/linux-generic/odp_classification.c | 33 +++++++++++----------- 2 files changed, 20 insertions(+), 17 deletions(-) diff --git a/platform/linux-generic/include/odp_classification_datamodel.h b/platform/linux-generic/include/odp_classification_datamodel.h index 29b39f9c3..a40541986 100644 --- a/platform/linux-generic/include/odp_classification_datamodel.h +++ b/platform/linux-generic/include/odp_classification_datamodel.h @@ -123,6 +123,10 @@ typedef union cos_u { uint8_t pad[ROUNDUP_CACHE_LINE(sizeof(struct cos_s))]; } cos_t; +/** + * Get classification entry basing on the id + */ +cos_t *_odp_cos_get_entry(odp_cos_t cos_id); /** Packet Matching Rule diff --git a/platform/linux-generic/odp_classification.c b/platform/linux-generic/odp_classification.c index a5cba56a4..6ece74fca 100644 --- a/platform/linux-generic/odp_classification.c +++ b/platform/linux-generic/odp_classification.c @@ -302,8 +302,7 @@ odp_pmr_t alloc_pmr(pmr_t **pmr) return ODP_PMR_INVAL; } -static -cos_t *get_cos_entry(odp_cos_t cos_id) +cos_t *_odp_cos_get_entry(odp_cos_t cos_id) { if (_odp_typeval(cos_id) >= CLS_COS_MAX_ENTRY || cos_id == ODP_COS_INVALID) @@ -326,7 +325,7 @@ pmr_t *get_pmr_entry(odp_pmr_t pmr_id) int odp_cos_destroy(odp_cos_t cos_id) { - cos_t *cos = get_cos_entry(cos_id); + cos_t *cos = _odp_cos_get_entry(cos_id); if (NULL == cos) { ODP_ERR("Invalid odp_cos_t handle"); @@ -339,7 +338,7 @@ int odp_cos_destroy(odp_cos_t cos_id) int odp_cos_queue_set(odp_cos_t cos_id, odp_queue_t queue_id) { - cos_t *cos = get_cos_entry(cos_id); + cos_t *cos = _odp_cos_get_entry(cos_id); if (cos == NULL) { ODP_ERR("Invalid odp_cos_t handle"); @@ -353,7 +352,7 @@ int odp_cos_queue_set(odp_cos_t cos_id, odp_queue_t queue_id) odp_queue_t odp_cos_queue(odp_cos_t cos_id) { - cos_t *cos = get_cos_entry(cos_id); + cos_t *cos = _odp_cos_get_entry(cos_id); if (!cos) { ODP_ERR("Invalid odp_cos_t handle"); @@ -365,7 +364,7 @@ odp_queue_t odp_cos_queue(odp_cos_t cos_id) uint32_t odp_cls_cos_num_queue(odp_cos_t cos_id) { - cos_t *cos = get_cos_entry(cos_id); + cos_t *cos = _odp_cos_get_entry(cos_id); if (!cos) { ODP_ERR("Invalid odp_cos_t handle"); @@ -383,7 +382,7 @@ uint32_t odp_cls_cos_queues(odp_cos_t cos_id, odp_queue_t queue[], uint32_t tbl_index; uint32_t i; - cos = get_cos_entry(cos_id); + cos = _odp_cos_get_entry(cos_id); if (!cos) { ODP_ERR("Invalid odp_cos_t handle"); return 0; @@ -403,7 +402,7 @@ uint32_t odp_cls_cos_queues(odp_cos_t cos_id, odp_queue_t queue[], int odp_cos_drop_set(odp_cos_t cos_id, odp_cls_drop_t drop_policy) { - cos_t *cos = get_cos_entry(cos_id); + cos_t *cos = _odp_cos_get_entry(cos_id); if (!cos) { ODP_ERR("Invalid odp_cos_t handle"); @@ -417,7 +416,7 @@ int odp_cos_drop_set(odp_cos_t cos_id, odp_cls_drop_t drop_policy) odp_cls_drop_t odp_cos_drop(odp_cos_t cos_id) { - cos_t *cos = get_cos_entry(cos_id); + cos_t *cos = _odp_cos_get_entry(cos_id); if (!cos) { ODP_ERR("Invalid odp_cos_t handle"); @@ -437,7 +436,7 @@ int odp_pktio_default_cos_set(odp_pktio_t pktio_in, odp_cos_t default_cos) ODP_ERR("Invalid odp_pktio_t handle"); return -1; } - cos = get_cos_entry(default_cos); + cos = _odp_cos_get_entry(default_cos); if (cos == NULL) { ODP_ERR("Invalid odp_cos_t handle"); return -1; @@ -458,7 +457,7 @@ int odp_pktio_error_cos_set(odp_pktio_t pktio_in, odp_cos_t error_cos) return -1; } - cos = get_cos_entry(error_cos); + cos = _odp_cos_get_entry(error_cos); if (cos == NULL) { ODP_ERR("Invalid odp_cos_t handle"); return -1; @@ -512,7 +511,7 @@ int odp_cos_with_l2_priority(odp_pktio_t pktio_in, LOCK(&l2_cos->lock); /* Update the L2 QoS table*/ for (i = 0; i < num_qos; i++) { - cos = get_cos_entry(cos_table[i]); + cos = _odp_cos_get_entry(cos_table[i]); if (cos != NULL) { if (CLS_COS_MAX_L2_QOS > qos_table[i]) l2_cos->cos[qos_table[i]] = cos; @@ -544,7 +543,7 @@ int odp_cos_with_l3_qos(odp_pktio_t pktio_in, LOCK(&l3_cos->lock); /* Update the L3 QoS table*/ for (i = 0; i < num_qos; i++) { - cos = get_cos_entry(cos_table[i]); + cos = _odp_cos_get_entry(cos_table[i]); if (cos != NULL) { if (CLS_COS_MAX_L3_QOS > qos_table[i]) l3_cos->cos[qos_table[i]] = cos; @@ -643,8 +642,8 @@ odp_pmr_t odp_cls_pmr_create(const odp_pmr_param_t *terms, int num_terms, odp_pmr_t id; int val_sz; uint32_t loc; - cos_t *cos_src = get_cos_entry(src_cos); - cos_t *cos_dst = get_cos_entry(dst_cos); + cos_t *cos_src = _odp_cos_get_entry(src_cos); + cos_t *cos_dst = _odp_cos_get_entry(dst_cos); if (NULL == cos_src || NULL == cos_dst) { ODP_ERR("Invalid input handle"); @@ -691,7 +690,7 @@ int odp_cls_cos_pool_set(odp_cos_t cos_id, odp_pool_t pool) { cos_t *cos; - cos = get_cos_entry(cos_id); + cos = _odp_cos_get_entry(cos_id); if (cos == NULL) { ODP_ERR("Invalid odp_cos_t handle"); return -1; @@ -706,7 +705,7 @@ odp_pool_t odp_cls_cos_pool(odp_cos_t cos_id) { cos_t *cos; - cos = get_cos_entry(cos_id); + cos = _odp_cos_get_entry(cos_id); if (cos == NULL) { ODP_ERR("Invalid odp_cos_t handle"); return ODP_POOL_INVALID; From patchwork Sun Nov 12 12:00:14 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118652 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp685790qgn; Sun, 12 Nov 2017 04:13:53 -0800 (PST) X-Google-Smtp-Source: AGs4zMafnf1R9LyV56oJhFgAxhTpxAwLMMem1t2Dtes1Jdo9LfiBAb55pYOuxcX9yLCgCkmKdCrQ X-Received: by 10.55.183.134 with SMTP id h128mr9328021qkf.258.1510488833046; Sun, 12 Nov 2017 04:13:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510488833; cv=none; d=google.com; s=arc-20160816; b=NCa5Dy5rYaYBuwxYwUlflj8QS6riPBtBgv3Iid2QB7SMlB7N15osB7UBDxuKiFtTUT s9tFfIFk7s7jXgrK1Lvaw4eOmgSFzs8AnTeWZ0T7obSNg4QjJiPr5qzOof0Lbcf5mfiy EoSSYNixfwgkHeuJU7pUG8Y7zRkOJ9RdJsZZC6muuJZsSg9yUyS5w0HnXXIRUgJxPhfN Xe8aFRt+mPw6tz8cYsXedDB4dToml8lEtI4IeFTureE2eVmrILFRlodyPjCikiv1tond NxbqomaEk4dGK6TXEBPeF849pyiaHQRncmCLJ5N0ZIipN0qP6SbPV8JEhGP8rsDwsuK3 9hMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=6uWfT+ol8B9zNrVlA/QRBvRGXnkK8qJYh9DztevZcwA=; b=yCPcVFN8bwgjCmyVvRFSMMZYcUqkcEyTYYGGsHah/iQLt04VpI61RSolZP9ujVGWo/ rlmDyqg9uWZ9wyWEVXOtfkpALQhilURwflwAF2I8KvYs9flqOj1Fj/kyFtMQe/Swn2B9 mQWM1oH1EpkMc8rpsMrQYg90Gemc3VQTc1r5TIf9e4s/OvI9EI5jIa7CrHgOTyHEHrDf vgBiNtcuEtA4Edk8h9ypu8RTfoTJp1DuuhP9qeopG/yHZFcOA1EpVMCNSupd3Su1KUtD ek9gnfr87fV+U+m3zV/XT3i9lEjijRZ4xyC5qDwAQ14Hjz3BtDgtd6ZcPjn7OAnjCEHa 6Pfg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id o2si10298579qko.5.2017.11.12.04.13.52; Sun, 12 Nov 2017 04:13:53 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id C1FCB60B2F; Sun, 12 Nov 2017 12:13:52 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 89ED160C11; Sun, 12 Nov 2017 12:02:09 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 6B40660B65; Sun, 12 Nov 2017 12:01:49 +0000 (UTC) Received: from forward104p.mail.yandex.net (forward104p.mail.yandex.net [77.88.28.107]) by lists.linaro.org (Postfix) with ESMTPS id 1FE086069F for ; Sun, 12 Nov 2017 12:00:30 +0000 (UTC) Received: from mxback8g.mail.yandex.net (mxback8g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:169]) by forward104p.mail.yandex.net (Yandex) with ESMTP id 90BF41885ED for ; Sun, 12 Nov 2017 15:00:28 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback8g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id WUmbPYpRFd-0SpiXF53; Sun, 12 Nov 2017 15:00:28 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3w91frotLT-0SvCo2Hq; Sun, 12 Nov 2017 15:00:28 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 15:00:14 +0300 Message-Id: <1510488023-21204-10-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> References: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v12 9/18] linux-gen: classification: split cls_pkt_get_queue() function X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Separate function returning destination queue from cos_t instance. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: e8722a0cdda227e01e7d308573aec08112d3c5b0 **/ .../include/odp_classification_internal.h | 7 +++++ platform/linux-generic/odp_classification.c | 34 ++++++++++++++++------ 2 files changed, 32 insertions(+), 9 deletions(-) diff --git a/platform/linux-generic/include/odp_classification_internal.h b/platform/linux-generic/include/odp_classification_internal.h index 8882a7177..4cadb9bdb 100644 --- a/platform/linux-generic/include/odp_classification_internal.h +++ b/platform/linux-generic/include/odp_classification_internal.h @@ -42,6 +42,13 @@ int cls_classify_packet(pktio_entry_t *entry, const uint8_t *base, odp_packet_hdr_t *pkt_hdr); /** + * @internal + * Select packet destination queue basing on provided cos entry + */ +odp_queue_t cls_pkt_get_queue(odp_packet_hdr_t *pkt_hdr, cos_t *cos, + const uint8_t *base); + +/** Packet IO classifier init This function does initialization of classifier object associated with pktio. diff --git a/platform/linux-generic/odp_classification.c b/platform/linux-generic/odp_classification.c index 6ece74fca..317caefbf 100644 --- a/platform/linux-generic/odp_classification.c +++ b/platform/linux-generic/odp_classification.c @@ -961,8 +961,7 @@ int cls_classify_packet(pktio_entry_t *entry, const uint8_t *base, odp_packet_hdr_t *pkt_hdr) { cos_t *cos; - uint32_t tbl_index; - uint32_t hash; + odp_queue_t queue; packet_parse_reset(pkt_hdr); packet_set_len(pkt_hdr, pkt_len); @@ -979,20 +978,37 @@ int cls_classify_packet(pktio_entry_t *entry, const uint8_t *base, return -EFAULT; *pool = cos->s.pool; + pkt_hdr->p.input_flags.dst_queue = 1; - if (!cos->s.queue_group) { - pkt_hdr->dst_queue = queue_fn->from_ext(cos->s.queue); - return 0; - } + queue = cls_pkt_get_queue(pkt_hdr, cos, base); + pkt_hdr->dst_queue = queue_fn->from_ext(queue); + + return 0; +} + +/** + * Set packet destination queue basing on the cos + * + * @param cos + * @param pkt_hdr Packet header + * @param base Packet data + */ +odp_queue_t cls_pkt_get_queue(odp_packet_hdr_t *pkt_hdr, cos_t *cos, + const uint8_t *base) +{ + uint32_t tbl_index; + uint32_t hash; + + if (!cos->s.queue_group) + return cos->s.queue; hash = packet_rss_hash(pkt_hdr, cos->s.hash_proto, base); /* CLS_COS_QUEUE_MAX is a power of 2 */ hash = hash & (CLS_COS_QUEUE_MAX - 1); tbl_index = (cos->s.index * CLS_COS_QUEUE_MAX) + hash; - pkt_hdr->dst_queue = queue_fn->from_ext(queue_grp_tbl-> - s.queue[tbl_index]); - return 0; + + return queue_grp_tbl->s.queue[tbl_index]; } static uint32_t packet_rss_hash(odp_packet_hdr_t *pkt_hdr, From patchwork Sun Nov 12 12:00:15 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118654 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp686791qgn; Sun, 12 Nov 2017 04:15:10 -0800 (PST) X-Google-Smtp-Source: AGs4zMakvBCdHnP/PxSic9DK3/1ePBvf4l2iLTWJ+V6DO9yQUKgEjZcwl5/zU26pvPwBZgH4wO34 X-Received: by 10.55.42.139 with SMTP id q11mr9443829qkq.285.1510488910828; Sun, 12 Nov 2017 04:15:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510488910; cv=none; d=google.com; s=arc-20160816; b=lBiOjEEePVSxLtBfITqjBasAHlENe5OUDth4ui7PrkOJLjD9uhz5l6TCv2KBd0It+O WUKuFrhumNLbFmlw+XrKxPYncUqNTrBjBLuOm/rgYOPZJc33BS1j0oLnd6v0lt3W7EnJ vEVBE/hNItpK856z0YP03KbFZL9gofj3QYuNtyKP//Ln7ER0iGfNxWZ4/J0L06NSiU71 rKilC00PU5BifLJg5gaigprjKv3ebOb4octv1U3wZtMGz55ASZDMDf7ls5Wm9w7OEjUC t9CzuU4rIapAhpHrdTOIDttMsZMGyPq+0a3Tjdco8L3FWY/Swo+TSXS4qzTSapJYyrqy rKeQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=84vLkCsPZ2b0EnAFpkJvptXAM7tbB8YnO5yWrCrdeYY=; b=qpAQZJTWX6WsUxQF2I/HVAUU+3bIXbJyDnq0eag8yGxcxJnFb4E4MpsjMN0JBTcaFj Rt3dD+cXvLoqGN6UCCUCT3jAOTkDR7fXPkDQ4U9R7kSY0sc15g0BoTZHjVD72IeOlKED 26fQ3NkMGfYXMg6XXPpkW5CGY9oFzgEV5a2967HYfZfXI+lKIemk1KoN5BvIxw4TL/BO s36yik5MuzT5JuamZUQzgJ+z42EMJdl1/RF9uaoHJEzpbEXLO/P41vx80u4nuEh8o2o3 l2pn1dkot/rMF7SkBc4oz+8BWNoQyuPVNKmZlNbvvRZLJKsaZZX+OcuAU8H9NB0SlKhO LljQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id v45si191475qth.215.2017.11.12.04.15.10; Sun, 12 Nov 2017 04:15:10 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 7B57F60749; Sun, 12 Nov 2017 12:15:10 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 4130D60AC1; Sun, 12 Nov 2017 12:02:20 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 3E45360BE6; Sun, 12 Nov 2017 12:01:50 +0000 (UTC) Received: from forward106p.mail.yandex.net (forward106p.mail.yandex.net [77.88.28.109]) by lists.linaro.org (Postfix) with ESMTPS id 2C74360ABB for ; Sun, 12 Nov 2017 12:00:30 +0000 (UTC) Received: from mxback7j.mail.yandex.net (mxback7j.mail.yandex.net [IPv6:2a02:6b8:0:1619::110]) by forward106p.mail.yandex.net (Yandex) with ESMTP id 2A18C2D887B8 for ; Sun, 12 Nov 2017 15:00:29 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback7j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id L0rZ7eK0GI-0TC4qJdi; Sun, 12 Nov 2017 15:00:29 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3w91frotLT-0SvOxnXn; Sun, 12 Nov 2017 15:00:28 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 15:00:15 +0300 Message-Id: <1510488023-21204-11-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> References: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v12 10/18] linux-gen: ipsec: support pipelining to cos_t X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: e8722a0cdda227e01e7d308573aec08112d3c5b0 **/ .../include/odp_classification_datamodel.h | 2 -- .../linux-generic/include/odp_ipsec_internal.h | 7 ++++ platform/linux-generic/odp_ipsec.c | 37 ++++++++++++++++++++-- platform/linux-generic/odp_ipsec_sad.c | 16 +++++++++- 4 files changed, 57 insertions(+), 5 deletions(-) diff --git a/platform/linux-generic/include/odp_classification_datamodel.h b/platform/linux-generic/include/odp_classification_datamodel.h index a40541986..25c488497 100644 --- a/platform/linux-generic/include/odp_classification_datamodel.h +++ b/platform/linux-generic/include/odp_classification_datamodel.h @@ -22,8 +22,6 @@ extern "C" { #include #include #include -#include -#include #include #include diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index 0a7f96256..81ecec08e 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -23,6 +23,7 @@ extern "C" { #include #include #include +#include /** @ingroup odp_ipsec * @{ @@ -141,6 +142,7 @@ struct ipsec_sa_s { odp_ipsec_lookup_mode_t lookup_mode; odp_u32be_t lookup_dst_ip; odp_atomic_u64_t antireplay; + cos_t *cos; } in; struct { @@ -229,6 +231,11 @@ int _odp_ipsec_sa_replay_update(ipsec_sa_t *ipsec_sa, uint32_t seq, int _odp_ipsec_try_inline(odp_packet_t pkt); /** + * Returns ODP IPsec configuration + */ +const odp_ipsec_config_t *_odp_ipsec_config_get(void); + +/** * @} */ diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index ef6a60249..6b5f5abf2 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -13,6 +13,7 @@ #include #include #include +#include #include #include @@ -30,6 +31,7 @@ int odp_ipsec_capability(odp_ipsec_capability_t *capa) int rc; odp_crypto_capability_t crypto_capa; odp_queue_capability_t queue_capa; + odp_cls_capability_t cls_capa; memset(capa, 0, sizeof(odp_ipsec_capability_t)); @@ -39,6 +41,7 @@ int odp_ipsec_capability(odp_ipsec_capability_t *capa) capa->op_mode_inline_out = ODP_SUPPORT_PREFERRED; capa->proto_ah = ODP_SUPPORT_YES; + capa->pipeline_cls = ODP_SUPPORT_YES; capa->max_num_sa = ODP_CONFIG_IPSEC_SAS; @@ -57,6 +60,12 @@ int odp_ipsec_capability(odp_ipsec_capability_t *capa) capa->max_queues = queue_capa.max_queues; + rc = odp_cls_capability(&cls_capa); + if (rc < 0) + return rc; + + capa->max_cls_cos = cls_capa.max_cos; + return 0; } @@ -95,6 +104,11 @@ int odp_ipsec_config(const odp_ipsec_config_t *config) return 0; } +const odp_ipsec_config_t *_odp_ipsec_config_get(void) +{ + return &ipsec_config; +} + static odp_ipsec_packet_result_t *ipsec_pkt_result(odp_packet_t packet) { ODP_ASSERT(ODP_EVENT_PACKET_IPSEC == @@ -1055,7 +1069,16 @@ int odp_ipsec_in_enq(const odp_packet_t pkt_in[], int num_in, result->status = status; if (NULL != ipsec_sa) { result->sa = ipsec_sa->ipsec_sa_hdl; - queue = ipsec_sa->queue; + if (ipsec_sa->in.cos && !status.error.all) { + odp_packet_hdr_t *pkt_hdr = odp_packet_hdr(pkt); + const uint8_t *base = odp_packet_data(pkt); + + queue = cls_pkt_get_queue(pkt_hdr, + ipsec_sa->in.cos, + base); + } else { + queue = ipsec_sa->queue; + } } else { result->sa = ODP_IPSEC_SA_INVALID; queue = ipsec_config.inbound.default_queue; @@ -1138,6 +1161,7 @@ int _odp_ipsec_try_inline(odp_packet_t pkt) ipsec_sa_t *ipsec_sa; odp_ipsec_packet_result_t *result; odp_packet_hdr_t *pkt_hdr; + odp_queue_t queue; memset(&status, 0, sizeof(status)); @@ -1155,10 +1179,19 @@ int _odp_ipsec_try_inline(odp_packet_t pkt) memset(result, 0, sizeof(*result)); result->status = status; result->sa = ipsec_sa->ipsec_sa_hdl; + result->flag.inline_mode = 1; pkt_hdr = odp_packet_hdr(pkt); pkt_hdr->p.input_flags.dst_queue = 1; - pkt_hdr->dst_queue = queue_fn->from_ext(ipsec_sa->queue); + if (ipsec_sa->in.cos && !status.error.all) { + odp_packet_hdr_t *pkt_hdr = odp_packet_hdr(pkt); + const uint8_t *base = odp_packet_data(pkt); + + queue = cls_pkt_get_queue(pkt_hdr, ipsec_sa->in.cos, base); + } else { + queue = ipsec_sa->queue; + } + pkt_hdr->dst_queue = queue_fn->from_ext(queue); /* Last thing */ _odp_ipsec_sa_unuse(ipsec_sa); diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 28092ac31..0bcc20b86 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -13,6 +13,7 @@ #include #include +#include #include @@ -216,9 +217,22 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) sizeof(ipsec_sa->in.lookup_dst_ip)); if (param->inbound.antireplay_ws > IPSEC_ANTIREPLAY_WS) - return ODP_IPSEC_SA_INVALID; + goto error; ipsec_sa->antireplay = (param->inbound.antireplay_ws != 0); odp_atomic_init_u64(&ipsec_sa->in.antireplay, 0); + + if (ODP_IPSEC_PIPELINE_CLS == param->inbound.pipeline) { + if (ODP_IPSEC_OP_MODE_SYNC == + _odp_ipsec_config_get()->inbound_mode) + goto error; + + ipsec_sa->in.cos = + _odp_cos_get_entry(param->inbound.dest_cos); + if (NULL == ipsec_sa->in.cos) + goto error; + } else { + ipsec_sa->in.cos = NULL; + } } else { odp_atomic_store_u32(&ipsec_sa->out.seq, 1); } From patchwork Sun Nov 12 12:00:16 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118655 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp687487qgn; Sun, 12 Nov 2017 04:16:05 -0800 (PST) X-Google-Smtp-Source: AGs4zMZExarnorUBfjA8Tv4BD1P8XExGZcFPC8EXlHk9JdoifSnPRPTbs8p/iFe+6qJSN8X6qSQJ X-Received: by 10.200.15.164 with SMTP id b33mr7771818qtk.14.1510488965766; Sun, 12 Nov 2017 04:16:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510488965; cv=none; d=google.com; s=arc-20160816; b=PBNedA/Mp50J4PbjWBgR6dsxWihlYQ14Mc/AFE2jXWrpGDWzM9xOkx3OQPvbVuhJqn Lb/xYRVzeHNgi7RcQij9WX8ANEgfo/Mo41476AdvdbnkrUVc52mzPDAfC4kdP0D1tleI 2+pha3TwPLca/Hh0nV9BJqBhF/p+XVyoBEKr3DYUQjKBN6vo1H7MBsRvk+jXIec0ZkPy svWaJ8YWE6EaZZybs79Ij8ya3gbPYNoPJT0ZVCQxfREnn3ETR3BvSghdZs0DwxC+mUXc 2n5GnhyWkZ+kFsmm5ovgQ9x0ifbLsPs1Xg4GR1O6HnX2wHEZskCYeXaRA8vFF0E/cA62 fclQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=/ALU7ZE2I638UnKecOmiTJCuVAu0CjrUqZYC02DxpVY=; b=v94TFf5kfL5czV9BOq6CBChbMmy1Sy5a5O3EB4J2ErA//5gLRVZ32fcHxX8oBMc/MN U0iCvQU7JbMFXYO6Mqny8Sj65CtRaDKTxEBtmJstuKfAUrnSGbLcLrZG+iWbwaNPgXP0 3CvYq2rwph8oPhKm/WqK8yA45iWq3llWo7aP+KCfcqvdduZAGBa7Ta27PRXZ9Q3CCVxG 5DWj8U/iozuquiVoUjUgj6Rq9yBt1E5uIwRf/9QcAhs5hgbIcPFxshyo6VkQ3R8aKtHc Xb0/O165nnbXsgLv0HzuBD0nMdqIGv4BHmeVFGm0YA0q6g271KK0mJ60c+nHU6mTQZGc 6QJQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id p20si13081939qtj.143.2017.11.12.04.16.05; Sun, 12 Nov 2017 04:16:05 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 6B10E60AC8; Sun, 12 Nov 2017 12:16:05 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 7FB3F60AC0; Sun, 12 Nov 2017 12:02:26 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id F2CE060BEF; Sun, 12 Nov 2017 12:01:53 +0000 (UTC) Received: from forward102o.mail.yandex.net (forward102o.mail.yandex.net [37.140.190.182]) by lists.linaro.org (Postfix) with ESMTPS id B66AD60AC1 for ; Sun, 12 Nov 2017 12:00:30 +0000 (UTC) Received: from mxback9g.mail.yandex.net (mxback9g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:170]) by forward102o.mail.yandex.net (Yandex) with ESMTP id A78C85A08854 for ; Sun, 12 Nov 2017 15:00:29 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback9g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 8c7SM3cdPW-0Tgi0h9d; Sun, 12 Nov 2017 15:00:29 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3w91frotLT-0TvCKJ04; Sun, 12 Nov 2017 15:00:29 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 15:00:16 +0300 Message-Id: <1510488023-21204-12-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> References: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v12 11/18] validation: ipsec: add support for PIPELINE_CLS testing X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: e8722a0cdda227e01e7d308573aec08112d3c5b0 **/ test/validation/api/ipsec/ipsec.c | 165 ++++++++++++++++++++++++++-- test/validation/api/ipsec/ipsec.h | 3 + test/validation/api/ipsec/ipsec_async.c | 1 + test/validation/api/ipsec/ipsec_inline_in.c | 1 + 4 files changed, 159 insertions(+), 11 deletions(-) diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c index 853bd88a9..5883f23e2 100644 --- a/test/validation/api/ipsec/ipsec.c +++ b/test/validation/api/ipsec/ipsec.c @@ -117,6 +117,35 @@ static void pktio_stop(odp_pktio_t pktio) } } +static odp_cos_t ipsec_cos_create(void) +{ + odp_cls_cos_param_t param; + odp_cos_t cos; + + odp_cls_cos_param_init(¶m); + param.pool = suite_context.pool; + param.num_queue = 1; + param.queue = odp_queue_create("ipsec-cos-queue", NULL); + + if (ODP_QUEUE_INVALID == param.queue) + return ODP_COS_INVALID; + + cos = odp_cls_cos_create("ipsec-cos", ¶m); + if (ODP_COS_INVALID != cos) + suite_context.cos_queue = odp_cos_queue(cos); + + return cos; +} + +static void ipsec_cos_destroy(void) +{ + odp_queue_t queue = odp_cos_queue(suite_context.cos); + + suite_context.cos_queue = ODP_QUEUE_INVALID; + odp_cos_destroy(suite_context.cos); + odp_queue_destroy(queue); +} + #define MAX_ALG_CAPA 32 int ipsec_check(odp_bool_t ah, @@ -147,6 +176,11 @@ int ipsec_check(odp_bool_t ah, ODP_SUPPORT_NO == capa.op_mode_inline_out)) return ODP_TEST_INACTIVE; + if (ODP_COS_INVALID != suite_context.cos && + (capa.pipeline_cls == ODP_SUPPORT_NO || + capa.max_cls_cos < 1)) + return ODP_TEST_INACTIVE; + if (ah && (ODP_SUPPORT_NO == capa.proto_ah)) return ODP_TEST_INACTIVE; @@ -288,6 +322,11 @@ void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param, if (in) param->inbound.lookup_mode = ODP_IPSEC_LOOKUP_SPI; + if (in && (ODP_COS_INVALID != suite_context.cos)) { + param->inbound.pipeline = ODP_IPSEC_PIPELINE_CLS; + param->inbound.dest_cos = suite_context.cos; + } + param->proto = ah ? ODP_IPSEC_AH : ODP_IPSEC_ESP; @@ -438,23 +477,53 @@ static int ipsec_send_in_one(const ipsec_test_part *part, pkto, &num_out, ¶m)); CU_ASSERT_EQUAL(num_out, part->out_pkt); - } else if (ODP_IPSEC_OP_MODE_ASYNC == suite_context.inbound_op_mode) { + } else if (ODP_IPSEC_OP_MODE_ASYNC == suite_context.inbound_op_mode && + ODP_QUEUE_INVALID == suite_context.cos_queue) { CU_ASSERT_EQUAL(1, odp_ipsec_in_enq(&pkt, 1, ¶m)); - for (i = 0; i < num_out; i++) { - odp_event_t event; + for (i = 0; i < num_out;) { + odp_event_t ev; odp_event_subtype_t subtype; - do { - event = odp_queue_deq(suite_context.queue); - } while (event == ODP_EVENT_INVALID); + ev = odp_queue_deq(suite_context.queue); + if (ODP_EVENT_INVALID != ev) { + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(ev, &subtype)); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, + subtype); + pkto[i++] = odp_ipsec_packet_from_event(ev); + } + } + } else if (ODP_IPSEC_OP_MODE_ASYNC == suite_context.inbound_op_mode && + ODP_QUEUE_INVALID != suite_context.cos_queue) { + CU_ASSERT_EQUAL(1, odp_ipsec_in_enq(&pkt, 1, ¶m)); - CU_ASSERT_EQUAL(ODP_EVENT_PACKET, - odp_event_types(event, &subtype)); - CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, subtype); - pkto[i] = odp_ipsec_packet_from_event(event); + for (i = 0; i < num_out;) { + odp_event_t ev; + odp_event_subtype_t subtype; + + ev = odp_queue_deq(suite_context.queue); + if (ODP_EVENT_INVALID != ev) { + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(ev, &subtype)); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, + subtype); + CU_ASSERT(part->out[i].status.error.all); + pkto[i++] = odp_ipsec_packet_from_event(ev); + } + + ev = odp_queue_deq(suite_context.cos_queue); + if (ODP_EVENT_INVALID != ev) { + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(ev, &subtype)); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, + subtype); + CU_ASSERT(!part->out[i].status.error.all); + pkto[i++] = odp_ipsec_packet_from_event(ev); + } } - } else { + } else if (ODP_IPSEC_OP_MODE_INLINE == suite_context.inbound_op_mode && + ODP_QUEUE_INVALID == suite_context.cos_queue) { odp_queue_t queue; odp_pktout_queue_t pktout; @@ -495,6 +564,63 @@ static int ipsec_send_in_one(const ipsec_test_part *part, continue; } } + } else if (ODP_IPSEC_OP_MODE_INLINE == suite_context.inbound_op_mode && + ODP_QUEUE_INVALID != suite_context.cos_queue) { + odp_queue_t queue; + odp_pktout_queue_t pktout; + + CU_ASSERT_EQUAL_FATAL(1, odp_pktout_queue(suite_context.pktio, + &pktout, 1)); + + CU_ASSERT_EQUAL(1, odp_pktout_send(pktout, &pkt, 1)); + CU_ASSERT_EQUAL_FATAL(1, + odp_pktin_event_queue(suite_context. + pktio, + &queue, 1)); + + for (i = 0; i < num_out;) { + odp_event_t ev; + odp_event_subtype_t subtype; + + ev = odp_queue_deq(suite_context.cos_queue); + if (ODP_EVENT_INVALID != ev) { + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(ev, &subtype)); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, + subtype); + CU_ASSERT(!part->out[i].status.error.all); + + pkto[i++] = odp_ipsec_packet_from_event(ev); + continue; + } + + ev = odp_queue_deq(queue); + if (ODP_EVENT_INVALID != ev) { + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(ev, &subtype)); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_BASIC, + subtype); + CU_ASSERT(part->out[i].status.error.sa_lookup); + + pkto[i++] = odp_ipsec_packet_from_event(ev); + continue; + } + + ev = odp_queue_deq(suite_context.queue); + if (ODP_EVENT_INVALID != ev) { + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(ev, &subtype)); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, + subtype); + CU_ASSERT(!part->out[i].status.error.sa_lookup); + CU_ASSERT(part->out[i].status.error.all); + + pkto[i++] = odp_ipsec_packet_from_event(ev); + continue; + } + } + } else { + CU_FAIL("Unsupported configuration!\n"); } return num_out; @@ -724,14 +850,31 @@ int ipsec_suite_init(void) if (rc == 0) suite_context.pktio = ODP_PKTIO_INVALID; + suite_context.cos = ODP_COS_INVALID; + return rc < 0 ? -1 : 0; } +int ipsec_suite_cos_init(void) +{ + int ret = ipsec_suite_init(); + + if (ret < 0) + return ret; + + suite_context.cos = ipsec_cos_create(); + + return 0; +} + static int ipsec_suite_term(odp_testinfo_t *suite) { int i; int first = 1; + if (suite_context.cos != ODP_COS_INVALID) + ipsec_cos_destroy(); + if (suite_context.pktio != ODP_PKTIO_INVALID) pktio_stop(suite_context.pktio); diff --git a/test/validation/api/ipsec/ipsec.h b/test/validation/api/ipsec/ipsec.h index d1c6854b7..472179f91 100644 --- a/test/validation/api/ipsec/ipsec.h +++ b/test/validation/api/ipsec/ipsec.h @@ -21,6 +21,7 @@ int ipsec_in_inline_init(void); int ipsec_out_inline_init(void); int ipsec_suite_init(void); +int ipsec_suite_cos_init(void); int ipsec_in_term(void); int ipsec_out_term(void); @@ -30,6 +31,8 @@ struct suite_context_s { odp_pool_t pool; odp_queue_t queue; odp_pktio_t pktio; + odp_cos_t cos; + odp_queue_t cos_queue; }; extern struct suite_context_s suite_context; diff --git a/test/validation/api/ipsec/ipsec_async.c b/test/validation/api/ipsec/ipsec_async.c index 796879230..f5d384392 100644 --- a/test/validation/api/ipsec/ipsec_async.c +++ b/test/validation/api/ipsec/ipsec_async.c @@ -32,6 +32,7 @@ static int ipsec_async_init(odp_instance_t *inst) odp_suiteinfo_t ipsec_suites[] = { {"IPsec-in", ipsec_suite_init, ipsec_in_term, ipsec_in_suite}, + {"IPsec-cos-in", ipsec_suite_cos_init, ipsec_in_term, ipsec_in_suite}, {"IPsec-out", ipsec_suite_init, ipsec_out_term, ipsec_out_suite}, ODP_SUITE_INFO_NULL, }; diff --git a/test/validation/api/ipsec/ipsec_inline_in.c b/test/validation/api/ipsec/ipsec_inline_in.c index 2a595353d..c2f6411f0 100644 --- a/test/validation/api/ipsec/ipsec_inline_in.c +++ b/test/validation/api/ipsec/ipsec_inline_in.c @@ -34,6 +34,7 @@ static int ipsec_sync_init(odp_instance_t *inst) odp_suiteinfo_t ipsec_suites[] = { {"IPsec-in", ipsec_suite_init, ipsec_in_term, ipsec_in_suite}, + {"IPsec-cos-in", ipsec_suite_cos_init, ipsec_in_term, ipsec_in_suite}, ODP_SUITE_INFO_NULL, }; From patchwork Sun Nov 12 12:00:17 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118656 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp688009qgn; Sun, 12 Nov 2017 04:16:50 -0800 (PST) X-Google-Smtp-Source: AGs4zMYSs1179nu4V7UAnDjKIocsog+KDy/V56pVS+M42lnbGb40P16PIWtmQUZu+wXEdRvlDxbx X-Received: by 10.237.58.4 with SMTP id n4mr9500267qte.201.1510489010829; Sun, 12 Nov 2017 04:16:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510489010; cv=none; d=google.com; s=arc-20160816; b=FNHlnF4dsmCt1DwSJyc5fshWsLy3GJT3qabOR27gA7XbMAz8mm+TkUTB/fzZmaK+0X 5obGt9d6T25aCI96l6zRjtww2rDk96SbmY8WQPjKlovq4qk48y1Bwo0cFj3keCXNkoCY V4sIkVrPVtnNGBNW3RyQSrY/EJ5lEY16Hxd4AysQLIWHcGVvoNwIEGWU5PiFYQ+5kc5C +F5Ta97MU9nYvMNJzSdc3IYI3qy0IMT1oeJPKBCJ8HR5ysQGLfoSHznKdModqp7Q7qci eIkQ6wSsIU45xncqG5LHMNfCDqiV9RyipHU/t6AF3gdRSAV3fX6p1YPQu3eTHIt1yaWV 3uUA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=AA3hVey/ZwpYL5qOvNWArItq3/X5dQ4lU/xf6m/om4c=; b=Ckm01Fln8JcmDJoseUkcEaOmAzLAej2rbZWc8yDk3/Y4itlFFXwgEUKOJ092nGZ2Cs QL4tCq4b6qitAKSQWW4dUQFEOr6z6aw/AZ0/rrCaIILDKZ8urj8zmQedAbMYn0UN5Cex cQ5mrqiYwbGl+1Fz18M5lYK5rTo1t0/VneQQQVhKbcFRMsVgBmK2tDdHsFdXGcd3ux2K qsUyCYrRuXTHrC4R+W1Oinp2V3rVeNUW6a5tGbbi26nCX3fbKKHTTbXn35OnesrxdKX6 d/k2ge/JvWMUqktePQKNVLFU2PUGtFN2X23jWYhAlAHI950de83hCU+0zk4R7ZTMAaM3 PlUA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id j30si8643270qte.465.2017.11.12.04.16.50; Sun, 12 Nov 2017 04:16:50 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 6AEA860B1A; Sun, 12 Nov 2017 12:16:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id D2DA960C25; Sun, 12 Nov 2017 12:02:32 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 45BB260BEF; Sun, 12 Nov 2017 12:01:55 +0000 (UTC) Received: from forward104j.mail.yandex.net (forward104j.mail.yandex.net [5.45.198.247]) by lists.linaro.org (Postfix) with ESMTPS id 911CF6069A for ; Sun, 12 Nov 2017 12:00:31 +0000 (UTC) Received: from mxback8g.mail.yandex.net (mxback8g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:169]) by forward104j.mail.yandex.net (Yandex) with ESMTP id 3768B471C5 for ; Sun, 12 Nov 2017 15:00:30 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback8g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id xWR9Z2m4Fd-0UpiwthL; Sun, 12 Nov 2017 15:00:30 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3w91frotLT-0TvmxgVC; Sun, 12 Nov 2017 15:00:29 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 15:00:17 +0300 Message-Id: <1510488023-21204-13-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> References: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v12 12/18] linux-gen: ipsec: mark IPsec packets with errors with error flag X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Add new ipsec_err error flag, which is set by IPsec code if there was an error during IPsec packet processing. This allow application code to quickly check packets using odp_packet_has_error() function and use fast path if there was none. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: e8722a0cdda227e01e7d308573aec08112d3c5b0 **/ .../linux-generic/include/odp_packet_internal.h | 1 + platform/linux-generic/odp_ipsec.c | 104 ++++++++++++--------- 2 files changed, 60 insertions(+), 45 deletions(-) diff --git a/platform/linux-generic/include/odp_packet_internal.h b/platform/linux-generic/include/odp_packet_internal.h index fc10d61c8..e62854b1e 100644 --- a/platform/linux-generic/include/odp_packet_internal.h +++ b/platform/linux-generic/include/odp_packet_internal.h @@ -55,6 +55,7 @@ typedef union { uint32_t tcp_err:1; /**< TCP error, checks TBD */ uint32_t udp_err:1; /**< UDP error, checks TBD */ uint32_t l4_chksum:1; /**< L4 checksum error */ + uint32_t ipsec_err:1; /**< IPsec error */ }; } error_flags_t; diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 6b5f5abf2..524ed728f 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -286,6 +286,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, uint8_t ip_ttl; /**< Saved IP TTL value */ uint16_t ip_frag_offset; /**< Saved IP flags value */ odp_crypto_packet_result_t crypto; /**< Crypto operation result */ + odp_packet_hdr_t *pkt_hdr; ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != ip_offset); ODP_ASSERT(NULL != ip); @@ -301,7 +302,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (_ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(ip->frag_offset))) { status->error.proto = 1; - goto out; + goto err; } /* Check IP header for IPSec protocols and look it up */ @@ -311,7 +312,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (odp_packet_copy_to_mem(pkt, ipsec_offset, sizeof(esp), &esp) < 0) { status->error.alg = 1; - goto out; + goto err; } if (ODP_IPSEC_SA_INVALID == sa) { @@ -324,7 +325,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ipsec_sa = _odp_ipsec_sa_lookup(&lookup); if (NULL == ipsec_sa) { status->error.sa_lookup = 1; - goto out; + goto err; } } else { ipsec_sa = _odp_ipsec_sa_use(sa); @@ -332,7 +333,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (ipsec_sa->proto != ODP_IPSEC_ESP || ipsec_sa->spi != odp_be_to_cpu_32(esp.spi)) { status->error.proto = 1; - goto out; + goto err; } } @@ -342,7 +343,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ipsec_sa->esp_iv_len, iv + ipsec_sa->salt_length) < 0) { status->error.alg = 1; - goto out; + goto err; } hdr_len = _ODP_ESPHDR_LEN + ipsec_sa->esp_iv_len; @@ -376,7 +377,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (odp_packet_copy_to_mem(pkt, ipsec_offset, sizeof(ah), &ah) < 0) { status->error.alg = 1; - goto out; + goto err; } if (ODP_IPSEC_SA_INVALID == sa) { @@ -389,7 +390,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ipsec_sa = _odp_ipsec_sa_lookup(&lookup); if (NULL == ipsec_sa) { status->error.sa_lookup = 1; - goto out; + goto err; } } else { ipsec_sa = _odp_ipsec_sa_use(sa); @@ -397,7 +398,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (ipsec_sa->proto != ODP_IPSEC_AH || ipsec_sa->spi != odp_be_to_cpu_32(ah.spi)) { status->error.proto = 1; - goto out; + goto err; } } @@ -431,16 +432,16 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, stats_length = param.auth_range.length; } else { status->error.proto = 1; - goto out; + goto err; } if (_odp_ipsec_sa_replay_precheck(ipsec_sa, odp_be_to_cpu_32(aad.seq_no), status) < 0) - goto out; + goto err; if (_odp_ipsec_sa_stats_precheck(ipsec_sa, status) < 0) - goto out; + goto err; param.session = ipsec_sa->session; @@ -448,14 +449,14 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (rc < 0) { ODP_DBG("Crypto failed\n"); status->error.alg = 1; - goto out; + goto err; } rc = odp_crypto_result(&crypto, pkt); if (rc < 0) { ODP_DBG("Crypto failed\n"); status->error.alg = 1; - goto out; + goto err; } if (!crypto.ok) { @@ -471,16 +472,16 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ODP_CRYPTO_HW_ERR_NONE)) status->error.auth = 1; - goto out; + goto err; } if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) - goto out; + goto err; if (_odp_ipsec_sa_replay_update(ipsec_sa, odp_be_to_cpu_32(aad.seq_no), status) < 0) - goto out; + goto err; ip_offset = odp_packet_l3_offset(pkt); ip = odp_packet_l3_ptr(pkt, NULL); @@ -498,18 +499,18 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (odp_packet_copy_to_mem(pkt, esptrl_offset, sizeof(esptrl), &esptrl) < 0) { status->error.proto = 1; - goto out; + goto err; } if (ip_offset + esptrl.pad_len > esptrl_offset) { status->error.proto = 1; - goto out; + goto err; } if (_odp_packet_cmp_data(pkt, esptrl_offset - esptrl.pad_len, ipsec_padding, esptrl.pad_len) != 0) { status->error.proto = 1; - goto out; + goto err; } ip->proto = esptrl.next_header; @@ -523,7 +524,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (odp_packet_copy_to_mem(pkt, ipsec_offset, sizeof(ah), &ah) < 0) { status->error.alg = 1; - goto out; + goto err; } ip->proto = ah.next_header; @@ -534,12 +535,12 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ip->frag_offset = odp_cpu_to_be_16(ip_frag_offset); } else { status->error.proto = 1; - goto out; + goto err; } if (odp_packet_trunc_tail(&pkt, trl_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode) { @@ -550,7 +551,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (odp_packet_trunc_head(&pkt, ip_hdr_len + hdr_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } } else { odp_packet_move_data(pkt, hdr_len, 0, @@ -558,7 +559,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (odp_packet_trunc_head(&pkt, hdr_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } } @@ -573,15 +574,21 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, _odp_ipv4_csum_update(pkt); } - if (!status->error.all) { - odp_packet_hdr_t *pkt_hdr = odp_packet_hdr(pkt); + pkt_hdr = odp_packet_hdr(pkt); - packet_parse_reset(pkt_hdr); + packet_parse_reset(pkt_hdr); + + packet_parse_l3_l4(pkt_hdr, parse_layer(ipsec_config.inbound.parse), + ip_offset, _ODP_ETHTYPE_IPV4); + + *pkt_out = pkt; + + return ipsec_sa; + +err: + pkt_hdr = odp_packet_hdr(pkt); + pkt_hdr->p.error_flags.ipsec_err = 1; - packet_parse_l3_l4(pkt_hdr, parse_layer(ipsec_config.inbound.parse), - ip_offset, _ODP_ETHTYPE_IPV4); - } -out: *pkt_out = pkt; return ipsec_sa; @@ -620,6 +627,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, uint8_t ip_ttl; /**< Saved IP TTL value */ uint16_t ip_frag_offset; /**< Saved IP flags value */ odp_crypto_packet_result_t crypto; /**< Crypto operation result */ + odp_packet_hdr_t *pkt_hdr; ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != ip_offset); ODP_ASSERT(NULL != ip); @@ -637,7 +645,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, if (ODP_IPSEC_MODE_TRANSPORT == ipsec_sa->mode && _ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(ip->frag_offset))) { status->error.alg = 1; - goto out; + goto err; } if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode) { @@ -673,7 +681,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, if (odp_packet_extend_head(&pkt, _ODP_IPV4HDR_LEN, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } odp_packet_move_data(pkt, 0, _ODP_IPV4HDR_LEN, ip_offset); @@ -719,7 +727,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, 1); /* Check for overrun */ if (ctr == 0) - goto out; + goto err; memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); memcpy(iv + ipsec_sa->salt_length, &ctr, @@ -733,7 +741,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, if (len != ipsec_sa->esp_iv_len) { status->error.alg = 1; - goto out; + goto err; } } @@ -741,12 +749,12 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, if (odp_packet_extend_tail(&pkt, trl_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } if (odp_packet_extend_head(&pkt, hdr_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } odp_packet_move_data(pkt, 0, hdr_len, ipsec_offset); @@ -819,12 +827,12 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, if (odp_packet_extend_tail(&pkt, trl_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } if (odp_packet_extend_head(&pkt, hdr_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } odp_packet_move_data(pkt, 0, hdr_len, ipsec_offset); @@ -866,12 +874,12 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, stats_length = param.auth_range.length; } else { status->error.alg = 1; - goto out; + goto err; } /* No need to run precheck here, we know that packet is authentic */ if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) - goto out; + goto err; param.session = ipsec_sa->session; @@ -879,14 +887,14 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, if (rc < 0) { ODP_DBG("Crypto failed\n"); status->error.alg = 1; - goto out; + goto err; } rc = odp_crypto_result(&crypto, pkt); if (rc < 0) { ODP_DBG("Crypto failed\n"); status->error.alg = 1; - goto out; + goto err; } if (!crypto.ok) { @@ -902,7 +910,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, ODP_CRYPTO_HW_ERR_NONE)) status->error.auth = 1; - goto out; + goto err; } ip = odp_packet_l3_ptr(pkt, NULL); @@ -916,7 +924,13 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, _odp_ipv4_csum_update(pkt); -out: + *pkt_out = pkt; + return ipsec_sa; + +err: + pkt_hdr = odp_packet_hdr(pkt); + + pkt_hdr->p.error_flags.ipsec_err = 1; *pkt_out = pkt; return ipsec_sa; From patchwork Sun Nov 12 12:00:18 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118659 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp689813qgn; Sun, 12 Nov 2017 04:19:05 -0800 (PST) X-Google-Smtp-Source: AGs4zMbjQqEYAaf46u71iUs/fajVjywoYdo1Jz0aLIltWXTwtY47JGehloam0K0GlU5neTU0+tPa X-Received: by 10.200.46.114 with SMTP id s47mr9446267qta.165.1510489145291; Sun, 12 Nov 2017 04:19:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510489145; cv=none; d=google.com; s=arc-20160816; b=R5iEeO8Vg3bkp+6QBGg1uLZWTbIKF5i0BPHfMCAPIRNC/t5SrwpkZ/zCR9s8XVVG50 H2jYY+9pcR4fDaKmHD6NQDBXIIXTonc3Vv8Hr28QaseurnrPlUJw3UEeE//8OOAfSaIT dzc9dW0zUk6U9AT/F/2QxcjZPwz+9tabf8HEq2w3ZQObt5HcL58sZaCwU/ZjR0bTFbrd 8JhQBuvpA3+wL9NlO8sKGGYVPnIY5xyPQZvdtSo3FV4sdXI/qGDWmmMyr85/c24MMhF+ beqTkUptDZIV5XyNC4juucdmDVFTR1iz1uOob5p7MsotFUO/oNOTrRkGFSx5VmPCUJ3X 0iqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=u1n0sQ7etr2ldx7ERhFvk2swHqOniGTBN/wdKAXFtAM=; b=sbhkiq3Zd4gP6ccB0pZJhWMAlLSsjKRCJNovlHf2jFcjncHXjUG2qVnEcNyJu8N8Qm J/vDRqtUMBafXqaJCxBM3WBjUGWLrsZJkKwINCidXmkfMFur3r+9OqaGMt2IG3fls/8t Gt6PYkiek4ZmhCqelriABRfB/w7AATGG5/JpYi2Fd2FlwnCo58VmDkhtW4Q5tkBBFF6J WXITyAC1J6J0KHtTlJiYU84cpdmXoPxfjNej1fN+D6nY2o9b7jeEAGfn2e/aDA/BD/6C 48VG202rhBUuNY3Xz0tvzUCpUzxlResxsdIqchx1Ctics/lWsC6XMzE6sIrUnrQwN5C1 U7PA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id t1si473953qkd.359.2017.11.12.04.19.05; Sun, 12 Nov 2017 04:19:05 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id E9D3D60BDC; Sun, 12 Nov 2017 12:19:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id AAB0560C51; Sun, 12 Nov 2017 12:02:45 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 1D9BE60C10; Sun, 12 Nov 2017 12:02:15 +0000 (UTC) Received: from forward104o.mail.yandex.net (forward104o.mail.yandex.net [37.140.190.179]) by lists.linaro.org (Postfix) with ESMTPS id 4B30260AC8 for ; Sun, 12 Nov 2017 12:00:32 +0000 (UTC) Received: from mxback12j.mail.yandex.net (mxback12j.mail.yandex.net [IPv6:2a02:6b8:0:1619::87]) by forward104o.mail.yandex.net (Yandex) with ESMTP id B6D55707611 for ; Sun, 12 Nov 2017 15:00:30 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback12j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 9aKzDoteXw-0UrWoUX5; Sun, 12 Nov 2017 15:00:30 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3w91frotLT-0Uv0lgNq; Sun, 12 Nov 2017 15:00:30 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 15:00:18 +0300 Message-Id: <1510488023-21204-14-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> References: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v12 13/18] validation: check that erroneous IPsec packets have error flag set X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Verify that odp_packet_has_error() returns true for IPsec packets with error status in result. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: e8722a0cdda227e01e7d308573aec08112d3c5b0 **/ test/validation/api/ipsec/ipsec.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c index 5883f23e2..045718594 100644 --- a/test/validation/api/ipsec/ipsec.c +++ b/test/validation/api/ipsec/ipsec.c @@ -739,6 +739,10 @@ void ipsec_check_in_one(const ipsec_test_part *part, odp_ipsec_sa_t sa) CU_ASSERT_EQUAL(0, odp_ipsec_result(&result, pkto[i])); CU_ASSERT_EQUAL(part->out[i].status.error.all, result.status.error.all); + if (result.status.error.all) + CU_ASSERT(odp_packet_has_error(pkto[i])) + else + CU_ASSERT(!odp_packet_has_error(pkto[i])); CU_ASSERT_EQUAL(suite_context.inbound_op_mode == ODP_IPSEC_OP_MODE_INLINE, result.flag.inline_mode); @@ -778,6 +782,10 @@ void ipsec_check_out_one(const ipsec_test_part *part, odp_ipsec_sa_t sa) CU_ASSERT_EQUAL(0, odp_ipsec_result(&result, pkto[i])); CU_ASSERT_EQUAL(part->out[i].status.error.all, result.status.error.all); + if (result.status.error.all) + CU_ASSERT(odp_packet_has_error(pkto[i])) + else + CU_ASSERT(!odp_packet_has_error(pkto[i])); CU_ASSERT_EQUAL(sa, result.sa); CU_ASSERT_EQUAL(IPSEC_SA_CTX, odp_ipsec_sa_context(sa)); From patchwork Sun Nov 12 12:00:19 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118657 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp688730qgn; Sun, 12 Nov 2017 04:17:41 -0800 (PST) X-Google-Smtp-Source: AGs4zMapzBZ+jC8S4hU1AGb3qVL7+La8dNKvFwpBHJ0QjkxcUP0IXonb/RVHAdnIML6gIONm0XLM X-Received: by 10.55.175.135 with SMTP id y129mr512734qke.128.1510489061596; Sun, 12 Nov 2017 04:17:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510489061; cv=none; d=google.com; s=arc-20160816; b=tJZaWpP5acx7O2F2Ck8V7jZG3TOMwNmW0eIF3Z/SCyrm6BcwPeKVhn6O4KTrPhkG2V FUGOZDHZM+kVi1BMdQLcg/1GUZjmyON36PLFJs1EObtt6DDA52XH3rKEFPHpInTmeA+n 99vmKq1LgbZho2RAUV7MeuSEZegCcFR4eR7F6CNEAYeX1rYT6Na/ShOAKsEJUWPxsr/u qFzGOTD5MrEvK/HD6NUxxAEGU/qBRq6YnpDE63oHSHdyfKf66RkcCljs+6S1s+Gmv1Qu 8CvqV2aOiwqh5Ty9kg6rZ/hEETcPdWCG48RpIDSSQ8Ihti/XcqoDGhxM/XJr4TgbQG+3 0gjA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=vqhZq8f2bViyKVbnN2/6Rq4keJLLw/nlYF+e74jaxA8=; b=vZmMRXs3t7fDcf7NWovSZS9UW7LaiLOMPeDHKttxrK1XT6+qDCcwVf9GEuw8eMwsNN w1HuxFi9kgxtzzHBs0NQC6jkGNNChxMIM78JOYmbgqJjDnRDg2tNx22RAjsSk2f16p8j uJzIC3yzwDLma2XHIjT0RJTvl02JdR9htbaxXjDlg8YgT1Ft4ssb3anfavo0RTNtu8lw YLVCcUtzmV+sZAh93HBojmeEshaScXnbBQbTGx/ihcb30ois32kBqPiA1mHaKz+B/Swh akVgvHsYiRHqm/q1JIpSZQWyS0YMU5qrlxjgXrYbmf43LqDg4ldMCAT+D0zEjeRyn22H wfzQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id g16si3491557qtk.436.2017.11.12.04.17.41; Sun, 12 Nov 2017 04:17:41 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 3B31860609; Sun, 12 Nov 2017 12:17:41 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 1F1B160A12; Sun, 12 Nov 2017 12:02:39 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 6CD1F60C0F; Sun, 12 Nov 2017 12:02:14 +0000 (UTC) Received: from forward106p.mail.yandex.net (forward106p.mail.yandex.net [77.88.28.109]) by lists.linaro.org (Postfix) with ESMTPS id 4A2DA60A76 for ; Sun, 12 Nov 2017 12:00:32 +0000 (UTC) Received: from mxback14g.mail.yandex.net (mxback14g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:93]) by forward106p.mail.yandex.net (Yandex) with ESMTP id 3CCE52D86BD0 for ; Sun, 12 Nov 2017 15:00:31 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback14g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id hc0lTRJJur-0VBqx4nN; Sun, 12 Nov 2017 15:00:31 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3w91frotLT-0UvmCCOD; Sun, 12 Nov 2017 15:00:30 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 15:00:19 +0300 Message-Id: <1510488023-21204-15-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> References: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v12 14/18] linux-gen: ipsec: validate ip header total length X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Check that IP packet length from the header is not bogus. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: e8722a0cdda227e01e7d308573aec08112d3c5b0 **/ platform/linux-generic/odp_ipsec.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 524ed728f..49bacae01 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -300,6 +300,11 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ipsec_offset = ip_offset + ip_hdr_len; + if (odp_be_to_cpu_16(ip->tot_len) + ip_offset > odp_packet_len(pkt)) { + status->error.alg = 1; + goto err; + } + if (_ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(ip->frag_offset))) { status->error.proto = 1; goto err; @@ -648,6 +653,11 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, goto err; } + if (odp_be_to_cpu_16(ip->tot_len) + ip_offset > odp_packet_len(pkt)) { + status->error.alg = 1; + goto err; + } + if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode) { _odp_ipv4hdr_t out_ip; uint16_t tot_len; From patchwork Sun Nov 12 12:00:20 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118658 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp689481qgn; Sun, 12 Nov 2017 04:18:35 -0800 (PST) X-Google-Smtp-Source: AGs4zMauUB0/5G/MvcwD3+7otmiXOU6VE+rUVymVOLqGT1y5ENq2Tb/r/CTTybKjFU9s7cDtklKC X-Received: by 10.200.24.235 with SMTP id o40mr7576862qtk.91.1510489115540; Sun, 12 Nov 2017 04:18:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510489115; cv=none; d=google.com; s=arc-20160816; b=L+n3MLGls4C6qoC1IcG96tPhLfiS5DFt80Ue8iyI6sz/gC9M4dVY6SicEwr8FnY0e5 tb8hIntZZGv/GyUCwPuNxFkDCtPqYopWP1PrBerPxF3LEEtpl4vpoGTQ7NlQaCTiEKyH 4LrP9CnYGXCsAq27w71B6bfUpMf/CjETAtCXbZeIoiV0zPhsxjfsNCSn8SGp+1buOxcr tAs9Mf4rPrJC9gi7tKWNeYRELmq98olpKZWHqMgEF3tymE742Hbo+VPtJRdhS68s+BHd AioK8xO1lHJQPgktpE7gvlTDbXny7X2aqYOQK670mKp7mTG927bUGBOygzZm9qr+C2Bu ibFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=wpdKXjBVUkXDwCHvY9+o4NbljWxq+WX8alDz1LQheOY=; b=EvhxpLgcVINX7Wrr8MmUcG/0GWK67b9hwcpPGS5IATzBKS792wzB8B8r/OUJ08JKbN iAyeK69eboaw1zfdoSYCG/q575KDg7HEjZLaLa3iJtfMXdyrHRoH0Z6TGrLtTJbWVIyP ksBrZHnPJ9XHiil1qrwfg93/AQJcHJYowNZGzFiBSRluPKjMJ/YiP4kMji664bli23BF AVTPd+4FzdOLUm7iTEmJZhvmDI+5A21cVGsUwD5UsbrGRSV2IJ0meuJFT2+RRvxpCziJ rl4zIIcvXkyw/2NBo6RDa98CMAP2wKsB/fpSDkX44wt5KoSakaZf4gb1BKz0/aU5Gg5o xm3A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id p64si12824888qkc.266.2017.11.12.04.18.35; Sun, 12 Nov 2017 04:18:35 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 3B36960B65; Sun, 12 Nov 2017 12:18:35 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 658FE60C2F; Sun, 12 Nov 2017 12:02:42 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id A4C7660ABB; Sun, 12 Nov 2017 12:02:14 +0000 (UTC) Received: from forward106j.mail.yandex.net (forward106j.mail.yandex.net [5.45.198.249]) by lists.linaro.org (Postfix) with ESMTPS id A73A0606A4 for ; Sun, 12 Nov 2017 12:00:32 +0000 (UTC) Received: from mxback3g.mail.yandex.net (mxback3g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:164]) by forward106j.mail.yandex.net (Yandex) with ESMTP id 9CDC9180804E for ; Sun, 12 Nov 2017 15:00:31 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback3g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 3sBhJdQo0U-0Vg4drgM; Sun, 12 Nov 2017 15:00:31 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3w91frotLT-0Vvm45NA; Sun, 12 Nov 2017 15:00:31 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 15:00:20 +0300 Message-Id: <1510488023-21204-16-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> References: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v12 15/18] linux-gen: ipsec: correct frag_offset for tunneled packets X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Generated outer header should have frag_offset = 0, MF = 0. Change code accordingly. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: e8722a0cdda227e01e7d308573aec08112d3c5b0 **/ platform/linux-generic/odp_ipsec.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 49bacae01..832c62c94 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -677,10 +677,10 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, out_ip.id = odp_atomic_fetch_add_u32(&ipsec_sa->out.tun_hdr_id, 1); if (ipsec_sa->copy_df) - out_ip.frag_offset = ip->frag_offset; + out_ip.frag_offset = ip->frag_offset & 0x4000; else - out_ip.frag_offset = (ip->frag_offset & ~0x4000) | - (ipsec_sa->out.tun_df << 14); + out_ip.frag_offset = + ((uint16_t)ipsec_sa->out.tun_df) << 14; out_ip.ttl = ipsec_sa->out.tun_ttl; out_ip.proto = _ODP_IPV4; /* Will be filled later by packet checksum update */ From patchwork Sun Nov 12 12:00:21 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118660 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp690175qgn; Sun, 12 Nov 2017 04:19:34 -0800 (PST) X-Google-Smtp-Source: AGs4zMbXzIUHu/4y+Q6DqaNWqtEQCiyeK2nD7k1e0/++4+1GnoYdjq7cYySWwWR32x/ei+bCf4tV X-Received: by 10.200.43.146 with SMTP id m18mr8877208qtm.99.1510489174662; Sun, 12 Nov 2017 04:19:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510489174; cv=none; d=google.com; s=arc-20160816; b=xF5EuGZ+3C7bRCHP/gJtQSaJFMhTH3g1fp+HFPsprousdrIIrsJxsQNRcIxhJEexE4 0OZZiu6mc59dvf1ZpMsrpD9chOJH2MRXdJ4iinp/uQlWDI/O0PB8Ph3RzNO/vhP46hNL gbH+Z4otaGKgZ3SYzBcUlfX8TrwzFoDhRZK5fN9DaQjnj3Zcj3/yGyT6riabJL9oiEeS kAykyXaDrTM25OeXIUuYDBWaG89MrlDT1ih/m+UiJx9x4JeXNIn3mbWvUqMTe7dOyXN6 G7Aq8AuNDdHFfqFra36OUH4vkys3OxMWISPC5YG+Zq85BHhSq0eOUFy4+jckkeyJ1EIJ s8DA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=8nv605DPDIIZyo7hPw/ahQD0XpMFZFOnP1nyaDc0xyY=; b=bTeb3sTLMFDyvm9q6j+rexkzG0eemTdqLRiobD7cFJ7q+gXtH2TsRGd311y3E5O59C 3T6bzW6/ndvT6/WgwewEl02GmGriE9cY7rv2LC4V3gK826nte70H5EXtmcH7PRN1Tue3 0AXRPqO7QD0KKXqVzWFJnbUQL79CyEJnyMSKzTaqcQ5KgnFmLfDOVxZQJh+N0wp19XDD EgS/UruJXxL8i9Gb3kL6A1Db4ij5MUVovz7n/LRDr2t7vnluLG1Rqvlor2/C/c0QiwLJ KqzdNt4EGBS1+XFKN+yJakEbaI9wB+BFtat4HUAOwbDbuDO1hCuFhzXsWIs2s/I1uOK2 lgLA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id t126si7604543qkc.467.2017.11.12.04.19.34; Sun, 12 Nov 2017 04:19:34 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 5460D60BD7; Sun, 12 Nov 2017 12:19:34 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id EE11860C4E; Sun, 12 Nov 2017 12:02:47 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 56E8460C10; Sun, 12 Nov 2017 12:02:16 +0000 (UTC) Received: from forward102j.mail.yandex.net (forward102j.mail.yandex.net [5.45.198.243]) by lists.linaro.org (Postfix) with ESMTPS id 56D5A60AC0 for ; Sun, 12 Nov 2017 12:00:33 +0000 (UTC) Received: from mxback18j.mail.yandex.net (mxback18j.mail.yandex.net [IPv6:2a02:6b8:0:1619::94]) by forward102j.mail.yandex.net (Yandex) with ESMTP id ED26F56088CB for ; Sun, 12 Nov 2017 15:00:31 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback18j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id PiRlFrqLu7-0VZu5KvR; Sun, 12 Nov 2017 15:00:31 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3w91frotLT-0Vv0O8YH; Sun, 12 Nov 2017 15:00:31 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 15:00:21 +0300 Message-Id: <1510488023-21204-17-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> References: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v12 16/18] linux-gen: ipsec: don't leak SA on creation error X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Some paths during odp_ipsec_sa_create() can lead to SA leakage. Fix them by always releasing SA in error case. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: e8722a0cdda227e01e7d308573aec08112d3c5b0 **/ platform/linux-generic/odp_ipsec_sad.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 0bcc20b86..4e867c797 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -310,7 +310,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->icv_len = 16; break; default: - return ODP_IPSEC_SA_INVALID; + goto error; } switch (crypto_param.cipher_alg) { @@ -343,7 +343,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) crypto_param.iv.length = 12; break; default: - return ODP_IPSEC_SA_INVALID; + goto error; } if (1 == ipsec_sa->use_counter_iv && From patchwork Sun Nov 12 12:00:22 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118661 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp690522qgn; Sun, 12 Nov 2017 04:20:02 -0800 (PST) X-Google-Smtp-Source: AGs4zMaPEM+aT/y54ZJO6klOcoKjFILPhJ/R6F9jKmr0Rxg8wx4dhGdC3mjN1SP3/tVUvK/RI0cl X-Received: by 10.200.63.209 with SMTP id v17mr1735831qtk.242.1510489202717; Sun, 12 Nov 2017 04:20:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510489202; cv=none; d=google.com; s=arc-20160816; b=YskR5qK3ih5mjMryg+PSoosn/nWuDl7m3QbSksXKOn321CXG04jnCs784lSWCS40Ww +6oYXvPHFi6Lij1tNAJ1qFuKAXNsQpPLjA8TGLg1C/rMCWv5ANM7yYatb8bUkclvA1lj 9sD/3baHQfbyOF5ZNJu0cmVErro1tmfs5om25fJqj1SVi4nkRXDdA7Ytlb8p+HJI5rgo 2OS4c0sKgyVLxOVk0z5pOrMBFCUUok2H6h8qGfR4KFLGKJBifAUY0kLSQzCdgLAGTHNo eisMO/1+bUrDyGSqNGwNBefaWb87YVP5hFgt4+BlfpppEW+uz2Rc1nsIauTmCOmk6Hxi K6Sw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=jmTxEPLzJmhSVGzGse2wWi5XEbF4Toq9V2JEZFssSec=; b=OKJXZv/ErX0VcvbA4EdlhiAU2+lLUjF3yf9G+BiRSGVyMYy4zVIiBoD7XFKW6kkDE/ d5+Y78xDpDkoNBINo4cqwBJaovR+b/nfMLpg8vCuPiCo6W3P+L/XIgioGqtWuq6ZYPY0 dWBn/i8AY6dw9MeDMWn9do0Ix40F/+SMYyJMSVinSMioWBN5Z7uKLm1fnDDvVFa0lb7h pneSQYKsaSn7JhCnx/kLR4/Gx01fw5gAoRLTIk1b+Bt2sob+zJwX9FnvzzTVFgJfKqhn 2z5s8F/Fa/QOCUWdb2aMcnybvDL6run0Dh4UpMCB0KypKSTaTSyVM5luynPTHgGGg0gp Oisg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id q29si1740909qkq.36.2017.11.12.04.20.02; Sun, 12 Nov 2017 04:20:02 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 6AC2560BDC; Sun, 12 Nov 2017 12:20:02 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 4B00A60C6A; Sun, 12 Nov 2017 12:02:51 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 9A30660C0F; Sun, 12 Nov 2017 12:02:17 +0000 (UTC) Received: from forward102p.mail.yandex.net (forward102p.mail.yandex.net [77.88.28.102]) by lists.linaro.org (Postfix) with ESMTPS id 5711D60AC6 for ; Sun, 12 Nov 2017 12:00:33 +0000 (UTC) Received: from mxback4g.mail.yandex.net (mxback4g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:165]) by forward102p.mail.yandex.net (Yandex) with ESMTP id 4FFC243083B6 for ; Sun, 12 Nov 2017 15:00:32 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback4g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 9awP6QJcpL-0WNetOZ1; Sun, 12 Nov 2017 15:00:32 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3w91frotLT-0VvagY1i; Sun, 12 Nov 2017 15:00:32 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 15:00:22 +0300 Message-Id: <1510488023-21204-18-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> References: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v12 17/18] linux-gen: ipsec: add AES-CTR cipher support X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Add support for encrypting packets with AES-CTR cipher. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: e8722a0cdda227e01e7d308573aec08112d3c5b0 **/ platform/linux-generic/include/odp_ipsec_internal.h | 1 + platform/linux-generic/odp_ipsec.c | 13 +++++++++++++ platform/linux-generic/odp_ipsec_sad.c | 7 +++++++ 3 files changed, 21 insertions(+) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index 81ecec08e..cfedb7c08 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -128,6 +128,7 @@ struct ipsec_sa_s { unsigned dec_ttl : 1; unsigned copy_dscp : 1; unsigned copy_df : 1; + unsigned aes_ctr_iv : 1; /* Only for outbound */ unsigned use_counter_iv : 1; diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 832c62c94..24b14dc83 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -351,6 +351,13 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto err; } + if (ipsec_sa->aes_ctr_iv) { + iv[12] = 0; + iv[13] = 0; + iv[14] = 0; + iv[15] = 1; + } + hdr_len = _ODP_ESPHDR_LEN + ipsec_sa->esp_iv_len; trl_len = _ODP_ESPTRL_LEN + ipsec_sa->icv_len; @@ -743,6 +750,12 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, memcpy(iv + ipsec_sa->salt_length, &ctr, ipsec_sa->esp_iv_len); + if (ipsec_sa->aes_ctr_iv) { + iv[12] = 0; + iv[13] = 0; + iv[14] = 0; + iv[15] = 1; + } } else if (ipsec_sa->esp_iv_len) { uint32_t len; diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 4e867c797..72647045c 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -333,6 +333,13 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->esp_block_len = 16; crypto_param.iv.length = 16; break; + case ODP_CIPHER_ALG_AES_CTR: + ipsec_sa->use_counter_iv = 1; + ipsec_sa->aes_ctr_iv = 1; + ipsec_sa->esp_iv_len = 8; + ipsec_sa->esp_block_len = 16; + crypto_param.iv.length = 16; + break; #if ODP_DEPRECATED_API case ODP_CIPHER_ALG_AES128_GCM: #endif From patchwork Sun Nov 12 12:00:23 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118662 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp690902qgn; Sun, 12 Nov 2017 04:20:31 -0800 (PST) X-Google-Smtp-Source: AGs4zMYkMAkhat817r/qSTRMSoOE4pHAJw+JdrdiUnc0ppwfAAOOnwppRRWTd5XTgf6dwkCtZNTm X-Received: by 10.237.34.88 with SMTP id o24mr9093784qtc.191.1510489231766; Sun, 12 Nov 2017 04:20:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510489231; cv=none; d=google.com; s=arc-20160816; b=zU+9SSRspcpugphCyDyBz5jRcKB9I0JDBLLjpAgKan2WkQQsQxTwnaTe4MULeR6J2V vWp6I8qGVr9OtPdDBUJvX1Ln5BLEYhIYAm3epnzCWHWJaK8n8tJgjSyH+wGKvUYO9Q1K Drcpz0BYNRFeuhxxh3KqVs4VuHbibC3kqouKOqJ0tjA7pKLYYIAKYQ8pwPXQCVT790hF pam4jv0RtJTKafT3JvrYHjoFD2T6HHbAJC19/ii0s6a//8OoXSmrXkRr0mvHMILFWh94 dCdyXeaLZHqk//lXSRvSe+fGIF+GN+5m6H/3D+tng630Kw0v99K33J5l3JrO12byVtfn j+7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=wDToaXnzlDp1VAq6RahAJiGD9dNADh5M2jsZZYVEgG4=; b=Ua3ucb++OJGhJR0Zw0myAo+fatrB3DNkpFSi0+gkuN7JKWBK70N3Oetp2nqxe/CSUQ jD4VsHduxJUQGgYg1+IJrCkkZ24jzGVAerwANG1KrJDomUXrTipSwyk5M+dCBvKGEtn2 B6ysQ8zwdc85aZNAQ3HS35ws2WRemErI4BzG1OYDkP9YrmLpY4pNM+o3OtTOtu2rJALa hm/ooqQ9K/Hf83A7DQiClBhaxobd4Gmvb2uZCUQCuGQMfoEgLYQmexhWuo5hTR3tYsxp mhFHAfkSfQM9QRzrEDDBH82nEsMNbMOjjDmQ1p1iRUYhWJpl5GGsirUBT32fzE7B4/FL EVKw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id u1si1469751qtj.50.2017.11.12.04.20.31; Sun, 12 Nov 2017 04:20:31 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 6AD7A60749; Sun, 12 Nov 2017 12:20:31 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id E5ECE60D1A; Sun, 12 Nov 2017 12:02:55 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 4AC9C60C0F; Sun, 12 Nov 2017 12:02:19 +0000 (UTC) Received: from forward101p.mail.yandex.net (forward101p.mail.yandex.net [77.88.28.101]) by lists.linaro.org (Postfix) with ESMTPS id DDDA460749 for ; Sun, 12 Nov 2017 12:00:34 +0000 (UTC) Received: from mxback15j.mail.yandex.net (mxback15j.mail.yandex.net [IPv6:2a02:6b8:0:1619::91]) by forward101p.mail.yandex.net (Yandex) with ESMTP id E00786A88599 for ; Sun, 12 Nov 2017 15:00:32 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback15j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id xa96pvYE3X-0WiqdJ9k; Sun, 12 Nov 2017 15:00:32 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3w91frotLT-0WvCHqIK; Sun, 12 Nov 2017 15:00:32 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 15:00:23 +0300 Message-Id: <1510488023-21204-19-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> References: <1510488023-21204-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v12 18/18] validation: ipsec: add AES-CTR tests X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: e8722a0cdda227e01e7d308573aec08112d3c5b0 **/ test/validation/api/ipsec/ipsec.c | 10 +++++++ test/validation/api/ipsec/ipsec.h | 1 + test/validation/api/ipsec/ipsec_test_in.c | 32 ++++++++++++++++++++++ test/validation/api/ipsec/ipsec_test_out.c | 44 ++++++++++++++++++++++++++++++ test/validation/api/ipsec/test_vectors.h | 39 ++++++++++++++++++++++++++ 5 files changed, 126 insertions(+) diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c index 045718594..97d58a7f2 100644 --- a/test/validation/api/ipsec/ipsec.c +++ b/test/validation/api/ipsec/ipsec.c @@ -202,6 +202,10 @@ int ipsec_check(odp_bool_t ah, if (!capa.ciphers.bit.aes_cbc) return ODP_TEST_INACTIVE; break; + case ODP_CIPHER_ALG_AES_CTR: + if (!capa.ciphers.bit.aes_ctr) + return ODP_TEST_INACTIVE; + break; case ODP_CIPHER_ALG_AES_GCM: if (!capa.ciphers.bit.aes_gcm) return ODP_TEST_INACTIVE; @@ -293,6 +297,12 @@ int ipsec_check_esp_aes_cbc_128_sha256(void) ODP_AUTH_ALG_SHA256_HMAC); } +int ipsec_check_esp_aes_ctr_128_null(void) +{ + return ipsec_check_esp(ODP_CIPHER_ALG_AES_CTR, 128, + ODP_AUTH_ALG_NULL); +} + int ipsec_check_esp_aes_gcm_128(void) { return ipsec_check_esp(ODP_CIPHER_ALG_AES_GCM, 128, diff --git a/test/validation/api/ipsec/ipsec.h b/test/validation/api/ipsec/ipsec.h index 472179f91..a008dce68 100644 --- a/test/validation/api/ipsec/ipsec.h +++ b/test/validation/api/ipsec/ipsec.h @@ -86,6 +86,7 @@ int ipsec_check_ah_sha256(void); int ipsec_check_esp_null_sha256(void); int ipsec_check_esp_aes_cbc_128_null(void); int ipsec_check_esp_aes_cbc_128_sha256(void); +int ipsec_check_esp_aes_ctr_128_null(void); int ipsec_check_esp_aes_gcm_128(void); int ipsec_check_esp_aes_gcm_256(void); diff --git a/test/validation/api/ipsec/ipsec_test_in.c b/test/validation/api/ipsec/ipsec_test_in.c index 598a83e3f..8c883262a 100644 --- a/test/validation/api/ipsec/ipsec_test_in.c +++ b/test/validation/api/ipsec/ipsec_test_in.c @@ -191,6 +191,36 @@ static void test_in_esp_aes_cbc_sha256(void) ipsec_sa_destroy(sa); } +static void test_in_esp_aes_ctr_null(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_AES_CTR, &key_a5_128, + ODP_AUTH_ALG_NULL, NULL, + &key_mcgrew_gcm_salt_3); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_aes_ctr_null_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void test_in_lookup_ah_sha256(void) { odp_ipsec_sa_param_t param; @@ -987,6 +1017,8 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_esp_aes_cbc_128_null), ODP_TEST_INFO_CONDITIONAL(test_in_esp_aes_cbc_sha256, ipsec_check_esp_aes_cbc_128_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_esp_aes_ctr_null, + ipsec_check_esp_aes_ctr_128_null), ODP_TEST_INFO_CONDITIONAL(test_in_lookup_ah_sha256, ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_lookup_esp_null_sha256, diff --git a/test/validation/api/ipsec/ipsec_test_out.c b/test/validation/api/ipsec/ipsec_test_out.c index 39a3c30ff..b543271bf 100644 --- a/test/validation/api/ipsec/ipsec_test_out.c +++ b/test/validation/api/ipsec/ipsec_test_out.c @@ -277,6 +277,48 @@ static void test_out_esp_aes_cbc_sha256(void) ipsec_sa_destroy(sa); } +static void test_out_esp_aes_ctr_null(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + odp_ipsec_sa_t sa2; + + ipsec_sa_param_fill(¶m, + false, false, 123, NULL, + ODP_CIPHER_ALG_AES_CTR, &key_a5_128, + ODP_AUTH_ALG_NULL, NULL, + &key_mcgrew_gcm_salt_3); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_AES_CTR, &key_a5_128, + ODP_AUTH_ALG_NULL, NULL, + &key_mcgrew_gcm_salt_3); + + sa2 = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_out_in_one(&test, sa, sa2); + + ipsec_sa_destroy(sa2); + ipsec_sa_destroy(sa); +} + static void test_out_esp_aes_gcm128(void) { odp_ipsec_sa_param_t param; @@ -342,6 +384,8 @@ odp_testinfo_t ipsec_out_suite[] = { ipsec_check_esp_aes_cbc_128_null), ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_cbc_sha256, ipsec_check_esp_aes_cbc_128_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_ctr_null, + ipsec_check_esp_aes_ctr_128_null), ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_gcm128, ipsec_check_esp_aes_gcm_128), ODP_TEST_INFO_NULL, diff --git a/test/validation/api/ipsec/test_vectors.h b/test/validation/api/ipsec/test_vectors.h index 593a8f450..fbf7d366c 100644 --- a/test/validation/api/ipsec/test_vectors.h +++ b/test/validation/api/ipsec/test_vectors.h @@ -583,6 +583,45 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_sha256_1 = { }, }; +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_ctr_null_1 = { + .len = 162, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x94, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x32, 0xab, 0xe2, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* IV */ + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + + /* data */ + 0x39, 0xab, 0xe5, 0xae, 0x74, 0x57, 0x76, 0x7f, + 0x1d, 0x1f, 0xce, 0xe8, 0xca, 0xf1, 0x87, 0xf5, + 0xfd, 0x9e, 0x1d, 0x20, 0x38, 0x30, 0x8a, 0xe5, + 0xb9, 0x55, 0x80, 0x7b, 0xfd, 0x9d, 0xb9, 0x99, + 0x85, 0xcd, 0xb5, 0x30, 0x86, 0xaa, 0xe1, 0x7a, + 0x69, 0xe5, 0xfa, 0x38, 0xf3, 0x0f, 0x91, 0x18, + 0x75, 0x7b, 0x5f, 0x4e, 0x69, 0x17, 0xaa, 0xe7, + 0x84, 0x6c, 0x40, 0x31, 0xec, 0x87, 0x4c, 0x8c, + 0xb3, 0xb4, 0x9f, 0x7e, 0xea, 0x83, 0x6f, 0xc6, + 0x11, 0xd5, 0xce, 0xbe, 0x65, 0x37, 0x1c, 0xb6, + 0xd3, 0xcb, 0x51, 0xa8, 0xa4, 0x0e, 0x3e, 0xe6, + 0x26, 0xd8, 0x17, 0xec, 0x8b, 0xca, 0x79, 0x96, + 0xa0, 0xcd, 0x6f, 0xdd, 0x9e, 0xe9, 0x6a, 0xc0, + 0xf2, 0x6c, 0xdb, 0xfd, 0x99, 0xa2, 0xb5, 0xbf, + }, +}; + static const ODP_UNUSED ipsec_test_packet pkt_rfc3602_5 = { .len = 98, .l2_offset = 0,