From patchwork Wed Nov 8 18:00:22 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118311 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp5610276qgn; Wed, 8 Nov 2017 10:13:30 -0800 (PST) X-Google-Smtp-Source: ABhQp+SQB+8ewZyGUacggyvYrZLDnqJGElPzUQj1GuHHD5bCExDWUSFVqtgSgjeF6LPHU07+XGHU X-Received: by 10.37.217.131 with SMTP id q125mr916362ybg.137.1510164810399; Wed, 08 Nov 2017 10:13:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510164810; cv=none; d=google.com; s=arc-20160816; b=xOY80lDtaF9Rx0ay1OmMc1xCSIZC9WjvaeQvN8334F0xmX4MAmAr7kbqKXAh/xZcN3 4XG/33iOo+hMI+s2BiBG85puqX1hWx/qmBlDdZvWRkZthjQ+ikXGE6XcIEbe6yIk+kzo kJ2V/eBSLAjc8DxE18v9v0xsZ6Se8b0AIAdJ18Rc7xZm+fgy1D6DuY/CfU+DdT253G0g jt2qzwNU0JGv95mDifYeMQ13400V2c0KybIxwdoAemDgeF8Q3Q9+jkBPUu1pd5/Xn9GO pG2NdlzHHYXz6gWAtKyc5/cnsP2RfhHGUvaoMMo/HrLw0zp3pGakxT8DA2QMKDACENuX zCtQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=JH6IP22N8LVCHv6MU7VjTS/Qp4KjjB1TvxZWquyV0wU=; b=B5vezUXuhzCLeYxQduRDr2sTvBbAfNZfne0bPczpXnKJt5vhJbMZNXe9SXceqRs5is D+LF/0ys2CDpUWcCsRl7JDzKGYDRl6dIQRMOhyHWlRD/KIy7NKQRrC8Ny5ZxzhN5CgJl DJ5dDer0pB79ZqsWU4IamFNxq/DXD8AX3QB0Szk2r5MUr3B6dgX//KHcK1gW0tK0sNVG YIOwen2BCREQlnxpEfv4vd6LVzQrFZWbs++Uy+/FERGWSTc+eFkbUFfz+truleeacb6x roBi9ks2de9AHm9gr1Vmf94hG4GMmO5GIrJ21rwtU5eXsRvttTRXhiYM084/SvNxmHap 2/hg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id 72si1015892qtf.483.2017.11.08.10.13.30; Wed, 08 Nov 2017 10:13:30 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id F11BC6090B; Wed, 8 Nov 2017 18:13:29 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 3BFD261020; Wed, 8 Nov 2017 18:02:32 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id BFF3761016; Wed, 8 Nov 2017 18:02:22 +0000 (UTC) Received: from forward105p.mail.yandex.net (forward105p.mail.yandex.net [77.88.28.108]) by lists.linaro.org (Postfix) with ESMTPS id 51FC260B59 for ; Wed, 8 Nov 2017 18:00:39 +0000 (UTC) Received: from mxback14g.mail.yandex.net (mxback14g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:93]) by forward105p.mail.yandex.net (Yandex) with ESMTP id 49C514083350 for ; Wed, 8 Nov 2017 21:00:38 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback14g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 0snuOHis9t-0cBGiHcN; Wed, 08 Nov 2017 21:00:38 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id TTdbkiNdyn-0b1OJAsp; Wed, 08 Nov 2017 21:00:37 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Wed, 8 Nov 2017 21:00:22 +0300 Message-Id: <1510164037-14458-2-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510164037-14458-1-git-send-email-odpbot@yandex.ru> References: <1510164037-14458-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v7 1/16] linux-gen: ipsec: use counter instead of random IV for GCM X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Reusing IV block with GCM results in disastrous consequences. Use counter instead of random-generated IV to remove possibility for IV reuse. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: d22c949cc466bf28de559855a1cb525740578137 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed **/ platform/linux-generic/include/odp_ipsec_internal.h | 16 +++++++++++++--- platform/linux-generic/odp_ipsec.c | 19 ++++++++++++++++++- platform/linux-generic/odp_ipsec_sad.c | 6 ++++++ 3 files changed, 37 insertions(+), 4 deletions(-) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index 1340ca7bd..afc2f686e 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -118,9 +118,17 @@ struct ipsec_sa_s { uint8_t salt[IPSEC_MAX_SALT_LEN]; uint32_t salt_length; - unsigned dec_ttl : 1; - unsigned copy_dscp : 1; - unsigned copy_df : 1; + union { + unsigned flags; + struct { + unsigned dec_ttl : 1; + unsigned copy_dscp : 1; + unsigned copy_df : 1; + + /* Only for outbound */ + unsigned use_counter_iv : 1; + }; + }; union { struct { @@ -136,6 +144,8 @@ struct ipsec_sa_s { odp_atomic_u32_t tun_hdr_id; odp_atomic_u32_t seq; + odp_atomic_u64_t counter; /* for CTR/GCM */ + uint8_t tun_ttl; uint8_t tun_dscp; uint8_t tun_df; diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index e57736c2a..1aa437b8e 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -676,7 +676,24 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, ip_data_len + ipsec_sa->icv_len; - if (ipsec_sa->esp_iv_len) { + if (ipsec_sa->use_counter_iv) { + uint64_t ctr; + + /* Both GCM and CTR use 8-bit counters */ + ODP_ASSERT(sizeof(ctr) == ipsec_sa->esp_iv_len); + + ctr = odp_atomic_fetch_add_u64(&ipsec_sa->out.counter, + 1); + /* Check for overrun */ + if (ctr == 0) + goto out; + + memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); + memcpy(iv + ipsec_sa->salt_length, &ctr, + ipsec_sa->esp_iv_len); + + param.override_iv_ptr = iv; + } else if (ipsec_sa->esp_iv_len) { uint32_t len; len = odp_random_data(iv + ipsec_sa->salt_length, diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index f0b5b9e4a..5d20bb66c 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -207,6 +207,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->context = param->context; ipsec_sa->queue = param->dest_queue; ipsec_sa->mode = param->mode; + ipsec_sa->flags = 0; if (ODP_IPSEC_DIR_INBOUND == param->dir) { ipsec_sa->in.lookup_mode = param->inbound.lookup_mode; if (ODP_IPSEC_LOOKUP_DSTADDR_SPI == ipsec_sa->in.lookup_mode) @@ -315,6 +316,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) case ODP_CIPHER_ALG_AES128_GCM: #endif case ODP_CIPHER_ALG_AES_GCM: + ipsec_sa->use_counter_iv = 1; ipsec_sa->esp_iv_len = 8; ipsec_sa->esp_block_len = 16; crypto_param.iv.length = 12; @@ -323,6 +325,10 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) return ODP_IPSEC_SA_INVALID; } + if (1 == ipsec_sa->use_counter_iv && + ODP_IPSEC_DIR_OUTBOUND == param->dir) + odp_atomic_init_u64(&ipsec_sa->out.counter, 1); + crypto_param.auth_digest_len = ipsec_sa->icv_len; if (param->crypto.cipher_key_extra.length) { From patchwork Wed Nov 8 18:00:23 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118312 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp5610725qgn; Wed, 8 Nov 2017 10:13:55 -0800 (PST) X-Google-Smtp-Source: AGs4zMalFgDGTTCndZzkUP/r5Rn9XQ4HlK/4SjHTr5F45Rm9tYfGISNH+hHFcBLfWXI3xxdPvcKP X-Received: by 10.55.131.71 with SMTP id f68mr2227896qkd.55.1510164835625; Wed, 08 Nov 2017 10:13:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510164835; cv=none; d=google.com; s=arc-20160816; b=svoVsPsJBb+/fUeEusDITeln3GThgLz58kXTUvps0it+d1kBleXBU551rh/jv4vI09 o/CNTdDZASdtxGKYurZMFgcs6u6M6AVxRoxHjRzLC8Iww+tUXxtV0wk/8rQnUSpyHtPC eVFi8PXck88UWcPeibmkx2kIGmV2oXonBZZqNtBzjOwOfKTjxqA4Mq9/6GxPP6wipUFu 5snU5OMyz4sDBLOxa0bPKlVcbmWy2mu1bPAlx1d6fE8qFDvwBUnVfAYyf0JPDJvD+Ro2 RsmSS8hXzGm3e1CxcshTGLtV2P7gpMTi5TXIp2uqV/n0GcW6wIGSK3EGVir0ZilaM4mO 42lQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=7fj/6l4TtzZzgw+XL9OytCDXsa3HpP2jSkyljbX47Dc=; b=pqPFIQxRmbFh9jqpxhLS8iPkt9R0ygj/8YD3MIpNWeqqbFKLzySUTcDV2Vw0iXsleG ctawIVgyalS31rIXGqVaH8zt8z2ZC/7JU49Pz4P88/7ac9eUZQH89Q6kwlHL28NkeUqd IzocqKQWDhdB05cFc31Ta9dunjXCfc2AtNdaaoQEy967gkCx35ZLlRtUHdrquNCe/Jbw tFLS6NkKuI+v4OpKU7qAxbNDgYiFwS91YBl+fcFicD7AMKBW2qb7erRC1/RDV3M+VKVj z4Kln87mMHBKpbLb8oXMyVIl/hfITB3lk6MEW/6ydiqYoCKHK/1NqOf8DrBphfs24WVq yymw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id v68si3559722qki.188.2017.11.08.10.13.55; Wed, 08 Nov 2017 10:13:55 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 3E59D60C5C; Wed, 8 Nov 2017 18:13:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 8B8CD61016; Wed, 8 Nov 2017 18:02:35 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id F025060B59; Wed, 8 Nov 2017 18:02:22 +0000 (UTC) Received: from forward103o.mail.yandex.net (forward103o.mail.yandex.net [37.140.190.177]) by lists.linaro.org (Postfix) with ESMTPS id BCC0460C18 for ; Wed, 8 Nov 2017 18:00:39 +0000 (UTC) Received: from mxback4j.mail.yandex.net (mxback4j.mail.yandex.net [IPv6:2a02:6b8:0:1619::10d]) by forward103o.mail.yandex.net (Yandex) with ESMTP id A47CD5882A6A for ; Wed, 8 Nov 2017 21:00:38 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback4j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 2lCF9URih8-0cJ4b8N7; Wed, 08 Nov 2017 21:00:38 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id TTdbkiNdyn-0c1ueok2; Wed, 08 Nov 2017 21:00:38 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Wed, 8 Nov 2017 21:00:23 +0300 Message-Id: <1510164037-14458-3-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510164037-14458-1-git-send-email-odpbot@yandex.ru> References: <1510164037-14458-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v7 2/16] validation: ipsec: drop unused file X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: d22c949cc466bf28de559855a1cb525740578137 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed **/ test/validation/api/ipsec/ipsec_sync_in.c | 27 --------------------------- 1 file changed, 27 deletions(-) delete mode 100644 test/validation/api/ipsec/ipsec_sync_in.c diff --git a/test/validation/api/ipsec/ipsec_sync_in.c b/test/validation/api/ipsec/ipsec_sync_in.c deleted file mode 100644 index 8a7fc4680..000000000 --- a/test/validation/api/ipsec/ipsec_sync_in.c +++ /dev/null @@ -1,27 +0,0 @@ -/* Copyright (c) 2017, Linaro Limited - * All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - -#include "config.h" - -#include "ipsec.h" - -int main(int argc, char *argv[]) -{ - int ret; - - /* parse common options: */ - if (odp_cunit_parse_options(argc, argv)) - return -1; - - odp_cunit_register_global_init(ipsec_init); - odp_cunit_register_global_term(ipsec_term); - - ret = odp_cunit_register(ipsec_suites); - if (ret == 0) - ret = odp_cunit_run(); - - return ret; -} From patchwork Wed Nov 8 18:00:24 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118313 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp5611393qgn; Wed, 8 Nov 2017 10:14:30 -0800 (PST) X-Google-Smtp-Source: AGs4zMYRecO5rC3W0SFAvPAz7tQ85JjUCA8rE28eIlTxQ5dbyp3DsRWE8XF6CdGAuYFE4RIr8OvK X-Received: by 10.200.24.50 with SMTP id q47mr2315495qtj.290.1510164870605; Wed, 08 Nov 2017 10:14:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510164870; cv=none; d=google.com; s=arc-20160816; b=S6SelfD8wBxFkyqCOqxj0WvSfCWHdpz84TBnbD6E3nF5HP2Ki2SwiL0z6k7xRhffpr IRxqgouLhqIoG5La9bO21oJMUEwGTW/gxvPIVt4VwMgj/AFeqlIfy6saIl9xKaiKvdn8 WGzVqMb7QenILlDVIma/kOrpHAooWAZYy9NH8BHadHcLt/9KfEiAWTPH6/RATjoSS9zz /jKp3z4DCnMUVeISmC0OF5pMUEkNikugz94/dB0RGq4NAkmIJZ3fFhygKweppHZRrNQ8 JnYfDN8ivJbyumN16r19TknceJlG9kbXOX5/+fkHiQ3PHurpJvr6JSEQrbPxN9hW7otk iqoQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=yQqssx+hLBC5QdVdb3areKHr57sFu96L8Mn7zjs6w/E=; b=OsMihTHjpBH2igg4z5g5EHmReM/MB1bPmak2EuBmheceEOd7U1uZDoKY69OCsZsF3L 98XmK3KG9TSnTZkvYAkXTvQVVxOAspv4JQac2RSezxWBqNF56vEA4wX5+KrfTzTMQZG2 Hy8aeZzys5rOT5I2uTgi3rZab49JU6MiFSrjOEfrPGk7kpZtubrgaw3QXFVW8kF1RmLo lzp30FWzzlLp4HlzWxwDrBtIvZ/dEkDYqPzUcrUxJG/HewSfxh4L91qGf4oY43igIRLG vtGNYnKBqMmZsx4nsYHsDVg3TGgBm67DQJFbbnsN73bdBHh31wxZsuqv2D84nX9zNhzF i18Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id g186si4304898qkd.162.2017.11.08.10.14.30; Wed, 08 Nov 2017 10:14:30 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 4498E60C5C; Wed, 8 Nov 2017 18:14:30 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id BCF6061027; Wed, 8 Nov 2017 18:02:38 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 6BA166101F; Wed, 8 Nov 2017 18:02:29 +0000 (UTC) Received: from forward104p.mail.yandex.net (forward104p.mail.yandex.net [77.88.28.107]) by lists.linaro.org (Postfix) with ESMTPS id 56F5460C26 for ; Wed, 8 Nov 2017 18:00:40 +0000 (UTC) Received: from mxback2o.mail.yandex.net (mxback2o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::1c]) by forward104p.mail.yandex.net (Yandex) with ESMTP id 5119418113A for ; Wed, 8 Nov 2017 21:00:39 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback2o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 9KHTfgxmCc-0dDuR6UO; Wed, 08 Nov 2017 21:00:39 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id TTdbkiNdyn-0c1uAOTp; Wed, 08 Nov 2017 21:00:38 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Wed, 8 Nov 2017 21:00:24 +0300 Message-Id: <1510164037-14458-4-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510164037-14458-1-git-send-email-odpbot@yandex.ru> References: <1510164037-14458-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v7 3/16] validation: ipsec: verify odp_ipsec_sa_context X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: d22c949cc466bf28de559855a1cb525740578137 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed **/ test/validation/api/ipsec/ipsec.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c index a8fdf2b14..853bd88a9 100644 --- a/test/validation/api/ipsec/ipsec.c +++ b/test/validation/api/ipsec/ipsec.c @@ -19,6 +19,9 @@ struct suite_context_s suite_context; #define PKT_POOL_NUM 64 #define PKT_POOL_LEN (1 * 1024) +#define PACKET_USER_PTR ((void *)0x1212fefe) +#define IPSEC_SA_CTX ((void *)0xfefefafa) + static odp_pktio_t pktio_create(odp_pool_t pool) { odp_pktio_t pktio; @@ -300,6 +303,8 @@ void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param, param->dest_queue = suite_context.queue; + param->context = IPSEC_SA_CTX; + param->crypto.cipher_alg = cipher_alg; if (cipher_key) param->crypto.cipher_key = *cipher_key; @@ -317,6 +322,8 @@ void ipsec_sa_destroy(odp_ipsec_sa_t sa) odp_event_t event; odp_ipsec_status_t status; + CU_ASSERT_EQUAL(IPSEC_SA_CTX, odp_ipsec_sa_context(sa)); + CU_ASSERT_EQUAL(ODP_IPSEC_OK, odp_ipsec_sa_disable(sa)); if (ODP_QUEUE_INVALID != suite_context.queue) { @@ -339,8 +346,6 @@ void ipsec_sa_destroy(odp_ipsec_sa_t sa) CU_ASSERT_EQUAL(ODP_IPSEC_OK, odp_ipsec_sa_destroy(sa)); } -#define PACKET_USER_PTR ((void *)0x1212fefe) - odp_packet_t ipsec_packet(const ipsec_test_packet *itp) { odp_packet_t pkt = odp_packet_alloc(suite_context.pool, itp->len); @@ -608,7 +613,13 @@ void ipsec_check_in_one(const ipsec_test_part *part, odp_ipsec_sa_t sa) CU_ASSERT_EQUAL(0, odp_ipsec_result(&result, pkto[i])); CU_ASSERT_EQUAL(part->out[i].status.error.all, result.status.error.all); + CU_ASSERT_EQUAL(suite_context.inbound_op_mode == + ODP_IPSEC_OP_MODE_INLINE, + result.flag.inline_mode); CU_ASSERT_EQUAL(sa, result.sa); + if (ODP_IPSEC_SA_INVALID != sa) + CU_ASSERT_EQUAL(IPSEC_SA_CTX, + odp_ipsec_sa_context(sa)); } ipsec_check_packet(part->out[i].pkt_out, pkto[i]); @@ -642,6 +653,8 @@ void ipsec_check_out_one(const ipsec_test_part *part, odp_ipsec_sa_t sa) CU_ASSERT_EQUAL(part->out[i].status.error.all, result.status.error.all); CU_ASSERT_EQUAL(sa, result.sa); + CU_ASSERT_EQUAL(IPSEC_SA_CTX, + odp_ipsec_sa_context(sa)); } ipsec_check_packet(part->out[i].pkt_out, pkto[i]); @@ -679,6 +692,8 @@ void ipsec_check_out_in_one(const ipsec_test_part *part, CU_ASSERT_EQUAL(part->out[i].status.error.all, result.status.error.all); CU_ASSERT_EQUAL(sa, result.sa); + CU_ASSERT_EQUAL(IPSEC_SA_CTX, + odp_ipsec_sa_context(sa)); } CU_ASSERT_FATAL(odp_packet_len(pkto[i]) <= sizeof(pkt_in.data)); From patchwork Wed Nov 8 18:00:25 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118319 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp5616572qgn; Wed, 8 Nov 2017 10:19:28 -0800 (PST) X-Google-Smtp-Source: AGs4zMbI6uxgM4mcUogcuoEJQeJHi7qEKwQdFU++6cXItNmiAd+AxLn7XVaFVjrw1/dvk58tme3w X-Received: by 10.233.230.66 with SMTP id x2mr2036956qkl.341.1510165168617; Wed, 08 Nov 2017 10:19:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510165168; cv=none; d=google.com; s=arc-20160816; b=nn9D4z5CCk7z9JwYgle1H1pk/Y3elfHksSKpPJjSlK2YZUmQWuphVQef/bmYTfPaiz LOy1Sg2bn8dM19kEzP5YtQlRlr49SLGxBcq+Pz008kVioJOMBBV3gmwzCbpnfT6pDHZJ LNQv87txjBDvGWmUWoNaQBTh1YHLG7/MRiSW0Amha39x6epxWl/R+HPA3ffv6lb8/udO SWFYg/lvQAP7xVmIOi60e1B9lf6UhGDbmPcT3vEdaPnFPeohdByy9Mfed9iZDNBilGk7 VdsK8GLDFY0Q98mWSDp2MO+JEj7me6EABwMmQfLOLaYchcAu5OxcjZlosQ4o64AGBHVl phZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=TuwK3EHqn5d9FI8AMhZLcuRMdyQkcThDmA7fNebGPrQ=; b=pSc3ICQ3G0iC9sergFW1oY3w5v+C79IaWYXTLFO7b3iwCIeckbDP37OUnC6t1E4Vgv yTffs3Vs5xfyRSOYRPrMjKe5UtwvdjU7Pa/nPbMW/3lYle4c6puFedhu4hgYXWHB7LiE 04veU/12xwlj6dpa856Mo3GhP0tDfjjMG147C+zMXQiLXkt8g2yYCKs+GI+fOOj5YTtG cxGGn/S8rlhI+kVl+jEzq2ZMgjGgajGTlA72tavFdyPakuqFH9rdcKAsYDaFoBD5WMr+ NqrnhTVJixr0+gdZpCJ7g+6bgTBK6ItUpJYbUu42pNjjY17I49GEh45X6H3QVLlYwUJ4 ke7A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id m49si4487352qta.78.2017.11.08.10.19.28; Wed, 08 Nov 2017 10:19:28 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 45B1360AF8; Wed, 8 Nov 2017 18:19:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 5599061045; Wed, 8 Nov 2017 18:03:21 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 3392A60C39; Wed, 8 Nov 2017 18:03:15 +0000 (UTC) Received: from forward101o.mail.yandex.net (forward101o.mail.yandex.net [37.140.190.181]) by lists.linaro.org (Postfix) with ESMTPS id DF56660C36 for ; Wed, 8 Nov 2017 18:00:43 +0000 (UTC) Received: from mxback8j.mail.yandex.net (mxback8j.mail.yandex.net [IPv6:2a02:6b8:0:1619::111]) by forward101o.mail.yandex.net (Yandex) with ESMTP id CED521343483 for ; Wed, 8 Nov 2017 21:00:39 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback8j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id jA6Du2PMWd-0dbuxQst; Wed, 08 Nov 2017 21:00:39 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id TTdbkiNdyn-0d1mqBrr; Wed, 08 Nov 2017 21:00:39 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Wed, 8 Nov 2017 21:00:25 +0300 Message-Id: <1510164037-14458-5-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510164037-14458-1-git-send-email-odpbot@yandex.ru> References: <1510164037-14458-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v7 4/16] linux-gen: ipsec: fix soft/hard limits check X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Split count expiration check into two phases: - optional precheck, run before crypto, which fails only if hard limit is already breached - update, run after crypto in INBOUND case, so that limits will not be updated for packets failing ICV check. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: d22c949cc466bf28de559855a1cb525740578137 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed **/ .../linux-generic/include/odp_ipsec_internal.h | 10 +++++++++- platform/linux-generic/odp_ipsec.c | 12 +++++------ platform/linux-generic/odp_ipsec_sad.c | 23 +++++++++++++++++++++- 3 files changed, 37 insertions(+), 8 deletions(-) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index afc2f686e..68ab195c7 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -185,11 +185,19 @@ void _odp_ipsec_sa_unuse(ipsec_sa_t *ipsec_sa); ipsec_sa_t *_odp_ipsec_sa_lookup(const ipsec_sa_lookup_t *lookup); /** + * Run pre-check on SA usage statistics. + * + * @retval <0 if hard limits were breached + */ +int _odp_ipsec_sa_stats_precheck(ipsec_sa_t *ipsec_sa, + odp_ipsec_op_status_t *status); + +/** * Update SA usage statistics, filling respective status for the packet. * * @retval <0 if hard limits were breached */ -int _odp_ipsec_sa_update_stats(ipsec_sa_t *ipsec_sa, uint32_t len, +int _odp_ipsec_sa_stats_update(ipsec_sa_t *ipsec_sa, uint32_t len, odp_ipsec_op_status_t *status); /** diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 1aa437b8e..55b60162d 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -412,9 +412,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto out; } - if (_odp_ipsec_sa_update_stats(ipsec_sa, - stats_length, - status) < 0) + if (_odp_ipsec_sa_stats_precheck(ipsec_sa, status) < 0) goto out; param.session = ipsec_sa->session; @@ -449,6 +447,9 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto out; } + if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) + goto out; + ip_offset = odp_packet_l3_offset(pkt); ip = odp_packet_l3_ptr(pkt, NULL); ip_hdr_len = ipv4_hdr_len(ip); @@ -835,9 +836,8 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, goto out; } - if (_odp_ipsec_sa_update_stats(ipsec_sa, - stats_length, - status) < 0) + /* No need to run precheck here, we know that packet is authentic */ + if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) goto out; param.session = ipsec_sa->session; diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 5d20bb66c..fe8dfd0e4 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -476,7 +476,28 @@ ipsec_sa_t *_odp_ipsec_sa_lookup(const ipsec_sa_lookup_t *lookup) return best; } -int _odp_ipsec_sa_update_stats(ipsec_sa_t *ipsec_sa, uint32_t len, +int _odp_ipsec_sa_stats_precheck(ipsec_sa_t *ipsec_sa, + odp_ipsec_op_status_t *status) +{ + uint64_t bytes = odp_atomic_load_u64(&ipsec_sa->bytes); + uint64_t packets = odp_atomic_load_u64(&ipsec_sa->packets); + int rc = 0; + + if (ipsec_sa->hard_limit_bytes > 0 && + bytes > ipsec_sa->hard_limit_bytes) { + status->error.hard_exp_bytes = 1; + rc = -1; + } + if (ipsec_sa->hard_limit_packets > 0 && + packets > ipsec_sa->hard_limit_packets) { + status->error.hard_exp_packets = 1; + rc = -1; + } + + return rc; +} + +int _odp_ipsec_sa_stats_update(ipsec_sa_t *ipsec_sa, uint32_t len, odp_ipsec_op_status_t *status) { uint64_t bytes = odp_atomic_fetch_add_u64(&ipsec_sa->bytes, len) + len; From patchwork Wed Nov 8 18:00:26 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118314 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp5612029qgn; Wed, 8 Nov 2017 10:15:05 -0800 (PST) X-Google-Smtp-Source: AGs4zMaBGUP95i9mkmw/S60rJA7suWgMANYBftlTWj5j/2wEhu5scHzKN085aUGWM642/3p7PDKn X-Received: by 10.233.230.1 with SMTP id z1mr2200559qkf.206.1510164905140; Wed, 08 Nov 2017 10:15:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510164905; cv=none; d=google.com; s=arc-20160816; b=IQCAXwFGrDS1PGoRQt2IYbE7KY4nvUIMkFPtwRJlbUJQj0o/W77zyvxuTdfR/iNxBm EQQj9HWSfqybRYs2W3eozgaq5wKSvX0KqzHuGqKv36NgM5QWurkYdirnfeST/CyvMS3m FgRXya1jp6v/UbEG8hD05nnkGKitXsA6+E9LAjA5KUga+z6gezvAb9b0XvwNBsVx2iM3 8NfvSq/I1sT8YcobNSn8jQUiDQrr6cfXxGO9Ibe6Mx95MumsEG4GwUxgoNjnS/x3VUrl Z5J6UWOrJulZqizj7OHSX1qqajLJ+iLS5WlnRGfDugfqfqeDLdAfwGhRk2kxGn/fxPH2 MsiA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=7VWYZjp3A5VPjrIE/zE3XqGVad/T9HJli26jqy/pqnw=; b=fCNdbb5G5CQMrUKbAMBinCBY1V7Qhw0UnKcElckvnb7dc1pj+E/kPvQicqHec3UNN1 muyjCcDAHX86pUnvbmGkP40453FBFyFZs/8Sf1jlfSmsvAaPQcoX1Cpm9yi8c7AyGyIs R6IEH8RdCWPdaeHV7jxHqbjLnfBccw2Zq1J8Hl0jZCfT2iFMT1pAl5lLpS+HyY9jyohX pusInwwKr3gZcS+CFReQy0I8949vwlxrBOYoWM4TAu+K/7ez9J6lFh+AXlnxz+acsOUh h05jHPY0L7u78xDWj5iLLr2jaeUl0oGPMRcHsGrUe0OcE02wDlYzBMRDpGTgysRtyxE4 DzLw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id p190si4219933qkc.386.2017.11.08.10.15.04; Wed, 08 Nov 2017 10:15:05 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id D098E60C27; Wed, 8 Nov 2017 18:15:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 02C7161022; Wed, 8 Nov 2017 18:02:42 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id BEE4F61023; Wed, 8 Nov 2017 18:02:32 +0000 (UTC) Received: from forward101p.mail.yandex.net (forward101p.mail.yandex.net [77.88.28.101]) by lists.linaro.org (Postfix) with ESMTPS id B4F6E60B5A for ; Wed, 8 Nov 2017 18:00:41 +0000 (UTC) Received: from mxback9g.mail.yandex.net (mxback9g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:170]) by forward101p.mail.yandex.net (Yandex) with ESMTP id 598916A836D2 for ; Wed, 8 Nov 2017 21:00:40 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback9g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id fvICXewBKo-0eg81T6Z; Wed, 08 Nov 2017 21:00:40 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id TTdbkiNdyn-0d1uTHH2; Wed, 08 Nov 2017 21:00:39 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Wed, 8 Nov 2017 21:00:26 +0300 Message-Id: <1510164037-14458-6-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510164037-14458-1-git-send-email-odpbot@yandex.ru> References: <1510164037-14458-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v7 5/16] linux-gen: ipsec: add replay window support to SAD X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: d22c949cc466bf28de559855a1cb525740578137 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed **/ .../linux-generic/include/odp_ipsec_internal.h | 20 ++++++++ platform/linux-generic/odp_ipsec_sad.c | 60 ++++++++++++++++++++++ 2 files changed, 80 insertions(+) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index 68ab195c7..0a7f96256 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -81,6 +81,9 @@ int _odp_ipsec_status_send(odp_queue_t queue, #define IPSEC_MAX_SALT_LEN 4 /**< Maximum salt length in bytes */ +/* 32 is minimum required by the standard. We do not support more */ +#define IPSEC_ANTIREPLAY_WS 32 + /** * Maximum number of available SAs */ @@ -127,6 +130,9 @@ struct ipsec_sa_s { /* Only for outbound */ unsigned use_counter_iv : 1; + + /* Only for inbound */ + unsigned antireplay : 1; }; }; @@ -134,6 +140,7 @@ struct ipsec_sa_s { struct { odp_ipsec_lookup_mode_t lookup_mode; odp_u32be_t lookup_dst_ip; + odp_atomic_u64_t antireplay; } in; struct { @@ -200,6 +207,19 @@ int _odp_ipsec_sa_stats_precheck(ipsec_sa_t *ipsec_sa, int _odp_ipsec_sa_stats_update(ipsec_sa_t *ipsec_sa, uint32_t len, odp_ipsec_op_status_t *status); +/* Run pre-check on sequence number of the packet. + * + * @retval <0 if the packet falls out of window + */ +int _odp_ipsec_sa_replay_precheck(ipsec_sa_t *ipsec_sa, uint32_t seq, + odp_ipsec_op_status_t *status); + +/* Run check on sequence number of the packet and update window if necessary. + * + * @retval <0 if the packet falls out of window + */ +int _odp_ipsec_sa_replay_update(ipsec_sa_t *ipsec_sa, uint32_t seq, + odp_ipsec_op_status_t *status); /** * Try inline IPsec processing of provided packet. * diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index fe8dfd0e4..e010cfaa3 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -215,6 +215,10 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) param->inbound.lookup_param.dst_addr, sizeof(ipsec_sa->in.lookup_dst_ip)); + if (param->inbound.antireplay_ws > IPSEC_ANTIREPLAY_WS) + return ODP_IPSEC_SA_INVALID; + ipsec_sa->antireplay = (param->inbound.antireplay_ws != 0); + odp_atomic_init_u64(&ipsec_sa->in.antireplay, 0); } else { odp_atomic_store_u32(&ipsec_sa->out.seq, 1); } @@ -525,3 +529,59 @@ int _odp_ipsec_sa_stats_update(ipsec_sa_t *ipsec_sa, uint32_t len, return rc; } + +int _odp_ipsec_sa_replay_precheck(ipsec_sa_t *ipsec_sa, uint32_t seq, + odp_ipsec_op_status_t *status) +{ + /* Try to be as quick as possible, we will discard packets later */ + if (ipsec_sa->antireplay && + seq + IPSEC_ANTIREPLAY_WS <= + (odp_atomic_load_u64(&ipsec_sa->in.antireplay) & 0xffffffff)) { + status->error.antireplay = 1; + return -1; + } + + return 0; +} + +int _odp_ipsec_sa_replay_update(ipsec_sa_t *ipsec_sa, uint32_t seq, + odp_ipsec_op_status_t *status) +{ + int cas = 0; + uint64_t state, new_state; + + if (!ipsec_sa->antireplay) + return 0; + + state = odp_atomic_load_u64(&ipsec_sa->in.antireplay); + + while (0 == cas) { + uint32_t max_seq = state & 0xffffffff; + uint32_t mask = state >> 32; + + if (seq + IPSEC_ANTIREPLAY_WS <= max_seq) { + status->error.antireplay = 1; + return -1; + } + + if (seq > max_seq) { + mask <<= seq - max_seq; + mask |= 1; + max_seq = seq; + } else { + if (mask & (1U << (max_seq - seq))) { + status->error.antireplay = 1; + return -1; + } + + mask |= (1U << (max_seq - seq)); + } + + new_state = (((uint64_t)mask) << 32) | max_seq; + + cas = odp_atomic_cas_acq_rel_u64(&ipsec_sa->in.antireplay, + &state, new_state); + } + + return 0; +} From patchwork Wed Nov 8 18:00:27 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118316 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp5613323qgn; Wed, 8 Nov 2017 10:16:14 -0800 (PST) X-Google-Smtp-Source: AGs4zMbSmlXdN43Jsvsh+ycN7sWU6EdHg2uXftoLi/nxv9AbCBORIwQgSd0n3+7MMuNYu7O6k5qJ X-Received: by 10.55.119.5 with SMTP id s5mr2191785qkc.233.1510164974845; Wed, 08 Nov 2017 10:16:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510164974; cv=none; d=google.com; s=arc-20160816; b=MjS8+WOTpyz5hxMtJoAO4p0FCJ9JMU2ehHNs1B7pCy4xNRSfihgwULiWp0TSDncMGD 1ui55zBBpKcnKFax1ILUIFqF0E8SdJpSsOclj+Fw+3nOvZ1KVk1F/bOGkN7o6/czYGTV JMIouAKw09a2s0TxYTM10hWMznV7w3J29qkBdmysSjJ8z3rtJA9IGXzHZRznI89S2Yag UTeP3QhBHCSDCGXKCi27rM4qDYil3KxTM+AG0usxHh7qv9IYOvQIfOz3TtK06tdPeoCM lWSWinGor8d0V0RV4sPrAgTvfyZSeSi1LZJ+4jHCNQPyujso/N83ReMKcj4ULz3u19ni 166Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=iqogSk2zqUqPcRbhgTUOcHric3ginIxpFsGPcaMJkVY=; b=M4IgTeHwqEMpAwc05I1Cn9jUsI9vhUZa4xYZvSpf/22JVSXkkwACYJNdzKA6C+haBG jQb7GIDPm8ftpSqiqYc7qO9E2aTpMbvcFsvKXRm5cncxDQcC68iZLY351PDFjOIug4tU wu8+PR/iCpJtkpL9O1LbWX7CFZew3xoZhmgW8xqjJ9/9u9e7QfvvFigw8HXIvfGb8nWD xNba+cFlvvBGOgchoLujknPxfxpzgfCpUaAk1BJ4LYj5orUGSptbGw16A1BJqxjc8LqG YlBfQMGlzKyxRRwYMU0y/GS3SQIRtUu6r6zgNvsfDTYpwc9kGEXphAg0Y/5sLRPbFbdq mT6w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id p48si4459549qtf.4.2017.11.08.10.16.14; Wed, 08 Nov 2017 10:16:14 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 6F2FC60C18; Wed, 8 Nov 2017 18:16:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 9A3EB61017; Wed, 8 Nov 2017 18:02:49 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id F133F60C27; Wed, 8 Nov 2017 18:02:43 +0000 (UTC) Received: from forward100p.mail.yandex.net (forward100p.mail.yandex.net [77.88.28.100]) by lists.linaro.org (Postfix) with ESMTPS id 6D51D60C27 for ; Wed, 8 Nov 2017 18:00:42 +0000 (UTC) Received: from mxback17j.mail.yandex.net (mxback17j.mail.yandex.net [IPv6:2a02:6b8:0:1619::93]) by forward100p.mail.yandex.net (Yandex) with ESMTP id A52545102629 for ; Wed, 8 Nov 2017 21:00:40 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback17j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id cpqWRpjEog-0ev8LKYh; Wed, 08 Nov 2017 21:00:40 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id TTdbkiNdyn-0e1iAHiF; Wed, 08 Nov 2017 21:00:40 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Wed, 8 Nov 2017 21:00:27 +0300 Message-Id: <1510164037-14458-7-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510164037-14458-1-git-send-email-odpbot@yandex.ru> References: <1510164037-14458-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v7 6/16] linux-gen: ipsec: support replay window checks X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: d22c949cc466bf28de559855a1cb525740578137 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed **/ platform/linux-generic/odp_ipsec.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 55b60162d..5bb8330cb 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -42,6 +42,8 @@ int odp_ipsec_capability(odp_ipsec_capability_t *capa) capa->max_num_sa = ODP_CONFIG_IPSEC_SAS; + capa->max_antireplay_ws = IPSEC_ANTIREPLAY_WS; + rc = odp_crypto_capability(&crypto_capa); if (rc < 0) return rc; @@ -402,6 +404,12 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ip->frag_offset = 0; ip->ttl = 0; + aad.spi = ah.spi; + aad.seq_no = ah.seq_no; + + param.aad.ptr = (uint8_t *)&aad; + param.aad.length = sizeof(aad); + param.auth_range.offset = ip_offset; param.auth_range.length = odp_be_to_cpu_16(ip->tot_len); param.hash_result_offset = ipsec_offset + _ODP_AHHDR_LEN; @@ -412,6 +420,11 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto out; } + if (_odp_ipsec_sa_replay_precheck(ipsec_sa, + odp_be_to_cpu_32(aad.seq_no), + status) < 0) + goto out; + if (_odp_ipsec_sa_stats_precheck(ipsec_sa, status) < 0) goto out; @@ -450,6 +463,11 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) goto out; + if (_odp_ipsec_sa_replay_update(ipsec_sa, + odp_be_to_cpu_32(aad.seq_no), + status) < 0) + goto out; + ip_offset = odp_packet_l3_offset(pkt); ip = odp_packet_l3_ptr(pkt, NULL); ip_hdr_len = ipv4_hdr_len(ip); @@ -814,6 +832,12 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, ah.next_header = ip->proto; ip->proto = _ODP_IPPROTO_AH; + aad.spi = ah.spi; + aad.seq_no = ah.seq_no; + + param.aad.ptr = (uint8_t *)&aad; + param.aad.length = sizeof(aad); + odp_packet_copy_from_mem(pkt, ipsec_offset, _ODP_AHHDR_LEN, &ah); From patchwork Wed Nov 8 18:00:28 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118315 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp5612640qgn; Wed, 8 Nov 2017 10:15:39 -0800 (PST) X-Google-Smtp-Source: AGs4zMb0UOoE05S3jEFuAJZmWGMd7XL2DMMnk2t63DE+vcPwzCL3SyD7qMAEcxRAfIbOwC2Szxt+ X-Received: by 10.55.88.2 with SMTP id m2mr2212411qkb.260.1510164939847; Wed, 08 Nov 2017 10:15:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510164939; cv=none; d=google.com; s=arc-20160816; b=jBTVHmmhm7pjReg3OHInX+7Q3pOQQyX2R/3bMkVqMI999iGVMmZNN5+BK25Uls6lM0 trkY2w5gnznuxhuy/GKqBJvUXDOarzkm0WgztCB+bAprbJb4OHb5X66XU008qlPyNu7p CYKs3VKUjF/IcDjIJpzxULUxfa+TfUSQpsn/p497tkUiC212iSHeWnSi0qDkoA+EwTHM CBfhlTMMdiuMpbY7zLClyj+Fu8Fib2Q3Y+o9RFCqSquu88PGNXonpflJngOBV08mRXND 3cuTCvRlc4GcISnurYCQi4uPXuh3AFSLlYEPGYEqYCQCUte/hYjT77QuFf6ukFvEaEj7 IElA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=gIfnD42TpCinklZfVU4CYA+TvwOEdtRQJxshqKy4Fqc=; b=ils+VjpKUyyll1aGvIE56lGJ4+famSfNeW91KRp1/lKZCec+pvANHwfvMejrW0QTfl VDZaWO4H8aH22c4D+hFZZHynXAfXXuihsVmilA0bqztSsmecUbKFeOKTfRkNNmi4awuQ +NibHe7gW9aZVxYihkTVN3XRK7XRfaqqpeEPeqECHmdZcYOAe2RCXrm86ujrqknH13oa K1LrWfJQw4gepeGsbKN1GocmW8iTBy9WdmRpD/H928NNVHcE3A9WPAxjTDcwaNbJ9XGY xKG0j44a6W9YnXovi78G6mYz2FpT0eCEs+oYDeIGzeLcpLbyuovFKz2vfN73oIBA1S8U UhKg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id o26si4368690qtb.303.2017.11.08.10.15.38; Wed, 08 Nov 2017 10:15:39 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id DB56460C27; Wed, 8 Nov 2017 18:15:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 579146102C; Wed, 8 Nov 2017 18:02:45 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 38F966102C; Wed, 8 Nov 2017 18:02:40 +0000 (UTC) Received: from forward106j.mail.yandex.net (forward106j.mail.yandex.net [5.45.198.249]) by lists.linaro.org (Postfix) with ESMTPS id 2AFDF60C1D for ; Wed, 8 Nov 2017 18:00:42 +0000 (UTC) Received: from mxback12j.mail.yandex.net (mxback12j.mail.yandex.net [IPv6:2a02:6b8:0:1619::87]) by forward106j.mail.yandex.net (Yandex) with ESMTP id 1FED418013B8 for ; Wed, 8 Nov 2017 21:00:41 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback12j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id urZmq6xaWF-0fCquT1C; Wed, 08 Nov 2017 21:00:41 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id TTdbkiNdyn-0e1i2AIm; Wed, 08 Nov 2017 21:00:40 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Wed, 8 Nov 2017 21:00:28 +0300 Message-Id: <1510164037-14458-8-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510164037-14458-1-git-send-email-odpbot@yandex.ru> References: <1510164037-14458-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v7 7/16] validation: ipsec: add replay window checks X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: d22c949cc466bf28de559855a1cb525740578137 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed **/ test/validation/api/ipsec/ipsec_test_in.c | 204 ++++++++++++++++++++++++++++++ test/validation/api/ipsec/test_vectors.h | 87 +++++++++++++ 2 files changed, 291 insertions(+) diff --git a/test/validation/api/ipsec/ipsec_test_in.c b/test/validation/api/ipsec/ipsec_test_in.c index 25fc00e11..598a83e3f 100644 --- a/test/validation/api/ipsec/ipsec_test_in.c +++ b/test/validation/api/ipsec/ipsec_test_in.c @@ -284,6 +284,202 @@ static void test_in_esp_null_sha256_tun(void) ipsec_sa_destroy(sa); } +static void test_in_ah_sha256_noreplay(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.inbound.antireplay_ws = 0; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_ah_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_test_part test_1235 = { + .pkt_in = &pkt_icmp_0_ah_sha256_1235, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test_1235, sa); + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ah_sha256_replay(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.inbound.antireplay_ws = 32; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_ah_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_test_part test_repl = { + .pkt_in = &pkt_icmp_0_ah_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.antireplay = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_test_part test_1235 = { + .pkt_in = &pkt_icmp_0_ah_sha256_1235, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test_repl, sa); + ipsec_check_in_one(&test_1235, sa); + ipsec_check_in_one(&test_repl, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_esp_null_sha256_noreplay(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.inbound.antireplay_ws = 0; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_test_part test_1235 = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1235, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test_1235, sa); + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_esp_null_sha256_replay(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.inbound.antireplay_ws = 32; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_test_part test_repl = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.antireplay = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_test_part test_1235 = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1235, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test_repl, sa); + ipsec_check_in_one(&test_1235, sa); + ipsec_check_in_one(&test_repl, sa); + + ipsec_sa_destroy(sa); +} + static void test_in_ah_esp_pkt(void) { odp_ipsec_sa_param_t param; @@ -797,6 +993,14 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_tun, ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_noreplay, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_replay, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_noreplay, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_replay, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ah_esp_pkt, ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_esp_ah_pkt, diff --git a/test/validation/api/ipsec/test_vectors.h b/test/validation/api/ipsec/test_vectors.h index 2fb06b2b7..593a8f450 100644 --- a/test/validation/api/ipsec/test_vectors.h +++ b/test/validation/api/ipsec/test_vectors.h @@ -278,6 +278,50 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad2 = { }, }; +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1235 = { + .len = 170, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x33, 0xab, 0xd9, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* AH */ + 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x12, 0x35, + 0x04, 0xef, 0x71, 0x73, 0xa1, 0xd4, 0x71, 0x3f, + 0xd6, 0x78, 0xfe, 0xa2, 0x59, 0xe9, 0x93, 0x70, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, + + /* ICMP echo */ + 0x12, 0x34, 0x00, 0x00, + + /* data */ + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b + }, +}; + static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1 = { .len = 170, .l2_offset = 0, @@ -412,6 +456,49 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1_bad1 = { }, }; +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1235 = { + .len = 170, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x32, 0xab, 0xda, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x12, 0x35, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x01, 0x02, 0x02, 0x01, + + /* ICV */ + 0x2f, 0xfb, 0xdd, 0x9d, 0xc0, 0xca, 0xb8, 0x0a, + 0xaa, 0xf1, 0x59, 0x31, 0x4e, 0xef, 0x62, 0x50, + }, +}; + static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_null_1 = { .len = 170, .l2_offset = 0, From patchwork Wed Nov 8 18:00:29 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118317 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp5614172qgn; Wed, 8 Nov 2017 10:17:06 -0800 (PST) X-Google-Smtp-Source: ABhQp+TGgw5a8nv+CeYZubmS5/1Rn+gOaohl6KW3W8pIcQS4L5cWTrcyHSRT890jl0CKhOMMVrHG X-Received: by 10.55.136.67 with SMTP id k64mr2254825qkd.26.1510165026723; Wed, 08 Nov 2017 10:17:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510165026; cv=none; d=google.com; s=arc-20160816; b=QEVFKewHUF6eihIU9TiVt17dC1MBhXyNXBSuwtweo3lu8ig0Y+6GnNfxU3bIJzTKL6 uGpQJTe/33ZivfukMKjjjxyaMKw4S0Py8kJpbw6Futx3Eopk4ZxFTTpvRTBACnaWGQo3 gInh5D2FYyTjJw5xIYdsYPT0F9lBc/9wTtlQcddcrxSIs6fJ/GjkCHYORCJTRy4UIfOX wXNzOQC4xXzw7VH0wPQWz75ai0ViJPqb+KI2VhJ9zxXNRzFC/esuGqIx9tajhl4343ts CrDf/39ShjjZX9KDkGUHuus9b6DaWQkZwdfOkJICROoc54RbSGXc6sOwGa/ynIMwCSnQ bi8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=H125CnZs+ylk7s0tdMG7VfDijzP52Q25axghZVVUoTo=; b=G1wUqvuoxavtW7JNPL1nNfqTd1AEK908fEwDl+xN5XTYtJpcDqg8U34dxiPm4JZpQU h307lMPPM/JS1HSp/ykOopC5b0zkv/9Gr/ld+t7pPREYgOr73snQ4AM9ZGXMKf+FfawH 2NoN+C1n8neXeFYE9YFm4RvzL2B7nGue+GimEg50jn8beqkTb54ZyM75Tn0gnpmAraXH awdnl9ROfht7+eXjWd9J/Ys95kWflQCGxBpcny7YKKHV8jgsiYQJu8AoaIrshBfVskx0 tL73CA7kahOih+YSz9wR6M4ABxxEQ3O2CfPZVG9UsHB5eZriRoYQ7TwgasVb+0V9hJ+W b5JA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id g14si4455863qtg.296.2017.11.08.10.17.06; Wed, 08 Nov 2017 10:17:06 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 5F5FD60AF8; Wed, 8 Nov 2017 18:17:06 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 027FE61034; Wed, 8 Nov 2017 18:02:53 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id D8B2061032; Wed, 8 Nov 2017 18:02:45 +0000 (UTC) Received: from forward103o.mail.yandex.net (forward103o.mail.yandex.net [37.140.190.177]) by lists.linaro.org (Postfix) with ESMTPS id B679660C2F for ; Wed, 8 Nov 2017 18:00:42 +0000 (UTC) Received: from mxback2g.mail.yandex.net (mxback2g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:163]) by forward103o.mail.yandex.net (Yandex) with ESMTP id 9FABD5882A3E for ; Wed, 8 Nov 2017 21:00:41 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback2g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id NIn9KPez6x-0fIiTv2h; Wed, 08 Nov 2017 21:00:41 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id TTdbkiNdyn-0f1iZA4M; Wed, 08 Nov 2017 21:00:41 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Wed, 8 Nov 2017 21:00:29 +0300 Message-Id: <1510164037-14458-9-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510164037-14458-1-git-send-email-odpbot@yandex.ru> References: <1510164037-14458-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v7 8/16] linux-gen: classification: provide _odp_cos_get_entry() function X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Provide function mapping from odp_cos_t to internal cos_t type. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: d22c949cc466bf28de559855a1cb525740578137 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed **/ .../include/odp_classification_datamodel.h | 4 +++ platform/linux-generic/odp_classification.c | 33 +++++++++++----------- 2 files changed, 20 insertions(+), 17 deletions(-) diff --git a/platform/linux-generic/include/odp_classification_datamodel.h b/platform/linux-generic/include/odp_classification_datamodel.h index 29b39f9c3..a40541986 100644 --- a/platform/linux-generic/include/odp_classification_datamodel.h +++ b/platform/linux-generic/include/odp_classification_datamodel.h @@ -123,6 +123,10 @@ typedef union cos_u { uint8_t pad[ROUNDUP_CACHE_LINE(sizeof(struct cos_s))]; } cos_t; +/** + * Get classification entry basing on the id + */ +cos_t *_odp_cos_get_entry(odp_cos_t cos_id); /** Packet Matching Rule diff --git a/platform/linux-generic/odp_classification.c b/platform/linux-generic/odp_classification.c index a5cba56a4..6ece74fca 100644 --- a/platform/linux-generic/odp_classification.c +++ b/platform/linux-generic/odp_classification.c @@ -302,8 +302,7 @@ odp_pmr_t alloc_pmr(pmr_t **pmr) return ODP_PMR_INVAL; } -static -cos_t *get_cos_entry(odp_cos_t cos_id) +cos_t *_odp_cos_get_entry(odp_cos_t cos_id) { if (_odp_typeval(cos_id) >= CLS_COS_MAX_ENTRY || cos_id == ODP_COS_INVALID) @@ -326,7 +325,7 @@ pmr_t *get_pmr_entry(odp_pmr_t pmr_id) int odp_cos_destroy(odp_cos_t cos_id) { - cos_t *cos = get_cos_entry(cos_id); + cos_t *cos = _odp_cos_get_entry(cos_id); if (NULL == cos) { ODP_ERR("Invalid odp_cos_t handle"); @@ -339,7 +338,7 @@ int odp_cos_destroy(odp_cos_t cos_id) int odp_cos_queue_set(odp_cos_t cos_id, odp_queue_t queue_id) { - cos_t *cos = get_cos_entry(cos_id); + cos_t *cos = _odp_cos_get_entry(cos_id); if (cos == NULL) { ODP_ERR("Invalid odp_cos_t handle"); @@ -353,7 +352,7 @@ int odp_cos_queue_set(odp_cos_t cos_id, odp_queue_t queue_id) odp_queue_t odp_cos_queue(odp_cos_t cos_id) { - cos_t *cos = get_cos_entry(cos_id); + cos_t *cos = _odp_cos_get_entry(cos_id); if (!cos) { ODP_ERR("Invalid odp_cos_t handle"); @@ -365,7 +364,7 @@ odp_queue_t odp_cos_queue(odp_cos_t cos_id) uint32_t odp_cls_cos_num_queue(odp_cos_t cos_id) { - cos_t *cos = get_cos_entry(cos_id); + cos_t *cos = _odp_cos_get_entry(cos_id); if (!cos) { ODP_ERR("Invalid odp_cos_t handle"); @@ -383,7 +382,7 @@ uint32_t odp_cls_cos_queues(odp_cos_t cos_id, odp_queue_t queue[], uint32_t tbl_index; uint32_t i; - cos = get_cos_entry(cos_id); + cos = _odp_cos_get_entry(cos_id); if (!cos) { ODP_ERR("Invalid odp_cos_t handle"); return 0; @@ -403,7 +402,7 @@ uint32_t odp_cls_cos_queues(odp_cos_t cos_id, odp_queue_t queue[], int odp_cos_drop_set(odp_cos_t cos_id, odp_cls_drop_t drop_policy) { - cos_t *cos = get_cos_entry(cos_id); + cos_t *cos = _odp_cos_get_entry(cos_id); if (!cos) { ODP_ERR("Invalid odp_cos_t handle"); @@ -417,7 +416,7 @@ int odp_cos_drop_set(odp_cos_t cos_id, odp_cls_drop_t drop_policy) odp_cls_drop_t odp_cos_drop(odp_cos_t cos_id) { - cos_t *cos = get_cos_entry(cos_id); + cos_t *cos = _odp_cos_get_entry(cos_id); if (!cos) { ODP_ERR("Invalid odp_cos_t handle"); @@ -437,7 +436,7 @@ int odp_pktio_default_cos_set(odp_pktio_t pktio_in, odp_cos_t default_cos) ODP_ERR("Invalid odp_pktio_t handle"); return -1; } - cos = get_cos_entry(default_cos); + cos = _odp_cos_get_entry(default_cos); if (cos == NULL) { ODP_ERR("Invalid odp_cos_t handle"); return -1; @@ -458,7 +457,7 @@ int odp_pktio_error_cos_set(odp_pktio_t pktio_in, odp_cos_t error_cos) return -1; } - cos = get_cos_entry(error_cos); + cos = _odp_cos_get_entry(error_cos); if (cos == NULL) { ODP_ERR("Invalid odp_cos_t handle"); return -1; @@ -512,7 +511,7 @@ int odp_cos_with_l2_priority(odp_pktio_t pktio_in, LOCK(&l2_cos->lock); /* Update the L2 QoS table*/ for (i = 0; i < num_qos; i++) { - cos = get_cos_entry(cos_table[i]); + cos = _odp_cos_get_entry(cos_table[i]); if (cos != NULL) { if (CLS_COS_MAX_L2_QOS > qos_table[i]) l2_cos->cos[qos_table[i]] = cos; @@ -544,7 +543,7 @@ int odp_cos_with_l3_qos(odp_pktio_t pktio_in, LOCK(&l3_cos->lock); /* Update the L3 QoS table*/ for (i = 0; i < num_qos; i++) { - cos = get_cos_entry(cos_table[i]); + cos = _odp_cos_get_entry(cos_table[i]); if (cos != NULL) { if (CLS_COS_MAX_L3_QOS > qos_table[i]) l3_cos->cos[qos_table[i]] = cos; @@ -643,8 +642,8 @@ odp_pmr_t odp_cls_pmr_create(const odp_pmr_param_t *terms, int num_terms, odp_pmr_t id; int val_sz; uint32_t loc; - cos_t *cos_src = get_cos_entry(src_cos); - cos_t *cos_dst = get_cos_entry(dst_cos); + cos_t *cos_src = _odp_cos_get_entry(src_cos); + cos_t *cos_dst = _odp_cos_get_entry(dst_cos); if (NULL == cos_src || NULL == cos_dst) { ODP_ERR("Invalid input handle"); @@ -691,7 +690,7 @@ int odp_cls_cos_pool_set(odp_cos_t cos_id, odp_pool_t pool) { cos_t *cos; - cos = get_cos_entry(cos_id); + cos = _odp_cos_get_entry(cos_id); if (cos == NULL) { ODP_ERR("Invalid odp_cos_t handle"); return -1; @@ -706,7 +705,7 @@ odp_pool_t odp_cls_cos_pool(odp_cos_t cos_id) { cos_t *cos; - cos = get_cos_entry(cos_id); + cos = _odp_cos_get_entry(cos_id); if (cos == NULL) { ODP_ERR("Invalid odp_cos_t handle"); return ODP_POOL_INVALID; From patchwork Wed Nov 8 18:00:30 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118318 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp5614768qgn; Wed, 8 Nov 2017 10:17:39 -0800 (PST) X-Google-Smtp-Source: ABhQp+QDLM1sWI8vYwREYYoHAmxM6201AX0IMuU4XYQ4PewvL+iW0r0cvCRpbCklEPKoF/fH8sVV X-Received: by 10.200.44.70 with SMTP id e6mr2345249qta.197.1510165059542; Wed, 08 Nov 2017 10:17:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510165059; cv=none; d=google.com; s=arc-20160816; b=H/CmrbyNHnjTVf/lh/q8Dhcen3PI3EZdRi3l9HKjyadcGzakpmeNOJOybpTTGh7dJD 2PMiOqpBCSmmZUlrndVNFtnf/FYqsKrUXwsZX6NWg+rhpBUgpjgNbKXvfPWwxJu7wh3I RJWZdcUocB/bF6PKx4JD7vCXcLi6OHmD020+AgfDP8lLJpV26Rec+Is0Gl4wmh/WX98K wsB1iypERpD9LTjFcSOwqIW1fR2RPku8VkpccJLT/BHydaPtUDiRNjTvXFLk3d+hnU2C hWbHB8RYwrxETk044EMYq/aWNZGuN/6mO8+sj7EfDdcpa1qy8n+IWUsmuMfaeinzTD9O dM0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=9RH+5D9pmGD0eVMs2K9LTPZ2gAEJy4LvsCbjnfEjc84=; b=r6NUjUUctwfgGbBFybqpQvEZ+PdZ5S/RNA8g+Cz1zEvv5H4/pP5GsX3oyC5up8GVWB 8BjSkLYl2sBNCAO9gOg1Cyz3mg4aTa0VzlQZmI2a39Pdog08TSsufGROJtE5YbmVLl3t h8FfsI506E63CKC7oowBA3eLL+0pjLWhPCck9LDnu1G96bwDB16BJeeJ+ZCa9ZQxl4xZ FSAQJt21nrxrZS7oba0AgjUTEJmlyhQjx6qU4K7g9V/V8x8gOu/0BuVUYQodFCEaXzzX tXxh+7aGkTcP16MKzH5e6g5JgeQh6LphU1n9lpLP4eBKJaf/8fS79NBKvSoiQFuv3uXv 5MVA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id l40si980032qtf.189.2017.11.08.10.17.39; Wed, 08 Nov 2017 10:17:39 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 42BE960B4E; Wed, 8 Nov 2017 18:17:39 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id F1F7561040; Wed, 8 Nov 2017 18:03:17 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 5C0CA6103F; Wed, 8 Nov 2017 18:03:12 +0000 (UTC) Received: from forward100p.mail.yandex.net (forward100p.mail.yandex.net [77.88.28.100]) by lists.linaro.org (Postfix) with ESMTPS id 1E9D760C35 for ; Wed, 8 Nov 2017 18:00:43 +0000 (UTC) Received: from mxback10j.mail.yandex.net (mxback10j.mail.yandex.net [IPv6:2a02:6b8:0:1619::113]) by forward100p.mail.yandex.net (Yandex) with ESMTP id 0EDB851023EA for ; Wed, 8 Nov 2017 21:00:42 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback10j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id FpWlE16Zvo-0g7GvDAx; Wed, 08 Nov 2017 21:00:42 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id TTdbkiNdyn-0f1OPoXA; Wed, 08 Nov 2017 21:00:41 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Wed, 8 Nov 2017 21:00:30 +0300 Message-Id: <1510164037-14458-10-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510164037-14458-1-git-send-email-odpbot@yandex.ru> References: <1510164037-14458-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v7 9/16] linux-gen: classification: split cls_pkt_get_queue() function X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Separate function returning destination queue from cos_t instance. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: d22c949cc466bf28de559855a1cb525740578137 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed **/ .../include/odp_classification_internal.h | 7 +++++ platform/linux-generic/odp_classification.c | 34 ++++++++++++++++------ 2 files changed, 32 insertions(+), 9 deletions(-) diff --git a/platform/linux-generic/include/odp_classification_internal.h b/platform/linux-generic/include/odp_classification_internal.h index 8882a7177..4cadb9bdb 100644 --- a/platform/linux-generic/include/odp_classification_internal.h +++ b/platform/linux-generic/include/odp_classification_internal.h @@ -42,6 +42,13 @@ int cls_classify_packet(pktio_entry_t *entry, const uint8_t *base, odp_packet_hdr_t *pkt_hdr); /** + * @internal + * Select packet destination queue basing on provided cos entry + */ +odp_queue_t cls_pkt_get_queue(odp_packet_hdr_t *pkt_hdr, cos_t *cos, + const uint8_t *base); + +/** Packet IO classifier init This function does initialization of classifier object associated with pktio. diff --git a/platform/linux-generic/odp_classification.c b/platform/linux-generic/odp_classification.c index 6ece74fca..317caefbf 100644 --- a/platform/linux-generic/odp_classification.c +++ b/platform/linux-generic/odp_classification.c @@ -961,8 +961,7 @@ int cls_classify_packet(pktio_entry_t *entry, const uint8_t *base, odp_packet_hdr_t *pkt_hdr) { cos_t *cos; - uint32_t tbl_index; - uint32_t hash; + odp_queue_t queue; packet_parse_reset(pkt_hdr); packet_set_len(pkt_hdr, pkt_len); @@ -979,20 +978,37 @@ int cls_classify_packet(pktio_entry_t *entry, const uint8_t *base, return -EFAULT; *pool = cos->s.pool; + pkt_hdr->p.input_flags.dst_queue = 1; - if (!cos->s.queue_group) { - pkt_hdr->dst_queue = queue_fn->from_ext(cos->s.queue); - return 0; - } + queue = cls_pkt_get_queue(pkt_hdr, cos, base); + pkt_hdr->dst_queue = queue_fn->from_ext(queue); + + return 0; +} + +/** + * Set packet destination queue basing on the cos + * + * @param cos + * @param pkt_hdr Packet header + * @param base Packet data + */ +odp_queue_t cls_pkt_get_queue(odp_packet_hdr_t *pkt_hdr, cos_t *cos, + const uint8_t *base) +{ + uint32_t tbl_index; + uint32_t hash; + + if (!cos->s.queue_group) + return cos->s.queue; hash = packet_rss_hash(pkt_hdr, cos->s.hash_proto, base); /* CLS_COS_QUEUE_MAX is a power of 2 */ hash = hash & (CLS_COS_QUEUE_MAX - 1); tbl_index = (cos->s.index * CLS_COS_QUEUE_MAX) + hash; - pkt_hdr->dst_queue = queue_fn->from_ext(queue_grp_tbl-> - s.queue[tbl_index]); - return 0; + + return queue_grp_tbl->s.queue[tbl_index]; } static uint32_t packet_rss_hash(odp_packet_hdr_t *pkt_hdr, From patchwork Wed Nov 8 18:00:31 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118321 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp5617842qgn; Wed, 8 Nov 2017 10:20:43 -0800 (PST) X-Google-Smtp-Source: AGs4zMbSSzjK4FVWch5OujBMKikNGk/3YoksTXo2quc22tKAGsqKinUKPiweIlDwV2SwOCrB6PH0 X-Received: by 10.55.125.66 with SMTP id y63mr2319271qkc.101.1510165243834; Wed, 08 Nov 2017 10:20:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510165243; cv=none; d=google.com; s=arc-20160816; b=ZH8NPnKidpMo2wAtk4ToD2beHMSvls0BqOlqbDut5eauqAA4Q1sfyE1kmEZ+YLtWNf EYCtmDCpK77nkdc8pnxKQaXCgrXQWBLfiKhz9AnHwhbYIrMMw1TbGk0mymYT2hHWNn1T X98oitcHqa6EUIyTioUQKehau9PtVWLYnzJ6V0FR/WHW+iQiuxLPdocC0uLpKPGsyGgU 44AyFaY5Evq5o6bfWElITw0d6pp/VPMiX3Jt4PtnNsrB0ZIvceETdIaun8TQjYeiO5pA OMrzPkX1iwBm7Fntl8Me5NfSp6yxHYL7OTtTCkkrjPzdCtaDZtAu9AptmLHYSnwfSJnF 1pJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=VaDXwShBhU4sv0/MkLmJeKnVbXyxrdyLcN529s98zz4=; b=IDvX1NXu9MupIncXhm6xckURT3UB5F+Se8PCQHUIdU+CnGLKZRfdGY2elA4AYryehN sruUBGsohpcrUacEGAMZGees/FhxKfAjo2Ws/FGabR5LlSZl2zmMJZSajMtEGmHL5bS6 X71FcyaT2CY1LZs9e64aZ1UyVbaLoN745/OghE6ogYRV9L0k1XsAPtOrfUt7PekXvVRh BgS78iidHDG37IEBPDQsYdhdq8cs+pNYp2qJN1/mn8O+fy+LpkQiIivyHsAWOGEe3sIf IGhF/gViE0mGdPRQgFbQGqu8sM+6Ec/pX1vAl2qA/ZI1+YgR6ZQ7s6aSTFwK1lb5evUq e7Ww== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id w68si273676qkw.264.2017.11.08.10.20.43; Wed, 08 Nov 2017 10:20:43 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 64472608BB; Wed, 8 Nov 2017 18:20:43 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 263A660C71; Wed, 8 Nov 2017 18:03:35 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 55B5661049; Wed, 8 Nov 2017 18:03:28 +0000 (UTC) Received: from forward106p.mail.yandex.net (forward106p.mail.yandex.net [77.88.28.109]) by lists.linaro.org (Postfix) with ESMTPS id 0BEB260C6A for ; Wed, 8 Nov 2017 18:00:44 +0000 (UTC) Received: from mxback12j.mail.yandex.net (mxback12j.mail.yandex.net [IPv6:2a02:6b8:0:1619::87]) by forward106p.mail.yandex.net (Yandex) with ESMTP id 751832D830BD for ; Wed, 8 Nov 2017 21:00:42 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback12j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 8gsxcrcGEq-0gCeYcdk; Wed, 08 Nov 2017 21:00:42 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id TTdbkiNdyn-0g1CNUH6; Wed, 08 Nov 2017 21:00:42 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Wed, 8 Nov 2017 21:00:31 +0300 Message-Id: <1510164037-14458-11-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510164037-14458-1-git-send-email-odpbot@yandex.ru> References: <1510164037-14458-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v7 10/16] linux-gen: ipsec: support pipelining to cos_t X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: d22c949cc466bf28de559855a1cb525740578137 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed **/ .../include/odp_classification_datamodel.h | 2 -- .../linux-generic/include/odp_ipsec_internal.h | 7 ++++ platform/linux-generic/odp_ipsec.c | 37 ++++++++++++++++++++-- platform/linux-generic/odp_ipsec_sad.c | 16 +++++++++- 4 files changed, 57 insertions(+), 5 deletions(-) diff --git a/platform/linux-generic/include/odp_classification_datamodel.h b/platform/linux-generic/include/odp_classification_datamodel.h index a40541986..25c488497 100644 --- a/platform/linux-generic/include/odp_classification_datamodel.h +++ b/platform/linux-generic/include/odp_classification_datamodel.h @@ -22,8 +22,6 @@ extern "C" { #include #include #include -#include -#include #include #include diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index 0a7f96256..81ecec08e 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -23,6 +23,7 @@ extern "C" { #include #include #include +#include /** @ingroup odp_ipsec * @{ @@ -141,6 +142,7 @@ struct ipsec_sa_s { odp_ipsec_lookup_mode_t lookup_mode; odp_u32be_t lookup_dst_ip; odp_atomic_u64_t antireplay; + cos_t *cos; } in; struct { @@ -229,6 +231,11 @@ int _odp_ipsec_sa_replay_update(ipsec_sa_t *ipsec_sa, uint32_t seq, int _odp_ipsec_try_inline(odp_packet_t pkt); /** + * Returns ODP IPsec configuration + */ +const odp_ipsec_config_t *_odp_ipsec_config_get(void); + +/** * @} */ diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 5bb8330cb..74a1c5766 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -13,6 +13,7 @@ #include #include #include +#include #include #include @@ -30,6 +31,7 @@ int odp_ipsec_capability(odp_ipsec_capability_t *capa) int rc; odp_crypto_capability_t crypto_capa; odp_queue_capability_t queue_capa; + odp_cls_capability_t cls_capa; memset(capa, 0, sizeof(odp_ipsec_capability_t)); @@ -39,6 +41,7 @@ int odp_ipsec_capability(odp_ipsec_capability_t *capa) capa->op_mode_inline_out = ODP_SUPPORT_PREFERRED; capa->proto_ah = ODP_SUPPORT_YES; + capa->pipeline_cls = ODP_SUPPORT_YES; capa->max_num_sa = ODP_CONFIG_IPSEC_SAS; @@ -57,6 +60,12 @@ int odp_ipsec_capability(odp_ipsec_capability_t *capa) capa->max_queues = queue_capa.max_queues; + rc = odp_cls_capability(&cls_capa); + if (rc < 0) + return rc; + + capa->max_cls_cos = cls_capa.max_cos; + return 0; } @@ -95,6 +104,11 @@ int odp_ipsec_config(const odp_ipsec_config_t *config) return 0; } +const odp_ipsec_config_t *_odp_ipsec_config_get(void) +{ + return &ipsec_config; +} + static odp_ipsec_packet_result_t *ipsec_pkt_result(odp_packet_t packet) { ODP_ASSERT(ODP_EVENT_PACKET_IPSEC == @@ -1060,7 +1074,16 @@ int odp_ipsec_in_enq(const odp_packet_t pkt_in[], int num_in, result->status = status; if (NULL != ipsec_sa) { result->sa = ipsec_sa->ipsec_sa_hdl; - queue = ipsec_sa->queue; + if (ipsec_sa->in.cos && !status.error.all) { + odp_packet_hdr_t *pkt_hdr = odp_packet_hdr(pkt); + const uint8_t *base = odp_packet_data(pkt); + + queue = cls_pkt_get_queue(pkt_hdr, + ipsec_sa->in.cos, + base); + } else { + queue = ipsec_sa->queue; + } } else { result->sa = ODP_IPSEC_SA_INVALID; queue = ipsec_config.inbound.default_queue; @@ -1143,6 +1166,7 @@ int _odp_ipsec_try_inline(odp_packet_t pkt) ipsec_sa_t *ipsec_sa; odp_ipsec_packet_result_t *result; odp_packet_hdr_t *pkt_hdr; + odp_queue_t queue; memset(&status, 0, sizeof(status)); @@ -1160,10 +1184,19 @@ int _odp_ipsec_try_inline(odp_packet_t pkt) memset(result, 0, sizeof(*result)); result->status = status; result->sa = ipsec_sa->ipsec_sa_hdl; + result->flag.inline_mode = 1; pkt_hdr = odp_packet_hdr(pkt); pkt_hdr->p.input_flags.dst_queue = 1; - pkt_hdr->dst_queue = queue_fn->from_ext(ipsec_sa->queue); + if (ipsec_sa->in.cos && !status.error.all) { + odp_packet_hdr_t *pkt_hdr = odp_packet_hdr(pkt); + const uint8_t *base = odp_packet_data(pkt); + + queue = cls_pkt_get_queue(pkt_hdr, ipsec_sa->in.cos, base); + } else { + queue = ipsec_sa->queue; + } + pkt_hdr->dst_queue = queue_fn->from_ext(queue); /* Last thing */ _odp_ipsec_sa_unuse(ipsec_sa); diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index e010cfaa3..6a17a9172 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -13,6 +13,7 @@ #include #include +#include #include @@ -216,9 +217,22 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) sizeof(ipsec_sa->in.lookup_dst_ip)); if (param->inbound.antireplay_ws > IPSEC_ANTIREPLAY_WS) - return ODP_IPSEC_SA_INVALID; + goto error; ipsec_sa->antireplay = (param->inbound.antireplay_ws != 0); odp_atomic_init_u64(&ipsec_sa->in.antireplay, 0); + + if (ODP_IPSEC_PIPELINE_CLS == param->inbound.pipeline) { + if (ODP_IPSEC_OP_MODE_SYNC == + _odp_ipsec_config_get()->inbound_mode) + goto error; + + ipsec_sa->in.cos = + _odp_cos_get_entry(param->inbound.dest_cos); + if (NULL == ipsec_sa->in.cos) + goto error; + } else { + ipsec_sa->in.cos = NULL; + } } else { odp_atomic_store_u32(&ipsec_sa->out.seq, 1); } From patchwork Wed Nov 8 18:00:32 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118320 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp5617298qgn; Wed, 8 Nov 2017 10:20:07 -0800 (PST) X-Google-Smtp-Source: AGs4zMYgokchIBTfkkvAC/EascXv0AzL5fKO7D/QuvYnLXCQG0eUIj/4Z3vh7UThAUdyhLJTrSDW X-Received: by 10.55.115.133 with SMTP id o127mr2167566qkc.351.1510165206984; Wed, 08 Nov 2017 10:20:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510165206; cv=none; d=google.com; s=arc-20160816; b=CypKeqImGHNIjyyMQZpO3tofME1Tt92I65BeuwAhTjk82xf5Y16KcsQJ6dr49DyKZE 769jex4sUBGvQlVvcKpq7aGUiFz4ABY7nz6IMtfDwnjD9041I4I6+4jvYcpd9aqdsVYw 0aOWsLArPh3wxNjHa8jElryA8R9BxT9qwjQDZvnLUIZBJ75GsKySZqzNeo+MRFqab2CW gYfkb7tluXKR9LEb3IdDfmExGUgO3lfr1tLNGXo8oB0aIAd/dfpJaI0DMNFosb8LLr/I gqQqw31VEGRFElILUrVjdNZGeTK5m1ObuyvA1xn2Pp70LF+Zuvtf9ii3b6U6OyJi//BU VKaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=i8Y2GHezmK2A7JnTIxRBAIpbKtAwh5Xf2jtVrpqXZFU=; b=KCmYbtwh2xuByrw4K97j5Y7pAOIF7XftISs7r/DUQgi63tw0v7kNvlam1gOuSZzoJ0 wl/vNTlRRwWKV2syxUq72Yu88xKROumSVjf98lkSkNl2dgLClpZqJDmQ70D9AEgPSCUq PvJo0xzCGdtMsmEZhpa6QmMM9t8ws5SWCt8qlRPAttB9FxiaJl0KKL0RlkF7LG9/HvF4 LAUnWBuMrwBQMHWcGz4oZt4CaD6ocdANar7Id4yYPF6BDomHnXJfsj/ZJQLvuVfZZzCE sO/CmAWtQRPQIik2z/P1jxyEXTuiRPwkC7OlGS9ja6phsQFA5QPP08qRiFIBiFZt9TeA B4OQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id a22si4364222qta.363.2017.11.08.10.20.06; Wed, 08 Nov 2017 10:20:06 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id A457D60B2A; Wed, 8 Nov 2017 18:20:06 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id E09F761047; Wed, 8 Nov 2017 18:03:32 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id CFF3561049; Wed, 8 Nov 2017 18:03:25 +0000 (UTC) Received: from forward103o.mail.yandex.net (forward103o.mail.yandex.net [37.140.190.177]) by lists.linaro.org (Postfix) with ESMTPS id 57EFF60C71 for ; Wed, 8 Nov 2017 18:00:44 +0000 (UTC) Received: from mxback2j.mail.yandex.net (mxback2j.mail.yandex.net [IPv6:2a02:6b8:0:1619::10b]) by forward103o.mail.yandex.net (Yandex) with ESMTP id 39F305882A30 for ; Wed, 8 Nov 2017 21:00:43 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback2j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id c7YmsvWavT-0heKt8KA; Wed, 08 Nov 2017 21:00:43 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id TTdbkiNdyn-0g18iaFY; Wed, 08 Nov 2017 21:00:42 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Wed, 8 Nov 2017 21:00:32 +0300 Message-Id: <1510164037-14458-12-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510164037-14458-1-git-send-email-odpbot@yandex.ru> References: <1510164037-14458-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v7 11/16] validation: ipsec: add support for PIPELINE_CLS testing X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: d22c949cc466bf28de559855a1cb525740578137 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed **/ test/validation/api/ipsec/ipsec.c | 165 ++++++++++++++++++++++++++-- test/validation/api/ipsec/ipsec.h | 3 + test/validation/api/ipsec/ipsec_async.c | 1 + test/validation/api/ipsec/ipsec_inline_in.c | 1 + 4 files changed, 159 insertions(+), 11 deletions(-) diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c index 853bd88a9..5883f23e2 100644 --- a/test/validation/api/ipsec/ipsec.c +++ b/test/validation/api/ipsec/ipsec.c @@ -117,6 +117,35 @@ static void pktio_stop(odp_pktio_t pktio) } } +static odp_cos_t ipsec_cos_create(void) +{ + odp_cls_cos_param_t param; + odp_cos_t cos; + + odp_cls_cos_param_init(¶m); + param.pool = suite_context.pool; + param.num_queue = 1; + param.queue = odp_queue_create("ipsec-cos-queue", NULL); + + if (ODP_QUEUE_INVALID == param.queue) + return ODP_COS_INVALID; + + cos = odp_cls_cos_create("ipsec-cos", ¶m); + if (ODP_COS_INVALID != cos) + suite_context.cos_queue = odp_cos_queue(cos); + + return cos; +} + +static void ipsec_cos_destroy(void) +{ + odp_queue_t queue = odp_cos_queue(suite_context.cos); + + suite_context.cos_queue = ODP_QUEUE_INVALID; + odp_cos_destroy(suite_context.cos); + odp_queue_destroy(queue); +} + #define MAX_ALG_CAPA 32 int ipsec_check(odp_bool_t ah, @@ -147,6 +176,11 @@ int ipsec_check(odp_bool_t ah, ODP_SUPPORT_NO == capa.op_mode_inline_out)) return ODP_TEST_INACTIVE; + if (ODP_COS_INVALID != suite_context.cos && + (capa.pipeline_cls == ODP_SUPPORT_NO || + capa.max_cls_cos < 1)) + return ODP_TEST_INACTIVE; + if (ah && (ODP_SUPPORT_NO == capa.proto_ah)) return ODP_TEST_INACTIVE; @@ -288,6 +322,11 @@ void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param, if (in) param->inbound.lookup_mode = ODP_IPSEC_LOOKUP_SPI; + if (in && (ODP_COS_INVALID != suite_context.cos)) { + param->inbound.pipeline = ODP_IPSEC_PIPELINE_CLS; + param->inbound.dest_cos = suite_context.cos; + } + param->proto = ah ? ODP_IPSEC_AH : ODP_IPSEC_ESP; @@ -438,23 +477,53 @@ static int ipsec_send_in_one(const ipsec_test_part *part, pkto, &num_out, ¶m)); CU_ASSERT_EQUAL(num_out, part->out_pkt); - } else if (ODP_IPSEC_OP_MODE_ASYNC == suite_context.inbound_op_mode) { + } else if (ODP_IPSEC_OP_MODE_ASYNC == suite_context.inbound_op_mode && + ODP_QUEUE_INVALID == suite_context.cos_queue) { CU_ASSERT_EQUAL(1, odp_ipsec_in_enq(&pkt, 1, ¶m)); - for (i = 0; i < num_out; i++) { - odp_event_t event; + for (i = 0; i < num_out;) { + odp_event_t ev; odp_event_subtype_t subtype; - do { - event = odp_queue_deq(suite_context.queue); - } while (event == ODP_EVENT_INVALID); + ev = odp_queue_deq(suite_context.queue); + if (ODP_EVENT_INVALID != ev) { + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(ev, &subtype)); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, + subtype); + pkto[i++] = odp_ipsec_packet_from_event(ev); + } + } + } else if (ODP_IPSEC_OP_MODE_ASYNC == suite_context.inbound_op_mode && + ODP_QUEUE_INVALID != suite_context.cos_queue) { + CU_ASSERT_EQUAL(1, odp_ipsec_in_enq(&pkt, 1, ¶m)); - CU_ASSERT_EQUAL(ODP_EVENT_PACKET, - odp_event_types(event, &subtype)); - CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, subtype); - pkto[i] = odp_ipsec_packet_from_event(event); + for (i = 0; i < num_out;) { + odp_event_t ev; + odp_event_subtype_t subtype; + + ev = odp_queue_deq(suite_context.queue); + if (ODP_EVENT_INVALID != ev) { + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(ev, &subtype)); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, + subtype); + CU_ASSERT(part->out[i].status.error.all); + pkto[i++] = odp_ipsec_packet_from_event(ev); + } + + ev = odp_queue_deq(suite_context.cos_queue); + if (ODP_EVENT_INVALID != ev) { + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(ev, &subtype)); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, + subtype); + CU_ASSERT(!part->out[i].status.error.all); + pkto[i++] = odp_ipsec_packet_from_event(ev); + } } - } else { + } else if (ODP_IPSEC_OP_MODE_INLINE == suite_context.inbound_op_mode && + ODP_QUEUE_INVALID == suite_context.cos_queue) { odp_queue_t queue; odp_pktout_queue_t pktout; @@ -495,6 +564,63 @@ static int ipsec_send_in_one(const ipsec_test_part *part, continue; } } + } else if (ODP_IPSEC_OP_MODE_INLINE == suite_context.inbound_op_mode && + ODP_QUEUE_INVALID != suite_context.cos_queue) { + odp_queue_t queue; + odp_pktout_queue_t pktout; + + CU_ASSERT_EQUAL_FATAL(1, odp_pktout_queue(suite_context.pktio, + &pktout, 1)); + + CU_ASSERT_EQUAL(1, odp_pktout_send(pktout, &pkt, 1)); + CU_ASSERT_EQUAL_FATAL(1, + odp_pktin_event_queue(suite_context. + pktio, + &queue, 1)); + + for (i = 0; i < num_out;) { + odp_event_t ev; + odp_event_subtype_t subtype; + + ev = odp_queue_deq(suite_context.cos_queue); + if (ODP_EVENT_INVALID != ev) { + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(ev, &subtype)); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, + subtype); + CU_ASSERT(!part->out[i].status.error.all); + + pkto[i++] = odp_ipsec_packet_from_event(ev); + continue; + } + + ev = odp_queue_deq(queue); + if (ODP_EVENT_INVALID != ev) { + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(ev, &subtype)); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_BASIC, + subtype); + CU_ASSERT(part->out[i].status.error.sa_lookup); + + pkto[i++] = odp_ipsec_packet_from_event(ev); + continue; + } + + ev = odp_queue_deq(suite_context.queue); + if (ODP_EVENT_INVALID != ev) { + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(ev, &subtype)); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, + subtype); + CU_ASSERT(!part->out[i].status.error.sa_lookup); + CU_ASSERT(part->out[i].status.error.all); + + pkto[i++] = odp_ipsec_packet_from_event(ev); + continue; + } + } + } else { + CU_FAIL("Unsupported configuration!\n"); } return num_out; @@ -724,14 +850,31 @@ int ipsec_suite_init(void) if (rc == 0) suite_context.pktio = ODP_PKTIO_INVALID; + suite_context.cos = ODP_COS_INVALID; + return rc < 0 ? -1 : 0; } +int ipsec_suite_cos_init(void) +{ + int ret = ipsec_suite_init(); + + if (ret < 0) + return ret; + + suite_context.cos = ipsec_cos_create(); + + return 0; +} + static int ipsec_suite_term(odp_testinfo_t *suite) { int i; int first = 1; + if (suite_context.cos != ODP_COS_INVALID) + ipsec_cos_destroy(); + if (suite_context.pktio != ODP_PKTIO_INVALID) pktio_stop(suite_context.pktio); diff --git a/test/validation/api/ipsec/ipsec.h b/test/validation/api/ipsec/ipsec.h index d1c6854b7..472179f91 100644 --- a/test/validation/api/ipsec/ipsec.h +++ b/test/validation/api/ipsec/ipsec.h @@ -21,6 +21,7 @@ int ipsec_in_inline_init(void); int ipsec_out_inline_init(void); int ipsec_suite_init(void); +int ipsec_suite_cos_init(void); int ipsec_in_term(void); int ipsec_out_term(void); @@ -30,6 +31,8 @@ struct suite_context_s { odp_pool_t pool; odp_queue_t queue; odp_pktio_t pktio; + odp_cos_t cos; + odp_queue_t cos_queue; }; extern struct suite_context_s suite_context; diff --git a/test/validation/api/ipsec/ipsec_async.c b/test/validation/api/ipsec/ipsec_async.c index 796879230..f5d384392 100644 --- a/test/validation/api/ipsec/ipsec_async.c +++ b/test/validation/api/ipsec/ipsec_async.c @@ -32,6 +32,7 @@ static int ipsec_async_init(odp_instance_t *inst) odp_suiteinfo_t ipsec_suites[] = { {"IPsec-in", ipsec_suite_init, ipsec_in_term, ipsec_in_suite}, + {"IPsec-cos-in", ipsec_suite_cos_init, ipsec_in_term, ipsec_in_suite}, {"IPsec-out", ipsec_suite_init, ipsec_out_term, ipsec_out_suite}, ODP_SUITE_INFO_NULL, }; diff --git a/test/validation/api/ipsec/ipsec_inline_in.c b/test/validation/api/ipsec/ipsec_inline_in.c index 2a595353d..c2f6411f0 100644 --- a/test/validation/api/ipsec/ipsec_inline_in.c +++ b/test/validation/api/ipsec/ipsec_inline_in.c @@ -34,6 +34,7 @@ static int ipsec_sync_init(odp_instance_t *inst) odp_suiteinfo_t ipsec_suites[] = { {"IPsec-in", ipsec_suite_init, ipsec_in_term, ipsec_in_suite}, + {"IPsec-cos-in", ipsec_suite_cos_init, ipsec_in_term, ipsec_in_suite}, ODP_SUITE_INFO_NULL, }; From patchwork Wed Nov 8 18:00:33 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118322 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp5618787qgn; Wed, 8 Nov 2017 10:21:39 -0800 (PST) X-Google-Smtp-Source: AGs4zMZNbsbzaNRvk7SusQz5p3BIkbXPazoFUKrEfhwTTMf7aNcviI9uadJxFEC1KtByiV8/dC2P X-Received: by 10.55.163.12 with SMTP id m12mr2234852qke.60.1510165299658; Wed, 08 Nov 2017 10:21:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510165299; cv=none; d=google.com; s=arc-20160816; b=pR7JMrWQh9czPK/uSsbvHi/AyA04JybuNyavBwpiId7wb2Q6JYFJhkyvAzag4XCWKW O2lkHtz1Uk0zCeHZSJOoM9mbhnQWf2+GExptIB/BggEu0TISHewt9QibhFv3BkzCy6c7 O7fSjhXdI6A/YjUmzC95fXD5iobRfrUvFucXSNQDebe7nmgd64rdhLG3QhzwkXl8tN9R lHFthWioj2/DLwLnGqrGhfqt73Gr0urSIxQtcjXTcM5ZAT63vZNCDzkDJUp8jvTdi3jV Mzt4hLrwQhvXLMRHCDDaPHoOmofIkwrQYDSPqmgC6xB2Yv1zLZBtx2fWzNoyfjXfhoQ9 r5tw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=TxfkUfxsyzg6r266fj6QzUqJcr/YotfQkI6q2rzy8Hg=; b=dKrkGhjeVAwutH4P9reLg7384e10tiQEU3DVyYQvKCir/9EATPg0YO+GkiriE5s/O5 Jc1bLy9K19SwwJzFKlOZ+l8ZT9Xdfl+u2q2TDhq8x64X9y2cXM7Lg+r+csSAOrlqnCys vlzGMA8jfcrSkezd9H9G0HfgUueQ2+gnXozv9vddFBcYx+XhWUUkYfsOK1IkMkcDXp/2 JCcosHKy56NWlxkwPwNxELHRAv1M/PJFqg+0Pw0vpSiwqhfVuxiCDMcaNvTISr/ESBBg AF+dLzPRH+0Xv/nCuA1rQAx9atss8JKT8hjtU4mUGV68+8iylRplff1qIVoG5zyhgyeH s4hw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id t64si1622023qkf.437.2017.11.08.10.21.39; Wed, 08 Nov 2017 10:21:39 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 414F160B4E; Wed, 8 Nov 2017 18:21:39 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 828EC6104A; Wed, 8 Nov 2017 18:03:46 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 184D761047; Wed, 8 Nov 2017 18:03:30 +0000 (UTC) Received: from forward101o.mail.yandex.net (forward101o.mail.yandex.net [37.140.190.181]) by lists.linaro.org (Postfix) with ESMTPS id 3140660C2E for ; Wed, 8 Nov 2017 18:00:45 +0000 (UTC) Received: from mxback5o.mail.yandex.net (mxback5o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::1f]) by forward101o.mail.yandex.net (Yandex) with ESMTP id E0EFA134361A for ; Wed, 8 Nov 2017 21:00:43 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback5o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id j0vHhnx1X7-0huWgjLc; Wed, 08 Nov 2017 21:00:43 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id TTdbkiNdyn-0h1uF9Oq; Wed, 08 Nov 2017 21:00:43 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Wed, 8 Nov 2017 21:00:33 +0300 Message-Id: <1510164037-14458-13-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510164037-14458-1-git-send-email-odpbot@yandex.ru> References: <1510164037-14458-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v7 12/16] linux-gen: ipsec: mark IPsec packets with errors with error flag X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Add new ipsec_err error flag, which is set by IPsec code if there was an error during IPsec packet processing. This allow application code to quickly check packets using odp_packet_has_error() function and use fast path if there was none. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: d22c949cc466bf28de559855a1cb525740578137 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed **/ .../linux-generic/include/odp_packet_internal.h | 1 + platform/linux-generic/odp_ipsec.c | 104 ++++++++++++--------- 2 files changed, 60 insertions(+), 45 deletions(-) diff --git a/platform/linux-generic/include/odp_packet_internal.h b/platform/linux-generic/include/odp_packet_internal.h index fed562aa3..9c8b48b0c 100644 --- a/platform/linux-generic/include/odp_packet_internal.h +++ b/platform/linux-generic/include/odp_packet_internal.h @@ -53,6 +53,7 @@ typedef union { uint32_t ip_err:1; /**< IP error, checks TBD */ uint32_t tcp_err:1; /**< TCP error, checks TBD */ uint32_t udp_err:1; /**< UDP error, checks TBD */ + uint32_t ipsec_err:1; /**< IPsec error */ }; } error_flags_t; diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 74a1c5766..8101b00c6 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -286,6 +286,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, uint8_t ip_ttl; /**< Saved IP TTL value */ uint16_t ip_frag_offset; /**< Saved IP flags value */ odp_crypto_packet_result_t crypto; /**< Crypto operation result */ + odp_packet_hdr_t *pkt_hdr; ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != ip_offset); ODP_ASSERT(NULL != ip); @@ -301,7 +302,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (_ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(ip->frag_offset))) { status->error.proto = 1; - goto out; + goto err; } /* Check IP header for IPSec protocols and look it up */ @@ -311,7 +312,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (odp_packet_copy_to_mem(pkt, ipsec_offset, sizeof(esp), &esp) < 0) { status->error.alg = 1; - goto out; + goto err; } if (ODP_IPSEC_SA_INVALID == sa) { @@ -324,7 +325,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ipsec_sa = _odp_ipsec_sa_lookup(&lookup); if (NULL == ipsec_sa) { status->error.sa_lookup = 1; - goto out; + goto err; } } else { ipsec_sa = _odp_ipsec_sa_use(sa); @@ -332,7 +333,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (ipsec_sa->proto != ODP_IPSEC_ESP || ipsec_sa->spi != odp_be_to_cpu_32(esp.spi)) { status->error.proto = 1; - goto out; + goto err; } } @@ -342,7 +343,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ipsec_sa->esp_iv_len, iv + ipsec_sa->salt_length) < 0) { status->error.alg = 1; - goto out; + goto err; } hdr_len = _ODP_ESPHDR_LEN + ipsec_sa->esp_iv_len; @@ -376,7 +377,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (odp_packet_copy_to_mem(pkt, ipsec_offset, sizeof(ah), &ah) < 0) { status->error.alg = 1; - goto out; + goto err; } if (ODP_IPSEC_SA_INVALID == sa) { @@ -389,7 +390,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ipsec_sa = _odp_ipsec_sa_lookup(&lookup); if (NULL == ipsec_sa) { status->error.sa_lookup = 1; - goto out; + goto err; } } else { ipsec_sa = _odp_ipsec_sa_use(sa); @@ -397,7 +398,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (ipsec_sa->proto != ODP_IPSEC_AH || ipsec_sa->spi != odp_be_to_cpu_32(ah.spi)) { status->error.proto = 1; - goto out; + goto err; } } @@ -431,16 +432,16 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, stats_length = param.auth_range.length; } else { status->error.proto = 1; - goto out; + goto err; } if (_odp_ipsec_sa_replay_precheck(ipsec_sa, odp_be_to_cpu_32(aad.seq_no), status) < 0) - goto out; + goto err; if (_odp_ipsec_sa_stats_precheck(ipsec_sa, status) < 0) - goto out; + goto err; param.session = ipsec_sa->session; @@ -448,14 +449,14 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (rc < 0) { ODP_DBG("Crypto failed\n"); status->error.alg = 1; - goto out; + goto err; } rc = odp_crypto_result(&crypto, pkt); if (rc < 0) { ODP_DBG("Crypto failed\n"); status->error.alg = 1; - goto out; + goto err; } if (!crypto.ok) { @@ -471,16 +472,16 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ODP_CRYPTO_HW_ERR_NONE)) status->error.auth = 1; - goto out; + goto err; } if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) - goto out; + goto err; if (_odp_ipsec_sa_replay_update(ipsec_sa, odp_be_to_cpu_32(aad.seq_no), status) < 0) - goto out; + goto err; ip_offset = odp_packet_l3_offset(pkt); ip = odp_packet_l3_ptr(pkt, NULL); @@ -498,18 +499,18 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (odp_packet_copy_to_mem(pkt, esptrl_offset, sizeof(esptrl), &esptrl) < 0) { status->error.proto = 1; - goto out; + goto err; } if (ip_offset + esptrl.pad_len > esptrl_offset) { status->error.proto = 1; - goto out; + goto err; } if (_odp_packet_cmp_data(pkt, esptrl_offset - esptrl.pad_len, ipsec_padding, esptrl.pad_len) != 0) { status->error.proto = 1; - goto out; + goto err; } ip->proto = esptrl.next_header; @@ -523,7 +524,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (odp_packet_copy_to_mem(pkt, ipsec_offset, sizeof(ah), &ah) < 0) { status->error.alg = 1; - goto out; + goto err; } ip->proto = ah.next_header; @@ -534,12 +535,12 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ip->frag_offset = odp_cpu_to_be_16(ip_frag_offset); } else { status->error.proto = 1; - goto out; + goto err; } if (odp_packet_trunc_tail(&pkt, trl_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode) { @@ -550,7 +551,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (odp_packet_trunc_head(&pkt, ip_hdr_len + hdr_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } } else { odp_packet_move_data(pkt, hdr_len, 0, @@ -558,7 +559,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (odp_packet_trunc_head(&pkt, hdr_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } } @@ -573,15 +574,21 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, _odp_ipv4_csum_update(pkt); } - if (!status->error.all) { - odp_packet_hdr_t *pkt_hdr = odp_packet_hdr(pkt); + pkt_hdr = odp_packet_hdr(pkt); - packet_parse_reset(pkt_hdr); + packet_parse_reset(pkt_hdr); + + packet_parse_l3_l4(pkt_hdr, parse_layer(ipsec_config.inbound.parse), + ip_offset, _ODP_ETHTYPE_IPV4); + + *pkt_out = pkt; + + return ipsec_sa; + +err: + pkt_hdr = odp_packet_hdr(pkt); + pkt_hdr->p.error_flags.ipsec_err = 1; - packet_parse_l3_l4(pkt_hdr, parse_layer(ipsec_config.inbound.parse), - ip_offset, _ODP_ETHTYPE_IPV4); - } -out: *pkt_out = pkt; return ipsec_sa; @@ -620,6 +627,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, uint8_t ip_ttl; /**< Saved IP TTL value */ uint16_t ip_frag_offset; /**< Saved IP flags value */ odp_crypto_packet_result_t crypto; /**< Crypto operation result */ + odp_packet_hdr_t *pkt_hdr; ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != ip_offset); ODP_ASSERT(NULL != ip); @@ -637,7 +645,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, if (ODP_IPSEC_MODE_TRANSPORT == ipsec_sa->mode && _ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(ip->frag_offset))) { status->error.alg = 1; - goto out; + goto err; } if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode) { @@ -673,7 +681,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, if (odp_packet_extend_head(&pkt, _ODP_IPV4HDR_LEN, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } odp_packet_move_data(pkt, 0, _ODP_IPV4HDR_LEN, ip_offset); @@ -719,7 +727,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, 1); /* Check for overrun */ if (ctr == 0) - goto out; + goto err; memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); memcpy(iv + ipsec_sa->salt_length, &ctr, @@ -735,7 +743,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, if (len != ipsec_sa->esp_iv_len) { status->error.alg = 1; - goto out; + goto err; } memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); @@ -745,12 +753,12 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, if (odp_packet_extend_tail(&pkt, trl_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } if (odp_packet_extend_head(&pkt, hdr_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } odp_packet_move_data(pkt, 0, hdr_len, ipsec_offset); @@ -824,12 +832,12 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, if (odp_packet_extend_tail(&pkt, trl_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } if (odp_packet_extend_head(&pkt, hdr_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } odp_packet_move_data(pkt, 0, hdr_len, ipsec_offset); @@ -871,12 +879,12 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, stats_length = param.auth_range.length; } else { status->error.alg = 1; - goto out; + goto err; } /* No need to run precheck here, we know that packet is authentic */ if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) - goto out; + goto err; param.session = ipsec_sa->session; @@ -884,14 +892,14 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, if (rc < 0) { ODP_DBG("Crypto failed\n"); status->error.alg = 1; - goto out; + goto err; } rc = odp_crypto_result(&crypto, pkt); if (rc < 0) { ODP_DBG("Crypto failed\n"); status->error.alg = 1; - goto out; + goto err; } if (!crypto.ok) { @@ -907,7 +915,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, ODP_CRYPTO_HW_ERR_NONE)) status->error.auth = 1; - goto out; + goto err; } ip = odp_packet_l3_ptr(pkt, NULL); @@ -921,7 +929,13 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, _odp_ipv4_csum_update(pkt); -out: + *pkt_out = pkt; + return ipsec_sa; + +err: + pkt_hdr = odp_packet_hdr(pkt); + + pkt_hdr->p.error_flags.ipsec_err = 1; *pkt_out = pkt; return ipsec_sa; From patchwork Wed Nov 8 18:00:34 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118325 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp5621351qgn; Wed, 8 Nov 2017 10:24:20 -0800 (PST) X-Google-Smtp-Source: ABhQp+Tr48ttFyn+BQpelj9bbaHfC/QjpY+KPr99oRgjrz+lUb1dPkaD1GiZKP5v2Rq6/c1iHEjF X-Received: by 10.55.167.22 with SMTP id q22mr2172718qke.234.1510165460788; Wed, 08 Nov 2017 10:24:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510165460; cv=none; d=google.com; s=arc-20160816; b=a9/oI8MursV01eyQ0xSqAnKoGMua+Q7rwdqprBWU0MJ7Cxs++FuH06hJbY3g8kgGEj OYdoMql994tV/Sqng1Xl41owzBnY6bQqsSC/Kn8LvBXEY7a8rlGg8CLrLc9dzrAvSMIn wD707aeJbSZigqRUKTcIJUyzkdJp6Ia5bGgbiuXmvCQaHjAcFa7HmK0tUZv69QMl/9pK QJkL5peV1Hp8O18moYBSveBs+XtP5aV4IHf2dSCIimF3TwZcK1wnf5Otzko0XipYZysS 7Mcxn6tI/x5+je52nOyj+mb38ECq4j2P8zXNMuVyDBpFiSHy88b9v/fNEMY2pWFbWLlj SDAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=SGCsE+ZrxbZb91ORvaF62iWhtWA0dGIgbT2imEqAuZ0=; b=njFyfP/XezgPMrQ98bwHFD6MPtgsTrzgHXJ3y95VlILxINHJaPX6y9rlOF0XcBe41m 5qa2jSTW6z7INaH/B6LOWqPFNfLUDucttn10dAA0xAAolN3d6A6MEk1cgDb+wP17kooT jXKxqkt82No36Cuo7caSCE73uRsTUj6YVNtLk22KMD6AMfa6enX43ZIm0FuT32iIIFFT rUn3f3V283oXvdpOce4c2lS/DGYcS2iawGHD9Bb/aCVZUb3Y4aIT6hHq1nIBE6aqqHLq gLGvB41p8cHf03aPg5fdEpqgJ1g4cHZyAwuxAbICS7/pbdZmYgciaxYhtAVG0LN7a0SA KKeg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id i39si1134212qtb.445.2017.11.08.10.24.20; Wed, 08 Nov 2017 10:24:20 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 7A32D60C36; Wed, 8 Nov 2017 18:24:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 930E7610D7; Wed, 8 Nov 2017 18:04:07 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 7362161057; Wed, 8 Nov 2017 18:04:03 +0000 (UTC) Received: from forward100o.mail.yandex.net (forward100o.mail.yandex.net [37.140.190.180]) by lists.linaro.org (Postfix) with ESMTPS id 327DB60CBA for ; Wed, 8 Nov 2017 18:00:47 +0000 (UTC) Received: from mxback2j.mail.yandex.net (mxback2j.mail.yandex.net [IPv6:2a02:6b8:0:1619::10b]) by forward100o.mail.yandex.net (Yandex) with ESMTP id 6D2022A21BA8 for ; Wed, 8 Nov 2017 21:00:44 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback2j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id wVGFsonbkX-0ieKKaIk; Wed, 08 Nov 2017 21:00:44 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id TTdbkiNdyn-0h1GtLSA; Wed, 08 Nov 2017 21:00:43 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Wed, 8 Nov 2017 21:00:34 +0300 Message-Id: <1510164037-14458-14-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510164037-14458-1-git-send-email-odpbot@yandex.ru> References: <1510164037-14458-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v7 13/16] validation: check that erroneous IPsec packets have error flag set X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Verify that odp_packet_has_error() returns true for IPsec packets with error status in result. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: d22c949cc466bf28de559855a1cb525740578137 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed **/ test/validation/api/ipsec/ipsec.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c index 5883f23e2..045718594 100644 --- a/test/validation/api/ipsec/ipsec.c +++ b/test/validation/api/ipsec/ipsec.c @@ -739,6 +739,10 @@ void ipsec_check_in_one(const ipsec_test_part *part, odp_ipsec_sa_t sa) CU_ASSERT_EQUAL(0, odp_ipsec_result(&result, pkto[i])); CU_ASSERT_EQUAL(part->out[i].status.error.all, result.status.error.all); + if (result.status.error.all) + CU_ASSERT(odp_packet_has_error(pkto[i])) + else + CU_ASSERT(!odp_packet_has_error(pkto[i])); CU_ASSERT_EQUAL(suite_context.inbound_op_mode == ODP_IPSEC_OP_MODE_INLINE, result.flag.inline_mode); @@ -778,6 +782,10 @@ void ipsec_check_out_one(const ipsec_test_part *part, odp_ipsec_sa_t sa) CU_ASSERT_EQUAL(0, odp_ipsec_result(&result, pkto[i])); CU_ASSERT_EQUAL(part->out[i].status.error.all, result.status.error.all); + if (result.status.error.all) + CU_ASSERT(odp_packet_has_error(pkto[i])) + else + CU_ASSERT(!odp_packet_has_error(pkto[i])); CU_ASSERT_EQUAL(sa, result.sa); CU_ASSERT_EQUAL(IPSEC_SA_CTX, odp_ipsec_sa_context(sa)); From patchwork Wed Nov 8 18:00:35 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118323 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp5619529qgn; Wed, 8 Nov 2017 10:22:21 -0800 (PST) X-Google-Smtp-Source: AGs4zMZPpjP85mBJnrDVwQWYFhqk6DW237XS1oPxgNDNfaCMDP2cpylZWVHKgbS2sY/WNaM3KuFd X-Received: by 10.55.132.133 with SMTP id g127mr2303700qkd.72.1510165340989; Wed, 08 Nov 2017 10:22:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510165340; cv=none; d=google.com; s=arc-20160816; b=AkYWKaCQwU6lf0f+GK4h8TP+MkiQrVloLegHD3pJkiAfJLYwEGtv476BInlsQ6hC4A cC3fTY4+A38h4WqIhMKbjixUwORqUQuR77i2il4GvX4yVaRmBWkMBuWroNUEmjFdvjjW 0AgNwcmArL9e1UgEu80GIyzKiyM4uF7/a80bleQk7iWOzgizoS31Uz1d8iEGclAXQcBI F+UQ0WTU3ud1f9YGHNCOZticvvW/me0mnc6jm1ZQ3eABQyp6VMJzsVKX4KNZakS9GSe0 VhtpJYNS9amSy2lhHzlhsXHYbNWUR3TgvQf0vw+yJIPrcmevPKG24zc7X+rf21LrSWvP XmPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=dP5bKt/W+pqrFWPus/3NpK0d1x253KmMENbXczXUMuQ=; b=VWGk6O6Oq2eEw9T+RNskMzavfVV6uInO49NztBctArKueOaAFy/pgNF4uWnC+QMieg FnCQFT7NZQRyBkUdLc+0+fjyc5Cs+hDaYOPwDx/gJga5iUJBFCWgbBc6pcHGiZ5b9gZ+ dKZyDPkG+K561W/LYrVZ1bId1Xc2H2HE1aC7evlkXwvGjaGdGALe1zEY9XFD+bCJkB/O OEdFaWYoIOiNecY03SeLR5r5JJSdw92u676Uml0cey6kkglmEcPnnBEAwsP0Xg2V/cTW 8vUnhDRzHaohQJFTk6WC9wKVbIfXgHoqpKkKI5p0kBRpwlnQtC4g9AwzwmeTfEIKHJUU AkBQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id v4si2862713qkv.171.2017.11.08.10.22.20; Wed, 08 Nov 2017 10:22:20 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id ABD7260B4E; Wed, 8 Nov 2017 18:22:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id C687F61051; Wed, 8 Nov 2017 18:03:52 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 876356104A; Wed, 8 Nov 2017 18:03:34 +0000 (UTC) Received: from forward103j.mail.yandex.net (forward103j.mail.yandex.net [5.45.198.246]) by lists.linaro.org (Postfix) with ESMTPS id DE9EF60C3A for ; Wed, 8 Nov 2017 18:00:45 +0000 (UTC) Received: from mxback3o.mail.yandex.net (mxback3o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::1d]) by forward103j.mail.yandex.net (Yandex) with ESMTP id CF97034C42CD for ; Wed, 8 Nov 2017 21:00:44 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback3o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id vqBO3LIMJS-0ipmlxKQ; Wed, 08 Nov 2017 21:00:44 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id TTdbkiNdyn-0i1iMeBp; Wed, 08 Nov 2017 21:00:44 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Wed, 8 Nov 2017 21:00:35 +0300 Message-Id: <1510164037-14458-15-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510164037-14458-1-git-send-email-odpbot@yandex.ru> References: <1510164037-14458-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v7 14/16] linux-gen: ipsec: validate ip header total length X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Check that IP packet length from the header is not bogus. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: d22c949cc466bf28de559855a1cb525740578137 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed **/ platform/linux-generic/odp_ipsec.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 8101b00c6..e6fb276a6 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -300,6 +300,11 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ipsec_offset = ip_offset + ip_hdr_len; + if (odp_be_to_cpu_16(ip->tot_len) + ip_offset > odp_packet_len(pkt)) { + status->error.alg = 1; + goto err; + } + if (_ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(ip->frag_offset))) { status->error.proto = 1; goto err; @@ -648,6 +653,11 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, goto err; } + if (odp_be_to_cpu_16(ip->tot_len) + ip_offset > odp_packet_len(pkt)) { + status->error.alg = 1; + goto err; + } + if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode) { _odp_ipv4hdr_t out_ip; uint16_t tot_len; From patchwork Wed Nov 8 18:00:36 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118324 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp5620882qgn; Wed, 8 Nov 2017 10:23:50 -0800 (PST) X-Google-Smtp-Source: ABhQp+QFIr0O93yS+DmqpWNnsSgld2rC9fIvzUaMbedBPrCneFk6LGpeE6QQjjkT6QTNvXeNDSbT X-Received: by 10.200.53.111 with SMTP id z44mr2459577qtb.12.1510165430181; Wed, 08 Nov 2017 10:23:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510165430; cv=none; d=google.com; s=arc-20160816; b=WF14QHfc0fBxrtf8K46AGW9J6ziLHFZ226tohki999Gh+XhZ4gBNDLztmlITZgMtQB oU8hClIrrJSpYVbQoFnrEzSIxJcCPXFpwORcmbSljEcnC5n9un/+uGy6Q7oQ0w7gnrt3 nKCUBMSCjZIF43CIgJFmlW3gCKGv8iheWjSvGMGuo00hYOz5ktH7w5vWvcDlnZVbp2Mg HcFqys0Q5C5xVokcjdjn03jubQaZS2eaAlr5sLUEk81ZMcBRubw4BC+gmG0rAL+6sGR9 nrOLIw8ZKXANj7lnYx3hQ0kkST9IFbJj1r4h1fTYCUqv7FInjwqrBukh/+tWCVrIghCv MI0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=sRs7k+FYVcWruYt/ain5sTkNlMMCWCx9Yx0R3U37h/c=; b=Ocja13RYSl54Ek6Bpv6deEbBA4XUl3jjB4rLJ4PnRGfj69p3mpqL7+ASylm1qvCLwu +Fzmk2cfdPOW+ne7eM4KuTsc1yCLHw7Jp9z8iF+b2mdNC6hx3n6Lsq8IPSa04gwJguw6 sCYvC8BOlMnCpxKEQlVVN7IojmkwbDtq7nuSyZ5yCyh7mm/j/ST7EI8P+ovYeW6h5lmF uT2bDdZxK0NhmyJTVcmyqUFekB5riTsofjsZfaBRXNsSTtKu/sriSDqDhd0CeDE2Y0jF WSmXXH/sSaaGC5FQrk6d1PSEXph9VFv6v69DAg7mHcQVlrTwT0lLHLkTfZO7ByfGByij dj+w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id a22si497335qth.432.2017.11.08.10.23.49; Wed, 08 Nov 2017 10:23:50 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id C5C6660C2F; Wed, 8 Nov 2017 18:23:49 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 5A0BA61057; Wed, 8 Nov 2017 18:04:04 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id E346F61055; Wed, 8 Nov 2017 18:03:54 +0000 (UTC) Received: from forward105o.mail.yandex.net (forward105o.mail.yandex.net [37.140.190.183]) by lists.linaro.org (Postfix) with ESMTPS id 8488C60C9F for ; Wed, 8 Nov 2017 18:00:46 +0000 (UTC) Received: from mxback15j.mail.yandex.net (mxback15j.mail.yandex.net [IPv6:2a02:6b8:0:1619::91]) by forward105o.mail.yandex.net (Yandex) with ESMTP id 2CB6A4442D0C for ; Wed, 8 Nov 2017 21:00:45 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback15j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id kkIddLoMEq-0jc4DfOe; Wed, 08 Nov 2017 21:00:45 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id TTdbkiNdyn-0i18V52i; Wed, 08 Nov 2017 21:00:44 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Wed, 8 Nov 2017 21:00:36 +0300 Message-Id: <1510164037-14458-16-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510164037-14458-1-git-send-email-odpbot@yandex.ru> References: <1510164037-14458-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v7 15/16] linux-gen: ipsec: correct frag_offset for tunneled packets X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Generated outer header should have frag_offset = 0, MF = 0. Change code accordingly. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: d22c949cc466bf28de559855a1cb525740578137 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed **/ platform/linux-generic/odp_ipsec.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index e6fb276a6..107b54917 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -677,10 +677,10 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, out_ip.id = odp_atomic_fetch_add_u32(&ipsec_sa->out.tun_hdr_id, 1); if (ipsec_sa->copy_df) - out_ip.frag_offset = ip->frag_offset; + out_ip.frag_offset = ip->frag_offset & 0x4000; else - out_ip.frag_offset = (ip->frag_offset & ~0x4000) | - (ipsec_sa->out.tun_df << 14); + out_ip.frag_offset = + ((uint16_t)ipsec_sa->out.tun_df) << 14; out_ip.ttl = ipsec_sa->out.tun_ttl; out_ip.proto = _ODP_IPV4; /* Will be filled later by packet checksum update */ From patchwork Wed Nov 8 18:00:37 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118326 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp5621799qgn; Wed, 8 Nov 2017 10:24:49 -0800 (PST) X-Google-Smtp-Source: ABhQp+RfE9x3yIVcU+DWFTmepNUSNgAG6DrfZwhN19Ga5zPpIRz1EgeU2lpnNOo0aDXeEnZjJ5au X-Received: by 10.200.43.193 with SMTP id n1mr2395855qtn.101.1510165489235; Wed, 08 Nov 2017 10:24:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510165489; cv=none; d=google.com; s=arc-20160816; b=0mhz2RFVEHZ5YkCTSNMBpe4f5tzSmTKPNB8yEB8BCN5NIWwUE3ZtlhB2LC5qqbyUCy XhMyp9Q36k0p6f+Try0u2aKpO5mvklX3kfkpWBc51LlvzLJHlP6jC1YBVE1gVKzufUaG WAX3TcLT7IALcty11LwWuYnAJMNMGPrALu/rvFxgf+NmwbsQEbSa9I7iINpv8oNKs2gv B6Y/U4tUPjNK27zfFCdosxmkH5cJRD//68cKuG64YC2AVhzPfj4Q0VwDtE/vkrFg0HzH qD4WdUH0bf1dd/RarUSZluhgiJp9iyAJISK//AlG6FGgXIZ1L1TMvHlApo6N/dqgAFmX NXMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=C1mdcGPD+8Zdlbf22p31BRJGC5aCwUn56fudRRW7HhQ=; b=P79C44HI+PIyS4OT0sJYmpuz3x0wcitb1YrjW2fhEFtUauVMCtjCcgx1QVu8fB/Ui6 TuxUBqmUtTVGoXir2frtNLO3dpAf2SSdBrZwaGW5dBursWpMasIAvsiYmpEGC3QpwSgn izY4jihOL/IH5mRVxonr8WZp96qHbZGcEiRrthwg6TbPCWzmKmF6L+k9bjNKYoYwudd5 fjp0TxEMCC0W9ixpXAn/3gEKYhCiCfhmgJU8UjMFI9t/H9tpHJzzverqk/0w2BqD3NqN NEKbB7uyBLcSMvIR0cxGRntQ2yddJwWACT1xQ+nOy11WeZehHpFg8nlaStuiLYC7Si/k JsPg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id l129si4221160qkd.367.2017.11.08.10.24.48; Wed, 08 Nov 2017 10:24:49 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id CBB3360C2F; Wed, 8 Nov 2017 18:24:48 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 90B4F615AA; Wed, 8 Nov 2017 18:04:17 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 5F7E661204; Wed, 8 Nov 2017 18:04:11 +0000 (UTC) Received: from forward102j.mail.yandex.net (forward102j.mail.yandex.net [5.45.198.243]) by lists.linaro.org (Postfix) with ESMTPS id 5DAF560CDF for ; Wed, 8 Nov 2017 18:00:47 +0000 (UTC) Received: from mxback8g.mail.yandex.net (mxback8g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:169]) by forward102j.mail.yandex.net (Yandex) with ESMTP id AA9505602442 for ; Wed, 8 Nov 2017 21:00:45 +0300 (MSK) Received: from smtp4j.mail.yandex.net (smtp4j.mail.yandex.net [2a02:6b8:0:1619::15:6]) by mxback8g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id FqulPr0Pbx-0jpW3tI9; Wed, 08 Nov 2017 21:00:45 +0300 Received: by smtp4j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id TTdbkiNdyn-0j18Vraa; Wed, 08 Nov 2017 21:00:45 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Wed, 8 Nov 2017 21:00:37 +0300 Message-Id: <1510164037-14458-17-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510164037-14458-1-git-send-email-odpbot@yandex.ru> References: <1510164037-14458-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v7 16/16] linux-gen: ipsec: don't leak SA on creation error X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Some paths during odp_ipsec_sa_create() can lead to SA leakage. Fix them by always releasing SA in error case. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: d22c949cc466bf28de559855a1cb525740578137 ** Merge commit sha: b87a669d1d701c336b19a9dd4f07b920a87132ed **/ platform/linux-generic/odp_ipsec_sad.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 6a17a9172..ec2bd27e1 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -310,7 +310,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->icv_len = 16; break; default: - return ODP_IPSEC_SA_INVALID; + goto error; } switch (crypto_param.cipher_alg) { @@ -340,7 +340,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) crypto_param.iv.length = 12; break; default: - return ODP_IPSEC_SA_INVALID; + goto error; } if (1 == ipsec_sa->use_counter_iv &&