From patchwork Sun Nov 12 22:59:58 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118668 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1150894qgn; Sun, 12 Nov 2017 15:01:18 -0800 (PST) X-Google-Smtp-Source: AGs4zMZDC3FZhcHM1wsf/5lwqnbBFDVG66ebUu0JyjIFhtEDSndr41BEPrQpVNWL4HkL6rWdPAuz X-Received: by 10.55.78.72 with SMTP id c69mr11139659qkb.105.1510527678418; Sun, 12 Nov 2017 15:01:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510527678; cv=none; d=google.com; s=arc-20160816; b=JWpbxQi5P90gdX3tXfe277SDmZgFiIssz7JUVwwvvs39DWGgfl47X2uBUYm2iUAdB5 6SAlXdkiOVIbcq5G1vmM9vy2Y70Nx/t0OXzsH1aqf4A2Jr1int0yNtyEhtl7s2sl9iUB agDvrSghHV7sYxW7dvabRs++KysjYcbS8hmhngHabqVctmixxcPJ6TRfuSUk+lhInyPR +JEAqswB2E2zsgZ5U1mgmSlLgsYsOggHn5UaYXDUuKGAB9sOFSagou/jotGk/NEZDOc0 ZwtXBU9ptfNK1HzDwtL15fqob/KhF5R4Gta6MW1mBVRMh0x0O6Px25/gHPsU/LAR2NpA lx+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=e5PsBSdLRubzGe3tf9CzLDQV1KwdXUNMpfjxE9JtxuQ=; b=tj+BmBfoxiwG2YQJnO/fnVe1VBucS5EAVawpM9v+WIzolttwEcOcobrZ9sHxqo7cRI fL4yFeF0EXv6ipeMWsaLhn9WriKYlCEfmsq5FV8L8O0hIEBzt82hHAaatwHw+UHjNITE 0Gbuzp99KpY/vs5qWI2uodQLW5yaZTjKl8NJgjr9PzlszazWXDtnSsm9kDMTRltJKgem /bbPNlP7lwkvb2bp1GjQR1ptLpMCfSOsmb8HJtnG7/LvJ/yWFCpPaiDgtpAFPO+tBSRL +fbVsIIr/OMWm+AMHRGHhukA74/Hut15ZBeGdUBLXeRd76EZOiwx2bIN5M03UcXFsvvm E/Yg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id p125si1675893qkd.145.2017.11.12.15.01.18; Sun, 12 Nov 2017 15:01:18 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 2577F60BE0; Sun, 12 Nov 2017 23:01:18 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 87DC46071A; Sun, 12 Nov 2017 23:00:35 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id AEBC66071A; Sun, 12 Nov 2017 23:00:20 +0000 (UTC) Received: from forward103o.mail.yandex.net (forward103o.mail.yandex.net [37.140.190.177]) by lists.linaro.org (Postfix) with ESMTPS id AEAC360654 for ; Sun, 12 Nov 2017 23:00:18 +0000 (UTC) Received: from mxback2g.mail.yandex.net (mxback2g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:163]) by forward103o.mail.yandex.net (Yandex) with ESMTP id 17CEF588E313 for ; Mon, 13 Nov 2017 02:00:17 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback2g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id m4sCcT89II-0HIueBOe; Mon, 13 Nov 2017 02:00:17 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3gEL078gGO-0GjO8sG5; Mon, 13 Nov 2017 02:00:16 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 01:59:58 +0300 Message-Id: <1510527615-30536-2-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> References: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v13 1/18] linux-gen: ipsec: use counter instead of random IV for GCM X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Reusing IV block with GCM results in disastrous consequences. Use counter instead of random-generated IV to remove possibility for IV reuse. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 7261a0ce35cc31342937cb57dcc287aea0c59ede **/ .../linux-generic/include/odp_ipsec_internal.h | 16 ++++++++++--- platform/linux-generic/odp_ipsec.c | 28 +++++++++++++++------- platform/linux-generic/odp_ipsec_sad.c | 9 +++++++ 3 files changed, 42 insertions(+), 11 deletions(-) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index 1340ca7bd..afc2f686e 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -118,9 +118,17 @@ struct ipsec_sa_s { uint8_t salt[IPSEC_MAX_SALT_LEN]; uint32_t salt_length; - unsigned dec_ttl : 1; - unsigned copy_dscp : 1; - unsigned copy_df : 1; + union { + unsigned flags; + struct { + unsigned dec_ttl : 1; + unsigned copy_dscp : 1; + unsigned copy_df : 1; + + /* Only for outbound */ + unsigned use_counter_iv : 1; + }; + }; union { struct { @@ -136,6 +144,8 @@ struct ipsec_sa_s { odp_atomic_u32_t tun_hdr_id; odp_atomic_u32_t seq; + odp_atomic_u64_t counter; /* for CTR/GCM */ + uint8_t tun_ttl; uint8_t tun_dscp; uint8_t tun_df; diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index e57736c2a..6a731e999 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -676,23 +676,36 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, ip_data_len + ipsec_sa->icv_len; - if (ipsec_sa->esp_iv_len) { + if (ipsec_sa->use_counter_iv) { + uint64_t ctr; + + /* Both GCM and CTR use 8-bit counters */ + ODP_ASSERT(sizeof(ctr) == ipsec_sa->esp_iv_len); + + ctr = odp_atomic_fetch_add_u64(&ipsec_sa->out.counter, + 1); + /* Check for overrun */ + if (ctr == 0) + goto out; + + memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); + memcpy(iv + ipsec_sa->salt_length, &ctr, + ipsec_sa->esp_iv_len); + + } else if (ipsec_sa->esp_iv_len) { uint32_t len; - len = odp_random_data(iv + ipsec_sa->salt_length, - ipsec_sa->esp_iv_len, + len = odp_random_data(iv, ipsec_sa->esp_iv_len, ODP_RANDOM_CRYPTO); if (len != ipsec_sa->esp_iv_len) { status->error.alg = 1; goto out; } - - memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); - - param.override_iv_ptr = iv; } + param.override_iv_ptr = iv; + if (odp_packet_extend_tail(&pkt, trl_len, NULL, NULL) < 0) { status->error.alg = 1; goto out; @@ -734,7 +747,6 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, odp_packet_copy_from_mem(pkt, ipsec_offset, _ODP_ESPHDR_LEN, &esp); - memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); odp_packet_copy_from_mem(pkt, ipsec_offset + _ODP_ESPHDR_LEN, ipsec_sa->esp_iv_len, diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index f0b5b9e4a..dc338bfcd 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -207,6 +207,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->context = param->context; ipsec_sa->queue = param->dest_queue; ipsec_sa->mode = param->mode; + ipsec_sa->flags = 0; if (ODP_IPSEC_DIR_INBOUND == param->dir) { ipsec_sa->in.lookup_mode = param->inbound.lookup_mode; if (ODP_IPSEC_LOOKUP_DSTADDR_SPI == ipsec_sa->in.lookup_mode) @@ -298,11 +299,13 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) case ODP_CIPHER_ALG_NULL: ipsec_sa->esp_iv_len = 0; ipsec_sa->esp_block_len = 1; + crypto_param.iv.length = 0; break; case ODP_CIPHER_ALG_DES: case ODP_CIPHER_ALG_3DES_CBC: ipsec_sa->esp_iv_len = 8; ipsec_sa->esp_block_len = 8; + crypto_param.iv.length = 8; break; #if ODP_DEPRECATED_API case ODP_CIPHER_ALG_AES128_CBC: @@ -310,11 +313,13 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) case ODP_CIPHER_ALG_AES_CBC: ipsec_sa->esp_iv_len = 16; ipsec_sa->esp_block_len = 16; + crypto_param.iv.length = 16; break; #if ODP_DEPRECATED_API case ODP_CIPHER_ALG_AES128_GCM: #endif case ODP_CIPHER_ALG_AES_GCM: + ipsec_sa->use_counter_iv = 1; ipsec_sa->esp_iv_len = 8; ipsec_sa->esp_block_len = 16; crypto_param.iv.length = 12; @@ -323,6 +328,10 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) return ODP_IPSEC_SA_INVALID; } + if (1 == ipsec_sa->use_counter_iv && + ODP_IPSEC_DIR_OUTBOUND == param->dir) + odp_atomic_init_u64(&ipsec_sa->out.counter, 1); + crypto_param.auth_digest_len = ipsec_sa->icv_len; if (param->crypto.cipher_key_extra.length) { From patchwork Sun Nov 12 22:59:59 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118669 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1151550qgn; Sun, 12 Nov 2017 15:02:07 -0800 (PST) X-Google-Smtp-Source: AGs4zMZ4uyXRviQpgAib9/BFuD1fr9splMKznl7tNhq6YD6lO9X+lG68CZigiaKsmbokroPGtuHd X-Received: by 10.200.48.103 with SMTP id g36mr11948947qte.289.1510527727703; Sun, 12 Nov 2017 15:02:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510527727; cv=none; d=google.com; s=arc-20160816; b=JsOmEfTgJcBnetRFDyahMdKrocvp0ijAJ9HQwUXZC8rbtp4N1VIeKcHHr59KzynTDw dnudWJkvs51cZxDkewWsBJ/VGow0ku6S21GvAMk4ZCCWhMZGkftgt9aIqRRxtEkH4x9r Ek6gY5n/RluTlrYvKFseRaWX3hvD2cJCXJ517iISS9flcPf/SderTkH8b12PMjqL9RCU zK4+W1KnxN0EPO6KiN3Ctl++BSX1YyMtGAxgTMyg/3Bt+qMxDkQ8ize/8JYohu/YFYIq BprPMYGe1MGln1ZFp0RrNAqzIwfWrz9pe1WUxCe5JoSusaAhSHmGWZuhAsmoe+x2mobk 4AAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=eCrWlm42YPhAIZf4a6+3kDov0TmOTfiZogHKYkuBAi8=; b=ga677HYr/lTZ096fepkSIy4A37cLt6DMRQgdK+npbH0YDLVu8pJCZfwxMA1gFx7oMe B5UK25BfIbstgjz3a6+FvrD2YU00qp7z0v+DBd//h9YBGAvDWVeS5G5a+PTidGVtlvHq iAwmhR1KGhnlU3o4c1ePD/2mFYPXs/xeCxyZh//a9laIJx40hTT/ieFJ39Db9cHTk4bc xoR6qkH/zAcRKrt3eKoDco1nMtmLjxRIpPjhbcybGXBce/5OOH9ZmO9rGPWM/LC//wlE KE9DZjuoX0sWwpMvpg2njPjpq8g9XDC2ZHr3T+iVW7dX6m/wSgXpdG6wnsNiJPfsAkxl Q1CA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id s27si1624335qtb.145.2017.11.12.15.02.07; Sun, 12 Nov 2017 15:02:07 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 5CA4960C37; Sun, 12 Nov 2017 23:02:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id D77E260A79; Sun, 12 Nov 2017 23:00:37 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 6A3A66074C; Sun, 12 Nov 2017 23:00:22 +0000 (UTC) Received: from forward100p.mail.yandex.net (forward100p.mail.yandex.net [77.88.28.100]) by lists.linaro.org (Postfix) with ESMTPS id 1C1246065A for ; Sun, 12 Nov 2017 23:00:19 +0000 (UTC) Received: from mxback9j.mail.yandex.net (mxback9j.mail.yandex.net [IPv6:2a02:6b8:0:1619::112]) by forward100p.mail.yandex.net (Yandex) with ESMTP id 732BC510D4CF for ; Mon, 13 Nov 2017 02:00:17 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback9j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id VSt46WBhj1-0HPuUh9U; Mon, 13 Nov 2017 02:00:17 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3gEL078gGO-0HjmU1O6; Mon, 13 Nov 2017 02:00:17 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 01:59:59 +0300 Message-Id: <1510527615-30536-3-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> References: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v13 2/18] validation: ipsec: drop unused file X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 7261a0ce35cc31342937cb57dcc287aea0c59ede **/ test/validation/api/ipsec/ipsec_sync_in.c | 27 --------------------------- 1 file changed, 27 deletions(-) delete mode 100644 test/validation/api/ipsec/ipsec_sync_in.c diff --git a/test/validation/api/ipsec/ipsec_sync_in.c b/test/validation/api/ipsec/ipsec_sync_in.c deleted file mode 100644 index 8a7fc4680..000000000 --- a/test/validation/api/ipsec/ipsec_sync_in.c +++ /dev/null @@ -1,27 +0,0 @@ -/* Copyright (c) 2017, Linaro Limited - * All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - -#include "config.h" - -#include "ipsec.h" - -int main(int argc, char *argv[]) -{ - int ret; - - /* parse common options: */ - if (odp_cunit_parse_options(argc, argv)) - return -1; - - odp_cunit_register_global_init(ipsec_init); - odp_cunit_register_global_term(ipsec_term); - - ret = odp_cunit_register(ipsec_suites); - if (ret == 0) - ret = odp_cunit_run(); - - return ret; -} From patchwork Sun Nov 12 23:00:00 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118670 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1152012qgn; Sun, 12 Nov 2017 15:02:45 -0800 (PST) X-Google-Smtp-Source: AGs4zMbHxGM2MopisU+Cq5DUFMBF7Yj80pky46wJFBHYs0rvNNuuWHHv0HPMYvM3vCJJImFY+4J3 X-Received: by 10.55.58.14 with SMTP id h14mr8925160qka.132.1510527765604; Sun, 12 Nov 2017 15:02:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510527765; cv=none; d=google.com; s=arc-20160816; b=oN8BOqxC1eo+e/FnCAL/pIiuxLnPHYKI1++jYY82yOuOogLq4w32O+sb4ALXVx7qya UlRbNCidgd+63WR6Fe09OliU/klz2IPRWdZ/amFPuQdjrYH6XIzio2UF0CNntnlVab7/ 9tCFaN4Ag3uuAFiCVaXi+ieCsKZm3Br6d8Ps4JejNXtsOUn2FG4LoDq/0ws9ESjiCNRR SYwu6LDKBJcdo6KFFfGmFMNtetsLDeMMqZdGqP9mIeSdsYxheK2NSBWbsBLAlChNQPUj mz/q/rN6bb/mn6kd7KkTCAN7r7FpxLi75lSGZNrf2A0klKZ1d9/TBPqPBxkT5Y8QI5XO xYRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=1OF2B/YWLHKh1CHHUTbTCgfjvBydel7qgGylGjfM4kM=; b=T/lXRHQPXvgBr9CoYmwMFVoR2aN+8s2UgJGw1CVsh+v+oDLof7AS7PjfJmun++MPSR RXKq0F29Vg9AI5E6mFe05pYS/Fd2MnG31iCzhn32bAgxkS5ErRbWg343dlIUBihGkkGZ 98AXVZYxmGYgxrnfFlkrEHTrYRJKZvMjedGQtsTTO/Ru7Q2O0WIXfbBDNV4SWDCf0JhS 4n06yEEnLlrdlRzfiw1RAlnYT0im1gcaAFAMzScUo3nDLyXjpg83799XW52Pfd3pEq/h LG1DTWyTJcq5u6Ng19IJnRZm/N3myiTG+dKFSMCNL2SvMWMWyIRvNW5tYgnmPfv3BKZ0 UvJg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id o11si1528408qto.480.2017.11.12.15.02.45; Sun, 12 Nov 2017 15:02:45 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 5319360AF2; Sun, 12 Nov 2017 23:02:45 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 3463260AC6; Sun, 12 Nov 2017 23:00:41 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id C19B760750; Sun, 12 Nov 2017 23:00:22 +0000 (UTC) Received: from forward105p.mail.yandex.net (forward105p.mail.yandex.net [77.88.28.108]) by lists.linaro.org (Postfix) with ESMTPS id 2F43D6068D for ; Sun, 12 Nov 2017 23:00:19 +0000 (UTC) Received: from mxback12j.mail.yandex.net (mxback12j.mail.yandex.net [IPv6:2a02:6b8:0:1619::87]) by forward105p.mail.yandex.net (Yandex) with ESMTP id 25D63408CDCD for ; Mon, 13 Nov 2017 02:00:18 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback12j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id NZBQNWC6wS-0IrKYPar; Mon, 13 Nov 2017 02:00:18 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3gEL078gGO-0HjOuwRj; Mon, 13 Nov 2017 02:00:17 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 02:00:00 +0300 Message-Id: <1510527615-30536-4-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> References: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v13 3/18] validation: ipsec: verify odp_ipsec_sa_context X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 7261a0ce35cc31342937cb57dcc287aea0c59ede **/ test/validation/api/ipsec/ipsec.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c index a8fdf2b14..853bd88a9 100644 --- a/test/validation/api/ipsec/ipsec.c +++ b/test/validation/api/ipsec/ipsec.c @@ -19,6 +19,9 @@ struct suite_context_s suite_context; #define PKT_POOL_NUM 64 #define PKT_POOL_LEN (1 * 1024) +#define PACKET_USER_PTR ((void *)0x1212fefe) +#define IPSEC_SA_CTX ((void *)0xfefefafa) + static odp_pktio_t pktio_create(odp_pool_t pool) { odp_pktio_t pktio; @@ -300,6 +303,8 @@ void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param, param->dest_queue = suite_context.queue; + param->context = IPSEC_SA_CTX; + param->crypto.cipher_alg = cipher_alg; if (cipher_key) param->crypto.cipher_key = *cipher_key; @@ -317,6 +322,8 @@ void ipsec_sa_destroy(odp_ipsec_sa_t sa) odp_event_t event; odp_ipsec_status_t status; + CU_ASSERT_EQUAL(IPSEC_SA_CTX, odp_ipsec_sa_context(sa)); + CU_ASSERT_EQUAL(ODP_IPSEC_OK, odp_ipsec_sa_disable(sa)); if (ODP_QUEUE_INVALID != suite_context.queue) { @@ -339,8 +346,6 @@ void ipsec_sa_destroy(odp_ipsec_sa_t sa) CU_ASSERT_EQUAL(ODP_IPSEC_OK, odp_ipsec_sa_destroy(sa)); } -#define PACKET_USER_PTR ((void *)0x1212fefe) - odp_packet_t ipsec_packet(const ipsec_test_packet *itp) { odp_packet_t pkt = odp_packet_alloc(suite_context.pool, itp->len); @@ -608,7 +613,13 @@ void ipsec_check_in_one(const ipsec_test_part *part, odp_ipsec_sa_t sa) CU_ASSERT_EQUAL(0, odp_ipsec_result(&result, pkto[i])); CU_ASSERT_EQUAL(part->out[i].status.error.all, result.status.error.all); + CU_ASSERT_EQUAL(suite_context.inbound_op_mode == + ODP_IPSEC_OP_MODE_INLINE, + result.flag.inline_mode); CU_ASSERT_EQUAL(sa, result.sa); + if (ODP_IPSEC_SA_INVALID != sa) + CU_ASSERT_EQUAL(IPSEC_SA_CTX, + odp_ipsec_sa_context(sa)); } ipsec_check_packet(part->out[i].pkt_out, pkto[i]); @@ -642,6 +653,8 @@ void ipsec_check_out_one(const ipsec_test_part *part, odp_ipsec_sa_t sa) CU_ASSERT_EQUAL(part->out[i].status.error.all, result.status.error.all); CU_ASSERT_EQUAL(sa, result.sa); + CU_ASSERT_EQUAL(IPSEC_SA_CTX, + odp_ipsec_sa_context(sa)); } ipsec_check_packet(part->out[i].pkt_out, pkto[i]); @@ -679,6 +692,8 @@ void ipsec_check_out_in_one(const ipsec_test_part *part, CU_ASSERT_EQUAL(part->out[i].status.error.all, result.status.error.all); CU_ASSERT_EQUAL(sa, result.sa); + CU_ASSERT_EQUAL(IPSEC_SA_CTX, + odp_ipsec_sa_context(sa)); } CU_ASSERT_FATAL(odp_packet_len(pkto[i]) <= sizeof(pkt_in.data)); From patchwork Sun Nov 12 23:00:01 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118671 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1152470qgn; Sun, 12 Nov 2017 15:03:22 -0800 (PST) X-Google-Smtp-Source: AGs4zMaKh6H5PHP1x/sKfmB51iSEoXcl6cUFzAHLLa5tkDacGzxjbadkyf8/we2q/ZnIY2uUi6Gs X-Received: by 10.200.42.118 with SMTP id l51mr12193332qtl.37.1510527802205; Sun, 12 Nov 2017 15:03:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510527802; cv=none; d=google.com; s=arc-20160816; b=rgIPLVJGClg+T2hCA1PcUFMwa0cSTsnOuuL6xPWezEd9jOb6QRv1KiTORELVEhQlYV P5Zt/U1Gci/IlGCt5nRuTlnYx5ybpJ1vRrQP9lxyRABEkrYiiiHfXkd6zBWFnlvC3J+V P6tIIRsjf1287OFsa1dw9JY7QgiNMiPwenxJlzoO1+f2fwxJ5FarjuyBgxMNm00Ym1eG a+0gYsYdj3CF7GaXRhBzAtyhj+6oeyesVQmEDfcUIFmaQZgb+9RpYpfjJsswDXIiCcH1 kC7XSDCHABRGvGJfT+FUAdHm1tXtI3W1oJvc4sp3ndw5FkaDXGQwYNEfncPFRQvHif3S EKlQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=FFiPPHajCI+tOfZWjGsP0ZWUWoy4hL+akdPpm6gggxk=; b=WG0PimT1XUVsqjcip7jKS5PFpUfrD5QmgAVc8e+WlP6pxB52+zcoG+ozNfzbGMSJr3 7yICtJWmr1aBgwckWs7gP41dRKHD8z8620BEdwlbaq3MP8+GR3gI0H7fN9tiK505ev/m UY5p71EsnbpO0QkVrtJWuKkVUiWu43br4pUdyC9Z+N+aE3bnOKNuWMRt0RfrxD56M+t6 awS07ArxCzLGSvtBy9gr8+yBMnHennqwN2Eas4OWs+1/9CP6qvEskQAy8g3eKZ0g2MHk TNn0DDwFGOqoClTI4J9jFuppl96m5sYO0ksb7kYlx/df0CPBdFqE60KCW2Ft8NZlvXBK QzLA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id v9si1954706qkl.202.2017.11.12.15.03.22; Sun, 12 Nov 2017 15:03:22 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id E237B60B14; Sun, 12 Nov 2017 23:03:21 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 7A54760B3D; Sun, 12 Nov 2017 23:00:45 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 3EAFD6074C; Sun, 12 Nov 2017 23:00:23 +0000 (UTC) Received: from forward100p.mail.yandex.net (forward100p.mail.yandex.net [77.88.28.100]) by lists.linaro.org (Postfix) with ESMTPS id CD10E606A4 for ; Sun, 12 Nov 2017 23:00:19 +0000 (UTC) Received: from mxback11j.mail.yandex.net (mxback11j.mail.yandex.net [IPv6:2a02:6b8:0:1619::84]) by forward100p.mail.yandex.net (Yandex) with ESMTP id BF469510D661 for ; Mon, 13 Nov 2017 02:00:18 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback11j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id lXhgL3Txvq-0ILGLV9r; Mon, 13 Nov 2017 02:00:18 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3gEL078gGO-0IjOSiSw; Mon, 13 Nov 2017 02:00:18 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 02:00:01 +0300 Message-Id: <1510527615-30536-5-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> References: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v13 4/18] linux-gen: ipsec: fix soft/hard limits check X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Split count expiration check into two phases: - optional precheck, run before crypto, which fails only if hard limit is already breached - update, run after crypto in INBOUND case, so that limits will not be updated for packets failing ICV check. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 7261a0ce35cc31342937cb57dcc287aea0c59ede **/ .../linux-generic/include/odp_ipsec_internal.h | 10 +++++++++- platform/linux-generic/odp_ipsec.c | 12 +++++------ platform/linux-generic/odp_ipsec_sad.c | 23 +++++++++++++++++++++- 3 files changed, 37 insertions(+), 8 deletions(-) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index afc2f686e..68ab195c7 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -185,11 +185,19 @@ void _odp_ipsec_sa_unuse(ipsec_sa_t *ipsec_sa); ipsec_sa_t *_odp_ipsec_sa_lookup(const ipsec_sa_lookup_t *lookup); /** + * Run pre-check on SA usage statistics. + * + * @retval <0 if hard limits were breached + */ +int _odp_ipsec_sa_stats_precheck(ipsec_sa_t *ipsec_sa, + odp_ipsec_op_status_t *status); + +/** * Update SA usage statistics, filling respective status for the packet. * * @retval <0 if hard limits were breached */ -int _odp_ipsec_sa_update_stats(ipsec_sa_t *ipsec_sa, uint32_t len, +int _odp_ipsec_sa_stats_update(ipsec_sa_t *ipsec_sa, uint32_t len, odp_ipsec_op_status_t *status); /** diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 6a731e999..8810d73be 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -412,9 +412,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto out; } - if (_odp_ipsec_sa_update_stats(ipsec_sa, - stats_length, - status) < 0) + if (_odp_ipsec_sa_stats_precheck(ipsec_sa, status) < 0) goto out; param.session = ipsec_sa->session; @@ -449,6 +447,9 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto out; } + if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) + goto out; + ip_offset = odp_packet_l3_offset(pkt); ip = odp_packet_l3_ptr(pkt, NULL); ip_hdr_len = ipv4_hdr_len(ip); @@ -830,9 +831,8 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, goto out; } - if (_odp_ipsec_sa_update_stats(ipsec_sa, - stats_length, - status) < 0) + /* No need to run precheck here, we know that packet is authentic */ + if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) goto out; param.session = ipsec_sa->session; diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index dc338bfcd..e42bf94ef 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -479,7 +479,28 @@ ipsec_sa_t *_odp_ipsec_sa_lookup(const ipsec_sa_lookup_t *lookup) return best; } -int _odp_ipsec_sa_update_stats(ipsec_sa_t *ipsec_sa, uint32_t len, +int _odp_ipsec_sa_stats_precheck(ipsec_sa_t *ipsec_sa, + odp_ipsec_op_status_t *status) +{ + int rc = 0; + + if (ipsec_sa->hard_limit_bytes > 0 && + odp_atomic_load_u64(&ipsec_sa->bytes) > + ipsec_sa->hard_limit_bytes) { + status->error.hard_exp_bytes = 1; + rc = -1; + } + if (ipsec_sa->hard_limit_packets > 0 && + odp_atomic_load_u64(&ipsec_sa->packets) > + ipsec_sa->hard_limit_packets) { + status->error.hard_exp_packets = 1; + rc = -1; + } + + return rc; +} + +int _odp_ipsec_sa_stats_update(ipsec_sa_t *ipsec_sa, uint32_t len, odp_ipsec_op_status_t *status) { uint64_t bytes = odp_atomic_fetch_add_u64(&ipsec_sa->bytes, len) + len; From patchwork Sun Nov 12 23:00:02 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118672 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1152990qgn; Sun, 12 Nov 2017 15:04:09 -0800 (PST) X-Google-Smtp-Source: AGs4zMaKqeCb92fwsGtn8I9qEU7aQ2oDFvnR8Od3SmQzO0EFN1aHTWwSUbzYo1mshU3XSzOK/EbP X-Received: by 10.200.50.144 with SMTP id z16mr11951449qta.306.1510527849467; Sun, 12 Nov 2017 15:04:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510527849; cv=none; d=google.com; s=arc-20160816; b=F8IYaN5o2ZLwCbFO79mrDDcHTD/snplJ9VvfWy6gJyWSLleZd4j5F/fE0jK09fglE7 cUuiQgYiBWepQa3ksAw8ohy1cDXRpxau3S9CG1wTHxykKIN6HUnsVxBmU8O7BB++eDJq 4G8t09+0UePHt2Idffs/qvSOlbLE6Nn/+hdbkw/x0ssb1zYC7YmByDLH7TMFQgExZDkh tsDAFRsz498S8I8+isAcl0ifRmLFDSBhOWaAQex9q+jx+YnlZI7XxOF3Dnc6mjL+ahS3 nLVgMs+1Zfrhn3+IN9BUlEmYnrrdjQSQQJdMEkwk718bCGwp1Hd5qMeRnzBXBhiVph86 i3AQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=E9NVim0/i54oJdwbVv+WNLACJUfTZLP64FAhYx8Sb44=; b=SRAF1j45YgAmAnVc+zpSiUue2gwr0YDG/LMKhZYHn7PV9+qa6uDcY1m1yohrNpbnph bHCHtjtMIHydoerdikiyhL5OtyqPghiS9LQcZ6nypiXY/DEZzLVdonCtr+OCMCnhST7x yAyOG3H+UWBS9IKoU/zrRVPt0ArxNMmHyaQLFid/HZSWMrr2G+wE5AHoBLjpTCYTDkRn Lw0F2ZPa7Ur1Ozrd3aPjto4SQg02V/Zn74xO43HB3655yHPORu4usPwb86Cw40d9cqhR W+iOdk/fHS4/6UGLVSM+5+7KSjl/64qAbZK5oZuCOVXqMssx7RphIiQv319JNb51DnM4 68YQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id w128si2618070qkd.169.2017.11.12.15.04.09; Sun, 12 Nov 2017 15:04:09 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 2A8B560A56; Sun, 12 Nov 2017 23:04:09 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id D1D6060B5E; Sun, 12 Nov 2017 23:00:47 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id A0B8560A57; Sun, 12 Nov 2017 23:00:25 +0000 (UTC) Received: from forward104p.mail.yandex.net (forward104p.mail.yandex.net [77.88.28.107]) by lists.linaro.org (Postfix) with ESMTPS id E23A860625 for ; Sun, 12 Nov 2017 23:00:20 +0000 (UTC) Received: from mxback13j.mail.yandex.net (mxback13j.mail.yandex.net [IPv6:2a02:6b8:0:1619::88]) by forward104p.mail.yandex.net (Yandex) with ESMTP id 53CA718E71F for ; Mon, 13 Nov 2017 02:00:19 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback13j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id J4mev86JSo-0J4OoXMj; Mon, 13 Nov 2017 02:00:19 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3gEL078gGO-0IjmdDw1; Mon, 13 Nov 2017 02:00:18 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 02:00:02 +0300 Message-Id: <1510527615-30536-6-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> References: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v13 5/18] linux-gen: ipsec: add replay window support to SAD X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 7261a0ce35cc31342937cb57dcc287aea0c59ede **/ .../linux-generic/include/odp_ipsec_internal.h | 20 ++++++++ platform/linux-generic/odp_ipsec_sad.c | 60 ++++++++++++++++++++++ 2 files changed, 80 insertions(+) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index 68ab195c7..0a7f96256 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -81,6 +81,9 @@ int _odp_ipsec_status_send(odp_queue_t queue, #define IPSEC_MAX_SALT_LEN 4 /**< Maximum salt length in bytes */ +/* 32 is minimum required by the standard. We do not support more */ +#define IPSEC_ANTIREPLAY_WS 32 + /** * Maximum number of available SAs */ @@ -127,6 +130,9 @@ struct ipsec_sa_s { /* Only for outbound */ unsigned use_counter_iv : 1; + + /* Only for inbound */ + unsigned antireplay : 1; }; }; @@ -134,6 +140,7 @@ struct ipsec_sa_s { struct { odp_ipsec_lookup_mode_t lookup_mode; odp_u32be_t lookup_dst_ip; + odp_atomic_u64_t antireplay; } in; struct { @@ -200,6 +207,19 @@ int _odp_ipsec_sa_stats_precheck(ipsec_sa_t *ipsec_sa, int _odp_ipsec_sa_stats_update(ipsec_sa_t *ipsec_sa, uint32_t len, odp_ipsec_op_status_t *status); +/* Run pre-check on sequence number of the packet. + * + * @retval <0 if the packet falls out of window + */ +int _odp_ipsec_sa_replay_precheck(ipsec_sa_t *ipsec_sa, uint32_t seq, + odp_ipsec_op_status_t *status); + +/* Run check on sequence number of the packet and update window if necessary. + * + * @retval <0 if the packet falls out of window + */ +int _odp_ipsec_sa_replay_update(ipsec_sa_t *ipsec_sa, uint32_t seq, + odp_ipsec_op_status_t *status); /** * Try inline IPsec processing of provided packet. * diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index e42bf94ef..c30119249 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -215,6 +215,10 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) param->inbound.lookup_param.dst_addr, sizeof(ipsec_sa->in.lookup_dst_ip)); + if (param->inbound.antireplay_ws > IPSEC_ANTIREPLAY_WS) + return ODP_IPSEC_SA_INVALID; + ipsec_sa->antireplay = (param->inbound.antireplay_ws != 0); + odp_atomic_init_u64(&ipsec_sa->in.antireplay, 0); } else { odp_atomic_store_u32(&ipsec_sa->out.seq, 1); } @@ -528,3 +532,59 @@ int _odp_ipsec_sa_stats_update(ipsec_sa_t *ipsec_sa, uint32_t len, return rc; } + +int _odp_ipsec_sa_replay_precheck(ipsec_sa_t *ipsec_sa, uint32_t seq, + odp_ipsec_op_status_t *status) +{ + /* Try to be as quick as possible, we will discard packets later */ + if (ipsec_sa->antireplay && + seq + IPSEC_ANTIREPLAY_WS <= + (odp_atomic_load_u64(&ipsec_sa->in.antireplay) & 0xffffffff)) { + status->error.antireplay = 1; + return -1; + } + + return 0; +} + +int _odp_ipsec_sa_replay_update(ipsec_sa_t *ipsec_sa, uint32_t seq, + odp_ipsec_op_status_t *status) +{ + int cas = 0; + uint64_t state, new_state; + + if (!ipsec_sa->antireplay) + return 0; + + state = odp_atomic_load_u64(&ipsec_sa->in.antireplay); + + while (0 == cas) { + uint32_t max_seq = state & 0xffffffff; + uint32_t mask = state >> 32; + + if (seq + IPSEC_ANTIREPLAY_WS <= max_seq) { + status->error.antireplay = 1; + return -1; + } + + if (seq > max_seq) { + mask <<= seq - max_seq; + mask |= 1; + max_seq = seq; + } else { + if (mask & (1U << (max_seq - seq))) { + status->error.antireplay = 1; + return -1; + } + + mask |= (1U << (max_seq - seq)); + } + + new_state = (((uint64_t)mask) << 32) | max_seq; + + cas = odp_atomic_cas_acq_rel_u64(&ipsec_sa->in.antireplay, + &state, new_state); + } + + return 0; +} From patchwork Sun Nov 12 23:00:03 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118673 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1153522qgn; Sun, 12 Nov 2017 15:04:56 -0800 (PST) X-Google-Smtp-Source: AGs4zMY5ksJrX3OyX29viwTkAT9YFQ83Z5vGorgRaDlFL09mkUKQAg1KxHlUeMiI3IX6MD/NQZXV X-Received: by 10.200.2.160 with SMTP id p32mr11230754qtg.307.1510527896086; Sun, 12 Nov 2017 15:04:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510527896; cv=none; d=google.com; s=arc-20160816; b=cMp39sCS4sHQT4jm29ksIGfbDBBdCc0giKfLSFL5NxrLGYF4MckPs2LdKz5wAjQoHF NBnbG6NYnijOYCbpkDOvcOKurzoyIm27qCOVqoPsWj7tG1xalwvexI9HuaDIeazLPmiO PYk5Ak4CuNrQZwu12rf8gYdxuCFXcfI7PGPoyszXdg2PazJAObtIgy/tjugb0VzyiWHM OVCpHVmpMkfNyW7csNfxmuQ3+75CxRHwu93/Fp05oXhyF2Jt/Sw1nUFybUA1YIiTW7SY 1Wrc1lUtosh1BUIKhRyBZzx1KhSeqMXrJIa/VB534PAxnJpZWdY8ErUO2+v78ghRscjr v8EA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=kUROPnMjttMQG6hUoaQgQz88kMRF+DJreh3oAkOtQuw=; b=hspjnm2Ncjxa3vWmjCrg2fH/nhW1pRTpiljUsUiQk/sKi23J0fu3aIxVwGFGoODS2/ 9XpJe+dfJcUE30dY85Ya9mfAlwIUx3me5SjZwSDkGVptSUAD69w9ydoxqvBe6tKZUmMZ qEMezz2SzrKf+WRppOVx74hwKHYq9LeFh2KcJe5nlqab5iLHaQv8oNAEOIVyRS6ZA/By Orp69zLP0dVmbtNtyt7sAx22q7qiyG8nMPjk8xdMvNg3fy9mkR04irm/z6Mizt72vS23 Qy8gE6pTUOMVS56M5/yUWiEzTR/aS55mMsVbUIg0nJisYMlHBe+c+Znl21O1M5xKOJiT D38A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id n64si555708qkf.181.2017.11.12.15.04.55; Sun, 12 Nov 2017 15:04:56 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id AAEBA60A81; Sun, 12 Nov 2017 23:04:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 24CBF60BD7; Sun, 12 Nov 2017 23:00:53 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id F023460A57; Sun, 12 Nov 2017 23:00:25 +0000 (UTC) Received: from forward103o.mail.yandex.net (forward103o.mail.yandex.net [37.140.190.177]) by lists.linaro.org (Postfix) with ESMTPS id 0500760654 for ; Sun, 12 Nov 2017 23:00:21 +0000 (UTC) Received: from mxback19j.mail.yandex.net (mxback19j.mail.yandex.net [IPv6:2a02:6b8:0:1619::95]) by forward103o.mail.yandex.net (Yandex) with ESMTP id E4FBE588E32C for ; Mon, 13 Nov 2017 02:00:19 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback19j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id iJGWFDFBFG-0JbiOg1l; Mon, 13 Nov 2017 02:00:19 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3gEL078gGO-0JjmlZQL; Mon, 13 Nov 2017 02:00:19 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 02:00:03 +0300 Message-Id: <1510527615-30536-7-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> References: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v13 6/18] linux-gen: ipsec: support replay window checks X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 7261a0ce35cc31342937cb57dcc287aea0c59ede **/ platform/linux-generic/odp_ipsec.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 8810d73be..ef6a60249 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -42,6 +42,8 @@ int odp_ipsec_capability(odp_ipsec_capability_t *capa) capa->max_num_sa = ODP_CONFIG_IPSEC_SAS; + capa->max_antireplay_ws = IPSEC_ANTIREPLAY_WS; + rc = odp_crypto_capability(&crypto_capa); if (rc < 0) return rc; @@ -402,6 +404,12 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ip->frag_offset = 0; ip->ttl = 0; + aad.spi = ah.spi; + aad.seq_no = ah.seq_no; + + param.aad.ptr = (uint8_t *)&aad; + param.aad.length = sizeof(aad); + param.auth_range.offset = ip_offset; param.auth_range.length = odp_be_to_cpu_16(ip->tot_len); param.hash_result_offset = ipsec_offset + _ODP_AHHDR_LEN; @@ -412,6 +420,11 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto out; } + if (_odp_ipsec_sa_replay_precheck(ipsec_sa, + odp_be_to_cpu_32(aad.seq_no), + status) < 0) + goto out; + if (_odp_ipsec_sa_stats_precheck(ipsec_sa, status) < 0) goto out; @@ -450,6 +463,11 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) goto out; + if (_odp_ipsec_sa_replay_update(ipsec_sa, + odp_be_to_cpu_32(aad.seq_no), + status) < 0) + goto out; + ip_offset = odp_packet_l3_offset(pkt); ip = odp_packet_l3_ptr(pkt, NULL); ip_hdr_len = ipv4_hdr_len(ip); @@ -809,6 +827,12 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, ah.next_header = ip->proto; ip->proto = _ODP_IPPROTO_AH; + aad.spi = ah.spi; + aad.seq_no = ah.seq_no; + + param.aad.ptr = (uint8_t *)&aad; + param.aad.length = sizeof(aad); + odp_packet_copy_from_mem(pkt, ipsec_offset, _ODP_AHHDR_LEN, &ah); From patchwork Sun Nov 12 23:00:04 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118676 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1155133qgn; Sun, 12 Nov 2017 15:07:07 -0800 (PST) X-Google-Smtp-Source: AGs4zMbWeCwO0a2FCYFHuFm3bTgdeRp9U9ybWybITuVxC4atgVTE5+vhWeNlSCha3U5gLlgpp/zF X-Received: by 10.237.59.184 with SMTP id r53mr10909813qte.271.1510528027023; Sun, 12 Nov 2017 15:07:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510528027; cv=none; d=google.com; s=arc-20160816; b=HHejVbfYbdNRL88t+dCvHThm4bR+ezhpk36O3bRdyWy7CHERy1r/kSBJiZTCuGhfZt NOsfHLDGz1DlyA2lmXFiNRlBiiRcLzbYV5lRXY4FzWxnuvJ7UGxyi2lhMqLUHnVf2wDt 45TT34EG3lyELaYrcjXF+0FRmXFENnapaEBeGaFz3qUifADj0X2fPHIugvB/k2YxBG+y DUw5MbUNJrJRHglW6HbL74xUo7ge7+JvuHkMXDeneKSJ1sMVIxoFOJjKRVdwN5XRQ8Qt OLW9nl0QUoClvbnNdx6z/7jQfGjWHJGisGSmx0fE2/CV1MJmxwMAt0dFSxVRTxDGiCXI 4RGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=qD/1dStb9rCnzYDz9QgYeVPYApm38NDsvqcvtnpqxOY=; b=peFcRnk4d5JlKCyuOK6cl3/XElYc70/UPkhwbD9KCszVBaHFPaCFr8sD8ntdW7GugS E+nXXzHAiUdm0CvNcTAMz32PzRwhHV2fT94uiIsTbqWkuJVxrR0fxIpV9OaGH6LfzXDp D1byLRJ+O/2op2suuYL6liXH6U0hso76nD47EXgA0vKGdLlTlZJlto5wybNM0/XAlkSk NK88p3C7IGGcidDDMTjU/vG28txvrIUgq0PJOAVacdQRiDvGKx10C63D8De7EsFZe78p GwpAhnn12UsIcf21t0oRVyS8SqOCpcLmnvnpNU3KVdRlyu6Mver0Ap45EypqaZbb2Rim nWAw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id j5si813423qka.341.2017.11.12.15.07.06; Sun, 12 Nov 2017 15:07:06 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id AC07D60B65; Sun, 12 Nov 2017 23:07:06 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 212C760C05; Sun, 12 Nov 2017 23:01:09 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id B9BBD60A56; Sun, 12 Nov 2017 23:00:28 +0000 (UTC) Received: from forward15o.cmail.yandex.net (forward15o.cmail.yandex.net [37.9.109.212]) by lists.linaro.org (Postfix) with ESMTPS id E82D06071A for ; Sun, 12 Nov 2017 23:00:21 +0000 (UTC) Received: from mxback4j.mail.yandex.net (mxback4j.mail.yandex.net [IPv6:2a02:6b8:0:1619::10d]) by forward15o.cmail.yandex.net (Yandex) with ESMTP id 83EA031617 for ; Mon, 13 Nov 2017 02:00:20 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback4j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 0o1l4GiIAF-0KNOu2Jh; Mon, 13 Nov 2017 02:00:20 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3gEL078gGO-0JjOoPNa; Mon, 13 Nov 2017 02:00:19 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 02:00:04 +0300 Message-Id: <1510527615-30536-8-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> References: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v13 7/18] validation: ipsec: add replay window checks X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 7261a0ce35cc31342937cb57dcc287aea0c59ede **/ test/validation/api/ipsec/ipsec_test_in.c | 204 ++++++++++++++++++++++++++++++ test/validation/api/ipsec/test_vectors.h | 87 +++++++++++++ 2 files changed, 291 insertions(+) diff --git a/test/validation/api/ipsec/ipsec_test_in.c b/test/validation/api/ipsec/ipsec_test_in.c index 25fc00e11..598a83e3f 100644 --- a/test/validation/api/ipsec/ipsec_test_in.c +++ b/test/validation/api/ipsec/ipsec_test_in.c @@ -284,6 +284,202 @@ static void test_in_esp_null_sha256_tun(void) ipsec_sa_destroy(sa); } +static void test_in_ah_sha256_noreplay(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.inbound.antireplay_ws = 0; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_ah_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_test_part test_1235 = { + .pkt_in = &pkt_icmp_0_ah_sha256_1235, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test_1235, sa); + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ah_sha256_replay(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.inbound.antireplay_ws = 32; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_ah_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_test_part test_repl = { + .pkt_in = &pkt_icmp_0_ah_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.antireplay = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_test_part test_1235 = { + .pkt_in = &pkt_icmp_0_ah_sha256_1235, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test_repl, sa); + ipsec_check_in_one(&test_1235, sa); + ipsec_check_in_one(&test_repl, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_esp_null_sha256_noreplay(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.inbound.antireplay_ws = 0; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_test_part test_1235 = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1235, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test_1235, sa); + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_esp_null_sha256_replay(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.inbound.antireplay_ws = 32; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_test_part test_repl = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.antireplay = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_test_part test_1235 = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1235, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test_repl, sa); + ipsec_check_in_one(&test_1235, sa); + ipsec_check_in_one(&test_repl, sa); + + ipsec_sa_destroy(sa); +} + static void test_in_ah_esp_pkt(void) { odp_ipsec_sa_param_t param; @@ -797,6 +993,14 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_tun, ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_noreplay, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_replay, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_noreplay, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_replay, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ah_esp_pkt, ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_esp_ah_pkt, diff --git a/test/validation/api/ipsec/test_vectors.h b/test/validation/api/ipsec/test_vectors.h index 2fb06b2b7..593a8f450 100644 --- a/test/validation/api/ipsec/test_vectors.h +++ b/test/validation/api/ipsec/test_vectors.h @@ -278,6 +278,50 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad2 = { }, }; +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1235 = { + .len = 170, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x33, 0xab, 0xd9, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* AH */ + 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x12, 0x35, + 0x04, 0xef, 0x71, 0x73, 0xa1, 0xd4, 0x71, 0x3f, + 0xd6, 0x78, 0xfe, 0xa2, 0x59, 0xe9, 0x93, 0x70, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, + + /* ICMP echo */ + 0x12, 0x34, 0x00, 0x00, + + /* data */ + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b + }, +}; + static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1 = { .len = 170, .l2_offset = 0, @@ -412,6 +456,49 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1_bad1 = { }, }; +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1235 = { + .len = 170, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x32, 0xab, 0xda, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x12, 0x35, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x01, 0x02, 0x02, 0x01, + + /* ICV */ + 0x2f, 0xfb, 0xdd, 0x9d, 0xc0, 0xca, 0xb8, 0x0a, + 0xaa, 0xf1, 0x59, 0x31, 0x4e, 0xef, 0x62, 0x50, + }, +}; + static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_null_1 = { .len = 170, .l2_offset = 0, From patchwork Sun Nov 12 23:00:05 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118675 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1154549qgn; Sun, 12 Nov 2017 15:06:12 -0800 (PST) X-Google-Smtp-Source: AGs4zMayOzPhH9eF+g7gMfuIxtoyHSheYc3eL5wEWoTVsdP+Dj7EqnX0OkSxzzkalRMeFzwqpy10 X-Received: by 10.200.51.46 with SMTP id t43mr3999895qta.75.1510527972882; Sun, 12 Nov 2017 15:06:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510527972; cv=none; d=google.com; s=arc-20160816; b=aD1NZ4mxA8T4VWnX1KVQKFPfUESc1Vjxa43tZis49hLTesvI4AKm3I4tburwJnuM3O kK6Ua/gh+puAtCHjWN2D9MruZQNUYPFo6LsVfX+JNxFMx3yF6Vz1La5V8NDPpBFMsizP DdHHKht8DoOJ97wGIjQbhlX39cXzG+3dThVY5NponSS5nyyGcRWHVO28TUnTGogLuUe0 0jxONOuiwpkD6pTqr+ADnREOwQee+bpPk6xfo4u1z4rhGs9mw/9JzSGNcYgbO025kiGr dao0fgRi2cKoRAKo/68EpuxsSQ4+biL1KvPpgEIlAiAuPLp5jOK7O/zeb4VZSM0ZYCWA 8W9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=zQHxMjKzjnugEB2KSVg9rR781ytG36zPkpPTWtC05lk=; b=iKjJb7o7ZRWqgg4UTPx9LIXlpV3XWeWo2pJ9OYun9binXWz78rNSK4hBqcyzQGUdqE EcOYx5a7FDlGtZQ1BMTI7sS0cKIZZatzdDMpFRj2GipUUyvqd25t+dYKwgIc8CrlKFUH RgjANCIo4RruxV0FWWZxwa1Zeam7p3Hxwo/rVJL4C38lVI+KE2yx8fwxLXqQgITIzAEn sQVOWkit0TNwcdCp0VWrR0agHREwMF4FVd9j7BFlSFislIiZaklEoZQvuN3iMRzxDJIC rzuCUgJPTXyhpNTB8K6KdrPh6RR/pUr7Tofl7R3w5PzIOeG9aEJti4cDUHpF2iKjDoSK LlXw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id u2si4588375qkb.248.2017.11.12.15.06.12; Sun, 12 Nov 2017 15:06:12 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 7467460B65; Sun, 12 Nov 2017 23:06:12 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id D1D7B60BFD; Sun, 12 Nov 2017 23:01:03 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 0E50960A57; Sun, 12 Nov 2017 23:00:28 +0000 (UTC) Received: from forward101o.mail.yandex.net (forward101o.mail.yandex.net [37.140.190.181]) by lists.linaro.org (Postfix) with ESMTPS id 924B060723 for ; Sun, 12 Nov 2017 23:00:22 +0000 (UTC) Received: from mxback6g.mail.yandex.net (mxback6g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:167]) by forward101o.mail.yandex.net (Yandex) with ESMTP id 14AAB134E88A for ; Mon, 13 Nov 2017 02:00:21 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback6g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id XyQ2uFTHGi-0LCGZSHY; Mon, 13 Nov 2017 02:00:21 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3gEL078gGO-0KjCmWBF; Mon, 13 Nov 2017 02:00:20 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 02:00:05 +0300 Message-Id: <1510527615-30536-9-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> References: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v13 8/18] linux-gen: classification: provide _odp_cos_get_entry() function X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Provide function mapping from odp_cos_t to internal cos_t type. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 7261a0ce35cc31342937cb57dcc287aea0c59ede **/ .../include/odp_classification_datamodel.h | 4 +++ platform/linux-generic/odp_classification.c | 33 +++++++++++----------- 2 files changed, 20 insertions(+), 17 deletions(-) diff --git a/platform/linux-generic/include/odp_classification_datamodel.h b/platform/linux-generic/include/odp_classification_datamodel.h index 29b39f9c3..a40541986 100644 --- a/platform/linux-generic/include/odp_classification_datamodel.h +++ b/platform/linux-generic/include/odp_classification_datamodel.h @@ -123,6 +123,10 @@ typedef union cos_u { uint8_t pad[ROUNDUP_CACHE_LINE(sizeof(struct cos_s))]; } cos_t; +/** + * Get classification entry basing on the id + */ +cos_t *_odp_cos_get_entry(odp_cos_t cos_id); /** Packet Matching Rule diff --git a/platform/linux-generic/odp_classification.c b/platform/linux-generic/odp_classification.c index a5cba56a4..6ece74fca 100644 --- a/platform/linux-generic/odp_classification.c +++ b/platform/linux-generic/odp_classification.c @@ -302,8 +302,7 @@ odp_pmr_t alloc_pmr(pmr_t **pmr) return ODP_PMR_INVAL; } -static -cos_t *get_cos_entry(odp_cos_t cos_id) +cos_t *_odp_cos_get_entry(odp_cos_t cos_id) { if (_odp_typeval(cos_id) >= CLS_COS_MAX_ENTRY || cos_id == ODP_COS_INVALID) @@ -326,7 +325,7 @@ pmr_t *get_pmr_entry(odp_pmr_t pmr_id) int odp_cos_destroy(odp_cos_t cos_id) { - cos_t *cos = get_cos_entry(cos_id); + cos_t *cos = _odp_cos_get_entry(cos_id); if (NULL == cos) { ODP_ERR("Invalid odp_cos_t handle"); @@ -339,7 +338,7 @@ int odp_cos_destroy(odp_cos_t cos_id) int odp_cos_queue_set(odp_cos_t cos_id, odp_queue_t queue_id) { - cos_t *cos = get_cos_entry(cos_id); + cos_t *cos = _odp_cos_get_entry(cos_id); if (cos == NULL) { ODP_ERR("Invalid odp_cos_t handle"); @@ -353,7 +352,7 @@ int odp_cos_queue_set(odp_cos_t cos_id, odp_queue_t queue_id) odp_queue_t odp_cos_queue(odp_cos_t cos_id) { - cos_t *cos = get_cos_entry(cos_id); + cos_t *cos = _odp_cos_get_entry(cos_id); if (!cos) { ODP_ERR("Invalid odp_cos_t handle"); @@ -365,7 +364,7 @@ odp_queue_t odp_cos_queue(odp_cos_t cos_id) uint32_t odp_cls_cos_num_queue(odp_cos_t cos_id) { - cos_t *cos = get_cos_entry(cos_id); + cos_t *cos = _odp_cos_get_entry(cos_id); if (!cos) { ODP_ERR("Invalid odp_cos_t handle"); @@ -383,7 +382,7 @@ uint32_t odp_cls_cos_queues(odp_cos_t cos_id, odp_queue_t queue[], uint32_t tbl_index; uint32_t i; - cos = get_cos_entry(cos_id); + cos = _odp_cos_get_entry(cos_id); if (!cos) { ODP_ERR("Invalid odp_cos_t handle"); return 0; @@ -403,7 +402,7 @@ uint32_t odp_cls_cos_queues(odp_cos_t cos_id, odp_queue_t queue[], int odp_cos_drop_set(odp_cos_t cos_id, odp_cls_drop_t drop_policy) { - cos_t *cos = get_cos_entry(cos_id); + cos_t *cos = _odp_cos_get_entry(cos_id); if (!cos) { ODP_ERR("Invalid odp_cos_t handle"); @@ -417,7 +416,7 @@ int odp_cos_drop_set(odp_cos_t cos_id, odp_cls_drop_t drop_policy) odp_cls_drop_t odp_cos_drop(odp_cos_t cos_id) { - cos_t *cos = get_cos_entry(cos_id); + cos_t *cos = _odp_cos_get_entry(cos_id); if (!cos) { ODP_ERR("Invalid odp_cos_t handle"); @@ -437,7 +436,7 @@ int odp_pktio_default_cos_set(odp_pktio_t pktio_in, odp_cos_t default_cos) ODP_ERR("Invalid odp_pktio_t handle"); return -1; } - cos = get_cos_entry(default_cos); + cos = _odp_cos_get_entry(default_cos); if (cos == NULL) { ODP_ERR("Invalid odp_cos_t handle"); return -1; @@ -458,7 +457,7 @@ int odp_pktio_error_cos_set(odp_pktio_t pktio_in, odp_cos_t error_cos) return -1; } - cos = get_cos_entry(error_cos); + cos = _odp_cos_get_entry(error_cos); if (cos == NULL) { ODP_ERR("Invalid odp_cos_t handle"); return -1; @@ -512,7 +511,7 @@ int odp_cos_with_l2_priority(odp_pktio_t pktio_in, LOCK(&l2_cos->lock); /* Update the L2 QoS table*/ for (i = 0; i < num_qos; i++) { - cos = get_cos_entry(cos_table[i]); + cos = _odp_cos_get_entry(cos_table[i]); if (cos != NULL) { if (CLS_COS_MAX_L2_QOS > qos_table[i]) l2_cos->cos[qos_table[i]] = cos; @@ -544,7 +543,7 @@ int odp_cos_with_l3_qos(odp_pktio_t pktio_in, LOCK(&l3_cos->lock); /* Update the L3 QoS table*/ for (i = 0; i < num_qos; i++) { - cos = get_cos_entry(cos_table[i]); + cos = _odp_cos_get_entry(cos_table[i]); if (cos != NULL) { if (CLS_COS_MAX_L3_QOS > qos_table[i]) l3_cos->cos[qos_table[i]] = cos; @@ -643,8 +642,8 @@ odp_pmr_t odp_cls_pmr_create(const odp_pmr_param_t *terms, int num_terms, odp_pmr_t id; int val_sz; uint32_t loc; - cos_t *cos_src = get_cos_entry(src_cos); - cos_t *cos_dst = get_cos_entry(dst_cos); + cos_t *cos_src = _odp_cos_get_entry(src_cos); + cos_t *cos_dst = _odp_cos_get_entry(dst_cos); if (NULL == cos_src || NULL == cos_dst) { ODP_ERR("Invalid input handle"); @@ -691,7 +690,7 @@ int odp_cls_cos_pool_set(odp_cos_t cos_id, odp_pool_t pool) { cos_t *cos; - cos = get_cos_entry(cos_id); + cos = _odp_cos_get_entry(cos_id); if (cos == NULL) { ODP_ERR("Invalid odp_cos_t handle"); return -1; @@ -706,7 +705,7 @@ odp_pool_t odp_cls_cos_pool(odp_cos_t cos_id) { cos_t *cos; - cos = get_cos_entry(cos_id); + cos = _odp_cos_get_entry(cos_id); if (cos == NULL) { ODP_ERR("Invalid odp_cos_t handle"); return ODP_POOL_INVALID; From patchwork Sun Nov 12 23:00:06 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118674 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1153566qgn; Sun, 12 Nov 2017 15:04:59 -0800 (PST) X-Google-Smtp-Source: AGs4zMb2dGDYR0XzP2zfG/Ah8mZ2b0mTPFQ1DiqRunVLwbaHGlhi8Dc5sJjPJbprzP2IqpvhEnKX X-Received: by 10.55.157.133 with SMTP id g127mr10879347qke.280.1510527899220; Sun, 12 Nov 2017 15:04:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510527899; cv=none; d=google.com; s=arc-20160816; b=o5nUIPSl56C4vFdO9rqhHC0C/P+MjyEmC3wC8OHCWbrRAB0hCkho1vSf/51Oq0tIPS iVMMFnVAjZwdY1/S7GIW2FZT6YmlXT1ZXcH3Vq3YDvnkVYs8Lemwcvfwio2SUDJoZPlO GA30eIzLUaGTUeN+OdqOXgjCQPYrXAqLSoMPpqpT7lMb7BvJ8QhNpuPfqTDWqINMLSFa AUzpj27OuKyE1zr86btH/3sieU/JPydG6S8EzfVylrzupbdBlJOms5levNQ5B5FZ7fAu 4e8qZ8HmMeHNR0vMDkNPOOVCIJrV6wSjfTKT7QYlMArQ96vee7J1xdQvfVWk3DY95/3g oW0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=qL/cRigTMk76UstXwaJLtsCNlG7b+M7AV93u/WYCYsM=; b=EaayQQlbnhizydF9v947eKlFSCWzvAGSO627Ui4p6/VoMniHGA+tpx8gXCos+1hRd8 QqgeO+pb3Xgo8qFLKAVxO7AZa8BXDAHbixBM9KIaKw2BBlL9SBM7zcuEOxpAncth84+6 PFXXe889ZDXQ3Y0XSJWzmzFzu9h4LisdBDjaJ/cGekQi3o2Be4digrnZ9ofX6rvCzRXV 1VYRp0u+EBy1S/ju5AH+cdsh68VoLCp8ZkXwitu4Jci/OduFPGxq+03PmtVU2JevQG/z rtcBRYQ6anOdnIc5FzTIpdnmCeZQt1CqX/swR8EqFS9+jYWgSYml6+5zmyF2kJRf+BRT HAMg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id b84si8855858qkb.17.2017.11.12.15.04.58; Sun, 12 Nov 2017 15:04:59 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id DBEA4606A4; Sun, 12 Nov 2017 23:04:58 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 8A97B60BED; Sun, 12 Nov 2017 23:00:59 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id CACB560A57; Sun, 12 Nov 2017 23:00:26 +0000 (UTC) Received: from forward105p.mail.yandex.net (forward105p.mail.yandex.net [77.88.28.108]) by lists.linaro.org (Postfix) with ESMTPS id 7C89C6065A for ; Sun, 12 Nov 2017 23:00:22 +0000 (UTC) Received: from mxback7j.mail.yandex.net (mxback7j.mail.yandex.net [IPv6:2a02:6b8:0:1619::110]) by forward105p.mail.yandex.net (Yandex) with ESMTP id 73FDB408CA16 for ; Mon, 13 Nov 2017 02:00:21 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback7j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 1PxCWRwU4S-0LCiMWT4; Mon, 13 Nov 2017 02:00:21 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3gEL078gGO-0LjWvWSi; Mon, 13 Nov 2017 02:00:21 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 02:00:06 +0300 Message-Id: <1510527615-30536-10-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> References: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v13 9/18] linux-gen: classification: split cls_pkt_get_queue() function X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Separate function returning destination queue from cos_t instance. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 7261a0ce35cc31342937cb57dcc287aea0c59ede **/ .../include/odp_classification_internal.h | 7 +++++ platform/linux-generic/odp_classification.c | 34 ++++++++++++++++------ 2 files changed, 32 insertions(+), 9 deletions(-) diff --git a/platform/linux-generic/include/odp_classification_internal.h b/platform/linux-generic/include/odp_classification_internal.h index 8882a7177..4cadb9bdb 100644 --- a/platform/linux-generic/include/odp_classification_internal.h +++ b/platform/linux-generic/include/odp_classification_internal.h @@ -42,6 +42,13 @@ int cls_classify_packet(pktio_entry_t *entry, const uint8_t *base, odp_packet_hdr_t *pkt_hdr); /** + * @internal + * Select packet destination queue basing on provided cos entry + */ +odp_queue_t cls_pkt_get_queue(odp_packet_hdr_t *pkt_hdr, cos_t *cos, + const uint8_t *base); + +/** Packet IO classifier init This function does initialization of classifier object associated with pktio. diff --git a/platform/linux-generic/odp_classification.c b/platform/linux-generic/odp_classification.c index 6ece74fca..317caefbf 100644 --- a/platform/linux-generic/odp_classification.c +++ b/platform/linux-generic/odp_classification.c @@ -961,8 +961,7 @@ int cls_classify_packet(pktio_entry_t *entry, const uint8_t *base, odp_packet_hdr_t *pkt_hdr) { cos_t *cos; - uint32_t tbl_index; - uint32_t hash; + odp_queue_t queue; packet_parse_reset(pkt_hdr); packet_set_len(pkt_hdr, pkt_len); @@ -979,20 +978,37 @@ int cls_classify_packet(pktio_entry_t *entry, const uint8_t *base, return -EFAULT; *pool = cos->s.pool; + pkt_hdr->p.input_flags.dst_queue = 1; - if (!cos->s.queue_group) { - pkt_hdr->dst_queue = queue_fn->from_ext(cos->s.queue); - return 0; - } + queue = cls_pkt_get_queue(pkt_hdr, cos, base); + pkt_hdr->dst_queue = queue_fn->from_ext(queue); + + return 0; +} + +/** + * Set packet destination queue basing on the cos + * + * @param cos + * @param pkt_hdr Packet header + * @param base Packet data + */ +odp_queue_t cls_pkt_get_queue(odp_packet_hdr_t *pkt_hdr, cos_t *cos, + const uint8_t *base) +{ + uint32_t tbl_index; + uint32_t hash; + + if (!cos->s.queue_group) + return cos->s.queue; hash = packet_rss_hash(pkt_hdr, cos->s.hash_proto, base); /* CLS_COS_QUEUE_MAX is a power of 2 */ hash = hash & (CLS_COS_QUEUE_MAX - 1); tbl_index = (cos->s.index * CLS_COS_QUEUE_MAX) + hash; - pkt_hdr->dst_queue = queue_fn->from_ext(queue_grp_tbl-> - s.queue[tbl_index]); - return 0; + + return queue_grp_tbl->s.queue[tbl_index]; } static uint32_t packet_rss_hash(odp_packet_hdr_t *pkt_hdr, From patchwork Sun Nov 12 23:00:07 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118677 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1155189qgn; Sun, 12 Nov 2017 15:07:11 -0800 (PST) X-Google-Smtp-Source: AGs4zMb/DqgcJiB8wIzPdQPdKk86zj8yLU9UoCSR4QvNbMzf5bAZ+VlXzWkHMLewUJ24qsGb6v94 X-Received: by 10.55.138.5 with SMTP id m5mr11070138qkd.38.1510528031604; Sun, 12 Nov 2017 15:07:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510528031; cv=none; d=google.com; s=arc-20160816; b=nWLRk6jiaE/nXS13WOsUGKTax8mmLYakTmJeZbTswIFGKKDrHMHsNjtLrGvDi+lBFe qQ3I7Z2Cry/8DabtR0UJjuqMqkR+WZ8Baa0z98RXsI5LSm3uDaCUDyC5PBnystO9CBkE qqR9ZgQolN98/yGqz/jk7JOyZJBlUHLSCapZYRxGrEELRsw5SZy3L4htQ4m8dcUeWoJI uBbODLrQ/Sul/Ghg8hTo42VkVuNKgWudNJZXGeDTK8x3Vc5iG7ffW/Xm3+2JG5LVBm6O NGi8IqJOAgQbABUJuUm2PdARAVPqY3NaECls0cPr7VyTRZADhA9UV6z3HlogNL2T1tfl dVow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=Q1UXvNgbXi8B/majCodAn+8GLF0jQloWhjGeEEFC+/s=; b=oPnPLxh6SRD2gIAlXYbvBur4wncodaz/IQtB8lswtg/5q6Pn5zAKkYIqA4ZV70V3t/ dfVr+FjumKL4MzJqmMnKBRuT36guSGjCxksXL/ZBXMeitcXlwiKkUuNY86tmL/pNtLRH mKvGs/kUNyvW9e/8hbHpDvrcNWlEyzqCJZPSu8Gn5PJ7g8FIsYztUFJlnkYuOK0R/8J7 PeDX4loQaW1qC5zmymD9Y/6F12zglPfx0xvHuzLlcA2QvNWUa7kWMykKjof80o7IqrKe pBt5Uo07F4LHfjum3ZMO6f6JOvhfuk7lyYntIr84xp8h31jNKCPtNcz9LyITORg+Uft+ sIPg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id z2si5877555qtc.433.2017.11.12.15.07.11; Sun, 12 Nov 2017 15:07:11 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 459A360BEE; Sun, 12 Nov 2017 23:07:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 674016065A; Sun, 12 Nov 2017 23:01:16 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 04C9B6071A; Sun, 12 Nov 2017 23:00:30 +0000 (UTC) Received: from forward101j.mail.yandex.net (forward101j.mail.yandex.net [5.45.198.241]) by lists.linaro.org (Postfix) with ESMTPS id 425976068D for ; Sun, 12 Nov 2017 23:00:23 +0000 (UTC) Received: from mxback8g.mail.yandex.net (mxback8g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:169]) by forward101j.mail.yandex.net (Yandex) with ESMTP id D6F37124ED5E for ; Mon, 13 Nov 2017 02:00:21 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback8g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id wVo4zD5VOv-0Lpua5mJ; Mon, 13 Nov 2017 02:00:21 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3gEL078gGO-0LjmHbJb; Mon, 13 Nov 2017 02:00:21 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 02:00:07 +0300 Message-Id: <1510527615-30536-11-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> References: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v13 10/18] linux-gen: ipsec: support pipelining to cos_t X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 7261a0ce35cc31342937cb57dcc287aea0c59ede **/ .../include/odp_classification_datamodel.h | 2 -- .../linux-generic/include/odp_ipsec_internal.h | 7 ++++ platform/linux-generic/odp_ipsec.c | 37 ++++++++++++++++++++-- platform/linux-generic/odp_ipsec_sad.c | 16 +++++++++- 4 files changed, 57 insertions(+), 5 deletions(-) diff --git a/platform/linux-generic/include/odp_classification_datamodel.h b/platform/linux-generic/include/odp_classification_datamodel.h index a40541986..25c488497 100644 --- a/platform/linux-generic/include/odp_classification_datamodel.h +++ b/platform/linux-generic/include/odp_classification_datamodel.h @@ -22,8 +22,6 @@ extern "C" { #include #include #include -#include -#include #include #include diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index 0a7f96256..81ecec08e 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -23,6 +23,7 @@ extern "C" { #include #include #include +#include /** @ingroup odp_ipsec * @{ @@ -141,6 +142,7 @@ struct ipsec_sa_s { odp_ipsec_lookup_mode_t lookup_mode; odp_u32be_t lookup_dst_ip; odp_atomic_u64_t antireplay; + cos_t *cos; } in; struct { @@ -229,6 +231,11 @@ int _odp_ipsec_sa_replay_update(ipsec_sa_t *ipsec_sa, uint32_t seq, int _odp_ipsec_try_inline(odp_packet_t pkt); /** + * Returns ODP IPsec configuration + */ +const odp_ipsec_config_t *_odp_ipsec_config_get(void); + +/** * @} */ diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index ef6a60249..6b5f5abf2 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -13,6 +13,7 @@ #include #include #include +#include #include #include @@ -30,6 +31,7 @@ int odp_ipsec_capability(odp_ipsec_capability_t *capa) int rc; odp_crypto_capability_t crypto_capa; odp_queue_capability_t queue_capa; + odp_cls_capability_t cls_capa; memset(capa, 0, sizeof(odp_ipsec_capability_t)); @@ -39,6 +41,7 @@ int odp_ipsec_capability(odp_ipsec_capability_t *capa) capa->op_mode_inline_out = ODP_SUPPORT_PREFERRED; capa->proto_ah = ODP_SUPPORT_YES; + capa->pipeline_cls = ODP_SUPPORT_YES; capa->max_num_sa = ODP_CONFIG_IPSEC_SAS; @@ -57,6 +60,12 @@ int odp_ipsec_capability(odp_ipsec_capability_t *capa) capa->max_queues = queue_capa.max_queues; + rc = odp_cls_capability(&cls_capa); + if (rc < 0) + return rc; + + capa->max_cls_cos = cls_capa.max_cos; + return 0; } @@ -95,6 +104,11 @@ int odp_ipsec_config(const odp_ipsec_config_t *config) return 0; } +const odp_ipsec_config_t *_odp_ipsec_config_get(void) +{ + return &ipsec_config; +} + static odp_ipsec_packet_result_t *ipsec_pkt_result(odp_packet_t packet) { ODP_ASSERT(ODP_EVENT_PACKET_IPSEC == @@ -1055,7 +1069,16 @@ int odp_ipsec_in_enq(const odp_packet_t pkt_in[], int num_in, result->status = status; if (NULL != ipsec_sa) { result->sa = ipsec_sa->ipsec_sa_hdl; - queue = ipsec_sa->queue; + if (ipsec_sa->in.cos && !status.error.all) { + odp_packet_hdr_t *pkt_hdr = odp_packet_hdr(pkt); + const uint8_t *base = odp_packet_data(pkt); + + queue = cls_pkt_get_queue(pkt_hdr, + ipsec_sa->in.cos, + base); + } else { + queue = ipsec_sa->queue; + } } else { result->sa = ODP_IPSEC_SA_INVALID; queue = ipsec_config.inbound.default_queue; @@ -1138,6 +1161,7 @@ int _odp_ipsec_try_inline(odp_packet_t pkt) ipsec_sa_t *ipsec_sa; odp_ipsec_packet_result_t *result; odp_packet_hdr_t *pkt_hdr; + odp_queue_t queue; memset(&status, 0, sizeof(status)); @@ -1155,10 +1179,19 @@ int _odp_ipsec_try_inline(odp_packet_t pkt) memset(result, 0, sizeof(*result)); result->status = status; result->sa = ipsec_sa->ipsec_sa_hdl; + result->flag.inline_mode = 1; pkt_hdr = odp_packet_hdr(pkt); pkt_hdr->p.input_flags.dst_queue = 1; - pkt_hdr->dst_queue = queue_fn->from_ext(ipsec_sa->queue); + if (ipsec_sa->in.cos && !status.error.all) { + odp_packet_hdr_t *pkt_hdr = odp_packet_hdr(pkt); + const uint8_t *base = odp_packet_data(pkt); + + queue = cls_pkt_get_queue(pkt_hdr, ipsec_sa->in.cos, base); + } else { + queue = ipsec_sa->queue; + } + pkt_hdr->dst_queue = queue_fn->from_ext(queue); /* Last thing */ _odp_ipsec_sa_unuse(ipsec_sa); diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index c30119249..ac9132527 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -13,6 +13,7 @@ #include #include +#include #include @@ -216,9 +217,22 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) sizeof(ipsec_sa->in.lookup_dst_ip)); if (param->inbound.antireplay_ws > IPSEC_ANTIREPLAY_WS) - return ODP_IPSEC_SA_INVALID; + goto error; ipsec_sa->antireplay = (param->inbound.antireplay_ws != 0); odp_atomic_init_u64(&ipsec_sa->in.antireplay, 0); + + if (ODP_IPSEC_PIPELINE_CLS == param->inbound.pipeline) { + if (ODP_IPSEC_OP_MODE_SYNC == + _odp_ipsec_config_get()->inbound_mode) + goto error; + + ipsec_sa->in.cos = + _odp_cos_get_entry(param->inbound.dest_cos); + if (NULL == ipsec_sa->in.cos) + goto error; + } else { + ipsec_sa->in.cos = NULL; + } } else { odp_atomic_store_u32(&ipsec_sa->out.seq, 1); } From patchwork Sun Nov 12 23:00:08 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118678 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1155776qgn; Sun, 12 Nov 2017 15:08:09 -0800 (PST) X-Google-Smtp-Source: AGs4zMbBzc3K/sM9y/17qcCX3rMab6nGzPjSWtn53WB9rvpsswYEV/RkGV6+l4PDJZ0RYSF0hnGC X-Received: by 10.55.33.70 with SMTP id h67mr10520752qkh.343.1510528088985; Sun, 12 Nov 2017 15:08:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510528088; cv=none; d=google.com; s=arc-20160816; b=hwU7X6qbouMU7Qw3VS6zUq1EF8gkhqeru3wE+bAei5YseDYFzmmOPBjWG7qgRP7HuL qA6wOSkSKp2YzDwylDZhW8qAhSeQyadgZtDQlpgjDEOWbyLsuryRH46KleEuAbQ6vTa5 X4SD0UFFKk+Zwvv+Kx0BYUEkI0IAd3flTXqGgYe+hCOYIw6GI17sWDtsoux8zo2CeXoN a9TPb9aQ18NGSxacGnQCnUYW6h4PGj2KuQsge5lTVrxyYWxiSAklWX5G5KoqiuYT6mbs w4e5kULYb1fIdqYjfJFZB91CbWlPBjRc8oG9I2uEDhlAD9zR4Q+eqwoGoK9csKW8pqqY 2AMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=qSXCWl9BGyyNDN4DC0YKL0npYl0BstvRxFQTALMC9Q8=; b=jR28srSomyQB8aNpqvoRVrMI3DmjBvvzDE0gLtBZnUTZLiiBpLgAIlwQplGxbRkvAc CSrk6PteV3qLU3+WUo1FCZmMFo+1Kp9AXFLoS78xjrztViVZNGzj5FsVfXOMeWRKWVpO tVwblQe+kWNjbqQuEsgNIbr1+9StjOg6NGcEVIUMQlxZR5zXaCDsbDsc5+4nf2bbAYa3 VSkIjIEtANMpoe/So+Qg6gfkAqaquCMnbtrArljZesu3tWBPkZTtouw1SEWeOtDNQaIX AQOfYy+iErdnjA9g0cE7udQRlEYpZigfk+Txc1DhcKD9udrblnK4Pbzuz6nogYv76qY/ FTrg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id f35si689402qtc.279.2017.11.12.15.08.08; Sun, 12 Nov 2017 15:08:08 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 2D12960BEF; Sun, 12 Nov 2017 23:08:08 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id A579260654; Sun, 12 Nov 2017 23:01:20 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 8EC6060AC1; Sun, 12 Nov 2017 23:00:36 +0000 (UTC) Received: from forward102j.mail.yandex.net (forward102j.mail.yandex.net [5.45.198.243]) by lists.linaro.org (Postfix) with ESMTPS id 1CED460750 for ; Sun, 12 Nov 2017 23:00:24 +0000 (UTC) Received: from mxback1o.mail.yandex.net (mxback1o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::1b]) by forward102j.mail.yandex.net (Yandex) with ESMTP id 5EA98560E948 for ; Mon, 13 Nov 2017 02:00:22 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback1o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id b4CiY3mZDv-0M9murIl; Mon, 13 Nov 2017 02:00:22 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3gEL078gGO-0Lj0Obi9; Mon, 13 Nov 2017 02:00:21 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 02:00:08 +0300 Message-Id: <1510527615-30536-12-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> References: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v13 11/18] validation: ipsec: add support for PIPELINE_CLS testing X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 7261a0ce35cc31342937cb57dcc287aea0c59ede **/ test/validation/api/ipsec/ipsec.c | 165 ++++++++++++++++++++++++++-- test/validation/api/ipsec/ipsec.h | 3 + test/validation/api/ipsec/ipsec_async.c | 1 + test/validation/api/ipsec/ipsec_inline_in.c | 1 + 4 files changed, 159 insertions(+), 11 deletions(-) diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c index 853bd88a9..5883f23e2 100644 --- a/test/validation/api/ipsec/ipsec.c +++ b/test/validation/api/ipsec/ipsec.c @@ -117,6 +117,35 @@ static void pktio_stop(odp_pktio_t pktio) } } +static odp_cos_t ipsec_cos_create(void) +{ + odp_cls_cos_param_t param; + odp_cos_t cos; + + odp_cls_cos_param_init(¶m); + param.pool = suite_context.pool; + param.num_queue = 1; + param.queue = odp_queue_create("ipsec-cos-queue", NULL); + + if (ODP_QUEUE_INVALID == param.queue) + return ODP_COS_INVALID; + + cos = odp_cls_cos_create("ipsec-cos", ¶m); + if (ODP_COS_INVALID != cos) + suite_context.cos_queue = odp_cos_queue(cos); + + return cos; +} + +static void ipsec_cos_destroy(void) +{ + odp_queue_t queue = odp_cos_queue(suite_context.cos); + + suite_context.cos_queue = ODP_QUEUE_INVALID; + odp_cos_destroy(suite_context.cos); + odp_queue_destroy(queue); +} + #define MAX_ALG_CAPA 32 int ipsec_check(odp_bool_t ah, @@ -147,6 +176,11 @@ int ipsec_check(odp_bool_t ah, ODP_SUPPORT_NO == capa.op_mode_inline_out)) return ODP_TEST_INACTIVE; + if (ODP_COS_INVALID != suite_context.cos && + (capa.pipeline_cls == ODP_SUPPORT_NO || + capa.max_cls_cos < 1)) + return ODP_TEST_INACTIVE; + if (ah && (ODP_SUPPORT_NO == capa.proto_ah)) return ODP_TEST_INACTIVE; @@ -288,6 +322,11 @@ void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param, if (in) param->inbound.lookup_mode = ODP_IPSEC_LOOKUP_SPI; + if (in && (ODP_COS_INVALID != suite_context.cos)) { + param->inbound.pipeline = ODP_IPSEC_PIPELINE_CLS; + param->inbound.dest_cos = suite_context.cos; + } + param->proto = ah ? ODP_IPSEC_AH : ODP_IPSEC_ESP; @@ -438,23 +477,53 @@ static int ipsec_send_in_one(const ipsec_test_part *part, pkto, &num_out, ¶m)); CU_ASSERT_EQUAL(num_out, part->out_pkt); - } else if (ODP_IPSEC_OP_MODE_ASYNC == suite_context.inbound_op_mode) { + } else if (ODP_IPSEC_OP_MODE_ASYNC == suite_context.inbound_op_mode && + ODP_QUEUE_INVALID == suite_context.cos_queue) { CU_ASSERT_EQUAL(1, odp_ipsec_in_enq(&pkt, 1, ¶m)); - for (i = 0; i < num_out; i++) { - odp_event_t event; + for (i = 0; i < num_out;) { + odp_event_t ev; odp_event_subtype_t subtype; - do { - event = odp_queue_deq(suite_context.queue); - } while (event == ODP_EVENT_INVALID); + ev = odp_queue_deq(suite_context.queue); + if (ODP_EVENT_INVALID != ev) { + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(ev, &subtype)); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, + subtype); + pkto[i++] = odp_ipsec_packet_from_event(ev); + } + } + } else if (ODP_IPSEC_OP_MODE_ASYNC == suite_context.inbound_op_mode && + ODP_QUEUE_INVALID != suite_context.cos_queue) { + CU_ASSERT_EQUAL(1, odp_ipsec_in_enq(&pkt, 1, ¶m)); - CU_ASSERT_EQUAL(ODP_EVENT_PACKET, - odp_event_types(event, &subtype)); - CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, subtype); - pkto[i] = odp_ipsec_packet_from_event(event); + for (i = 0; i < num_out;) { + odp_event_t ev; + odp_event_subtype_t subtype; + + ev = odp_queue_deq(suite_context.queue); + if (ODP_EVENT_INVALID != ev) { + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(ev, &subtype)); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, + subtype); + CU_ASSERT(part->out[i].status.error.all); + pkto[i++] = odp_ipsec_packet_from_event(ev); + } + + ev = odp_queue_deq(suite_context.cos_queue); + if (ODP_EVENT_INVALID != ev) { + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(ev, &subtype)); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, + subtype); + CU_ASSERT(!part->out[i].status.error.all); + pkto[i++] = odp_ipsec_packet_from_event(ev); + } } - } else { + } else if (ODP_IPSEC_OP_MODE_INLINE == suite_context.inbound_op_mode && + ODP_QUEUE_INVALID == suite_context.cos_queue) { odp_queue_t queue; odp_pktout_queue_t pktout; @@ -495,6 +564,63 @@ static int ipsec_send_in_one(const ipsec_test_part *part, continue; } } + } else if (ODP_IPSEC_OP_MODE_INLINE == suite_context.inbound_op_mode && + ODP_QUEUE_INVALID != suite_context.cos_queue) { + odp_queue_t queue; + odp_pktout_queue_t pktout; + + CU_ASSERT_EQUAL_FATAL(1, odp_pktout_queue(suite_context.pktio, + &pktout, 1)); + + CU_ASSERT_EQUAL(1, odp_pktout_send(pktout, &pkt, 1)); + CU_ASSERT_EQUAL_FATAL(1, + odp_pktin_event_queue(suite_context. + pktio, + &queue, 1)); + + for (i = 0; i < num_out;) { + odp_event_t ev; + odp_event_subtype_t subtype; + + ev = odp_queue_deq(suite_context.cos_queue); + if (ODP_EVENT_INVALID != ev) { + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(ev, &subtype)); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, + subtype); + CU_ASSERT(!part->out[i].status.error.all); + + pkto[i++] = odp_ipsec_packet_from_event(ev); + continue; + } + + ev = odp_queue_deq(queue); + if (ODP_EVENT_INVALID != ev) { + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(ev, &subtype)); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_BASIC, + subtype); + CU_ASSERT(part->out[i].status.error.sa_lookup); + + pkto[i++] = odp_ipsec_packet_from_event(ev); + continue; + } + + ev = odp_queue_deq(suite_context.queue); + if (ODP_EVENT_INVALID != ev) { + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(ev, &subtype)); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, + subtype); + CU_ASSERT(!part->out[i].status.error.sa_lookup); + CU_ASSERT(part->out[i].status.error.all); + + pkto[i++] = odp_ipsec_packet_from_event(ev); + continue; + } + } + } else { + CU_FAIL("Unsupported configuration!\n"); } return num_out; @@ -724,14 +850,31 @@ int ipsec_suite_init(void) if (rc == 0) suite_context.pktio = ODP_PKTIO_INVALID; + suite_context.cos = ODP_COS_INVALID; + return rc < 0 ? -1 : 0; } +int ipsec_suite_cos_init(void) +{ + int ret = ipsec_suite_init(); + + if (ret < 0) + return ret; + + suite_context.cos = ipsec_cos_create(); + + return 0; +} + static int ipsec_suite_term(odp_testinfo_t *suite) { int i; int first = 1; + if (suite_context.cos != ODP_COS_INVALID) + ipsec_cos_destroy(); + if (suite_context.pktio != ODP_PKTIO_INVALID) pktio_stop(suite_context.pktio); diff --git a/test/validation/api/ipsec/ipsec.h b/test/validation/api/ipsec/ipsec.h index d1c6854b7..472179f91 100644 --- a/test/validation/api/ipsec/ipsec.h +++ b/test/validation/api/ipsec/ipsec.h @@ -21,6 +21,7 @@ int ipsec_in_inline_init(void); int ipsec_out_inline_init(void); int ipsec_suite_init(void); +int ipsec_suite_cos_init(void); int ipsec_in_term(void); int ipsec_out_term(void); @@ -30,6 +31,8 @@ struct suite_context_s { odp_pool_t pool; odp_queue_t queue; odp_pktio_t pktio; + odp_cos_t cos; + odp_queue_t cos_queue; }; extern struct suite_context_s suite_context; diff --git a/test/validation/api/ipsec/ipsec_async.c b/test/validation/api/ipsec/ipsec_async.c index 796879230..f5d384392 100644 --- a/test/validation/api/ipsec/ipsec_async.c +++ b/test/validation/api/ipsec/ipsec_async.c @@ -32,6 +32,7 @@ static int ipsec_async_init(odp_instance_t *inst) odp_suiteinfo_t ipsec_suites[] = { {"IPsec-in", ipsec_suite_init, ipsec_in_term, ipsec_in_suite}, + {"IPsec-cos-in", ipsec_suite_cos_init, ipsec_in_term, ipsec_in_suite}, {"IPsec-out", ipsec_suite_init, ipsec_out_term, ipsec_out_suite}, ODP_SUITE_INFO_NULL, }; diff --git a/test/validation/api/ipsec/ipsec_inline_in.c b/test/validation/api/ipsec/ipsec_inline_in.c index 2a595353d..c2f6411f0 100644 --- a/test/validation/api/ipsec/ipsec_inline_in.c +++ b/test/validation/api/ipsec/ipsec_inline_in.c @@ -34,6 +34,7 @@ static int ipsec_sync_init(odp_instance_t *inst) odp_suiteinfo_t ipsec_suites[] = { {"IPsec-in", ipsec_suite_init, ipsec_in_term, ipsec_in_suite}, + {"IPsec-cos-in", ipsec_suite_cos_init, ipsec_in_term, ipsec_in_suite}, ODP_SUITE_INFO_NULL, }; From patchwork Sun Nov 12 23:00:09 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118684 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1158248qgn; Sun, 12 Nov 2017 15:11:39 -0800 (PST) X-Google-Smtp-Source: AGs4zMaldyCMskPbOY0pDNH4LC50z/dNsvDpgAixByx3wbPf/4n02Sr4g6RNyFrUiXOlmr3lFign X-Received: by 10.233.235.81 with SMTP id b78mr10553835qkg.288.1510528299607; Sun, 12 Nov 2017 15:11:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510528299; cv=none; d=google.com; s=arc-20160816; b=oRGU1P76tf6qN5Ho1nNYOGX8u19rxOliWQtF1X7FHrrIX6FHzsPvCR/YSuOXp4RH8Z nlMLFebLt8IxSvqyCAAByRo0vV1AJOOFHGm1hgUAQNM9c4tCa+9CAfOrcdjCqf8udHFv 4+PvYll0amXNiCyM6pvDEIuA4yRMZwMpeNj32Tw4DnrTqAwv05EmX5i+L8+Jj5sSh/ml DlvwZTm3jJrtvhFec7m+8kudznF+aLSXWNbPh1gICK889gPORS6M/h0h3bWpzGnpJK35 cRgyBadnZESwfbl61sc8vfneWISMmPNWuTDajnKbYGsTZDc0BxXh67UWA/2GZEAgdeyx r2CQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=DV34rlpyL1jbGZ3HK/LGQsGEasOMa88eaFz++tOutVQ=; b=rrLGCaEY1s1kNxbzIyC62+KGcxdKF6whSO/uuepafBv162z1VKe9rHAd98w/vZrarR Eck2uhYkvyL4KWBIzH/QGwy2Y0pWi4z9J194CW/QRMqftAlHJK6LuWTtHBz+VR8Sue04 T4RXG17npvrsfvba3SXl0EetQBHAmnK8aw8/Jl8eE7WFVA1XU8fYenjAGUjV0fqWW4xG GlnHYHmZ6QYY1oEU2SA4zNK9VeyF2zl4GqrZ20XVJgumuVKK+mbTFfCZBFQGHqubNFIU bpNW4kbnbGbVoPSMUjJXA3m038RdrT+bSu6HDDaXsCnLolkuLmpW/lj+LroHLJgE4N0g T9FQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id m68si4555089qke.366.2017.11.12.15.11.39; Sun, 12 Nov 2017 15:11:39 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 3DBCA609D2; Sun, 12 Nov 2017 23:11:39 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 7CD9460C2F; Sun, 12 Nov 2017 23:01:51 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 3F98160654; Sun, 12 Nov 2017 23:01:12 +0000 (UTC) Received: from forward100o.mail.yandex.net (forward100o.mail.yandex.net [37.140.190.180]) by lists.linaro.org (Postfix) with ESMTPS id ED9C3609D2 for ; Sun, 12 Nov 2017 23:00:24 +0000 (UTC) Received: from mxback2j.mail.yandex.net (mxback2j.mail.yandex.net [IPv6:2a02:6b8:0:1619::10b]) by forward100o.mail.yandex.net (Yandex) with ESMTP id EF4172A2DB4F for ; Mon, 13 Nov 2017 02:00:22 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback2j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id Rm162bum5l-0MFeq4sl; Mon, 13 Nov 2017 02:00:22 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3gEL078gGO-0MjODlbw; Mon, 13 Nov 2017 02:00:22 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 02:00:09 +0300 Message-Id: <1510527615-30536-13-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> References: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v13 12/18] linux-gen: ipsec: mark IPsec packets with errors with error flag X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Add new ipsec_err error flag, which is set by IPsec code if there was an error during IPsec packet processing. This allow application code to quickly check packets using odp_packet_has_error() function and use fast path if there was none. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 7261a0ce35cc31342937cb57dcc287aea0c59ede **/ .../linux-generic/include/odp_packet_internal.h | 1 + platform/linux-generic/odp_ipsec.c | 104 ++++++++++++--------- 2 files changed, 60 insertions(+), 45 deletions(-) diff --git a/platform/linux-generic/include/odp_packet_internal.h b/platform/linux-generic/include/odp_packet_internal.h index fc10d61c8..e62854b1e 100644 --- a/platform/linux-generic/include/odp_packet_internal.h +++ b/platform/linux-generic/include/odp_packet_internal.h @@ -55,6 +55,7 @@ typedef union { uint32_t tcp_err:1; /**< TCP error, checks TBD */ uint32_t udp_err:1; /**< UDP error, checks TBD */ uint32_t l4_chksum:1; /**< L4 checksum error */ + uint32_t ipsec_err:1; /**< IPsec error */ }; } error_flags_t; diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 6b5f5abf2..524ed728f 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -286,6 +286,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, uint8_t ip_ttl; /**< Saved IP TTL value */ uint16_t ip_frag_offset; /**< Saved IP flags value */ odp_crypto_packet_result_t crypto; /**< Crypto operation result */ + odp_packet_hdr_t *pkt_hdr; ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != ip_offset); ODP_ASSERT(NULL != ip); @@ -301,7 +302,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (_ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(ip->frag_offset))) { status->error.proto = 1; - goto out; + goto err; } /* Check IP header for IPSec protocols and look it up */ @@ -311,7 +312,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (odp_packet_copy_to_mem(pkt, ipsec_offset, sizeof(esp), &esp) < 0) { status->error.alg = 1; - goto out; + goto err; } if (ODP_IPSEC_SA_INVALID == sa) { @@ -324,7 +325,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ipsec_sa = _odp_ipsec_sa_lookup(&lookup); if (NULL == ipsec_sa) { status->error.sa_lookup = 1; - goto out; + goto err; } } else { ipsec_sa = _odp_ipsec_sa_use(sa); @@ -332,7 +333,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (ipsec_sa->proto != ODP_IPSEC_ESP || ipsec_sa->spi != odp_be_to_cpu_32(esp.spi)) { status->error.proto = 1; - goto out; + goto err; } } @@ -342,7 +343,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ipsec_sa->esp_iv_len, iv + ipsec_sa->salt_length) < 0) { status->error.alg = 1; - goto out; + goto err; } hdr_len = _ODP_ESPHDR_LEN + ipsec_sa->esp_iv_len; @@ -376,7 +377,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (odp_packet_copy_to_mem(pkt, ipsec_offset, sizeof(ah), &ah) < 0) { status->error.alg = 1; - goto out; + goto err; } if (ODP_IPSEC_SA_INVALID == sa) { @@ -389,7 +390,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ipsec_sa = _odp_ipsec_sa_lookup(&lookup); if (NULL == ipsec_sa) { status->error.sa_lookup = 1; - goto out; + goto err; } } else { ipsec_sa = _odp_ipsec_sa_use(sa); @@ -397,7 +398,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (ipsec_sa->proto != ODP_IPSEC_AH || ipsec_sa->spi != odp_be_to_cpu_32(ah.spi)) { status->error.proto = 1; - goto out; + goto err; } } @@ -431,16 +432,16 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, stats_length = param.auth_range.length; } else { status->error.proto = 1; - goto out; + goto err; } if (_odp_ipsec_sa_replay_precheck(ipsec_sa, odp_be_to_cpu_32(aad.seq_no), status) < 0) - goto out; + goto err; if (_odp_ipsec_sa_stats_precheck(ipsec_sa, status) < 0) - goto out; + goto err; param.session = ipsec_sa->session; @@ -448,14 +449,14 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (rc < 0) { ODP_DBG("Crypto failed\n"); status->error.alg = 1; - goto out; + goto err; } rc = odp_crypto_result(&crypto, pkt); if (rc < 0) { ODP_DBG("Crypto failed\n"); status->error.alg = 1; - goto out; + goto err; } if (!crypto.ok) { @@ -471,16 +472,16 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ODP_CRYPTO_HW_ERR_NONE)) status->error.auth = 1; - goto out; + goto err; } if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) - goto out; + goto err; if (_odp_ipsec_sa_replay_update(ipsec_sa, odp_be_to_cpu_32(aad.seq_no), status) < 0) - goto out; + goto err; ip_offset = odp_packet_l3_offset(pkt); ip = odp_packet_l3_ptr(pkt, NULL); @@ -498,18 +499,18 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (odp_packet_copy_to_mem(pkt, esptrl_offset, sizeof(esptrl), &esptrl) < 0) { status->error.proto = 1; - goto out; + goto err; } if (ip_offset + esptrl.pad_len > esptrl_offset) { status->error.proto = 1; - goto out; + goto err; } if (_odp_packet_cmp_data(pkt, esptrl_offset - esptrl.pad_len, ipsec_padding, esptrl.pad_len) != 0) { status->error.proto = 1; - goto out; + goto err; } ip->proto = esptrl.next_header; @@ -523,7 +524,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (odp_packet_copy_to_mem(pkt, ipsec_offset, sizeof(ah), &ah) < 0) { status->error.alg = 1; - goto out; + goto err; } ip->proto = ah.next_header; @@ -534,12 +535,12 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ip->frag_offset = odp_cpu_to_be_16(ip_frag_offset); } else { status->error.proto = 1; - goto out; + goto err; } if (odp_packet_trunc_tail(&pkt, trl_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode) { @@ -550,7 +551,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (odp_packet_trunc_head(&pkt, ip_hdr_len + hdr_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } } else { odp_packet_move_data(pkt, hdr_len, 0, @@ -558,7 +559,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (odp_packet_trunc_head(&pkt, hdr_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } } @@ -573,15 +574,21 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, _odp_ipv4_csum_update(pkt); } - if (!status->error.all) { - odp_packet_hdr_t *pkt_hdr = odp_packet_hdr(pkt); + pkt_hdr = odp_packet_hdr(pkt); - packet_parse_reset(pkt_hdr); + packet_parse_reset(pkt_hdr); + + packet_parse_l3_l4(pkt_hdr, parse_layer(ipsec_config.inbound.parse), + ip_offset, _ODP_ETHTYPE_IPV4); + + *pkt_out = pkt; + + return ipsec_sa; + +err: + pkt_hdr = odp_packet_hdr(pkt); + pkt_hdr->p.error_flags.ipsec_err = 1; - packet_parse_l3_l4(pkt_hdr, parse_layer(ipsec_config.inbound.parse), - ip_offset, _ODP_ETHTYPE_IPV4); - } -out: *pkt_out = pkt; return ipsec_sa; @@ -620,6 +627,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, uint8_t ip_ttl; /**< Saved IP TTL value */ uint16_t ip_frag_offset; /**< Saved IP flags value */ odp_crypto_packet_result_t crypto; /**< Crypto operation result */ + odp_packet_hdr_t *pkt_hdr; ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != ip_offset); ODP_ASSERT(NULL != ip); @@ -637,7 +645,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, if (ODP_IPSEC_MODE_TRANSPORT == ipsec_sa->mode && _ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(ip->frag_offset))) { status->error.alg = 1; - goto out; + goto err; } if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode) { @@ -673,7 +681,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, if (odp_packet_extend_head(&pkt, _ODP_IPV4HDR_LEN, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } odp_packet_move_data(pkt, 0, _ODP_IPV4HDR_LEN, ip_offset); @@ -719,7 +727,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, 1); /* Check for overrun */ if (ctr == 0) - goto out; + goto err; memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); memcpy(iv + ipsec_sa->salt_length, &ctr, @@ -733,7 +741,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, if (len != ipsec_sa->esp_iv_len) { status->error.alg = 1; - goto out; + goto err; } } @@ -741,12 +749,12 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, if (odp_packet_extend_tail(&pkt, trl_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } if (odp_packet_extend_head(&pkt, hdr_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } odp_packet_move_data(pkt, 0, hdr_len, ipsec_offset); @@ -819,12 +827,12 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, if (odp_packet_extend_tail(&pkt, trl_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } if (odp_packet_extend_head(&pkt, hdr_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } odp_packet_move_data(pkt, 0, hdr_len, ipsec_offset); @@ -866,12 +874,12 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, stats_length = param.auth_range.length; } else { status->error.alg = 1; - goto out; + goto err; } /* No need to run precheck here, we know that packet is authentic */ if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) - goto out; + goto err; param.session = ipsec_sa->session; @@ -879,14 +887,14 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, if (rc < 0) { ODP_DBG("Crypto failed\n"); status->error.alg = 1; - goto out; + goto err; } rc = odp_crypto_result(&crypto, pkt); if (rc < 0) { ODP_DBG("Crypto failed\n"); status->error.alg = 1; - goto out; + goto err; } if (!crypto.ok) { @@ -902,7 +910,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, ODP_CRYPTO_HW_ERR_NONE)) status->error.auth = 1; - goto out; + goto err; } ip = odp_packet_l3_ptr(pkt, NULL); @@ -916,7 +924,13 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, _odp_ipv4_csum_update(pkt); -out: + *pkt_out = pkt; + return ipsec_sa; + +err: + pkt_hdr = odp_packet_hdr(pkt); + + pkt_hdr->p.error_flags.ipsec_err = 1; *pkt_out = pkt; return ipsec_sa; From patchwork Sun Nov 12 23:00:10 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118679 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1156224qgn; Sun, 12 Nov 2017 15:08:50 -0800 (PST) X-Google-Smtp-Source: AGs4zMa9j8mApW0IPAGmjWFoVHZnnZewVDr2lBGgrVfpj3XmGkG3Bhuw4u6/vdWBzPWlCii+Te5W X-Received: by 10.55.26.168 with SMTP id l40mr11007735qkh.352.1510528130866; Sun, 12 Nov 2017 15:08:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510528130; cv=none; d=google.com; s=arc-20160816; b=gOUViKOGpkptcf4JpwLsA7qek+OiEVXVNX7SIbHm1ePnCxvzAPdp/XvK5PMTEwyLxf FIII4lJdO/hubMdAyw0npMArJBMaZzOK0D6Laq6m2DMj9cbm+8Ikun6I/7sm9nhWMbJi MVO+5PO7oeIuBEgfjdvRQPJw4VkMoIYavSIkDt8nEsepcv3u/YloHsLRKmTV5A6oguld icpMRSZgw/kuvmS9aJi7Yud4F5KXtw0RUlDevQtIonuZ0q4Lk02lNjgA+fX2l/PmBc2b 4hCWUuA0Nzuug5PpbD2FBmoChQe4UX2nNWNA4eZkziDVVKE6tl6UgBQvS6xTjM8Stejq BtSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=Ge0UlZQVdhL6SnACvDGFbYb7d3FL6j0IYD3wZWhdAyw=; b=SIrJZUEm/9WHD7/u/pE6wIqCIdMrJzzOq9b57fuqmIluW95L3ZlZ04ZZHhLjrqcEF1 SatRr1m3v/prNO+nO5AuDz6vZ5dnZIbi1hXSeKUuPMEu1q/+yaNZ0GRRd646QepVZM/S gsiWPl1c9lMbNejLUKMAp1uovD/PBhmjC+elqu5sEBaGv/RyQfrajMFBIstCmxXThDlm O0t5YzXbwT4ZNTNDSQoTM/bOg5ij+NQsH4Axlp4ZbBU5T+GgipjcVrpDBWGdrrw66HuF PJe0tyR9obnnEl0PvTobYL9y68Q91ckb+dXCE16ZQywBfFQuuoT5e/OnShcm1a9ZMyX4 wDUA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id m68si4551604qke.366.2017.11.12.15.08.50; Sun, 12 Nov 2017 15:08:50 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 9345260B14; Sun, 12 Nov 2017 23:08:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 0618F60C09; Sun, 12 Nov 2017 23:01:29 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id BE7BC60BF7; Sun, 12 Nov 2017 23:01:02 +0000 (UTC) Received: from forward104p.mail.yandex.net (forward104p.mail.yandex.net [77.88.28.107]) by lists.linaro.org (Postfix) with ESMTPS id 6332E609C9 for ; Sun, 12 Nov 2017 23:00:24 +0000 (UTC) Received: from mxback12j.mail.yandex.net (mxback12j.mail.yandex.net [IPv6:2a02:6b8:0:1619::87]) by forward104p.mail.yandex.net (Yandex) with ESMTP id 543EF18E848 for ; Mon, 13 Nov 2017 02:00:23 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback12j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id XJWTnRXg6U-0NrK7Oku; Mon, 13 Nov 2017 02:00:23 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3gEL078gGO-0Nj0uP89; Mon, 13 Nov 2017 02:00:23 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 02:00:10 +0300 Message-Id: <1510527615-30536-14-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> References: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v13 13/18] validation: check that erroneous IPsec packets have error flag set X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Verify that odp_packet_has_error() returns true for IPsec packets with error status in result. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 7261a0ce35cc31342937cb57dcc287aea0c59ede **/ test/validation/api/ipsec/ipsec.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c index 5883f23e2..045718594 100644 --- a/test/validation/api/ipsec/ipsec.c +++ b/test/validation/api/ipsec/ipsec.c @@ -739,6 +739,10 @@ void ipsec_check_in_one(const ipsec_test_part *part, odp_ipsec_sa_t sa) CU_ASSERT_EQUAL(0, odp_ipsec_result(&result, pkto[i])); CU_ASSERT_EQUAL(part->out[i].status.error.all, result.status.error.all); + if (result.status.error.all) + CU_ASSERT(odp_packet_has_error(pkto[i])) + else + CU_ASSERT(!odp_packet_has_error(pkto[i])); CU_ASSERT_EQUAL(suite_context.inbound_op_mode == ODP_IPSEC_OP_MODE_INLINE, result.flag.inline_mode); @@ -778,6 +782,10 @@ void ipsec_check_out_one(const ipsec_test_part *part, odp_ipsec_sa_t sa) CU_ASSERT_EQUAL(0, odp_ipsec_result(&result, pkto[i])); CU_ASSERT_EQUAL(part->out[i].status.error.all, result.status.error.all); + if (result.status.error.all) + CU_ASSERT(odp_packet_has_error(pkto[i])) + else + CU_ASSERT(!odp_packet_has_error(pkto[i])); CU_ASSERT_EQUAL(sa, result.sa); CU_ASSERT_EQUAL(IPSEC_SA_CTX, odp_ipsec_sa_context(sa)); From patchwork Sun Nov 12 23:00:11 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118681 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1157122qgn; Sun, 12 Nov 2017 15:10:08 -0800 (PST) X-Google-Smtp-Source: AGs4zMYrEqt6hTmOKhWTXG13PfkRYjYIb2tlLEAIYJ4p4NviRGDx0OfWpEhnV2JyHS/6bs0HJ5uJ X-Received: by 10.55.100.141 with SMTP id y135mr10625290qkb.242.1510528208171; Sun, 12 Nov 2017 15:10:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510528208; cv=none; d=google.com; s=arc-20160816; b=gA2jG2/ZDr9nJrvCwWEwhkNvLo8fDfdxvjfT0Mz9GuBJF4VGDGpVn4u1VNliYhZ6Ek dRvvyuWAKYbrzbL8lDVI4QDASh2a7SPdLH00cpguZoJv8LGF/fmkZiHhkFD7N5Es7oIa hWzg3npq01O8xMdeXUd+aaqjZoozY1L4WBlQ8bRp4ipdLkde7VdbGR+FHGfY+DqHdvwM 6GDVBuG5fUw0qxmB50olyjjQClyrzXdIB5GmbYtnnfS7BA86ZManxyXNu9jPOquFqffS 9cZqz7mqd7ZrF3OeDMU7bXdl2UchApIm3SHeMrbUbvHN5Iau+lanhoQJVh1cGjeCY+HK F3kQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=fNlj4xhVUABRYTSJAgvuAk4YgCjMcnXAB13Ydxn64hc=; b=rMPK+H3PfTiTJGd0dOVuZ0tbpZHrRc1uvX62TgCZkCv8Fn1dTaDJsSgmR5PByS2cyY Ny2xgPux/EX7nfz0BDL4S7D6LG4xY8nBZDNDPpwA/MRqsv2Fkvp7XRBwnJeLuzsFzM8r Yay+0SU9/Job8VukCL4CPzE+2fwi3hF+PwCKI+TKwZlzHelUOW7zw7ncc2yPIq7l2yrc 5nEAwhCtylLw0dSHYwuQxSnWzd5R78hlfAhaD0PA8B0l4ad4i7xOV6KlQtmte3OZpNc3 zoVmdrp1Mu2NLtiYR5nDNwRayg/v08d3/2Dm9jQ0VncY2rh5Pce3auComZW7t+fPDjhd 1WFw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id d19si164168qkg.484.2017.11.12.15.10.07; Sun, 12 Nov 2017 15:10:08 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id D4E3F60B54; Sun, 12 Nov 2017 23:10:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 9A29C60C0F; Sun, 12 Nov 2017 23:01:37 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id CF2C760BE0; Sun, 12 Nov 2017 23:01:10 +0000 (UTC) Received: from forward102p.mail.yandex.net (forward102p.mail.yandex.net [77.88.28.102]) by lists.linaro.org (Postfix) with ESMTPS id 81DE660A1C for ; Sun, 12 Nov 2017 23:00:25 +0000 (UTC) Received: from mxback20j.mail.yandex.net (mxback20j.mail.yandex.net [IPv6:2a02:6b8:0:1619::114]) by forward102p.mail.yandex.net (Yandex) with ESMTP id D46FF430E64B for ; Mon, 13 Nov 2017 02:00:23 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback20j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id pHgZ5Zj2aa-0NEWtTbW; Mon, 13 Nov 2017 02:00:23 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3gEL078gGO-0NjuLgQs; Mon, 13 Nov 2017 02:00:23 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 02:00:11 +0300 Message-Id: <1510527615-30536-15-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> References: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v13 14/18] linux-gen: ipsec: validate ip header total length X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Check that IP packet length from the header is not bogus. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 7261a0ce35cc31342937cb57dcc287aea0c59ede **/ platform/linux-generic/odp_ipsec.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 524ed728f..49bacae01 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -300,6 +300,11 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ipsec_offset = ip_offset + ip_hdr_len; + if (odp_be_to_cpu_16(ip->tot_len) + ip_offset > odp_packet_len(pkt)) { + status->error.alg = 1; + goto err; + } + if (_ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(ip->frag_offset))) { status->error.proto = 1; goto err; @@ -648,6 +653,11 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, goto err; } + if (odp_be_to_cpu_16(ip->tot_len) + ip_offset > odp_packet_len(pkt)) { + status->error.alg = 1; + goto err; + } + if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode) { _odp_ipv4hdr_t out_ip; uint16_t tot_len; From patchwork Sun Nov 12 23:00:12 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118680 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1156796qgn; Sun, 12 Nov 2017 15:09:38 -0800 (PST) X-Google-Smtp-Source: AGs4zMbdPJyYhFrcftsmayf9NUemQNshhraAiqLdVSnP6tkXIJFFTCGXXr8la+QbrYchYE3jjUR4 X-Received: by 10.55.26.90 with SMTP id a87mr10546649qka.184.1510528178346; Sun, 12 Nov 2017 15:09:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510528178; cv=none; d=google.com; s=arc-20160816; b=z7PT5z8bACxYX2e31fZ/KvQojNEtiXlnQig6GIh1XnuLBAaYLPou2noYJJEvxC27sU csLlGePg55hUtUYWJhFzoLQ4q263PgcqRhY/s/ipyr/ewWyOpKoCoXDhyKhTzeHi4FHt sZke7i7S3yZCOZb2kALGWqdXmogIkRFkqmgAsvWNu3wsjS9nuJCiEJFGHJqZjgIA+Oni YUv4YP1X7Z0V9slklIpF42Iz7dk01wXqfTy/hFzwuoklJgL2q98pyvE+6jGTFt1meY5N nY176oGLi3M5vWfp1hVrlYc6kNtmO98r7hV+n5dX3TMswc9Z5o7g4IVfD4qxfLDFmkRW pgGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=/QYw8XW01SWhsTBm4ab5WtU3Qhtp3mVL+BmyFZ6RZI8=; b=p//AnkzWXcCINK+tkQ598VYd/U6yvv83xXnDo0puql5B3HfVyp1PuhS7YdL1cXa3sv bnXKOt+SA3+Qan8OHeuaAGFVYbDxuSdWh06zouPWx9xJRFbZN6FzaFvExCCSatJp/z+5 nsHg+x5F7AVxGvfWFZFjQaORNkVsIvPY8d7YsCzadho2q0aDpDtCZRn7ShVTU8hPUqQW mGwFbOILmzQ+FT9IyiyVgGe/6Wk0dfBdzT39B53paeY41aHtwrlIKaBjUiW/CYhK/rj4 IwsHGSGjM5qpMNL1iXJBzLKo+686eext+0MwhLVp9mxQ6rRDNwlD2H7j+k722NyxnEl6 b3CA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id g9si568742qtj.341.2017.11.12.15.09.38; Sun, 12 Nov 2017 15:09:38 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 0C4F160B67; Sun, 12 Nov 2017 23:09:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 51C3260C11; Sun, 12 Nov 2017 23:01:32 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 6780160C0B; Sun, 12 Nov 2017 23:01:09 +0000 (UTC) Received: from forward100p.mail.yandex.net (forward100p.mail.yandex.net [77.88.28.100]) by lists.linaro.org (Postfix) with ESMTPS id 6A65560A03 for ; Sun, 12 Nov 2017 23:00:25 +0000 (UTC) Received: from mxback17j.mail.yandex.net (mxback17j.mail.yandex.net [IPv6:2a02:6b8:0:1619::93]) by forward100p.mail.yandex.net (Yandex) with ESMTP id 584B6510D4AA for ; Mon, 13 Nov 2017 02:00:24 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback17j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 7vjVqq0qST-0O3Sco4W; Mon, 13 Nov 2017 02:00:24 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3gEL078gGO-0NjWNgaU; Mon, 13 Nov 2017 02:00:23 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 02:00:12 +0300 Message-Id: <1510527615-30536-16-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> References: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v13 15/18] linux-gen: ipsec: correct frag_offset for tunneled packets X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Generated outer header should have frag_offset = 0, MF = 0. Change code accordingly. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 7261a0ce35cc31342937cb57dcc287aea0c59ede **/ platform/linux-generic/odp_ipsec.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 49bacae01..832c62c94 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -677,10 +677,10 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, out_ip.id = odp_atomic_fetch_add_u32(&ipsec_sa->out.tun_hdr_id, 1); if (ipsec_sa->copy_df) - out_ip.frag_offset = ip->frag_offset; + out_ip.frag_offset = ip->frag_offset & 0x4000; else - out_ip.frag_offset = (ip->frag_offset & ~0x4000) | - (ipsec_sa->out.tun_df << 14); + out_ip.frag_offset = + ((uint16_t)ipsec_sa->out.tun_df) << 14; out_ip.ttl = ipsec_sa->out.tun_ttl; out_ip.proto = _ODP_IPV4; /* Will be filled later by packet checksum update */ From patchwork Sun Nov 12 23:00:13 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118682 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1157447qgn; Sun, 12 Nov 2017 15:10:37 -0800 (PST) X-Google-Smtp-Source: AGs4zMZq2GNVTxtXVBWIkkku+oD0p/OuQGIoXV9Hz/CrDq+9CM+A7DB/VRnyQ3aY5H0t8MhJ05Ft X-Received: by 10.55.5.139 with SMTP id 133mr10665015qkf.220.1510528237767; Sun, 12 Nov 2017 15:10:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510528237; cv=none; d=google.com; s=arc-20160816; b=sIOe5jDUwSTDZlA/w8w0JdluD997HRn+MZTU+ujcTBD10Zjo/6sRqdz49eaMjPwNr8 ccD1p2l1Mri2iKAqqleuxlhZfgE3Bx9ebBtDeHHw285lpafpQ6Ohqg6DXacz0qS5M2tQ GePU6GjOUelkMOF3w73g6EzKyoOj9XUH3oI0I7dmW86ZhmxpImzPhy9+A2hZrLP/ez+v WApbmzHLpsNrgafn79Gg9WfIil7UPTCSL4b9enpQR2IOpl3r7UI8poJY/dctJ7bJSiBj gzkvPxBJfIHNSUWG+uxNocGEyN6yP829cmbJpAUafMOg4dOdlNylfUFT0VTMHA+GzAdt qArQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=dIBUIPeqXkMyovnPM4PdpArPO8OdlK0ubOKyvc5pSoo=; b=SyFNYSZTLp5JTyoHcclI6ElWC1UrqP+VL+s+5oFe9TP2B+ffY9Ebkb1/sEICEBLiwf 9mogcTh+S3VdhM4sSvs+H49AT2q+8yRFoPJUPJ9X2PKF63kE6Zymr3neQ5Ln2G3smKtp iM/iBF1Ag92eTgh1CZR9X56NRduE55WeGcZZ7lMSm6dK4/GTlW9ASQWae/tEiGjQHxvY qpqfp7DUyLLwJmXSPLA5i4MR33UqFN1G7X7iss+rKaiVntzEBpx4bvJEgjkbiZYFn7Zs vWWaNOwgd6hz/lBA9R/M6bM4eJ8ladj8lq2GqHgVCAdDXTFrR8FEdIA7og2jOKieT4Ya CrPw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id c56si4597746qta.95.2017.11.12.15.10.37; Sun, 12 Nov 2017 15:10:37 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 5DBB760A81; Sun, 12 Nov 2017 23:10:37 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id DF16660C21; Sun, 12 Nov 2017 23:01:41 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 036E760A1C; Sun, 12 Nov 2017 23:01:11 +0000 (UTC) Received: from forward100o.mail.yandex.net (forward100o.mail.yandex.net [37.140.190.180]) by lists.linaro.org (Postfix) with ESMTPS id E9DAE60625 for ; Sun, 12 Nov 2017 23:00:25 +0000 (UTC) Received: from mxback7o.mail.yandex.net (mxback7o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::21]) by forward100o.mail.yandex.net (Yandex) with ESMTP id D2CFA2A2E06E for ; Mon, 13 Nov 2017 02:00:24 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback7o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id nAR2Vdriyh-0ONiSBtq; Mon, 13 Nov 2017 02:00:24 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3gEL078gGO-0OjOI0U2; Mon, 13 Nov 2017 02:00:24 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 02:00:13 +0300 Message-Id: <1510527615-30536-17-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> References: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v13 16/18] linux-gen: ipsec: don't leak SA on creation error X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Some paths during odp_ipsec_sa_create() can lead to SA leakage. Fix them by always releasing SA in error case. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 7261a0ce35cc31342937cb57dcc287aea0c59ede **/ platform/linux-generic/odp_ipsec_sad.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index ac9132527..ca42838cd 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -310,7 +310,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->icv_len = 16; break; default: - return ODP_IPSEC_SA_INVALID; + goto error; } switch (crypto_param.cipher_alg) { @@ -343,7 +343,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) crypto_param.iv.length = 12; break; default: - return ODP_IPSEC_SA_INVALID; + goto error; } if (1 == ipsec_sa->use_counter_iv && From patchwork Sun Nov 12 23:00:14 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118683 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1157829qgn; Sun, 12 Nov 2017 15:11:07 -0800 (PST) X-Google-Smtp-Source: AGs4zMbFHd18OHK84bjZgjXuudlFva9ahJCanoMqnrfEvj/FBCw+IcWUfXZxdDIqN4OhK06T1TTt X-Received: by 10.55.169.210 with SMTP id s201mr3134702qke.124.1510528267891; Sun, 12 Nov 2017 15:11:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510528267; cv=none; d=google.com; s=arc-20160816; b=nsLiBH9oEpXoQ3eBI9epHLyIzJjnkexdpszpuQt0bsfCeZ/nZ+yHzSJ8D1/9ifxOtY tEKV4qGln57hgx1/HzAlfIoYt2EYKFNhddEtB9YpzsoNyhEQV22WqCF19usBQ50LR6kp 0C6risoY9qDmnNS2lt5FdKZJu4179fzJz3QqDNMvLy+aNg82S64N9rF0N+ORqxh+C+Vw oSnBaazXWMU5XLHPYa/gSykWXmLWRRdpKQraUfEZumiAkGcddE6MD1HUsZq0ERPJSo/+ LLqKs1llr0j9Lpm8WN7v1EaQ1W2kXqtko8wrsrwU/EXy72Y97jIw/S8E3UfOi4GfhpVO yv4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=btB/58E+rJ7y0/4lkYtt84Jx9j1grUnw03m+8SijxSo=; b=gocJJd99xMP53eAaQp7PVYdnA7JtUk6OQWQ5bBfsw9ERbx3buomWWvVPWxpFwCAmg9 9mEMtWNkA55xYAXvfaWG7Q8zaMdtPtcGpPeGrpWLqglpqpUBeA8VDXlkwuwlK/sD84Ix K2IM3LtyUhduZbj2EYb6wf6duh1ltvkQpsb4BTbD7PlVJzU9/hRQCs2YuGJlNwtpGEPo r9YVwIUedg2UtzmHu7VzPVSZlPxqUOJpbmrljRkZqPIe36+4eKgUjdTwxliSkvkbHoe2 m4aexxBk7Z8+qj2RjAkdsqdzYqLrakggGGeP6BF/iZX0vuVB2P1xGhpPYr1PHIvz+SAn lSkQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id n24si190918qta.37.2017.11.12.15.11.07; Sun, 12 Nov 2017 15:11:07 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 8248460BFB; Sun, 12 Nov 2017 23:11:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 3920A60C1A; Sun, 12 Nov 2017 23:01:44 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 304E160A03; Sun, 12 Nov 2017 23:01:12 +0000 (UTC) Received: from forward101j.mail.yandex.net (forward101j.mail.yandex.net [5.45.198.241]) by lists.linaro.org (Postfix) with ESMTPS id 61C3660654 for ; Sun, 12 Nov 2017 23:00:26 +0000 (UTC) Received: from mxback2o.mail.yandex.net (mxback2o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::1c]) by forward101j.mail.yandex.net (Yandex) with ESMTP id 5CFA1124ED5E for ; Mon, 13 Nov 2017 02:00:25 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback2o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id JLqmoPW9Yg-0PQ0g9Ot; Mon, 13 Nov 2017 02:00:25 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3gEL078gGO-0OjWDarQ; Mon, 13 Nov 2017 02:00:24 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 02:00:14 +0300 Message-Id: <1510527615-30536-18-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> References: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v13 17/18] linux-gen: ipsec: add AES-CTR cipher support X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Add support for encrypting packets with AES-CTR cipher. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 7261a0ce35cc31342937cb57dcc287aea0c59ede **/ platform/linux-generic/include/odp_ipsec_internal.h | 1 + platform/linux-generic/odp_ipsec.c | 13 +++++++++++++ platform/linux-generic/odp_ipsec_sad.c | 7 +++++++ 3 files changed, 21 insertions(+) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index 81ecec08e..cfedb7c08 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -128,6 +128,7 @@ struct ipsec_sa_s { unsigned dec_ttl : 1; unsigned copy_dscp : 1; unsigned copy_df : 1; + unsigned aes_ctr_iv : 1; /* Only for outbound */ unsigned use_counter_iv : 1; diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 832c62c94..24b14dc83 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -351,6 +351,13 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto err; } + if (ipsec_sa->aes_ctr_iv) { + iv[12] = 0; + iv[13] = 0; + iv[14] = 0; + iv[15] = 1; + } + hdr_len = _ODP_ESPHDR_LEN + ipsec_sa->esp_iv_len; trl_len = _ODP_ESPTRL_LEN + ipsec_sa->icv_len; @@ -743,6 +750,12 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, memcpy(iv + ipsec_sa->salt_length, &ctr, ipsec_sa->esp_iv_len); + if (ipsec_sa->aes_ctr_iv) { + iv[12] = 0; + iv[13] = 0; + iv[14] = 0; + iv[15] = 1; + } } else if (ipsec_sa->esp_iv_len) { uint32_t len; diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index ca42838cd..d5efb095c 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -333,6 +333,13 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->esp_block_len = 16; crypto_param.iv.length = 16; break; + case ODP_CIPHER_ALG_AES_CTR: + ipsec_sa->use_counter_iv = 1; + ipsec_sa->aes_ctr_iv = 1; + ipsec_sa->esp_iv_len = 8; + ipsec_sa->esp_block_len = 16; + crypto_param.iv.length = 16; + break; #if ODP_DEPRECATED_API case ODP_CIPHER_ALG_AES128_GCM: #endif From patchwork Sun Nov 12 23:00:15 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118685 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp1158745qgn; Sun, 12 Nov 2017 15:12:13 -0800 (PST) X-Google-Smtp-Source: AGs4zMZsn68QK81vhgBiOAoaVj8fD8VsTwIY6z3fdoF3q8xnUloirYBgTqUcEHKZ91Mepo3L6d9P X-Received: by 10.55.104.69 with SMTP id d66mr11160191qkc.142.1510528333502; Sun, 12 Nov 2017 15:12:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510528333; cv=none; d=google.com; s=arc-20160816; b=cILNCvcWFtZwxJjXx0kiprwZjiOYNj6wmR+PspBP0ufky8bEMCGwW3eHbRRfJWcj9t 2rXoHNHWf248Z77hMeXYmw8t4j4Cj+EgKczhcNBdO773zgjIzknNhg38n6DyCzjFNWWD /kJ1rWi+B45X0CsyBUw5A4tTD6uvO19AdvMBfhzzDeCnWIgcQWPoiu2FWsRhRMEIVdio SSv2fKHcfBDYXZ3K0sIr1FeUTJiRlBasIoctdKuKXaZ+TLZph/WTiBN0Qr60HyBn+iJ9 zlV46DS02rJ6xue5wvj05xGp3fJb3heqMBozTQ5AFnOzpie/teu1bOlm8mGG2Q21fRTa LpPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=xQBtlVZIHjFd98u/cgONwjMQoLSbTxkfde+jvsHqlcA=; b=UVVQm87VrSCEuhOQCPTbJmcMVuH9l/K+vYfPE53yUeGWqhMmjsJonfUeVcVywJP9Ab I7gW83xKJaZ8P6jQWQbZhrRSGob5eXqur0scDiyfKNP/Vl/z2kffYnYqvjRBXS/ByLsb 9R5AKAtC0R8YtcbM/lVUjUGAjGQ+Y+aquOs1Dn8WRjL9sEcypABSX+MqB9JGRvCv32En Ok+jU4P8najBmCuts31cXILms80a6XpbKG7sn+eYikNo9uBZnGFU+80ueexVTak7oOj4 9r/HUK87YjA7zJOrZconSxhaNOfcpoHyAfYV3+r1OwCdTr99p66rXVme9wevuQ/0ZUWL wOqQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id r74si1241102qka.105.2017.11.12.15.12.13; Sun, 12 Nov 2017 15:12:13 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 2A33360C11; Sun, 12 Nov 2017 23:12:13 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id CE44A60C10; Sun, 12 Nov 2017 23:01:55 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 504A56068D; Sun, 12 Nov 2017 23:01:14 +0000 (UTC) Received: from forward101p.mail.yandex.net (forward101p.mail.yandex.net [77.88.28.101]) by lists.linaro.org (Postfix) with ESMTPS id 0CB846065A for ; Sun, 12 Nov 2017 23:00:27 +0000 (UTC) Received: from mxback2g.mail.yandex.net (mxback2g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:163]) by forward101p.mail.yandex.net (Yandex) with ESMTP id C54B26A8E4E7 for ; Mon, 13 Nov 2017 02:00:25 +0300 (MSK) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:7]) by mxback2g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id qQv1YGkZp5-0PIWt31q; Mon, 13 Nov 2017 02:00:25 +0300 Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3gEL078gGO-0PjCLPxO; Mon, 13 Nov 2017 02:00:25 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Mon, 13 Nov 2017 02:00:15 +0300 Message-Id: <1510527615-30536-19-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> References: <1510527615-30536-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v13 18/18] validation: ipsec: add AES-CTR tests X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969 ** Merge commit sha: 7261a0ce35cc31342937cb57dcc287aea0c59ede **/ test/validation/api/ipsec/ipsec.c | 10 +++++++ test/validation/api/ipsec/ipsec.h | 1 + test/validation/api/ipsec/ipsec_test_in.c | 32 ++++++++++++++++++++++ test/validation/api/ipsec/ipsec_test_out.c | 44 ++++++++++++++++++++++++++++++ test/validation/api/ipsec/test_vectors.h | 39 ++++++++++++++++++++++++++ 5 files changed, 126 insertions(+) diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c index 045718594..97d58a7f2 100644 --- a/test/validation/api/ipsec/ipsec.c +++ b/test/validation/api/ipsec/ipsec.c @@ -202,6 +202,10 @@ int ipsec_check(odp_bool_t ah, if (!capa.ciphers.bit.aes_cbc) return ODP_TEST_INACTIVE; break; + case ODP_CIPHER_ALG_AES_CTR: + if (!capa.ciphers.bit.aes_ctr) + return ODP_TEST_INACTIVE; + break; case ODP_CIPHER_ALG_AES_GCM: if (!capa.ciphers.bit.aes_gcm) return ODP_TEST_INACTIVE; @@ -293,6 +297,12 @@ int ipsec_check_esp_aes_cbc_128_sha256(void) ODP_AUTH_ALG_SHA256_HMAC); } +int ipsec_check_esp_aes_ctr_128_null(void) +{ + return ipsec_check_esp(ODP_CIPHER_ALG_AES_CTR, 128, + ODP_AUTH_ALG_NULL); +} + int ipsec_check_esp_aes_gcm_128(void) { return ipsec_check_esp(ODP_CIPHER_ALG_AES_GCM, 128, diff --git a/test/validation/api/ipsec/ipsec.h b/test/validation/api/ipsec/ipsec.h index 472179f91..a008dce68 100644 --- a/test/validation/api/ipsec/ipsec.h +++ b/test/validation/api/ipsec/ipsec.h @@ -86,6 +86,7 @@ int ipsec_check_ah_sha256(void); int ipsec_check_esp_null_sha256(void); int ipsec_check_esp_aes_cbc_128_null(void); int ipsec_check_esp_aes_cbc_128_sha256(void); +int ipsec_check_esp_aes_ctr_128_null(void); int ipsec_check_esp_aes_gcm_128(void); int ipsec_check_esp_aes_gcm_256(void); diff --git a/test/validation/api/ipsec/ipsec_test_in.c b/test/validation/api/ipsec/ipsec_test_in.c index 598a83e3f..8c883262a 100644 --- a/test/validation/api/ipsec/ipsec_test_in.c +++ b/test/validation/api/ipsec/ipsec_test_in.c @@ -191,6 +191,36 @@ static void test_in_esp_aes_cbc_sha256(void) ipsec_sa_destroy(sa); } +static void test_in_esp_aes_ctr_null(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_AES_CTR, &key_a5_128, + ODP_AUTH_ALG_NULL, NULL, + &key_mcgrew_gcm_salt_3); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_aes_ctr_null_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + static void test_in_lookup_ah_sha256(void) { odp_ipsec_sa_param_t param; @@ -987,6 +1017,8 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_esp_aes_cbc_128_null), ODP_TEST_INFO_CONDITIONAL(test_in_esp_aes_cbc_sha256, ipsec_check_esp_aes_cbc_128_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_esp_aes_ctr_null, + ipsec_check_esp_aes_ctr_128_null), ODP_TEST_INFO_CONDITIONAL(test_in_lookup_ah_sha256, ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_lookup_esp_null_sha256, diff --git a/test/validation/api/ipsec/ipsec_test_out.c b/test/validation/api/ipsec/ipsec_test_out.c index 39a3c30ff..b543271bf 100644 --- a/test/validation/api/ipsec/ipsec_test_out.c +++ b/test/validation/api/ipsec/ipsec_test_out.c @@ -277,6 +277,48 @@ static void test_out_esp_aes_cbc_sha256(void) ipsec_sa_destroy(sa); } +static void test_out_esp_aes_ctr_null(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + odp_ipsec_sa_t sa2; + + ipsec_sa_param_fill(¶m, + false, false, 123, NULL, + ODP_CIPHER_ALG_AES_CTR, &key_a5_128, + ODP_AUTH_ALG_NULL, NULL, + &key_mcgrew_gcm_salt_3); + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_AES_CTR, &key_a5_128, + ODP_AUTH_ALG_NULL, NULL, + &key_mcgrew_gcm_salt_3); + + sa2 = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa2); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_out_in_one(&test, sa, sa2); + + ipsec_sa_destroy(sa2); + ipsec_sa_destroy(sa); +} + static void test_out_esp_aes_gcm128(void) { odp_ipsec_sa_param_t param; @@ -342,6 +384,8 @@ odp_testinfo_t ipsec_out_suite[] = { ipsec_check_esp_aes_cbc_128_null), ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_cbc_sha256, ipsec_check_esp_aes_cbc_128_sha256), + ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_ctr_null, + ipsec_check_esp_aes_ctr_128_null), ODP_TEST_INFO_CONDITIONAL(test_out_esp_aes_gcm128, ipsec_check_esp_aes_gcm_128), ODP_TEST_INFO_NULL, diff --git a/test/validation/api/ipsec/test_vectors.h b/test/validation/api/ipsec/test_vectors.h index 593a8f450..fbf7d366c 100644 --- a/test/validation/api/ipsec/test_vectors.h +++ b/test/validation/api/ipsec/test_vectors.h @@ -583,6 +583,45 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_sha256_1 = { }, }; +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_ctr_null_1 = { + .len = 162, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x94, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x32, 0xab, 0xe2, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x01, + + /* IV */ + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + + /* data */ + 0x39, 0xab, 0xe5, 0xae, 0x74, 0x57, 0x76, 0x7f, + 0x1d, 0x1f, 0xce, 0xe8, 0xca, 0xf1, 0x87, 0xf5, + 0xfd, 0x9e, 0x1d, 0x20, 0x38, 0x30, 0x8a, 0xe5, + 0xb9, 0x55, 0x80, 0x7b, 0xfd, 0x9d, 0xb9, 0x99, + 0x85, 0xcd, 0xb5, 0x30, 0x86, 0xaa, 0xe1, 0x7a, + 0x69, 0xe5, 0xfa, 0x38, 0xf3, 0x0f, 0x91, 0x18, + 0x75, 0x7b, 0x5f, 0x4e, 0x69, 0x17, 0xaa, 0xe7, + 0x84, 0x6c, 0x40, 0x31, 0xec, 0x87, 0x4c, 0x8c, + 0xb3, 0xb4, 0x9f, 0x7e, 0xea, 0x83, 0x6f, 0xc6, + 0x11, 0xd5, 0xce, 0xbe, 0x65, 0x37, 0x1c, 0xb6, + 0xd3, 0xcb, 0x51, 0xa8, 0xa4, 0x0e, 0x3e, 0xe6, + 0x26, 0xd8, 0x17, 0xec, 0x8b, 0xca, 0x79, 0x96, + 0xa0, 0xcd, 0x6f, 0xdd, 0x9e, 0xe9, 0x6a, 0xc0, + 0xf2, 0x6c, 0xdb, 0xfd, 0x99, 0xa2, 0xb5, 0xbf, + }, +}; + static const ODP_UNUSED ipsec_test_packet pkt_rfc3602_5 = { .len = 98, .l2_offset = 0,