From patchwork Sun Nov 12 00:00:00 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118620 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp251271qgn; Sat, 11 Nov 2017 16:01:23 -0800 (PST) X-Google-Smtp-Source: AGs4zMaz+LkggN1c+7rb/8K+WoJVu+Ki9uh4D+Vk4YdCLnZFWJv3lnCFAyySTO5TUbaL0kMrPLbg X-Received: by 10.200.3.23 with SMTP id q23mr2512996qtg.229.1510444883023; Sat, 11 Nov 2017 16:01:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510444883; cv=none; d=google.com; s=arc-20160816; b=SvuxIj0OczBSxDK3D8Gv22Oy0d5mliwZhmjdcrPD267v1VLIk45OGUq1RTTZMtSj1w /hlYyH6P/ktK/BfAzn8qa5KJGRvgs+yf2xC4siQmiFOGWfe51xUUGIDb3tgNJ0M5oKCO q8WMAnrMzWU5Yo1i/dhMd1WeyXPO3/tM9Q7NlmIHUwljFWHznZA9oMAICV09dvfXEkoJ x0Ki679pyr7Bz2uPd0bVeCVAtu1pgbH58rpWoPelb8FyNAQl98BRGA3LnAv/7Gc5pSC4 q03KjFDVUhRtRVchgoTUYcGbY6sVA25OgT56OXtStKU43hkPCXxCKesjvTAiKjK7NNVE lLXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=LYZKkqxPyBlmNtN9RouBI5uHi1QDfiPAFdowWLlz6kg=; b=LeU8CnsgrvKZlCszS7bR/o/mJAUkwNOzA7AnCygVbb7S79PtRH8I2erF3F9cgzgn9S /PMzKhYYXncaKg1GJGzojwMrUIPCakg6tDOPXh7cS+RH7ZPwN82lg3S4xn7Hf1AyDyoP AYz/B5/0bjMDTSnf3veV2tlxr6m5V+sIMbWmB29QdLB054kyEaMkgqbSXNqYHeFRmti9 ZZLFSrKDDXLMh97kaUf52f8MD25LoCt2Wt8jxUFu2EN6AqA8BURMf0lRHuz00O4Inq6k G1Rq7Kmah9Yn2EapzmhSo6DPYVOVFJ/jvw2hQbHpbsJk1xT6WvYEK6RbRBv+c7mUwbGg vliA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id s184si636886qke.205.2017.11.11.16.01.22; Sat, 11 Nov 2017 16:01:23 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id B7120609D8; Sun, 12 Nov 2017 00:01:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 3DE95609E3; Sun, 12 Nov 2017 00:00:28 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 9BA24607A7; Sun, 12 Nov 2017 00:00:21 +0000 (UTC) Received: from forward15o.cmail.yandex.net (forward15o.cmail.yandex.net [37.9.109.212]) by lists.linaro.org (Postfix) with ESMTPS id 25F1E60633 for ; Sun, 12 Nov 2017 00:00:19 +0000 (UTC) Received: from mxback12j.mail.yandex.net (mxback12j.mail.yandex.net [IPv6:2a02:6b8:0:1619::87]) by forward15o.cmail.yandex.net (Yandex) with ESMTP id 6A41A28897 for ; Sun, 12 Nov 2017 03:00:17 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback12j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id KsjVNfpQxT-0HrmYjmp; Sun, 12 Nov 2017 03:00:17 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id VxCtJulSk2-0GWG0bwh; Sun, 12 Nov 2017 03:00:16 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 03:00:00 +0300 Message-Id: <1510444815-25058-2-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510444815-25058-1-git-send-email-odpbot@yandex.ru> References: <1510444815-25058-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v8 1/16] linux-gen: ipsec: use counter instead of random IV for GCM X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Reusing IV block with GCM results in disastrous consequences. Use counter instead of random-generated IV to remove possibility for IV reuse. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: 9ff682c8d0315f3f1921d5b9fe13d62897c78710 ** Merge commit sha: 38c770f1444aeb3ede5313b7304a1161277ae0b5 **/ platform/linux-generic/include/odp_ipsec_internal.h | 16 +++++++++++++--- platform/linux-generic/odp_ipsec.c | 19 ++++++++++++++++++- platform/linux-generic/odp_ipsec_sad.c | 6 ++++++ 3 files changed, 37 insertions(+), 4 deletions(-) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index 1340ca7bd..afc2f686e 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -118,9 +118,17 @@ struct ipsec_sa_s { uint8_t salt[IPSEC_MAX_SALT_LEN]; uint32_t salt_length; - unsigned dec_ttl : 1; - unsigned copy_dscp : 1; - unsigned copy_df : 1; + union { + unsigned flags; + struct { + unsigned dec_ttl : 1; + unsigned copy_dscp : 1; + unsigned copy_df : 1; + + /* Only for outbound */ + unsigned use_counter_iv : 1; + }; + }; union { struct { @@ -136,6 +144,8 @@ struct ipsec_sa_s { odp_atomic_u32_t tun_hdr_id; odp_atomic_u32_t seq; + odp_atomic_u64_t counter; /* for CTR/GCM */ + uint8_t tun_ttl; uint8_t tun_dscp; uint8_t tun_df; diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index e57736c2a..1aa437b8e 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -676,7 +676,24 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, ip_data_len + ipsec_sa->icv_len; - if (ipsec_sa->esp_iv_len) { + if (ipsec_sa->use_counter_iv) { + uint64_t ctr; + + /* Both GCM and CTR use 8-bit counters */ + ODP_ASSERT(sizeof(ctr) == ipsec_sa->esp_iv_len); + + ctr = odp_atomic_fetch_add_u64(&ipsec_sa->out.counter, + 1); + /* Check for overrun */ + if (ctr == 0) + goto out; + + memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); + memcpy(iv + ipsec_sa->salt_length, &ctr, + ipsec_sa->esp_iv_len); + + param.override_iv_ptr = iv; + } else if (ipsec_sa->esp_iv_len) { uint32_t len; len = odp_random_data(iv + ipsec_sa->salt_length, diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index f0b5b9e4a..5d20bb66c 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -207,6 +207,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->context = param->context; ipsec_sa->queue = param->dest_queue; ipsec_sa->mode = param->mode; + ipsec_sa->flags = 0; if (ODP_IPSEC_DIR_INBOUND == param->dir) { ipsec_sa->in.lookup_mode = param->inbound.lookup_mode; if (ODP_IPSEC_LOOKUP_DSTADDR_SPI == ipsec_sa->in.lookup_mode) @@ -315,6 +316,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) case ODP_CIPHER_ALG_AES128_GCM: #endif case ODP_CIPHER_ALG_AES_GCM: + ipsec_sa->use_counter_iv = 1; ipsec_sa->esp_iv_len = 8; ipsec_sa->esp_block_len = 16; crypto_param.iv.length = 12; @@ -323,6 +325,10 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) return ODP_IPSEC_SA_INVALID; } + if (1 == ipsec_sa->use_counter_iv && + ODP_IPSEC_DIR_OUTBOUND == param->dir) + odp_atomic_init_u64(&ipsec_sa->out.counter, 1); + crypto_param.auth_digest_len = ipsec_sa->icv_len; if (param->crypto.cipher_key_extra.length) { From patchwork Sun Nov 12 00:00:01 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118621 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp251782qgn; Sat, 11 Nov 2017 16:02:04 -0800 (PST) X-Google-Smtp-Source: AGs4zMZCSaIwZxeLDf0K1ykB5GK7cO/td24URyf8k2cvwGQGGuSaLdlFX+GzCHf74gxDh4L1cYV6 X-Received: by 10.55.144.132 with SMTP id s126mr7636654qkd.309.1510444924133; Sat, 11 Nov 2017 16:02:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510444924; cv=none; d=google.com; s=arc-20160816; b=gWwY1XdDzmA+1M2XXIhqLz12RZU1aUStFRNPH5qRwfyltPY0KymOadiPG0KykYVCxw K3IcCz8IFEf6x30BOJcXcc2SJplWhZqrHattDKvCWuTlt88609P3g7k64nU0piGTRj33 gziabixSbXc6WIzihh6VN1KWLBEOsNNX9RPnH5GF+7xQ0awI9gQjlD+8NTfMkGHPb+/e bPYkYCtvn/t5HL7W2/GexqBaQh8lyAHxA70sMa9uU+Vg+vB2U0kS2r6KCn109+dOHSxy xrNGboemdhNEA0JOau7nGlYoTvVj692W+2rY6RyKKe8sflZJMKEyYLg3LSWfjh1LPy2s 5kiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=tb7c/0UJYXdQnJh/hvfv3eMQBKPW4wEqhboiADc/fIw=; b=UIYQDHGJPjDdWpeW17vFSLbUhpwPJMqYJ913jhJfkOfo6EYlUKtzhqFSShu+10suy7 1D17aahfswCtpKVa5BWu2GfN48/wN+yxiL9rz64OaK1gtFhzaDeKirMwrOhG4uSvD5FC yqHm2Q8Vs7JN4jVuEM153ZZAWe9pr4NPXnEojlDFSuu96T1mnmPo4gW1SDxAjTqerg/c MSj1URhVFOQfCPha2F4LaamfKcEGePXKi7SW/TBCnWjSwoFoBvvmIBrZ01BzPX0SCoHd kjloybB0xiLjhVJwhmAsXrrNxNGol96yS1jJ972giupji0wuTpi6ThrVpKuhNcvB51g5 bbbw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id n68si11891775qke.245.2017.11.11.16.02.03; Sat, 11 Nov 2017 16:02:04 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id C9FE860C18; Sun, 12 Nov 2017 00:02:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 8B82260737; Sun, 12 Nov 2017 00:00:31 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id A091E60804; Sun, 12 Nov 2017 00:00:23 +0000 (UTC) Received: from forward106j.mail.yandex.net (forward106j.mail.yandex.net [5.45.198.249]) by lists.linaro.org (Postfix) with ESMTPS id 6300B60634 for ; Sun, 12 Nov 2017 00:00:19 +0000 (UTC) Received: from mxback16j.mail.yandex.net (mxback16j.mail.yandex.net [IPv6:2a02:6b8:0:1619::92]) by forward106j.mail.yandex.net (Yandex) with ESMTP id F15C1180115F for ; Sun, 12 Nov 2017 03:00:17 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback16j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id kRfMm5qPyj-0HS8OJ6H; Sun, 12 Nov 2017 03:00:17 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id VxCtJulSk2-0HWelC90; Sun, 12 Nov 2017 03:00:17 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 03:00:01 +0300 Message-Id: <1510444815-25058-3-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510444815-25058-1-git-send-email-odpbot@yandex.ru> References: <1510444815-25058-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v8 2/16] validation: ipsec: drop unused file X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: 9ff682c8d0315f3f1921d5b9fe13d62897c78710 ** Merge commit sha: 38c770f1444aeb3ede5313b7304a1161277ae0b5 **/ test/validation/api/ipsec/ipsec_sync_in.c | 27 --------------------------- 1 file changed, 27 deletions(-) delete mode 100644 test/validation/api/ipsec/ipsec_sync_in.c diff --git a/test/validation/api/ipsec/ipsec_sync_in.c b/test/validation/api/ipsec/ipsec_sync_in.c deleted file mode 100644 index 8a7fc4680..000000000 --- a/test/validation/api/ipsec/ipsec_sync_in.c +++ /dev/null @@ -1,27 +0,0 @@ -/* Copyright (c) 2017, Linaro Limited - * All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - -#include "config.h" - -#include "ipsec.h" - -int main(int argc, char *argv[]) -{ - int ret; - - /* parse common options: */ - if (odp_cunit_parse_options(argc, argv)) - return -1; - - odp_cunit_register_global_init(ipsec_init); - odp_cunit_register_global_term(ipsec_term); - - ret = odp_cunit_register(ipsec_suites); - if (ret == 0) - ret = odp_cunit_run(); - - return ret; -} From patchwork Sun Nov 12 00:00:02 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118622 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp252188qgn; Sat, 11 Nov 2017 16:02:35 -0800 (PST) X-Google-Smtp-Source: AGs4zMblIzk+Ynfp1RhVF01d6IamCNCGmBLNAKSFMaXdg6uvq23PQxQ7EPbQpP3mWqwJYlqdh/rJ X-Received: by 10.55.179.196 with SMTP id c187mr7591765qkf.249.1510444955586; Sat, 11 Nov 2017 16:02:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510444955; cv=none; d=google.com; s=arc-20160816; b=ZP1Pr7NFYgFulANWn2ts3ixjK0c82NQLTLU4a1Pb8+ecshSZ2OU9wpaGCI+2WCqLKM 200bZfYScqB8bbstNndI0bd/v6DqUVYloHef1Qo/dUS2lqXv350YtOeRrByG1cfIBOrr PWKjCksU1JTvEnl8e+i+hgF6L/Hxdlp4fc5Xmeq+pghCeD7dfOby7KECtPZPNDzAcMC5 1vB+Q5CB2g0ruH1U3ETB6JQmIr3uquhaIXd+gDqKuw5uWbmxE7AdUUJdobRbrUxQng5f O9mW/jMsBq8/MvfHgm2muUtVO/SQ6dYIrgiHvIo7t0AFcNK73/kQFIAoA0TAZ+GLoeZF QGSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=7fAxza17zBvycyfHNjVx0ZYPCtYYwdlJWVRyFwwoP7A=; b=jCDN0IAzxdyglVI+8+2wjfPWxKycZmgYZaYLJstDPq9vIL91TGNV1MAJIuMCPeGBre iSUBQF0J5JKmO2dMOb+L0of31U15pBNZsYn3XLGT6up/fFHw0bssL2LX2OOJhAkII+nj vRgGxzVpcH1VtRZYGboR5vMy81Svv19Q3QXEKVHsAW7pn5rPYdq8ZXXejTB1Ee/kmBIH 9AHfQ3UrRk8RcbBtlrqS5sv8uYYWz3J/BmMJZ12qvr+7QSK3mhqAS1fMa4IifuAFBJvI pke5nMVpNp9ZYptcJX7Jb4h2SkebEF6t6wPCHzUuifZTTNrd+NtVdXKVIU1e1TeLO8AU /fsg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id 31si8653636qth.225.2017.11.11.16.02.35; Sat, 11 Nov 2017 16:02:35 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 4A88E607B8; Sun, 12 Nov 2017 00:02:35 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id E470B609F8; Sun, 12 Nov 2017 00:00:34 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 64B3D60996; Sun, 12 Nov 2017 00:00:24 +0000 (UTC) Received: from forward101p.mail.yandex.net (forward101p.mail.yandex.net [77.88.28.101]) by lists.linaro.org (Postfix) with ESMTPS id DC13D60655 for ; Sun, 12 Nov 2017 00:00:19 +0000 (UTC) Received: from mxback15j.mail.yandex.net (mxback15j.mail.yandex.net [IPv6:2a02:6b8:0:1619::91]) by forward101p.mail.yandex.net (Yandex) with ESMTP id 7CB7C6A81BE0 for ; Sun, 12 Nov 2017 03:00:18 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback15j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id vxuc2ASO1J-0IiS6io4; Sun, 12 Nov 2017 03:00:18 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id VxCtJulSk2-0HWu4Rwl; Sun, 12 Nov 2017 03:00:18 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 03:00:02 +0300 Message-Id: <1510444815-25058-4-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510444815-25058-1-git-send-email-odpbot@yandex.ru> References: <1510444815-25058-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v8 3/16] validation: ipsec: verify odp_ipsec_sa_context X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: 9ff682c8d0315f3f1921d5b9fe13d62897c78710 ** Merge commit sha: 38c770f1444aeb3ede5313b7304a1161277ae0b5 **/ test/validation/api/ipsec/ipsec.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c index a8fdf2b14..853bd88a9 100644 --- a/test/validation/api/ipsec/ipsec.c +++ b/test/validation/api/ipsec/ipsec.c @@ -19,6 +19,9 @@ struct suite_context_s suite_context; #define PKT_POOL_NUM 64 #define PKT_POOL_LEN (1 * 1024) +#define PACKET_USER_PTR ((void *)0x1212fefe) +#define IPSEC_SA_CTX ((void *)0xfefefafa) + static odp_pktio_t pktio_create(odp_pool_t pool) { odp_pktio_t pktio; @@ -300,6 +303,8 @@ void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param, param->dest_queue = suite_context.queue; + param->context = IPSEC_SA_CTX; + param->crypto.cipher_alg = cipher_alg; if (cipher_key) param->crypto.cipher_key = *cipher_key; @@ -317,6 +322,8 @@ void ipsec_sa_destroy(odp_ipsec_sa_t sa) odp_event_t event; odp_ipsec_status_t status; + CU_ASSERT_EQUAL(IPSEC_SA_CTX, odp_ipsec_sa_context(sa)); + CU_ASSERT_EQUAL(ODP_IPSEC_OK, odp_ipsec_sa_disable(sa)); if (ODP_QUEUE_INVALID != suite_context.queue) { @@ -339,8 +346,6 @@ void ipsec_sa_destroy(odp_ipsec_sa_t sa) CU_ASSERT_EQUAL(ODP_IPSEC_OK, odp_ipsec_sa_destroy(sa)); } -#define PACKET_USER_PTR ((void *)0x1212fefe) - odp_packet_t ipsec_packet(const ipsec_test_packet *itp) { odp_packet_t pkt = odp_packet_alloc(suite_context.pool, itp->len); @@ -608,7 +613,13 @@ void ipsec_check_in_one(const ipsec_test_part *part, odp_ipsec_sa_t sa) CU_ASSERT_EQUAL(0, odp_ipsec_result(&result, pkto[i])); CU_ASSERT_EQUAL(part->out[i].status.error.all, result.status.error.all); + CU_ASSERT_EQUAL(suite_context.inbound_op_mode == + ODP_IPSEC_OP_MODE_INLINE, + result.flag.inline_mode); CU_ASSERT_EQUAL(sa, result.sa); + if (ODP_IPSEC_SA_INVALID != sa) + CU_ASSERT_EQUAL(IPSEC_SA_CTX, + odp_ipsec_sa_context(sa)); } ipsec_check_packet(part->out[i].pkt_out, pkto[i]); @@ -642,6 +653,8 @@ void ipsec_check_out_one(const ipsec_test_part *part, odp_ipsec_sa_t sa) CU_ASSERT_EQUAL(part->out[i].status.error.all, result.status.error.all); CU_ASSERT_EQUAL(sa, result.sa); + CU_ASSERT_EQUAL(IPSEC_SA_CTX, + odp_ipsec_sa_context(sa)); } ipsec_check_packet(part->out[i].pkt_out, pkto[i]); @@ -679,6 +692,8 @@ void ipsec_check_out_in_one(const ipsec_test_part *part, CU_ASSERT_EQUAL(part->out[i].status.error.all, result.status.error.all); CU_ASSERT_EQUAL(sa, result.sa); + CU_ASSERT_EQUAL(IPSEC_SA_CTX, + odp_ipsec_sa_context(sa)); } CU_ASSERT_FATAL(odp_packet_len(pkto[i]) <= sizeof(pkt_in.data)); From patchwork Sun Nov 12 00:00:03 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118623 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp252681qgn; Sat, 11 Nov 2017 16:03:17 -0800 (PST) X-Google-Smtp-Source: AGs4zMYp2DUr1jihb7TarFxZtJx11WUSTVKfemsXVF+pc5ojVfzY4fSf/osj5tRb9R72sTl/4G4P X-Received: by 10.200.26.13 with SMTP id v13mr7939388qtj.107.1510444997738; Sat, 11 Nov 2017 16:03:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510444997; cv=none; d=google.com; s=arc-20160816; b=RQnniI5tOBHtWGER4/QgnPjLoy2ZmYSQI2OqhD5MeMnDSZ+C+EfVKixve1akmYnEDz reC9TXOKYkYOwjfeRndhzDdaW+kiEls8AzTKGN46VTA7IwShf3OOpu468rDKFBxDb9Kw 24qLVFRQV92XsxVDS+k7D6kX2rvDsy/zCojsj3k3bikLz+UnmHXbHSDY9C4D35IJsN2p DK7fhUhCaCSaQ5+BDP+MDggCFCCeXTETfjbM9vMIFv/Ktg+8S/gY67dIbCoIyyCyDNxq 4i/w17EJ4zkye4pHhRYDM3gbiypB6QFys8CDoTG6+czrPSDYcikdE+EwRGczxCT0sCXh xTuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=5C/VlMiGr+tEkjpgiwvogzBh9DHKkL9Z06mnkVuAGPY=; b=h6VJIkt04kGr+fI6FR+xZj2hhppwXsJRNvs7sG0ah34WShf8N1da/BqQ2IMzkPyJjL thizdhtEyzs6i9D92eR9x2zVibXVaaUV7FMYWy5lQ8fvmVmOhPHGsiE8SWDw1oHMoYq2 PYcdTQxXxwy9oY8pbgsCqXWLtk0mwLaCZfF5K2Bvq2xT6QZ4bZKZpg5pFamyu9jLJvBc Z/GAiD0oGziCT/AyN+ovIVka5Ze8l2B8Lq4l2qLeJmDx+A3ynydZCUQSMI4PnIF1HMWf hw6AvwgNKjSxbmuLH6xiZSdOjlaUplvP/TsLPzT4pkW9xqTeiE5itzgiARYEhnQ9ISkN wuJg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id t24si12532259qtt.113.2017.11.11.16.03.17; Sat, 11 Nov 2017 16:03:17 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 66EC960A09; Sun, 12 Nov 2017 00:03:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 3C2A260A31; Sun, 12 Nov 2017 00:00:38 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 24C54609C2; Sun, 12 Nov 2017 00:00:25 +0000 (UTC) Received: from forward104o.mail.yandex.net (forward104o.mail.yandex.net [37.140.190.179]) by lists.linaro.org (Postfix) with ESMTPS id 895056068D for ; Sun, 12 Nov 2017 00:00:20 +0000 (UTC) Received: from mxback20j.mail.yandex.net (mxback20j.mail.yandex.net [IPv6:2a02:6b8:0:1619::114]) by forward104o.mail.yandex.net (Yandex) with ESMTP id 131EE7031D4 for ; Sun, 12 Nov 2017 03:00:19 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback20j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id qTEcEnWjmg-0JEKmLk9; Sun, 12 Nov 2017 03:00:19 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id VxCtJulSk2-0IWGwp0g; Sun, 12 Nov 2017 03:00:18 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 03:00:03 +0300 Message-Id: <1510444815-25058-5-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510444815-25058-1-git-send-email-odpbot@yandex.ru> References: <1510444815-25058-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v8 4/16] linux-gen: ipsec: fix soft/hard limits check X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Split count expiration check into two phases: - optional precheck, run before crypto, which fails only if hard limit is already breached - update, run after crypto in INBOUND case, so that limits will not be updated for packets failing ICV check. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: 9ff682c8d0315f3f1921d5b9fe13d62897c78710 ** Merge commit sha: 38c770f1444aeb3ede5313b7304a1161277ae0b5 **/ .../linux-generic/include/odp_ipsec_internal.h | 10 +++++++++- platform/linux-generic/odp_ipsec.c | 12 +++++------ platform/linux-generic/odp_ipsec_sad.c | 23 +++++++++++++++++++++- 3 files changed, 37 insertions(+), 8 deletions(-) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index afc2f686e..68ab195c7 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -185,11 +185,19 @@ void _odp_ipsec_sa_unuse(ipsec_sa_t *ipsec_sa); ipsec_sa_t *_odp_ipsec_sa_lookup(const ipsec_sa_lookup_t *lookup); /** + * Run pre-check on SA usage statistics. + * + * @retval <0 if hard limits were breached + */ +int _odp_ipsec_sa_stats_precheck(ipsec_sa_t *ipsec_sa, + odp_ipsec_op_status_t *status); + +/** * Update SA usage statistics, filling respective status for the packet. * * @retval <0 if hard limits were breached */ -int _odp_ipsec_sa_update_stats(ipsec_sa_t *ipsec_sa, uint32_t len, +int _odp_ipsec_sa_stats_update(ipsec_sa_t *ipsec_sa, uint32_t len, odp_ipsec_op_status_t *status); /** diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 1aa437b8e..55b60162d 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -412,9 +412,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto out; } - if (_odp_ipsec_sa_update_stats(ipsec_sa, - stats_length, - status) < 0) + if (_odp_ipsec_sa_stats_precheck(ipsec_sa, status) < 0) goto out; param.session = ipsec_sa->session; @@ -449,6 +447,9 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto out; } + if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) + goto out; + ip_offset = odp_packet_l3_offset(pkt); ip = odp_packet_l3_ptr(pkt, NULL); ip_hdr_len = ipv4_hdr_len(ip); @@ -835,9 +836,8 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, goto out; } - if (_odp_ipsec_sa_update_stats(ipsec_sa, - stats_length, - status) < 0) + /* No need to run precheck here, we know that packet is authentic */ + if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) goto out; param.session = ipsec_sa->session; diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 5d20bb66c..fe8dfd0e4 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -476,7 +476,28 @@ ipsec_sa_t *_odp_ipsec_sa_lookup(const ipsec_sa_lookup_t *lookup) return best; } -int _odp_ipsec_sa_update_stats(ipsec_sa_t *ipsec_sa, uint32_t len, +int _odp_ipsec_sa_stats_precheck(ipsec_sa_t *ipsec_sa, + odp_ipsec_op_status_t *status) +{ + uint64_t bytes = odp_atomic_load_u64(&ipsec_sa->bytes); + uint64_t packets = odp_atomic_load_u64(&ipsec_sa->packets); + int rc = 0; + + if (ipsec_sa->hard_limit_bytes > 0 && + bytes > ipsec_sa->hard_limit_bytes) { + status->error.hard_exp_bytes = 1; + rc = -1; + } + if (ipsec_sa->hard_limit_packets > 0 && + packets > ipsec_sa->hard_limit_packets) { + status->error.hard_exp_packets = 1; + rc = -1; + } + + return rc; +} + +int _odp_ipsec_sa_stats_update(ipsec_sa_t *ipsec_sa, uint32_t len, odp_ipsec_op_status_t *status) { uint64_t bytes = odp_atomic_fetch_add_u64(&ipsec_sa->bytes, len) + len; From patchwork Sun Nov 12 00:00:04 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118624 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp253150qgn; Sat, 11 Nov 2017 16:03:59 -0800 (PST) X-Google-Smtp-Source: AGs4zMaG2Hss5vq4GxrMydEwfuuOUumFiK+6zoGzFXyOqMtwGDJu5LIlq89pEvGMmNIpBAYOGPO7 X-Received: by 10.200.48.103 with SMTP id g36mr8045371qte.289.1510445039467; Sat, 11 Nov 2017 16:03:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510445039; cv=none; d=google.com; s=arc-20160816; b=lqV6BYeugNuBlkIelzXj9Ypoy+/skOS2BqbUiwJMhrwrDZFKy5tBxQPytMIRGRHqSs efW/xmEcKE379/ivAXAwcE7RTpxj0EHZT/Cl12prtBT9gCIV5SQf1hVtz/vCRP+6BREZ LxKLQuJUCvJoWayICHc3O/vgw45wegQVPc8sYj7IWOx7tuYO2p5TzyvXuf2e1WKkrBR2 xD5YChTSg12qKMsd3MLVMrAA85fL+SAu6ln3O4evvhY23Tjge1uta1HnW2zAwQ160VmN 1TB2//IU8SfFbptpj3xjeA4e24tLS3zdhD1Oi6HSunnqEMg2V/hslQLJlBL/H8P/u6mo SdjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=uzhKvCGOH9LwMFONl3mO6pATpQjAbdGQcuNpcFiiy7E=; b=NGl+klEInEuyj370dMcdnoeDRy0RcQCaG5ixETKgt3KgqQmXT2gJuP7DFE3McVL5E1 Yao2ugvWCLjGt8TYQM7g95lMRqEeAGTk88wOGvISl4P14neiQXRdrU9XafPAXBaGNbeh jxtmYUWJ1DhxWFPZjliKNAdZQ58Lg3t8ZiEnCAJ4cX9+DCwRDYsGbm4Na59xZl4aYGSO Vxv6Il4j7VbuYAHZae+Cj7X9qS5e+GP9lEKMzMhGeZ1IxWrr2KZFEF3HJ6AVRok89B04 teDTOOYk8vCM74/u4JjBWBMQwU5tiuSP9kwz2qm2dsO8fChIdBfJSba79nY86UdaGjIz 0fsA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id f190si6572858qkd.166.2017.11.11.16.03.59; Sat, 11 Nov 2017 16:03:59 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 2D6B3609EA; Sun, 12 Nov 2017 00:03:59 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 874E460A51; Sun, 12 Nov 2017 00:00:41 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id A237F60594; Sun, 12 Nov 2017 00:00:25 +0000 (UTC) Received: from forward105p.mail.yandex.net (forward105p.mail.yandex.net [77.88.28.108]) by lists.linaro.org (Postfix) with ESMTPS id 179C560594 for ; Sun, 12 Nov 2017 00:00:21 +0000 (UTC) Received: from mxback15g.mail.yandex.net (mxback15g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:94]) by forward105p.mail.yandex.net (Yandex) with ESMTP id 7834C4081F71 for ; Sun, 12 Nov 2017 03:00:19 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback15g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 8mp9NOcMvF-0JK0oZL2; Sun, 12 Nov 2017 03:00:19 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id VxCtJulSk2-0JWqFEPC; Sun, 12 Nov 2017 03:00:19 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 03:00:04 +0300 Message-Id: <1510444815-25058-6-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510444815-25058-1-git-send-email-odpbot@yandex.ru> References: <1510444815-25058-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v8 5/16] linux-gen: ipsec: add replay window support to SAD X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: 9ff682c8d0315f3f1921d5b9fe13d62897c78710 ** Merge commit sha: 38c770f1444aeb3ede5313b7304a1161277ae0b5 **/ .../linux-generic/include/odp_ipsec_internal.h | 20 ++++++++ platform/linux-generic/odp_ipsec_sad.c | 60 ++++++++++++++++++++++ 2 files changed, 80 insertions(+) diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index 68ab195c7..0a7f96256 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -81,6 +81,9 @@ int _odp_ipsec_status_send(odp_queue_t queue, #define IPSEC_MAX_SALT_LEN 4 /**< Maximum salt length in bytes */ +/* 32 is minimum required by the standard. We do not support more */ +#define IPSEC_ANTIREPLAY_WS 32 + /** * Maximum number of available SAs */ @@ -127,6 +130,9 @@ struct ipsec_sa_s { /* Only for outbound */ unsigned use_counter_iv : 1; + + /* Only for inbound */ + unsigned antireplay : 1; }; }; @@ -134,6 +140,7 @@ struct ipsec_sa_s { struct { odp_ipsec_lookup_mode_t lookup_mode; odp_u32be_t lookup_dst_ip; + odp_atomic_u64_t antireplay; } in; struct { @@ -200,6 +207,19 @@ int _odp_ipsec_sa_stats_precheck(ipsec_sa_t *ipsec_sa, int _odp_ipsec_sa_stats_update(ipsec_sa_t *ipsec_sa, uint32_t len, odp_ipsec_op_status_t *status); +/* Run pre-check on sequence number of the packet. + * + * @retval <0 if the packet falls out of window + */ +int _odp_ipsec_sa_replay_precheck(ipsec_sa_t *ipsec_sa, uint32_t seq, + odp_ipsec_op_status_t *status); + +/* Run check on sequence number of the packet and update window if necessary. + * + * @retval <0 if the packet falls out of window + */ +int _odp_ipsec_sa_replay_update(ipsec_sa_t *ipsec_sa, uint32_t seq, + odp_ipsec_op_status_t *status); /** * Try inline IPsec processing of provided packet. * diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index fe8dfd0e4..e010cfaa3 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -215,6 +215,10 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) param->inbound.lookup_param.dst_addr, sizeof(ipsec_sa->in.lookup_dst_ip)); + if (param->inbound.antireplay_ws > IPSEC_ANTIREPLAY_WS) + return ODP_IPSEC_SA_INVALID; + ipsec_sa->antireplay = (param->inbound.antireplay_ws != 0); + odp_atomic_init_u64(&ipsec_sa->in.antireplay, 0); } else { odp_atomic_store_u32(&ipsec_sa->out.seq, 1); } @@ -525,3 +529,59 @@ int _odp_ipsec_sa_stats_update(ipsec_sa_t *ipsec_sa, uint32_t len, return rc; } + +int _odp_ipsec_sa_replay_precheck(ipsec_sa_t *ipsec_sa, uint32_t seq, + odp_ipsec_op_status_t *status) +{ + /* Try to be as quick as possible, we will discard packets later */ + if (ipsec_sa->antireplay && + seq + IPSEC_ANTIREPLAY_WS <= + (odp_atomic_load_u64(&ipsec_sa->in.antireplay) & 0xffffffff)) { + status->error.antireplay = 1; + return -1; + } + + return 0; +} + +int _odp_ipsec_sa_replay_update(ipsec_sa_t *ipsec_sa, uint32_t seq, + odp_ipsec_op_status_t *status) +{ + int cas = 0; + uint64_t state, new_state; + + if (!ipsec_sa->antireplay) + return 0; + + state = odp_atomic_load_u64(&ipsec_sa->in.antireplay); + + while (0 == cas) { + uint32_t max_seq = state & 0xffffffff; + uint32_t mask = state >> 32; + + if (seq + IPSEC_ANTIREPLAY_WS <= max_seq) { + status->error.antireplay = 1; + return -1; + } + + if (seq > max_seq) { + mask <<= seq - max_seq; + mask |= 1; + max_seq = seq; + } else { + if (mask & (1U << (max_seq - seq))) { + status->error.antireplay = 1; + return -1; + } + + mask |= (1U << (max_seq - seq)); + } + + new_state = (((uint64_t)mask) << 32) | max_seq; + + cas = odp_atomic_cas_acq_rel_u64(&ipsec_sa->in.antireplay, + &state, new_state); + } + + return 0; +} From patchwork Sun Nov 12 00:00:05 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118625 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp253676qgn; Sat, 11 Nov 2017 16:04:41 -0800 (PST) X-Google-Smtp-Source: AGs4zMYTNpZfvFxH1upGrSb+S5vbsOnfyL6R5Lp67Ds/21WijkMj0/4LWnpp2w/IqreCQ6vFPZyR X-Received: by 10.55.119.5 with SMTP id s5mr7611602qkc.233.1510445081871; Sat, 11 Nov 2017 16:04:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510445081; cv=none; d=google.com; s=arc-20160816; b=xkcXuc/OR+jmNy8CPunQCjX5fDc4m/EllVhDIouFsV88kKhkbobZpegIfGjq1deO8x N9IhJJkOuHWdtF5Gw6DbZ3KCOGJKr9y5pHPy7z402zfc9DiPW0qpKuioo4rD4/2AMe4a JFZ9VqyghPpgVc/JiT1TK/wjBcGumT/7evtRlDxFTqjX7QUr7LTbryatV6k0cd31b70o FhFPmx+nJ8cLklQ6y9W5OiWuS/83d8xD7BFjkTFFMNioJI7lmvrHRC5gsGQWgNtU5QvY 5y2RCxNROtBUc6w44qtu4YLjyt82OOWZcvbBr4oImexCKjI9Rmjj9g9edAfa8TzKa+DQ vaRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=0q+t3BNnRc0a+r8qn6XYswWxAs+1SpGhXVm2EEZJlmo=; b=BUoEpxLvUVg5dn54kU27qttmNpyu1HnzfP+9gboiN1VURnNYPKFp9OmteuxxoGUrUi PhwUDSFdejeJxaEBNWAZb3+FetVol6XXrGHL2+gvMus30G2NP/GhykkwrmM5mWWdd8X3 65nQQvkxGpr2gRPkZ80ljwEu+ZJvkgaXuGLtucJBRZgtLfee+7uTwcrFD+iG3NH0jIaN +5rp41S+EvH0qwXRCeyH/MZKZPwshWIoToKUVGIXEnA4WJYjA3EWTD0Mw96qfE3yjSsL JYDgFmCCI5p2sweaSwa4/Kg4q2o3eLsiS9DSTQx4mKyGPzCQ+T6vEmykOrT/I3Q8v+zX l+3A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id n3si958734qkb.427.2017.11.11.16.04.41; Sat, 11 Nov 2017 16:04:41 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 719B460961; Sun, 12 Nov 2017 00:04:41 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id CD08C60A12; Sun, 12 Nov 2017 00:00:44 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id BE95B609EA; Sun, 12 Nov 2017 00:00:27 +0000 (UTC) Received: from forward105p.mail.yandex.net (forward105p.mail.yandex.net [77.88.28.108]) by lists.linaro.org (Postfix) with ESMTPS id 18FDE60722 for ; Sun, 12 Nov 2017 00:00:21 +0000 (UTC) Received: from mxback10j.mail.yandex.net (mxback10j.mail.yandex.net [IPv6:2a02:6b8:0:1619::113]) by forward105p.mail.yandex.net (Yandex) with ESMTP id C62044081F77 for ; Sun, 12 Nov 2017 03:00:19 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback10j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id n155u8KOW5-0JvKjFcg; Sun, 12 Nov 2017 03:00:19 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id VxCtJulSk2-0JWq9jqr; Sun, 12 Nov 2017 03:00:19 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 03:00:05 +0300 Message-Id: <1510444815-25058-7-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510444815-25058-1-git-send-email-odpbot@yandex.ru> References: <1510444815-25058-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v8 6/16] linux-gen: ipsec: support replay window checks X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: 9ff682c8d0315f3f1921d5b9fe13d62897c78710 ** Merge commit sha: 38c770f1444aeb3ede5313b7304a1161277ae0b5 **/ platform/linux-generic/odp_ipsec.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 55b60162d..5bb8330cb 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -42,6 +42,8 @@ int odp_ipsec_capability(odp_ipsec_capability_t *capa) capa->max_num_sa = ODP_CONFIG_IPSEC_SAS; + capa->max_antireplay_ws = IPSEC_ANTIREPLAY_WS; + rc = odp_crypto_capability(&crypto_capa); if (rc < 0) return rc; @@ -402,6 +404,12 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ip->frag_offset = 0; ip->ttl = 0; + aad.spi = ah.spi; + aad.seq_no = ah.seq_no; + + param.aad.ptr = (uint8_t *)&aad; + param.aad.length = sizeof(aad); + param.auth_range.offset = ip_offset; param.auth_range.length = odp_be_to_cpu_16(ip->tot_len); param.hash_result_offset = ipsec_offset + _ODP_AHHDR_LEN; @@ -412,6 +420,11 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, goto out; } + if (_odp_ipsec_sa_replay_precheck(ipsec_sa, + odp_be_to_cpu_32(aad.seq_no), + status) < 0) + goto out; + if (_odp_ipsec_sa_stats_precheck(ipsec_sa, status) < 0) goto out; @@ -450,6 +463,11 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) goto out; + if (_odp_ipsec_sa_replay_update(ipsec_sa, + odp_be_to_cpu_32(aad.seq_no), + status) < 0) + goto out; + ip_offset = odp_packet_l3_offset(pkt); ip = odp_packet_l3_ptr(pkt, NULL); ip_hdr_len = ipv4_hdr_len(ip); @@ -814,6 +832,12 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, ah.next_header = ip->proto; ip->proto = _ODP_IPPROTO_AH; + aad.spi = ah.spi; + aad.seq_no = ah.seq_no; + + param.aad.ptr = (uint8_t *)&aad; + param.aad.length = sizeof(aad); + odp_packet_copy_from_mem(pkt, ipsec_offset, _ODP_AHHDR_LEN, &ah); From patchwork Sun Nov 12 00:00:06 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118628 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp254790qgn; Sat, 11 Nov 2017 16:06:24 -0800 (PST) X-Google-Smtp-Source: AGs4zMaDzEdQnO/OnUWH3L9kprqydmFeMmGSJhxsRqECBH8R9E7b24YVG9rpuEh1l/qzVv7ej0qF X-Received: by 10.55.74.194 with SMTP id x185mr7478294qka.32.1510445184502; Sat, 11 Nov 2017 16:06:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510445184; cv=none; d=google.com; s=arc-20160816; b=D8pBQqR/1V5kAUtZfswtY5Rz9ST/5/E+BXCJ2Fb/UGdlA3Fuk4nK9HfcUyLebgr1Oc YeEYf6SBnNkgCBhomuFuMjKeGHweV+nX5/GhWGjOx8epUyqoBD5QzCsZdl/TIKR4sYp4 zFt7hzt0UisV6/XC+zYgSbsuUZ1Jahj9eHjj8f5Kv2d1QGcs+NEePbLzfqz5UqZxP8UH RTvvJR+xgZ2iPrwpnqvxBtcKcwbaBKk5Zrdtjn0nI/jMByXE9IXFM7B99Sfloq2G0kLm VQ2HKPCCuB+q8bTMUKLI+tVBGfsv03dDthqyMMrq43n6/U2+DJ3wdHE5IBSLpYlUOi7V mz9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=Pp+3xxJpRWayhJY7StyS+MjwwFtj81nggpIztSHvsro=; b=Jsilzq81DUKlZAoMIdX/UI4PZkLUdDUMgl5uCBKOCobBkhWkGB+bIFlo2TGllmpbvk sL9tGnLtt3RI0MzDCxMb2DWpbmm/I/2+P44CkYYcauMCVmiUKkGbo+7R575ZO28AQHWW D9+MVnxWQB7T3ViTNTeJZTJLIinDmHgiGYQS2mf46O0GNVZeh+C79BzomfYN5xt908zs mSZ8t6b/yhplxQsiXA6lxIj1xxdsj9eCxGLZgrO22A+DrNgQrpRDIUVWVLTQN1z1PoX3 fkMuweYJj7gQqbkomZXo0QexjJw7Upq5Dmblc0rbsb5zV2n99HnAgBl/MapIERR0wGvQ GTFg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id b101si638514qkh.448.2017.11.11.16.06.24; Sat, 11 Nov 2017 16:06:24 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 31467609E3; Sun, 12 Nov 2017 00:06:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id B7F8E60AF2; Sun, 12 Nov 2017 00:00:56 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 74C4F607B8; Sun, 12 Nov 2017 00:00:30 +0000 (UTC) Received: from forward105o.mail.yandex.net (forward105o.mail.yandex.net [37.140.190.183]) by lists.linaro.org (Postfix) with ESMTPS id E35C260633 for ; Sun, 12 Nov 2017 00:00:21 +0000 (UTC) Received: from mxback1o.mail.yandex.net (mxback1o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::1b]) by forward105o.mail.yandex.net (Yandex) with ESMTP id 898BE44434A8 for ; Sun, 12 Nov 2017 03:00:20 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback1o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 1XbZbupaEf-0K9OIB2g; Sun, 12 Nov 2017 03:00:20 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id VxCtJulSk2-0JWqSZkm; Sun, 12 Nov 2017 03:00:19 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 03:00:06 +0300 Message-Id: <1510444815-25058-8-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510444815-25058-1-git-send-email-odpbot@yandex.ru> References: <1510444815-25058-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v8 7/16] validation: ipsec: add replay window checks X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: 9ff682c8d0315f3f1921d5b9fe13d62897c78710 ** Merge commit sha: 38c770f1444aeb3ede5313b7304a1161277ae0b5 **/ test/validation/api/ipsec/ipsec_test_in.c | 204 ++++++++++++++++++++++++++++++ test/validation/api/ipsec/test_vectors.h | 87 +++++++++++++ 2 files changed, 291 insertions(+) diff --git a/test/validation/api/ipsec/ipsec_test_in.c b/test/validation/api/ipsec/ipsec_test_in.c index 25fc00e11..598a83e3f 100644 --- a/test/validation/api/ipsec/ipsec_test_in.c +++ b/test/validation/api/ipsec/ipsec_test_in.c @@ -284,6 +284,202 @@ static void test_in_esp_null_sha256_tun(void) ipsec_sa_destroy(sa); } +static void test_in_ah_sha256_noreplay(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.inbound.antireplay_ws = 0; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_ah_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_test_part test_1235 = { + .pkt_in = &pkt_icmp_0_ah_sha256_1235, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test_1235, sa); + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_ah_sha256_replay(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, true, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.inbound.antireplay_ws = 32; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_ah_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_test_part test_repl = { + .pkt_in = &pkt_icmp_0_ah_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.antireplay = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_test_part test_1235 = { + .pkt_in = &pkt_icmp_0_ah_sha256_1235, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test_repl, sa); + ipsec_check_in_one(&test_1235, sa); + ipsec_check_in_one(&test_repl, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_esp_null_sha256_noreplay(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.inbound.antireplay_ws = 0; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_test_part test_1235 = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1235, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test_1235, sa); + ipsec_check_in_one(&test, sa); + + ipsec_sa_destroy(sa); +} + +static void test_in_esp_null_sha256_replay(void) +{ + odp_ipsec_sa_param_t param; + odp_ipsec_sa_t sa; + + ipsec_sa_param_fill(¶m, + true, false, 123, NULL, + ODP_CIPHER_ALG_NULL, NULL, + ODP_AUTH_ALG_SHA256_HMAC, &key_5a_256, + NULL); + param.inbound.antireplay_ws = 32; + + sa = odp_ipsec_sa_create(¶m); + + CU_ASSERT_NOT_EQUAL_FATAL(ODP_IPSEC_SA_INVALID, sa); + + ipsec_test_part test = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_test_part test_repl = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.antireplay = 1, + .pkt_out = NULL }, + }, + }; + + ipsec_test_part test_1235 = { + .pkt_in = &pkt_icmp_0_esp_null_sha256_1235, + .out_pkt = 1, + .out = { + { .status.warn.all = 0, + .status.error.all = 0, + .pkt_out = &pkt_icmp_0 }, + }, + }; + + ipsec_check_in_one(&test, sa); + ipsec_check_in_one(&test_repl, sa); + ipsec_check_in_one(&test_1235, sa); + ipsec_check_in_one(&test_repl, sa); + + ipsec_sa_destroy(sa); +} + static void test_in_ah_esp_pkt(void) { odp_ipsec_sa_param_t param; @@ -797,6 +993,14 @@ odp_testinfo_t ipsec_in_suite[] = { ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_tun, ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_noreplay, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_ah_sha256_replay, + ipsec_check_ah_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_noreplay, + ipsec_check_esp_null_sha256), + ODP_TEST_INFO_CONDITIONAL(test_in_esp_null_sha256_replay, + ipsec_check_esp_null_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_ah_esp_pkt, ipsec_check_ah_sha256), ODP_TEST_INFO_CONDITIONAL(test_in_esp_ah_pkt, diff --git a/test/validation/api/ipsec/test_vectors.h b/test/validation/api/ipsec/test_vectors.h index 2fb06b2b7..593a8f450 100644 --- a/test/validation/api/ipsec/test_vectors.h +++ b/test/validation/api/ipsec/test_vectors.h @@ -278,6 +278,50 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1_bad2 = { }, }; +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_ah_sha256_1235 = { + .len = 170, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x33, 0xab, 0xd9, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* AH */ + 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + 0x00, 0x00, 0x12, 0x35, + 0x04, 0xef, 0x71, 0x73, 0xa1, 0xd4, 0x71, 0x3f, + 0xd6, 0x78, 0xfe, 0xa2, 0x59, 0xe9, 0x93, 0x70, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, + + /* ICMP echo */ + 0x12, 0x34, 0x00, 0x00, + + /* data */ + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b + }, +}; + static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1 = { .len = 170, .l2_offset = 0, @@ -412,6 +456,49 @@ static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1_bad1 = { }, }; +static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_null_sha256_1235 = { + .len = 170, + .l2_offset = 0, + .l3_offset = 14, + .l4_offset = 34, + .data = { + /* ETH */ + 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, 0xf1, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0x08, 0x00, + + /* IP */ + 0x45, 0x00, 0x00, 0x9c, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x32, 0xab, 0xda, 0xc0, 0xa8, 0x6f, 0x02, + 0xc0, 0xa8, 0xde, 0x02, + + /* ESP */ + 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x12, 0x35, + + /* ICMP */ + 0x08, 0x00, 0xfb, 0x37, 0x12, 0x34, 0x00, 0x00, + 0xba, 0xbe, 0x01, 0x23, 0x45, 0x67, 0xca, 0xfe, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, + + /* ESP TRL */ + 0x01, 0x02, 0x02, 0x01, + + /* ICV */ + 0x2f, 0xfb, 0xdd, 0x9d, 0xc0, 0xca, 0xb8, 0x0a, + 0xaa, 0xf1, 0x59, 0x31, 0x4e, 0xef, 0x62, 0x50, + }, +}; + static const ODP_UNUSED ipsec_test_packet pkt_icmp_0_esp_aes_cbc_null_1 = { .len = 170, .l2_offset = 0, From patchwork Sun Nov 12 00:00:07 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118627 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp254730qgn; Sat, 11 Nov 2017 16:06:18 -0800 (PST) X-Google-Smtp-Source: AGs4zMbMPTGxhIIlJDebtXHmzanUGrFyjhkPMh3Q4Ro9QRbfUGbb+Hp6FJj8UWMEcxwdAXS/S9rE X-Received: by 10.237.43.99 with SMTP id p90mr7778304qtd.171.1510445178339; Sat, 11 Nov 2017 16:06:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510445178; cv=none; d=google.com; s=arc-20160816; b=0He4q99aFh+eB3DbyyMhxtxqmMR14IuxMzFadFLYqTZh4LWRkydOFPOOQCQIohD8IG 0TfjQVGYfuI3WMncSr2qCniopZcfTn8b3BEV+71cctqioZRlBkh2uTxudicbeRs88OR4 rR3wYoAKBcerYHdXMJwjyo1AFDxkfw36GUYiwXD3hcFEQjahiVc4xZGuPG0CWY108JMe ytEipmUu7r/wkq+kUdH8cu6On6jscq4pCOa4qF3/Ryensk2jOIP4onsVbW0XOwC0p3HZ nqChGBahbc1aozozdhiivnxPMmCGlVQ860nhQAgig/bU4KjCvQSkf4+lsOC9vcgBmUnw A+GA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=FVmsAVAPshe9NQ3MQIoC24RPmmoQ7/+lyr0ydrB8/DI=; b=NBS9CTP+14tJzoMizIyY/dnRgts/ONmR4s7EashSjPLjYlKCu0rvgtOE8/NEUsmwsQ t9WS4C0aPO2hpU6m0D2L+Q/PLQ1XzFcZ572rUKLSqYy3cTmcL8q3GmL07DpH+BFEQzPl 49uQ/npSCnMSoOa5BSfgN9kJveG95VRriSJI+T7BW9JWeu9gmxOH+GiR/FqGdAe0IQN1 PwUx3TRo44zLkbjXtc6pb1K0ACM/hIHR1hoIhV/GvoNbrxLTg16vq5mHpVPnjM9+WGwN /0pKRHOWvqv6izif3n1XYry4x4KpGLo48WchoLKXbwoYnQDEhAO9YLPjvd6CtMgwBLiy WTvw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id z190si10233863qkd.72.2017.11.11.16.06.18; Sat, 11 Nov 2017 16:06:18 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id D5C13609E3; Sun, 12 Nov 2017 00:06:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 774CC60AF4; Sun, 12 Nov 2017 00:00:51 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 0B955609F8; Sun, 12 Nov 2017 00:00:30 +0000 (UTC) Received: from forward102p.mail.yandex.net (forward102p.mail.yandex.net [77.88.28.102]) by lists.linaro.org (Postfix) with ESMTPS id B805660737 for ; Sun, 12 Nov 2017 00:00:22 +0000 (UTC) Received: from mxback19j.mail.yandex.net (mxback19j.mail.yandex.net [IPv6:2a02:6b8:0:1619::95]) by forward102p.mail.yandex.net (Yandex) with ESMTP id 21F93430357C for ; Sun, 12 Nov 2017 03:00:21 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback19j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 3dCvhrgoEX-0Lb0LVpY; Sun, 12 Nov 2017 03:00:21 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id VxCtJulSk2-0KWGTh8r; Sun, 12 Nov 2017 03:00:20 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 03:00:07 +0300 Message-Id: <1510444815-25058-9-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510444815-25058-1-git-send-email-odpbot@yandex.ru> References: <1510444815-25058-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v8 8/16] linux-gen: classification: provide _odp_cos_get_entry() function X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Provide function mapping from odp_cos_t to internal cos_t type. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: 9ff682c8d0315f3f1921d5b9fe13d62897c78710 ** Merge commit sha: 38c770f1444aeb3ede5313b7304a1161277ae0b5 **/ .../include/odp_classification_datamodel.h | 4 +++ platform/linux-generic/odp_classification.c | 33 +++++++++++----------- 2 files changed, 20 insertions(+), 17 deletions(-) diff --git a/platform/linux-generic/include/odp_classification_datamodel.h b/platform/linux-generic/include/odp_classification_datamodel.h index 29b39f9c3..a40541986 100644 --- a/platform/linux-generic/include/odp_classification_datamodel.h +++ b/platform/linux-generic/include/odp_classification_datamodel.h @@ -123,6 +123,10 @@ typedef union cos_u { uint8_t pad[ROUNDUP_CACHE_LINE(sizeof(struct cos_s))]; } cos_t; +/** + * Get classification entry basing on the id + */ +cos_t *_odp_cos_get_entry(odp_cos_t cos_id); /** Packet Matching Rule diff --git a/platform/linux-generic/odp_classification.c b/platform/linux-generic/odp_classification.c index a5cba56a4..6ece74fca 100644 --- a/platform/linux-generic/odp_classification.c +++ b/platform/linux-generic/odp_classification.c @@ -302,8 +302,7 @@ odp_pmr_t alloc_pmr(pmr_t **pmr) return ODP_PMR_INVAL; } -static -cos_t *get_cos_entry(odp_cos_t cos_id) +cos_t *_odp_cos_get_entry(odp_cos_t cos_id) { if (_odp_typeval(cos_id) >= CLS_COS_MAX_ENTRY || cos_id == ODP_COS_INVALID) @@ -326,7 +325,7 @@ pmr_t *get_pmr_entry(odp_pmr_t pmr_id) int odp_cos_destroy(odp_cos_t cos_id) { - cos_t *cos = get_cos_entry(cos_id); + cos_t *cos = _odp_cos_get_entry(cos_id); if (NULL == cos) { ODP_ERR("Invalid odp_cos_t handle"); @@ -339,7 +338,7 @@ int odp_cos_destroy(odp_cos_t cos_id) int odp_cos_queue_set(odp_cos_t cos_id, odp_queue_t queue_id) { - cos_t *cos = get_cos_entry(cos_id); + cos_t *cos = _odp_cos_get_entry(cos_id); if (cos == NULL) { ODP_ERR("Invalid odp_cos_t handle"); @@ -353,7 +352,7 @@ int odp_cos_queue_set(odp_cos_t cos_id, odp_queue_t queue_id) odp_queue_t odp_cos_queue(odp_cos_t cos_id) { - cos_t *cos = get_cos_entry(cos_id); + cos_t *cos = _odp_cos_get_entry(cos_id); if (!cos) { ODP_ERR("Invalid odp_cos_t handle"); @@ -365,7 +364,7 @@ odp_queue_t odp_cos_queue(odp_cos_t cos_id) uint32_t odp_cls_cos_num_queue(odp_cos_t cos_id) { - cos_t *cos = get_cos_entry(cos_id); + cos_t *cos = _odp_cos_get_entry(cos_id); if (!cos) { ODP_ERR("Invalid odp_cos_t handle"); @@ -383,7 +382,7 @@ uint32_t odp_cls_cos_queues(odp_cos_t cos_id, odp_queue_t queue[], uint32_t tbl_index; uint32_t i; - cos = get_cos_entry(cos_id); + cos = _odp_cos_get_entry(cos_id); if (!cos) { ODP_ERR("Invalid odp_cos_t handle"); return 0; @@ -403,7 +402,7 @@ uint32_t odp_cls_cos_queues(odp_cos_t cos_id, odp_queue_t queue[], int odp_cos_drop_set(odp_cos_t cos_id, odp_cls_drop_t drop_policy) { - cos_t *cos = get_cos_entry(cos_id); + cos_t *cos = _odp_cos_get_entry(cos_id); if (!cos) { ODP_ERR("Invalid odp_cos_t handle"); @@ -417,7 +416,7 @@ int odp_cos_drop_set(odp_cos_t cos_id, odp_cls_drop_t drop_policy) odp_cls_drop_t odp_cos_drop(odp_cos_t cos_id) { - cos_t *cos = get_cos_entry(cos_id); + cos_t *cos = _odp_cos_get_entry(cos_id); if (!cos) { ODP_ERR("Invalid odp_cos_t handle"); @@ -437,7 +436,7 @@ int odp_pktio_default_cos_set(odp_pktio_t pktio_in, odp_cos_t default_cos) ODP_ERR("Invalid odp_pktio_t handle"); return -1; } - cos = get_cos_entry(default_cos); + cos = _odp_cos_get_entry(default_cos); if (cos == NULL) { ODP_ERR("Invalid odp_cos_t handle"); return -1; @@ -458,7 +457,7 @@ int odp_pktio_error_cos_set(odp_pktio_t pktio_in, odp_cos_t error_cos) return -1; } - cos = get_cos_entry(error_cos); + cos = _odp_cos_get_entry(error_cos); if (cos == NULL) { ODP_ERR("Invalid odp_cos_t handle"); return -1; @@ -512,7 +511,7 @@ int odp_cos_with_l2_priority(odp_pktio_t pktio_in, LOCK(&l2_cos->lock); /* Update the L2 QoS table*/ for (i = 0; i < num_qos; i++) { - cos = get_cos_entry(cos_table[i]); + cos = _odp_cos_get_entry(cos_table[i]); if (cos != NULL) { if (CLS_COS_MAX_L2_QOS > qos_table[i]) l2_cos->cos[qos_table[i]] = cos; @@ -544,7 +543,7 @@ int odp_cos_with_l3_qos(odp_pktio_t pktio_in, LOCK(&l3_cos->lock); /* Update the L3 QoS table*/ for (i = 0; i < num_qos; i++) { - cos = get_cos_entry(cos_table[i]); + cos = _odp_cos_get_entry(cos_table[i]); if (cos != NULL) { if (CLS_COS_MAX_L3_QOS > qos_table[i]) l3_cos->cos[qos_table[i]] = cos; @@ -643,8 +642,8 @@ odp_pmr_t odp_cls_pmr_create(const odp_pmr_param_t *terms, int num_terms, odp_pmr_t id; int val_sz; uint32_t loc; - cos_t *cos_src = get_cos_entry(src_cos); - cos_t *cos_dst = get_cos_entry(dst_cos); + cos_t *cos_src = _odp_cos_get_entry(src_cos); + cos_t *cos_dst = _odp_cos_get_entry(dst_cos); if (NULL == cos_src || NULL == cos_dst) { ODP_ERR("Invalid input handle"); @@ -691,7 +690,7 @@ int odp_cls_cos_pool_set(odp_cos_t cos_id, odp_pool_t pool) { cos_t *cos; - cos = get_cos_entry(cos_id); + cos = _odp_cos_get_entry(cos_id); if (cos == NULL) { ODP_ERR("Invalid odp_cos_t handle"); return -1; @@ -706,7 +705,7 @@ odp_pool_t odp_cls_cos_pool(odp_cos_t cos_id) { cos_t *cos; - cos = get_cos_entry(cos_id); + cos = _odp_cos_get_entry(cos_id); if (cos == NULL) { ODP_ERR("Invalid odp_cos_t handle"); return ODP_POOL_INVALID; From patchwork Sun Nov 12 00:00:08 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118629 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp255248qgn; Sat, 11 Nov 2017 16:07:06 -0800 (PST) X-Google-Smtp-Source: AGs4zMbzjRtbRFfsX82DyPbYEmGhZs2kNv644tI1UXoS0pLAkMmVw+8Jm2Ijmxo+Z38adbkuyKqz X-Received: by 10.237.59.184 with SMTP id r53mr7342812qte.271.1510445226693; Sat, 11 Nov 2017 16:07:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510445226; cv=none; d=google.com; s=arc-20160816; b=gNgnFRb0/Ydmp1UJFLF/eAg769dC8wVxMAFA98eVpbde2jPWN+1x2e/lMnppA2k+WS ZMkON4sPDKRkBCuGJgQPkktOLJpntyX8RjTtgKaGLyDuGO6kuKEstU2mfp7PAwMDUOuT Alxwxl7BRrTOwwwGLqPXFjInA7pF5GB0se7nfDPLmnnYJz12JDJd0oEpvcUgk5dvFWRt GzSlLwB136KL+UuDkrw+s5qvK2NGCX+WbsUMl1FhpljM05f7vdKDv6ecobcSoT5m34mq /rz2dwQyCGuglKw1BwJDzWxmLuJv8Mdliypl3Rdp/44ktuKokfBEDgoYioB7cb9hiOx7 8AMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=mjMetoHH5T9syJ9AB7xdKk6QHFvBCVV1birdivB8rxI=; b=KsJ35c3fOFU9Ok2tg3Deetu5tVZnhC66kZMxmkO0+qdHsZfioWA1Vyi28UPI29OAwt ffMfEAo2+gLO3wUP+4T6TxT81DTCqufI2jMpdzJgXZRnxI0g4IsVIxbF9sQmoyOca7JB YJTU6v8u2L5m1JvNmf0eypsnxdBkFhAwFuXcKhS3gbz8xuRSJfOxlTW1MfpQ0mwAv6bL vdc5yyJITN+QHLT13Del0SEKVNIXLtuQTnQKM9ZenfX8Cu39GjJYAwO5L7FuaOsn0V1h OVRIwWMcWlv3FgbWFlNpm42wSlnJ/hboMozhrAPYeS4FCZMXQVyeYXJkzRHdYT7UtGoY 9Seg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id s184si645764qke.205.2017.11.11.16.07.06; Sat, 11 Nov 2017 16:07:06 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 627BE60A32; Sun, 12 Nov 2017 00:07:06 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 211DF60B4C; Sun, 12 Nov 2017 00:01:00 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 175CD60737; Sun, 12 Nov 2017 00:00:31 +0000 (UTC) Received: from forward106p.mail.yandex.net (forward106p.mail.yandex.net [77.88.28.109]) by lists.linaro.org (Postfix) with ESMTPS id 60BF0607A7 for ; Sun, 12 Nov 2017 00:00:23 +0000 (UTC) Received: from mxback10g.mail.yandex.net (mxback10g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:171]) by forward106p.mail.yandex.net (Yandex) with ESMTP id A9C492D81E67 for ; Sun, 12 Nov 2017 03:00:21 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback10g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 8ti2gFlJME-0LxWe305; Sun, 12 Nov 2017 03:00:21 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id VxCtJulSk2-0LWe7xiN; Sun, 12 Nov 2017 03:00:21 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 03:00:08 +0300 Message-Id: <1510444815-25058-10-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510444815-25058-1-git-send-email-odpbot@yandex.ru> References: <1510444815-25058-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v8 9/16] linux-gen: classification: split cls_pkt_get_queue() function X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Separate function returning destination queue from cos_t instance. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: 9ff682c8d0315f3f1921d5b9fe13d62897c78710 ** Merge commit sha: 38c770f1444aeb3ede5313b7304a1161277ae0b5 **/ .../include/odp_classification_internal.h | 7 +++++ platform/linux-generic/odp_classification.c | 34 ++++++++++++++++------ 2 files changed, 32 insertions(+), 9 deletions(-) diff --git a/platform/linux-generic/include/odp_classification_internal.h b/platform/linux-generic/include/odp_classification_internal.h index 8882a7177..4cadb9bdb 100644 --- a/platform/linux-generic/include/odp_classification_internal.h +++ b/platform/linux-generic/include/odp_classification_internal.h @@ -42,6 +42,13 @@ int cls_classify_packet(pktio_entry_t *entry, const uint8_t *base, odp_packet_hdr_t *pkt_hdr); /** + * @internal + * Select packet destination queue basing on provided cos entry + */ +odp_queue_t cls_pkt_get_queue(odp_packet_hdr_t *pkt_hdr, cos_t *cos, + const uint8_t *base); + +/** Packet IO classifier init This function does initialization of classifier object associated with pktio. diff --git a/platform/linux-generic/odp_classification.c b/platform/linux-generic/odp_classification.c index 6ece74fca..317caefbf 100644 --- a/platform/linux-generic/odp_classification.c +++ b/platform/linux-generic/odp_classification.c @@ -961,8 +961,7 @@ int cls_classify_packet(pktio_entry_t *entry, const uint8_t *base, odp_packet_hdr_t *pkt_hdr) { cos_t *cos; - uint32_t tbl_index; - uint32_t hash; + odp_queue_t queue; packet_parse_reset(pkt_hdr); packet_set_len(pkt_hdr, pkt_len); @@ -979,20 +978,37 @@ int cls_classify_packet(pktio_entry_t *entry, const uint8_t *base, return -EFAULT; *pool = cos->s.pool; + pkt_hdr->p.input_flags.dst_queue = 1; - if (!cos->s.queue_group) { - pkt_hdr->dst_queue = queue_fn->from_ext(cos->s.queue); - return 0; - } + queue = cls_pkt_get_queue(pkt_hdr, cos, base); + pkt_hdr->dst_queue = queue_fn->from_ext(queue); + + return 0; +} + +/** + * Set packet destination queue basing on the cos + * + * @param cos + * @param pkt_hdr Packet header + * @param base Packet data + */ +odp_queue_t cls_pkt_get_queue(odp_packet_hdr_t *pkt_hdr, cos_t *cos, + const uint8_t *base) +{ + uint32_t tbl_index; + uint32_t hash; + + if (!cos->s.queue_group) + return cos->s.queue; hash = packet_rss_hash(pkt_hdr, cos->s.hash_proto, base); /* CLS_COS_QUEUE_MAX is a power of 2 */ hash = hash & (CLS_COS_QUEUE_MAX - 1); tbl_index = (cos->s.index * CLS_COS_QUEUE_MAX) + hash; - pkt_hdr->dst_queue = queue_fn->from_ext(queue_grp_tbl-> - s.queue[tbl_index]); - return 0; + + return queue_grp_tbl->s.queue[tbl_index]; } static uint32_t packet_rss_hash(odp_packet_hdr_t *pkt_hdr, From patchwork Sun Nov 12 00:00:09 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118626 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp254121qgn; Sat, 11 Nov 2017 16:05:25 -0800 (PST) X-Google-Smtp-Source: AGs4zMZEpvMRu2DNi6V00DJBvTtaAw9ziI3ahauTtlud6o5N+sTGZhVKLHJeF7jWwVF65groxw2r X-Received: by 10.200.55.101 with SMTP id p34mr7991162qtb.27.1510445125878; Sat, 11 Nov 2017 16:05:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510445125; cv=none; d=google.com; s=arc-20160816; b=Z2NEVuzyKiFDZnV0gsPFs4ZYh+85iMBhIxpSHdqCN0ud2La/+tOfBMI4+R8qYAYqAJ Nczfh2KCTeAmm8GbMG78dkpDOTuQgZJ/9AmR0FiqDl9v7aFu6GQ66XkWZYzbCROwcJXC O7K+xqm2UzKVNllS79CX9P68QJQcAkjABsnKlLy8exVbqkVEaBpX8PXy0kyDAyDdyeml oi3aVqjZkPe2uVQPFiEAUxafyX9tlkFZOOAYBjWdHq8+FnKE7wDU+bN9CuvbTbg/3Ra9 MPBjg2owogsQkFlQfeEI7UYVSzAqXGMbuRcuJLA+diAYvDAQWJiIwoSDNMy6x2FHocr+ 40lg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=3LN3ATAo+zPR8VDOCx2TynevxhHoKUbZ1QX3FD6Nv24=; b=1FppCxA2MFKWcMungV3+gpOHMGUCl1R6Ug9Ovw4l87JFH0MtdagGpK9ei4rx8RCiwR cCBL1EOF7dfnugYBXy/pIqIZXPdt2mYEMSQJwIZDQZsvDeQbWYym4UqdmKqutJNQmPti a9UJeQVP6PijJnjTH9+GVaPpgevC6j4/wNYoma4vr3snNXD+9OvnuMW935DUXnmgXQHg yjlYL4zMhRi/IXsL1Qo3l8+nxbWa3SYEBRwvqTZbjnr7dxExlwI6HMcycnyFcPYX4t1a ezzSAljbH6RY1ckpjspNCPGrrWS4Lao4qf5YUg6P79On2EY8OZoU5unyiht3jq9P5qov cvfg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id l45si39630qtc.396.2017.11.11.16.05.25; Sat, 11 Nov 2017 16:05:25 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 94180607F9; Sun, 12 Nov 2017 00:05:25 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 13A0D60AC8; Sun, 12 Nov 2017 00:00:48 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 6005E609FD; Sun, 12 Nov 2017 00:00:29 +0000 (UTC) Received: from forward105p.mail.yandex.net (forward105p.mail.yandex.net [77.88.28.108]) by lists.linaro.org (Postfix) with ESMTPS id 60EED607B8 for ; Sun, 12 Nov 2017 00:00:23 +0000 (UTC) Received: from mxback4o.mail.yandex.net (mxback4o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::1e]) by forward105p.mail.yandex.net (Yandex) with ESMTP id 55CD3408211D for ; Sun, 12 Nov 2017 03:00:22 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback4o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 0D0GVLMgpp-0MhOZoDA; Sun, 12 Nov 2017 03:00:22 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id VxCtJulSk2-0LWGTEY1; Sun, 12 Nov 2017 03:00:21 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 03:00:09 +0300 Message-Id: <1510444815-25058-11-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510444815-25058-1-git-send-email-odpbot@yandex.ru> References: <1510444815-25058-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v8 10/16] linux-gen: ipsec: support pipelining to cos_t X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: 9ff682c8d0315f3f1921d5b9fe13d62897c78710 ** Merge commit sha: 38c770f1444aeb3ede5313b7304a1161277ae0b5 **/ .../include/odp_classification_datamodel.h | 2 -- .../linux-generic/include/odp_ipsec_internal.h | 7 ++++ platform/linux-generic/odp_ipsec.c | 37 ++++++++++++++++++++-- platform/linux-generic/odp_ipsec_sad.c | 16 +++++++++- 4 files changed, 57 insertions(+), 5 deletions(-) diff --git a/platform/linux-generic/include/odp_classification_datamodel.h b/platform/linux-generic/include/odp_classification_datamodel.h index a40541986..25c488497 100644 --- a/platform/linux-generic/include/odp_classification_datamodel.h +++ b/platform/linux-generic/include/odp_classification_datamodel.h @@ -22,8 +22,6 @@ extern "C" { #include #include #include -#include -#include #include #include diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h index 0a7f96256..81ecec08e 100644 --- a/platform/linux-generic/include/odp_ipsec_internal.h +++ b/platform/linux-generic/include/odp_ipsec_internal.h @@ -23,6 +23,7 @@ extern "C" { #include #include #include +#include /** @ingroup odp_ipsec * @{ @@ -141,6 +142,7 @@ struct ipsec_sa_s { odp_ipsec_lookup_mode_t lookup_mode; odp_u32be_t lookup_dst_ip; odp_atomic_u64_t antireplay; + cos_t *cos; } in; struct { @@ -229,6 +231,11 @@ int _odp_ipsec_sa_replay_update(ipsec_sa_t *ipsec_sa, uint32_t seq, int _odp_ipsec_try_inline(odp_packet_t pkt); /** + * Returns ODP IPsec configuration + */ +const odp_ipsec_config_t *_odp_ipsec_config_get(void); + +/** * @} */ diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 5bb8330cb..74a1c5766 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -13,6 +13,7 @@ #include #include #include +#include #include #include @@ -30,6 +31,7 @@ int odp_ipsec_capability(odp_ipsec_capability_t *capa) int rc; odp_crypto_capability_t crypto_capa; odp_queue_capability_t queue_capa; + odp_cls_capability_t cls_capa; memset(capa, 0, sizeof(odp_ipsec_capability_t)); @@ -39,6 +41,7 @@ int odp_ipsec_capability(odp_ipsec_capability_t *capa) capa->op_mode_inline_out = ODP_SUPPORT_PREFERRED; capa->proto_ah = ODP_SUPPORT_YES; + capa->pipeline_cls = ODP_SUPPORT_YES; capa->max_num_sa = ODP_CONFIG_IPSEC_SAS; @@ -57,6 +60,12 @@ int odp_ipsec_capability(odp_ipsec_capability_t *capa) capa->max_queues = queue_capa.max_queues; + rc = odp_cls_capability(&cls_capa); + if (rc < 0) + return rc; + + capa->max_cls_cos = cls_capa.max_cos; + return 0; } @@ -95,6 +104,11 @@ int odp_ipsec_config(const odp_ipsec_config_t *config) return 0; } +const odp_ipsec_config_t *_odp_ipsec_config_get(void) +{ + return &ipsec_config; +} + static odp_ipsec_packet_result_t *ipsec_pkt_result(odp_packet_t packet) { ODP_ASSERT(ODP_EVENT_PACKET_IPSEC == @@ -1060,7 +1074,16 @@ int odp_ipsec_in_enq(const odp_packet_t pkt_in[], int num_in, result->status = status; if (NULL != ipsec_sa) { result->sa = ipsec_sa->ipsec_sa_hdl; - queue = ipsec_sa->queue; + if (ipsec_sa->in.cos && !status.error.all) { + odp_packet_hdr_t *pkt_hdr = odp_packet_hdr(pkt); + const uint8_t *base = odp_packet_data(pkt); + + queue = cls_pkt_get_queue(pkt_hdr, + ipsec_sa->in.cos, + base); + } else { + queue = ipsec_sa->queue; + } } else { result->sa = ODP_IPSEC_SA_INVALID; queue = ipsec_config.inbound.default_queue; @@ -1143,6 +1166,7 @@ int _odp_ipsec_try_inline(odp_packet_t pkt) ipsec_sa_t *ipsec_sa; odp_ipsec_packet_result_t *result; odp_packet_hdr_t *pkt_hdr; + odp_queue_t queue; memset(&status, 0, sizeof(status)); @@ -1160,10 +1184,19 @@ int _odp_ipsec_try_inline(odp_packet_t pkt) memset(result, 0, sizeof(*result)); result->status = status; result->sa = ipsec_sa->ipsec_sa_hdl; + result->flag.inline_mode = 1; pkt_hdr = odp_packet_hdr(pkt); pkt_hdr->p.input_flags.dst_queue = 1; - pkt_hdr->dst_queue = queue_fn->from_ext(ipsec_sa->queue); + if (ipsec_sa->in.cos && !status.error.all) { + odp_packet_hdr_t *pkt_hdr = odp_packet_hdr(pkt); + const uint8_t *base = odp_packet_data(pkt); + + queue = cls_pkt_get_queue(pkt_hdr, ipsec_sa->in.cos, base); + } else { + queue = ipsec_sa->queue; + } + pkt_hdr->dst_queue = queue_fn->from_ext(queue); /* Last thing */ _odp_ipsec_sa_unuse(ipsec_sa); diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index e010cfaa3..6a17a9172 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -13,6 +13,7 @@ #include #include +#include #include @@ -216,9 +217,22 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) sizeof(ipsec_sa->in.lookup_dst_ip)); if (param->inbound.antireplay_ws > IPSEC_ANTIREPLAY_WS) - return ODP_IPSEC_SA_INVALID; + goto error; ipsec_sa->antireplay = (param->inbound.antireplay_ws != 0); odp_atomic_init_u64(&ipsec_sa->in.antireplay, 0); + + if (ODP_IPSEC_PIPELINE_CLS == param->inbound.pipeline) { + if (ODP_IPSEC_OP_MODE_SYNC == + _odp_ipsec_config_get()->inbound_mode) + goto error; + + ipsec_sa->in.cos = + _odp_cos_get_entry(param->inbound.dest_cos); + if (NULL == ipsec_sa->in.cos) + goto error; + } else { + ipsec_sa->in.cos = NULL; + } } else { odp_atomic_store_u32(&ipsec_sa->out.seq, 1); } From patchwork Sun Nov 12 00:00:10 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118630 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp255850qgn; Sat, 11 Nov 2017 16:08:01 -0800 (PST) X-Google-Smtp-Source: AGs4zMYXQX6wrFD43Hr5wQ5CY+5TO22SOYe7+mCFmtNZTW5xeW2YshZ/n04bn3qCbORf6ETs6Wyr X-Received: by 10.237.32.101 with SMTP id 92mr8139644qta.44.1510445281303; Sat, 11 Nov 2017 16:08:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510445281; cv=none; d=google.com; s=arc-20160816; b=v3bOBh5yGwrV1AOqMvtthHB8LdrpoafZEwtrTVxE5kTorcgxOHd3skjSmflN8ZAQSu gcP4XyziJ/y31aQyx1zZlemqHylvXMo+9LmgabJYbADXF048+WL4rPv3JNEoG0veQWMu IqoKyT9Cb+uKEo7fs+HSiXzIm56my78HI2TK+3f5E+6374lC4qyqb9TYrCJ1mWb/XleD 9cFIcbaKvHGNa2xVFL9YAyVte998rPwy/UgjC8YBRwJyLiKOHVIxKCZmgQ+Uiw6OhlYj jS/+K9mCXy5TRcdX8WrkK9Wu0n2bG6M3jp5GTP6kbM6dswQ8erwWuCUNZ4hoTkCHIXdx MIKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=mKYi2syBsGtCd4uZIeCuqgiougJl+BaUoGstanDh+VY=; b=CkHbQOSIzOLXg9k9/SnEnLq5Gh84cV8XnCN7G7l6BGNrVSi99mqdsx8DB51vjkA52I R903qfgjv9GrwfSKuJ40hmqpfMExillLErhLj63BtRcPnkYjcRgdSzLQtQh6L+KUA7Ms sUS5ckHof6dVqrUpJBARSdSyhFeK71J7KhGfDfo8n77A9iVLIrDNK5wF0CLmNe10Ud4s CX/f/gz6w5GLShKBwGGi/rWZuOcn5HjltcQo82gVTm0lZknsuLt+3Pnyl+CqYTohrU9M PMYfZeebYO/CQF3CXhP3LUzbtT4E1W5SbIav5kYtFlU0FVD9aMYKjqCrOC6QsNR4y6uo XKVw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id o123si313094qkd.156.2017.11.11.16.08.01; Sat, 11 Nov 2017 16:08:01 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id E8B0960A32; Sun, 12 Nov 2017 00:08:00 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id DC3A860655; Sun, 12 Nov 2017 00:01:20 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id CBBD660B2F; Sun, 12 Nov 2017 00:01:12 +0000 (UTC) Received: from forward102j.mail.yandex.net (forward102j.mail.yandex.net [5.45.198.243]) by lists.linaro.org (Postfix) with ESMTPS id 6E34360655 for ; Sun, 12 Nov 2017 00:00:24 +0000 (UTC) Received: from mxback13g.mail.yandex.net (mxback13g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:92]) by forward102j.mail.yandex.net (Yandex) with ESMTP id EB9A65601D6F for ; Sun, 12 Nov 2017 03:00:22 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback13g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id iDwrit2b4Q-0MEmnNQn; Sun, 12 Nov 2017 03:00:22 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id VxCtJulSk2-0MWeUOTM; Sun, 12 Nov 2017 03:00:22 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 03:00:10 +0300 Message-Id: <1510444815-25058-12-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510444815-25058-1-git-send-email-odpbot@yandex.ru> References: <1510444815-25058-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v8 11/16] validation: ipsec: add support for PIPELINE_CLS testing X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: 9ff682c8d0315f3f1921d5b9fe13d62897c78710 ** Merge commit sha: 38c770f1444aeb3ede5313b7304a1161277ae0b5 **/ test/validation/api/ipsec/ipsec.c | 165 ++++++++++++++++++++++++++-- test/validation/api/ipsec/ipsec.h | 3 + test/validation/api/ipsec/ipsec_async.c | 1 + test/validation/api/ipsec/ipsec_inline_in.c | 1 + 4 files changed, 159 insertions(+), 11 deletions(-) diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c index 853bd88a9..5883f23e2 100644 --- a/test/validation/api/ipsec/ipsec.c +++ b/test/validation/api/ipsec/ipsec.c @@ -117,6 +117,35 @@ static void pktio_stop(odp_pktio_t pktio) } } +static odp_cos_t ipsec_cos_create(void) +{ + odp_cls_cos_param_t param; + odp_cos_t cos; + + odp_cls_cos_param_init(¶m); + param.pool = suite_context.pool; + param.num_queue = 1; + param.queue = odp_queue_create("ipsec-cos-queue", NULL); + + if (ODP_QUEUE_INVALID == param.queue) + return ODP_COS_INVALID; + + cos = odp_cls_cos_create("ipsec-cos", ¶m); + if (ODP_COS_INVALID != cos) + suite_context.cos_queue = odp_cos_queue(cos); + + return cos; +} + +static void ipsec_cos_destroy(void) +{ + odp_queue_t queue = odp_cos_queue(suite_context.cos); + + suite_context.cos_queue = ODP_QUEUE_INVALID; + odp_cos_destroy(suite_context.cos); + odp_queue_destroy(queue); +} + #define MAX_ALG_CAPA 32 int ipsec_check(odp_bool_t ah, @@ -147,6 +176,11 @@ int ipsec_check(odp_bool_t ah, ODP_SUPPORT_NO == capa.op_mode_inline_out)) return ODP_TEST_INACTIVE; + if (ODP_COS_INVALID != suite_context.cos && + (capa.pipeline_cls == ODP_SUPPORT_NO || + capa.max_cls_cos < 1)) + return ODP_TEST_INACTIVE; + if (ah && (ODP_SUPPORT_NO == capa.proto_ah)) return ODP_TEST_INACTIVE; @@ -288,6 +322,11 @@ void ipsec_sa_param_fill(odp_ipsec_sa_param_t *param, if (in) param->inbound.lookup_mode = ODP_IPSEC_LOOKUP_SPI; + if (in && (ODP_COS_INVALID != suite_context.cos)) { + param->inbound.pipeline = ODP_IPSEC_PIPELINE_CLS; + param->inbound.dest_cos = suite_context.cos; + } + param->proto = ah ? ODP_IPSEC_AH : ODP_IPSEC_ESP; @@ -438,23 +477,53 @@ static int ipsec_send_in_one(const ipsec_test_part *part, pkto, &num_out, ¶m)); CU_ASSERT_EQUAL(num_out, part->out_pkt); - } else if (ODP_IPSEC_OP_MODE_ASYNC == suite_context.inbound_op_mode) { + } else if (ODP_IPSEC_OP_MODE_ASYNC == suite_context.inbound_op_mode && + ODP_QUEUE_INVALID == suite_context.cos_queue) { CU_ASSERT_EQUAL(1, odp_ipsec_in_enq(&pkt, 1, ¶m)); - for (i = 0; i < num_out; i++) { - odp_event_t event; + for (i = 0; i < num_out;) { + odp_event_t ev; odp_event_subtype_t subtype; - do { - event = odp_queue_deq(suite_context.queue); - } while (event == ODP_EVENT_INVALID); + ev = odp_queue_deq(suite_context.queue); + if (ODP_EVENT_INVALID != ev) { + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(ev, &subtype)); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, + subtype); + pkto[i++] = odp_ipsec_packet_from_event(ev); + } + } + } else if (ODP_IPSEC_OP_MODE_ASYNC == suite_context.inbound_op_mode && + ODP_QUEUE_INVALID != suite_context.cos_queue) { + CU_ASSERT_EQUAL(1, odp_ipsec_in_enq(&pkt, 1, ¶m)); - CU_ASSERT_EQUAL(ODP_EVENT_PACKET, - odp_event_types(event, &subtype)); - CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, subtype); - pkto[i] = odp_ipsec_packet_from_event(event); + for (i = 0; i < num_out;) { + odp_event_t ev; + odp_event_subtype_t subtype; + + ev = odp_queue_deq(suite_context.queue); + if (ODP_EVENT_INVALID != ev) { + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(ev, &subtype)); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, + subtype); + CU_ASSERT(part->out[i].status.error.all); + pkto[i++] = odp_ipsec_packet_from_event(ev); + } + + ev = odp_queue_deq(suite_context.cos_queue); + if (ODP_EVENT_INVALID != ev) { + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(ev, &subtype)); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, + subtype); + CU_ASSERT(!part->out[i].status.error.all); + pkto[i++] = odp_ipsec_packet_from_event(ev); + } } - } else { + } else if (ODP_IPSEC_OP_MODE_INLINE == suite_context.inbound_op_mode && + ODP_QUEUE_INVALID == suite_context.cos_queue) { odp_queue_t queue; odp_pktout_queue_t pktout; @@ -495,6 +564,63 @@ static int ipsec_send_in_one(const ipsec_test_part *part, continue; } } + } else if (ODP_IPSEC_OP_MODE_INLINE == suite_context.inbound_op_mode && + ODP_QUEUE_INVALID != suite_context.cos_queue) { + odp_queue_t queue; + odp_pktout_queue_t pktout; + + CU_ASSERT_EQUAL_FATAL(1, odp_pktout_queue(suite_context.pktio, + &pktout, 1)); + + CU_ASSERT_EQUAL(1, odp_pktout_send(pktout, &pkt, 1)); + CU_ASSERT_EQUAL_FATAL(1, + odp_pktin_event_queue(suite_context. + pktio, + &queue, 1)); + + for (i = 0; i < num_out;) { + odp_event_t ev; + odp_event_subtype_t subtype; + + ev = odp_queue_deq(suite_context.cos_queue); + if (ODP_EVENT_INVALID != ev) { + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(ev, &subtype)); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, + subtype); + CU_ASSERT(!part->out[i].status.error.all); + + pkto[i++] = odp_ipsec_packet_from_event(ev); + continue; + } + + ev = odp_queue_deq(queue); + if (ODP_EVENT_INVALID != ev) { + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(ev, &subtype)); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_BASIC, + subtype); + CU_ASSERT(part->out[i].status.error.sa_lookup); + + pkto[i++] = odp_ipsec_packet_from_event(ev); + continue; + } + + ev = odp_queue_deq(suite_context.queue); + if (ODP_EVENT_INVALID != ev) { + CU_ASSERT_EQUAL(ODP_EVENT_PACKET, + odp_event_types(ev, &subtype)); + CU_ASSERT_EQUAL(ODP_EVENT_PACKET_IPSEC, + subtype); + CU_ASSERT(!part->out[i].status.error.sa_lookup); + CU_ASSERT(part->out[i].status.error.all); + + pkto[i++] = odp_ipsec_packet_from_event(ev); + continue; + } + } + } else { + CU_FAIL("Unsupported configuration!\n"); } return num_out; @@ -724,14 +850,31 @@ int ipsec_suite_init(void) if (rc == 0) suite_context.pktio = ODP_PKTIO_INVALID; + suite_context.cos = ODP_COS_INVALID; + return rc < 0 ? -1 : 0; } +int ipsec_suite_cos_init(void) +{ + int ret = ipsec_suite_init(); + + if (ret < 0) + return ret; + + suite_context.cos = ipsec_cos_create(); + + return 0; +} + static int ipsec_suite_term(odp_testinfo_t *suite) { int i; int first = 1; + if (suite_context.cos != ODP_COS_INVALID) + ipsec_cos_destroy(); + if (suite_context.pktio != ODP_PKTIO_INVALID) pktio_stop(suite_context.pktio); diff --git a/test/validation/api/ipsec/ipsec.h b/test/validation/api/ipsec/ipsec.h index d1c6854b7..472179f91 100644 --- a/test/validation/api/ipsec/ipsec.h +++ b/test/validation/api/ipsec/ipsec.h @@ -21,6 +21,7 @@ int ipsec_in_inline_init(void); int ipsec_out_inline_init(void); int ipsec_suite_init(void); +int ipsec_suite_cos_init(void); int ipsec_in_term(void); int ipsec_out_term(void); @@ -30,6 +31,8 @@ struct suite_context_s { odp_pool_t pool; odp_queue_t queue; odp_pktio_t pktio; + odp_cos_t cos; + odp_queue_t cos_queue; }; extern struct suite_context_s suite_context; diff --git a/test/validation/api/ipsec/ipsec_async.c b/test/validation/api/ipsec/ipsec_async.c index 796879230..f5d384392 100644 --- a/test/validation/api/ipsec/ipsec_async.c +++ b/test/validation/api/ipsec/ipsec_async.c @@ -32,6 +32,7 @@ static int ipsec_async_init(odp_instance_t *inst) odp_suiteinfo_t ipsec_suites[] = { {"IPsec-in", ipsec_suite_init, ipsec_in_term, ipsec_in_suite}, + {"IPsec-cos-in", ipsec_suite_cos_init, ipsec_in_term, ipsec_in_suite}, {"IPsec-out", ipsec_suite_init, ipsec_out_term, ipsec_out_suite}, ODP_SUITE_INFO_NULL, }; diff --git a/test/validation/api/ipsec/ipsec_inline_in.c b/test/validation/api/ipsec/ipsec_inline_in.c index 2a595353d..c2f6411f0 100644 --- a/test/validation/api/ipsec/ipsec_inline_in.c +++ b/test/validation/api/ipsec/ipsec_inline_in.c @@ -34,6 +34,7 @@ static int ipsec_sync_init(odp_instance_t *inst) odp_suiteinfo_t ipsec_suites[] = { {"IPsec-in", ipsec_suite_init, ipsec_in_term, ipsec_in_suite}, + {"IPsec-cos-in", ipsec_suite_cos_init, ipsec_in_term, ipsec_in_suite}, ODP_SUITE_INFO_NULL, }; From patchwork Sun Nov 12 00:00:11 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118633 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp257597qgn; Sat, 11 Nov 2017 16:11:08 -0800 (PST) X-Google-Smtp-Source: AGs4zMYUW3YgrxvTUAZpBSFzzvMKN2kZpSYrv7r6WsOOSawbf1qSN+TyTYvV3tk7vxPMzc3dWalA X-Received: by 10.55.217.85 with SMTP id u82mr7131535qki.257.1510445468095; Sat, 11 Nov 2017 16:11:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510445468; cv=none; d=google.com; s=arc-20160816; b=q/wU+D+9O8AR4O/Ljn3AT+3X75enYH3CHIjSgoQaeOJy/0DfStpskn9orjQdmRpc9Z 5bSR6VrJ8dR5sDo+2e08c0wSY3N/unNviExYhms4GRl9cjdsejZzS06WkQ4lmqJHEoWQ RCZhpaK6NfNgA4XNT/n020eSKZVbFQCRCSg4Y+3HXsyp0Kq9TmxZMypu+jfTmF/2VOu8 QNyZiBbyX1+2xx2aX7WTljj4Ih0NX6Q2+7J5onPu8MCJ9VhEmaDg9HuyKynB8tb66UJt tyIPojqgFh/8Hy9d8T6G/NB6L+HFeNGMcaWYDKFogkH+yRTcxWfct+LHCUeUPGb+mVkl C2MA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=aEp/fNbh5qCXr6udECDx36yk82vEUbt37tUGonC4wMU=; b=YW2jYtgJWishBOeIXXSCWvWLgkd2UTU9ezdCenOKCkY03P4PTdh1Rd3CfYObAWbEsv l5VXYwajOVYIYIbmaa5N8wxepa2MuCMfb99L6lSnEIFcSgsx87QW2JBq/s9493Momhj9 M+k++W9GeAYlRmTV+rn/zqDqMZVJRd8qi6rkyrsXRAsny/k0LUl90QEY1F9GCBwI8ENn +W2AIs0d9/e4k0WBob4YPOWtesorQGvqf280HUebrhHWZj89BPbDN+rIs2xg6aIhrGQQ a0Pr7zf1obVF6SB9O9rZc7GHXjbvzRM5OrBw4/Rhhb92VWmywZc0FKZ7ipvRrpALMDOR OvHA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id n30si4629065qtf.26.2017.11.11.16.11.07; Sat, 11 Nov 2017 16:11:08 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id B671A60804; Sun, 12 Nov 2017 00:11:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id AC72060B18; Sun, 12 Nov 2017 00:01:31 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 3A74160655; Sun, 12 Nov 2017 00:01:18 +0000 (UTC) Received: from forward101o.mail.yandex.net (forward101o.mail.yandex.net [37.140.190.181]) by lists.linaro.org (Postfix) with ESMTPS id 17B01608DD for ; Sun, 12 Nov 2017 00:00:25 +0000 (UTC) Received: from mxback1g.mail.yandex.net (mxback1g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:162]) by forward101o.mail.yandex.net (Yandex) with ESMTP id 749281343261 for ; Sun, 12 Nov 2017 03:00:23 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback1g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id chiieX3k5F-0NmSus3a; Sun, 12 Nov 2017 03:00:23 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id VxCtJulSk2-0MWesh9p; Sun, 12 Nov 2017 03:00:23 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 03:00:11 +0300 Message-Id: <1510444815-25058-13-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510444815-25058-1-git-send-email-odpbot@yandex.ru> References: <1510444815-25058-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v8 12/16] linux-gen: ipsec: mark IPsec packets with errors with error flag X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Add new ipsec_err error flag, which is set by IPsec code if there was an error during IPsec packet processing. This allow application code to quickly check packets using odp_packet_has_error() function and use fast path if there was none. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: 9ff682c8d0315f3f1921d5b9fe13d62897c78710 ** Merge commit sha: 38c770f1444aeb3ede5313b7304a1161277ae0b5 **/ .../linux-generic/include/odp_packet_internal.h | 1 + platform/linux-generic/odp_ipsec.c | 104 ++++++++++++--------- 2 files changed, 60 insertions(+), 45 deletions(-) diff --git a/platform/linux-generic/include/odp_packet_internal.h b/platform/linux-generic/include/odp_packet_internal.h index fc10d61c8..e62854b1e 100644 --- a/platform/linux-generic/include/odp_packet_internal.h +++ b/platform/linux-generic/include/odp_packet_internal.h @@ -55,6 +55,7 @@ typedef union { uint32_t tcp_err:1; /**< TCP error, checks TBD */ uint32_t udp_err:1; /**< UDP error, checks TBD */ uint32_t l4_chksum:1; /**< L4 checksum error */ + uint32_t ipsec_err:1; /**< IPsec error */ }; } error_flags_t; diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 74a1c5766..8101b00c6 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -286,6 +286,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, uint8_t ip_ttl; /**< Saved IP TTL value */ uint16_t ip_frag_offset; /**< Saved IP flags value */ odp_crypto_packet_result_t crypto; /**< Crypto operation result */ + odp_packet_hdr_t *pkt_hdr; ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != ip_offset); ODP_ASSERT(NULL != ip); @@ -301,7 +302,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (_ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(ip->frag_offset))) { status->error.proto = 1; - goto out; + goto err; } /* Check IP header for IPSec protocols and look it up */ @@ -311,7 +312,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (odp_packet_copy_to_mem(pkt, ipsec_offset, sizeof(esp), &esp) < 0) { status->error.alg = 1; - goto out; + goto err; } if (ODP_IPSEC_SA_INVALID == sa) { @@ -324,7 +325,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ipsec_sa = _odp_ipsec_sa_lookup(&lookup); if (NULL == ipsec_sa) { status->error.sa_lookup = 1; - goto out; + goto err; } } else { ipsec_sa = _odp_ipsec_sa_use(sa); @@ -332,7 +333,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (ipsec_sa->proto != ODP_IPSEC_ESP || ipsec_sa->spi != odp_be_to_cpu_32(esp.spi)) { status->error.proto = 1; - goto out; + goto err; } } @@ -342,7 +343,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ipsec_sa->esp_iv_len, iv + ipsec_sa->salt_length) < 0) { status->error.alg = 1; - goto out; + goto err; } hdr_len = _ODP_ESPHDR_LEN + ipsec_sa->esp_iv_len; @@ -376,7 +377,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (odp_packet_copy_to_mem(pkt, ipsec_offset, sizeof(ah), &ah) < 0) { status->error.alg = 1; - goto out; + goto err; } if (ODP_IPSEC_SA_INVALID == sa) { @@ -389,7 +390,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ipsec_sa = _odp_ipsec_sa_lookup(&lookup); if (NULL == ipsec_sa) { status->error.sa_lookup = 1; - goto out; + goto err; } } else { ipsec_sa = _odp_ipsec_sa_use(sa); @@ -397,7 +398,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (ipsec_sa->proto != ODP_IPSEC_AH || ipsec_sa->spi != odp_be_to_cpu_32(ah.spi)) { status->error.proto = 1; - goto out; + goto err; } } @@ -431,16 +432,16 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, stats_length = param.auth_range.length; } else { status->error.proto = 1; - goto out; + goto err; } if (_odp_ipsec_sa_replay_precheck(ipsec_sa, odp_be_to_cpu_32(aad.seq_no), status) < 0) - goto out; + goto err; if (_odp_ipsec_sa_stats_precheck(ipsec_sa, status) < 0) - goto out; + goto err; param.session = ipsec_sa->session; @@ -448,14 +449,14 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (rc < 0) { ODP_DBG("Crypto failed\n"); status->error.alg = 1; - goto out; + goto err; } rc = odp_crypto_result(&crypto, pkt); if (rc < 0) { ODP_DBG("Crypto failed\n"); status->error.alg = 1; - goto out; + goto err; } if (!crypto.ok) { @@ -471,16 +472,16 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ODP_CRYPTO_HW_ERR_NONE)) status->error.auth = 1; - goto out; + goto err; } if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) - goto out; + goto err; if (_odp_ipsec_sa_replay_update(ipsec_sa, odp_be_to_cpu_32(aad.seq_no), status) < 0) - goto out; + goto err; ip_offset = odp_packet_l3_offset(pkt); ip = odp_packet_l3_ptr(pkt, NULL); @@ -498,18 +499,18 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (odp_packet_copy_to_mem(pkt, esptrl_offset, sizeof(esptrl), &esptrl) < 0) { status->error.proto = 1; - goto out; + goto err; } if (ip_offset + esptrl.pad_len > esptrl_offset) { status->error.proto = 1; - goto out; + goto err; } if (_odp_packet_cmp_data(pkt, esptrl_offset - esptrl.pad_len, ipsec_padding, esptrl.pad_len) != 0) { status->error.proto = 1; - goto out; + goto err; } ip->proto = esptrl.next_header; @@ -523,7 +524,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (odp_packet_copy_to_mem(pkt, ipsec_offset, sizeof(ah), &ah) < 0) { status->error.alg = 1; - goto out; + goto err; } ip->proto = ah.next_header; @@ -534,12 +535,12 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ip->frag_offset = odp_cpu_to_be_16(ip_frag_offset); } else { status->error.proto = 1; - goto out; + goto err; } if (odp_packet_trunc_tail(&pkt, trl_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode) { @@ -550,7 +551,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (odp_packet_trunc_head(&pkt, ip_hdr_len + hdr_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } } else { odp_packet_move_data(pkt, hdr_len, 0, @@ -558,7 +559,7 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, if (odp_packet_trunc_head(&pkt, hdr_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } } @@ -573,15 +574,21 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, _odp_ipv4_csum_update(pkt); } - if (!status->error.all) { - odp_packet_hdr_t *pkt_hdr = odp_packet_hdr(pkt); + pkt_hdr = odp_packet_hdr(pkt); - packet_parse_reset(pkt_hdr); + packet_parse_reset(pkt_hdr); + + packet_parse_l3_l4(pkt_hdr, parse_layer(ipsec_config.inbound.parse), + ip_offset, _ODP_ETHTYPE_IPV4); + + *pkt_out = pkt; + + return ipsec_sa; + +err: + pkt_hdr = odp_packet_hdr(pkt); + pkt_hdr->p.error_flags.ipsec_err = 1; - packet_parse_l3_l4(pkt_hdr, parse_layer(ipsec_config.inbound.parse), - ip_offset, _ODP_ETHTYPE_IPV4); - } -out: *pkt_out = pkt; return ipsec_sa; @@ -620,6 +627,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, uint8_t ip_ttl; /**< Saved IP TTL value */ uint16_t ip_frag_offset; /**< Saved IP flags value */ odp_crypto_packet_result_t crypto; /**< Crypto operation result */ + odp_packet_hdr_t *pkt_hdr; ODP_ASSERT(ODP_PACKET_OFFSET_INVALID != ip_offset); ODP_ASSERT(NULL != ip); @@ -637,7 +645,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, if (ODP_IPSEC_MODE_TRANSPORT == ipsec_sa->mode && _ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(ip->frag_offset))) { status->error.alg = 1; - goto out; + goto err; } if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode) { @@ -673,7 +681,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, if (odp_packet_extend_head(&pkt, _ODP_IPV4HDR_LEN, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } odp_packet_move_data(pkt, 0, _ODP_IPV4HDR_LEN, ip_offset); @@ -719,7 +727,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, 1); /* Check for overrun */ if (ctr == 0) - goto out; + goto err; memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); memcpy(iv + ipsec_sa->salt_length, &ctr, @@ -735,7 +743,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, if (len != ipsec_sa->esp_iv_len) { status->error.alg = 1; - goto out; + goto err; } memcpy(iv, ipsec_sa->salt, ipsec_sa->salt_length); @@ -745,12 +753,12 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, if (odp_packet_extend_tail(&pkt, trl_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } if (odp_packet_extend_head(&pkt, hdr_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } odp_packet_move_data(pkt, 0, hdr_len, ipsec_offset); @@ -824,12 +832,12 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, if (odp_packet_extend_tail(&pkt, trl_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } if (odp_packet_extend_head(&pkt, hdr_len, NULL, NULL) < 0) { status->error.alg = 1; - goto out; + goto err; } odp_packet_move_data(pkt, 0, hdr_len, ipsec_offset); @@ -871,12 +879,12 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, stats_length = param.auth_range.length; } else { status->error.alg = 1; - goto out; + goto err; } /* No need to run precheck here, we know that packet is authentic */ if (_odp_ipsec_sa_stats_update(ipsec_sa, stats_length, status) < 0) - goto out; + goto err; param.session = ipsec_sa->session; @@ -884,14 +892,14 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, if (rc < 0) { ODP_DBG("Crypto failed\n"); status->error.alg = 1; - goto out; + goto err; } rc = odp_crypto_result(&crypto, pkt); if (rc < 0) { ODP_DBG("Crypto failed\n"); status->error.alg = 1; - goto out; + goto err; } if (!crypto.ok) { @@ -907,7 +915,7 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, ODP_CRYPTO_HW_ERR_NONE)) status->error.auth = 1; - goto out; + goto err; } ip = odp_packet_l3_ptr(pkt, NULL); @@ -921,7 +929,13 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, _odp_ipv4_csum_update(pkt); -out: + *pkt_out = pkt; + return ipsec_sa; + +err: + pkt_hdr = odp_packet_hdr(pkt); + + pkt_hdr->p.error_flags.ipsec_err = 1; *pkt_out = pkt; return ipsec_sa; From patchwork Sun Nov 12 00:00:12 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118631 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp256844qgn; Sat, 11 Nov 2017 16:09:46 -0800 (PST) X-Google-Smtp-Source: AGs4zMYYz+6JlkvRToahIj6f8mGIjKVbhblWvc0AXcu7Z4qnZFIMEjtAYfdjx9584b7N1JDV8Qpg X-Received: by 10.55.75.75 with SMTP id y72mr7262820qka.118.1510445386383; Sat, 11 Nov 2017 16:09:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510445386; cv=none; d=google.com; s=arc-20160816; b=pCHpcO2XSG2ladQXgz84OKXLx+iyD9nKY/9L3EUQbE3toveBlo3pp5rUKUa+CDaouu 8hMEx+Gbe99zK4+w/diNN3rqTXDZ71/wfWXY9awFtdWbfiIdluSQVU/m0SqBa97roM7Y FmwdyNy6TNZudoepEmJ67mkzdqyzlA4zlG5pqOkOxsuVksK+SzsRhYR2GURyBhK/AN/A /JUIUdpbZwzlBRhoIVYrB8x2aHfHlOHep5riuIzX+YXZ2ywfgFfnhomDIamcqkreQPTE 1fBOpNo3L07A951mm12mYJceIW2KEm5Tl3vK+zID9Th07RmRKB5k+gxx+L7CvbZ3l3qm fUog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=lV6zXIT9vbO98h/toDv/Rnh6rzHsMltV/LBjFOIsdwU=; b=HcG0EtD+XylgrUs4nbGMCTieSVue5Cq+qVZ0HXpSPqlTRCeXgjGO2x4wid5BFBgLI9 akuDHlZnJukYJkzM/+Eb4cJwMMZAuebEHIoONTpEW+1th25+1/WSfCT73RFTqxrCkge7 Mt9m/rHfg75nLW0/rV0t54Y8fIFUA+LtsqaQavyJKgsQAUNZQ9xsUaqqB1Q4/3LXS1ud Ewu2Qq5u0UOaCiJaKPFT867xEaStZeA0qGdGmwc9GzT0kDEBnKQyzbe3FHP0qQG0GrGP 9VmKOmTh/amyFt9SBG0IA6Y6Hkxr5L9nEPGlIypy0hOTXkXKA/yvVRqOW9mYZxj2mfAo CSmg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id o95si11868337qte.464.2017.11.11.16.09.46; Sat, 11 Nov 2017 16:09:46 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id EFDF660A51; Sun, 12 Nov 2017 00:09:45 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 29E9C60996; Sun, 12 Nov 2017 00:01:24 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 20D2260804; Sun, 12 Nov 2017 00:01:16 +0000 (UTC) Received: from forward100p.mail.yandex.net (forward100p.mail.yandex.net [77.88.28.100]) by lists.linaro.org (Postfix) with ESMTPS id 882B960996 for ; Sun, 12 Nov 2017 00:00:25 +0000 (UTC) Received: from mxback15g.mail.yandex.net (mxback15g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:94]) by forward100p.mail.yandex.net (Yandex) with ESMTP id 0EDB451031B1 for ; Sun, 12 Nov 2017 03:00:24 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback15g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id rSUqLVl7u1-0NKaCoL7; Sun, 12 Nov 2017 03:00:23 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id VxCtJulSk2-0NWGAFqP; Sun, 12 Nov 2017 03:00:23 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 03:00:12 +0300 Message-Id: <1510444815-25058-14-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510444815-25058-1-git-send-email-odpbot@yandex.ru> References: <1510444815-25058-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v8 13/16] validation: check that erroneous IPsec packets have error flag set X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Verify that odp_packet_has_error() returns true for IPsec packets with error status in result. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: 9ff682c8d0315f3f1921d5b9fe13d62897c78710 ** Merge commit sha: 38c770f1444aeb3ede5313b7304a1161277ae0b5 **/ test/validation/api/ipsec/ipsec.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/test/validation/api/ipsec/ipsec.c b/test/validation/api/ipsec/ipsec.c index 5883f23e2..045718594 100644 --- a/test/validation/api/ipsec/ipsec.c +++ b/test/validation/api/ipsec/ipsec.c @@ -739,6 +739,10 @@ void ipsec_check_in_one(const ipsec_test_part *part, odp_ipsec_sa_t sa) CU_ASSERT_EQUAL(0, odp_ipsec_result(&result, pkto[i])); CU_ASSERT_EQUAL(part->out[i].status.error.all, result.status.error.all); + if (result.status.error.all) + CU_ASSERT(odp_packet_has_error(pkto[i])) + else + CU_ASSERT(!odp_packet_has_error(pkto[i])); CU_ASSERT_EQUAL(suite_context.inbound_op_mode == ODP_IPSEC_OP_MODE_INLINE, result.flag.inline_mode); @@ -778,6 +782,10 @@ void ipsec_check_out_one(const ipsec_test_part *part, odp_ipsec_sa_t sa) CU_ASSERT_EQUAL(0, odp_ipsec_result(&result, pkto[i])); CU_ASSERT_EQUAL(part->out[i].status.error.all, result.status.error.all); + if (result.status.error.all) + CU_ASSERT(odp_packet_has_error(pkto[i])) + else + CU_ASSERT(!odp_packet_has_error(pkto[i])); CU_ASSERT_EQUAL(sa, result.sa); CU_ASSERT_EQUAL(IPSEC_SA_CTX, odp_ipsec_sa_context(sa)); From patchwork Sun Nov 12 00:00:13 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118632 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp257304qgn; Sat, 11 Nov 2017 16:10:34 -0800 (PST) X-Google-Smtp-Source: AGs4zMb9Yu88zUIMcKxb+CO+9HRwxWR5lY3p5hnFI8u980ysRBObloztovWvBlPIsF7HDZxkMBDc X-Received: by 10.55.183.134 with SMTP id h128mr7684041qkf.258.1510445434512; Sat, 11 Nov 2017 16:10:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510445434; cv=none; d=google.com; s=arc-20160816; b=GjO5ArzyxREllCQPnOMY6rjPsHgEEtMTu1RY6J4V09pHMNm2PQ8vMxvhPa1W5mZUou dKiUPV7YzCYgN2yy6QGDHf3p25h/R66Wc8silv8BY5gU1GiYKK5eu844j5HCF649hDXJ v3eLXJ4V0gTRp6PP/A+b1n/NiHcPZREw5XPSgBblDhSGOzdkXcQRzPk5qku8olbBoyty V70NO7ZGu+S0olsTdZosSh2V5r40ip3S1Hhas2k2ii1buGE+ZqD0T2Aq364CsCheFuKn 2aRIiNX1PVNiZZrMyHFbxopa+vFoSR6SyAD2VobdbIKD8FiZChqV0ZEcuagx33iQ//vc yMdw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=xweZz2Db876XQUy9ymk2xhwfaJGP1+3WcaPyvfVMpN8=; b=RIPnoWKE+CMAo1p3u84a1tPF3WFv8kWVxCrgi7YHA+e0Yu/LPbJiMGpdszDMEAvNGl Wo9u0HPV3KVxIexvbGs+oT2lDljBFylUhBfRHcqKclJlSftwt2u58a3waZSOPlhQk0CF 2+69hHpXDj/B/ygPfVTSLL43hN+VL+Q326yTd4bXqCho8qJPVdh32Exqh3ho+bwwOv7R KJeWM5nTNiL7gzwbPRBkRwFQQNzkP+zQOZI5rPS7BI28DcvHUA7fYTwh7i+vv1D1hO1P 0/oMKt1GCrNt3DvV9RuMh+q1ejZ3CO/h8ZZzEMidbVwYmsIW3IQCqxGWNJ4CwcoQfh/k m2IQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id k124si4774054qke.408.2017.11.11.16.10.34; Sat, 11 Nov 2017 16:10:34 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 17D2C60A31; Sun, 12 Nov 2017 00:10:34 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 63F8E60ACA; Sun, 12 Nov 2017 00:01:27 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id E343760804; Sun, 12 Nov 2017 00:01:16 +0000 (UTC) Received: from forward106o.mail.yandex.net (forward106o.mail.yandex.net [37.140.190.187]) by lists.linaro.org (Postfix) with ESMTPS id 2569660594 for ; Sun, 12 Nov 2017 00:00:26 +0000 (UTC) Received: from mxback6o.mail.yandex.net (mxback6o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::20]) by forward106o.mail.yandex.net (Yandex) with ESMTP id 884F27832C3 for ; Sun, 12 Nov 2017 03:00:24 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback6o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id cPsDlYv2ak-0OtqdkSp; Sun, 12 Nov 2017 03:00:24 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id VxCtJulSk2-0OWerrrr; Sun, 12 Nov 2017 03:00:24 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 03:00:13 +0300 Message-Id: <1510444815-25058-15-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510444815-25058-1-git-send-email-odpbot@yandex.ru> References: <1510444815-25058-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v8 14/16] linux-gen: ipsec: validate ip header total length X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Check that IP packet length from the header is not bogus. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: 9ff682c8d0315f3f1921d5b9fe13d62897c78710 ** Merge commit sha: 38c770f1444aeb3ede5313b7304a1161277ae0b5 **/ platform/linux-generic/odp_ipsec.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index 8101b00c6..e6fb276a6 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -300,6 +300,11 @@ static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt, ipsec_offset = ip_offset + ip_hdr_len; + if (odp_be_to_cpu_16(ip->tot_len) + ip_offset > odp_packet_len(pkt)) { + status->error.alg = 1; + goto err; + } + if (_ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(ip->frag_offset))) { status->error.proto = 1; goto err; @@ -648,6 +653,11 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, goto err; } + if (odp_be_to_cpu_16(ip->tot_len) + ip_offset > odp_packet_len(pkt)) { + status->error.alg = 1; + goto err; + } + if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode) { _odp_ipv4hdr_t out_ip; uint16_t tot_len; From patchwork Sun Nov 12 00:00:14 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118634 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp257922qgn; Sat, 11 Nov 2017 16:11:39 -0800 (PST) X-Google-Smtp-Source: AGs4zMbmuPULgMBuuF80oxxiqrXu09c8zeWXKEoIyx5M5ZbYlxUsDdFX+V7ppddGTeXl1qXOE2Ou X-Received: by 10.36.90.81 with SMTP id v78mr5828650ita.114.1510445499293; Sat, 11 Nov 2017 16:11:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510445499; cv=none; d=google.com; s=arc-20160816; b=iUwS7eAVdPS8QGqZ9ERogQva+mf/+Z+swlOujNSQbTvmfxChUf4GvL4kB5jdNB0B6B 01UmVxeFSNEkjm/oqYHDNZ0nGMl1qHa7iQ3hG6NHUjXsqKdhU8x+FaNRhOlTQLuMIh1b ZFffVGCbpxjNE25OIxbtn3P7GnDPDmwCXXIYtPZo4yXn8eGXxrSGAp+RM7c2PaIiGC6a 54yHJn9t3FokYoVpAQnmmYo2VSofnM6g/OHbZbT7WK/M7y/VxfKbKzwneyRFWhqsH8sN izzoKpN08Q/bPgpEPIbWcEFK9zP0T5ukoPMQWSIZQUBcR1yO5FEhpFCOqXxqRJo4z6Td +Yfg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=j34cnlkurnvqLDmJJlNGGvKUJSn2Abq1TbxzZ71/bGM=; b=TRkkj/P4nHaJYV9qRXaR3ZP3az55emirO4+dbyy0AcZ/wqd09YvGkvQ+W9v2QuFIhO W4fPFLOqGEL1oiMoo1WukRWX1Y1PTFlrlsAS0exKGh7rq1ipbl8eKhwasOg02FxWG3sO sLeXHSNkGPyyQfAn0aqOpU1y8NS5oDQY08qSBCH8mv6ZI3vwMoGtTr2rSESSu6jG2WGR Xg9zi78lf0Tmcx8Flx/VKR73XwsaNg0LU5W2qfntgIqJLthpQM72RaJ7kvzeQcBOBWZi IqUkJ6ko14RFSGOImF0pn/9Dn8MmYfMiFbRe4BGzHfd38R/yTH5QQRG7IJTvMSqTozxx BiHg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id p125si4146865itb.70.2017.11.11.16.11.38; Sat, 11 Nov 2017 16:11:39 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id CD12C60999; Sun, 12 Nov 2017 00:11:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id EF9BD60BE0; Sun, 12 Nov 2017 00:01:34 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 6CC0560804; Sun, 12 Nov 2017 00:01:18 +0000 (UTC) Received: from forward103j.mail.yandex.net (forward103j.mail.yandex.net [5.45.198.246]) by lists.linaro.org (Postfix) with ESMTPS id 72F4E609C2 for ; Sun, 12 Nov 2017 00:00:26 +0000 (UTC) Received: from mxback7o.mail.yandex.net (mxback7o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::21]) by forward103j.mail.yandex.net (Yandex) with ESMTP id E08B734C3A59 for ; Sun, 12 Nov 2017 03:00:24 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback7o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id G1YS2a067S-0ONKwcFg; Sun, 12 Nov 2017 03:00:24 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id VxCtJulSk2-0OWSLxX6; Sun, 12 Nov 2017 03:00:24 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 03:00:14 +0300 Message-Id: <1510444815-25058-16-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510444815-25058-1-git-send-email-odpbot@yandex.ru> References: <1510444815-25058-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v8 15/16] linux-gen: ipsec: correct frag_offset for tunneled packets X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Generated outer header should have frag_offset = 0, MF = 0. Change code accordingly. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: 9ff682c8d0315f3f1921d5b9fe13d62897c78710 ** Merge commit sha: 38c770f1444aeb3ede5313b7304a1161277ae0b5 **/ platform/linux-generic/odp_ipsec.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c index e6fb276a6..107b54917 100644 --- a/platform/linux-generic/odp_ipsec.c +++ b/platform/linux-generic/odp_ipsec.c @@ -677,10 +677,10 @@ static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt, out_ip.id = odp_atomic_fetch_add_u32(&ipsec_sa->out.tun_hdr_id, 1); if (ipsec_sa->copy_df) - out_ip.frag_offset = ip->frag_offset; + out_ip.frag_offset = ip->frag_offset & 0x4000; else - out_ip.frag_offset = (ip->frag_offset & ~0x4000) | - (ipsec_sa->out.tun_df << 14); + out_ip.frag_offset = + ((uint16_t)ipsec_sa->out.tun_df) << 14; out_ip.ttl = ipsec_sa->out.tun_ttl; out_ip.proto = _ODP_IPV4; /* Will be filled later by packet checksum update */ From patchwork Sun Nov 12 00:00:15 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 118635 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp258521qgn; Sat, 11 Nov 2017 16:12:34 -0800 (PST) X-Google-Smtp-Source: AGs4zMaYg5cWVNoyxIGHOHlq0QxZitnNOJiCgqPpzYyHtj2OVAyq5UE5yg4CqHacl92p8SdWzB4E X-Received: by 10.200.50.39 with SMTP id x36mr8454365qta.255.1510445554733; Sat, 11 Nov 2017 16:12:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510445554; cv=none; d=google.com; s=arc-20160816; b=0t3gRp8ZSCc0j3dYwJ/Lsl1lgKiSWxpyJlZy6zqFM04Ggdgq8C8dWLs9Fr13qvoHI8 m4cSOfz3FkijsQTbgkO7yr9Etp/BCQjLwd6t6uXwr5lYpAgG4veY21eHWMCa74hy1uKR eicmatHdMwm7Grvbtv7eL+cglISB5+p6eqiNRM5YlTwHNWtucYjw0AhkUugFacNnug+5 gCzfSqpLt6FT8q6FGnVMDQya9fOczzIo4Fz39DCtmn3Gr7rHbarcTzL3HrO6e0v8y8tf jllC3u/Q/5n5NKnL0563DPqVeDl4ao4myG4jdVCRY4BqwfFce5aMllSx4Fllt+6g6LZ1 Ju5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=RVwwwmvIKD/qsGlGLufNH7lsVbwq3PHMLGkqxmqLS3I=; b=eoSFRGDsmZQdsXzM2T0tGUSLFlojcKzOoe+yy6lepcw0yw2CMzONP/4YjuNCt7L055 Fp7EXtYeJ7vSQb0pf2a+OIwSCJEGqAM0qq6QL//picUdFtzDDpsz/klREHSbS6RD/aC+ VA84HO3sY0cdFrTghVdmlhHsz8w9VM2nPZYbw3VYmVIz1sTJrkn/hwpbObjFsi8uxPBK 80X8Grc5bD4/AgSh1vw5eYqJzdvyOy7L7VUJzYWjIEwDuMV6VOMgdzoD4TejelWosN2+ PNF6xAJCpD7dsVUUCOupCR005e/kY/LHgVGJICoYMr342yZm6SIVy5mlqBu4DPTGjOFb q84A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id 4si622645qke.380.2017.11.11.16.12.34; Sat, 11 Nov 2017 16:12:34 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 6A0E060A52; Sun, 12 Nov 2017 00:12:34 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 4787060BEE; Sun, 12 Nov 2017 00:01:38 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id E324060655; Sun, 12 Nov 2017 00:01:18 +0000 (UTC) Received: from forward102o.mail.yandex.net (forward102o.mail.yandex.net [37.140.190.182]) by lists.linaro.org (Postfix) with ESMTPS id AD31F609D8 for ; Sun, 12 Nov 2017 00:00:26 +0000 (UTC) Received: from mxback8o.mail.yandex.net (mxback8o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::22]) by forward102o.mail.yandex.net (Yandex) with ESMTP id 4A3D15A03748 for ; Sun, 12 Nov 2017 03:00:25 +0300 (MSK) Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net [2a02:6b8:0:801::ab]) by mxback8o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id Fe1EMzy726-0PXm82VS; Sun, 12 Nov 2017 03:00:25 +0300 Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id VxCtJulSk2-0OWqT1X2; Sun, 12 Nov 2017 03:00:24 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 12 Nov 2017 03:00:15 +0300 Message-Id: <1510444815-25058-17-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510444815-25058-1-git-send-email-odpbot@yandex.ru> References: <1510444815-25058-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 243 Subject: [lng-odp] [PATCH API-NEXT v8 16/16] linux-gen: ipsec: don't leak SA on creation error X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Some paths during odp_ipsec_sa_create() can lead to SA leakage. Fix them by always releasing SA in error case. Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 243 (lumag:ipsec-packet-impl-3) ** https://github.com/Linaro/odp/pull/243 ** Patch: https://github.com/Linaro/odp/pull/243.patch ** Base sha: 9ff682c8d0315f3f1921d5b9fe13d62897c78710 ** Merge commit sha: 38c770f1444aeb3ede5313b7304a1161277ae0b5 **/ platform/linux-generic/odp_ipsec_sad.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 6a17a9172..ec2bd27e1 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -310,7 +310,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) ipsec_sa->icv_len = 16; break; default: - return ODP_IPSEC_SA_INVALID; + goto error; } switch (crypto_param.cipher_alg) { @@ -340,7 +340,7 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param) crypto_param.iv.length = 12; break; default: - return ODP_IPSEC_SA_INVALID; + goto error; } if (1 == ipsec_sa->use_counter_iv &&