[dpdk-dev] [PATCH 08/11] examples/ipsec-secgw: iv should be be64

[Aviad Yehezkel]

On 10/16/2017 12:42 PM, Sergio Gonzalez Monroy wrote:
> On 14/10/2017 14:28, aviadye at dev.mellanox.co.il wrote:
>> From: Aviad Yehezkel <aviadye at mellanox.com>
>>
>> To be compatibile with Linux kernel
>
> I am not sure what you are trying to achieve with this change.
> The requirement is that the IV is unique, IMO changing the endianess 
> is irrelevant here.
> Can you provide case/example where current code does not work?
>
> Thanks,
> Sergio
You are right, according to rfc4106 the IV should be unique and can be
implemented as counter.
The changed was created because I put analyzer on wire and compare
packets generated by this application and Linux kernel.
Linux kernel sets IV as BE, so I thought it is worth to do the same for
future debug / comparison.

Thanks,
Aviad.

>
>> Signed-off-by: Aviad Yehezkel <aviadye at mellanox.com>
>> ---
>>   examples/ipsec-secgw/esp.c | 8 ++++----
>>   1 file changed, 4 insertions(+), 4 deletions(-)
>>
>> diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
>> index aa2233d..81ebf55 100644
>> --- a/examples/ipsec-secgw/esp.c
>> +++ b/examples/ipsec-secgw/esp.c
>> @@ -336,7 +336,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa 
>> *sa,
>>       if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
>>           uint8_t *aad;
>>   -        *iv = sa->seq;
>> +        *iv = rte_cpu_to_be_64(sa->seq);
>>           sym_cop->aead.data.offset = ip_hdr_len +
>>               sizeof(struct esp_hdr) + sa->iv_len;
>>           sym_cop->aead.data.length = pad_payload_len;
>> @@ -349,7 +349,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa 
>> *sa,
>>             struct cnt_blk *icb = get_cnt_blk(m);
>>           icb->salt = sa->salt;
>> -        icb->iv = sa->seq;
>> +        icb->iv = rte_cpu_to_be_64(sa->seq);
>>           icb->cnt = rte_cpu_to_be_32(1);
>>             aad = get_aad(m);
>> @@ -371,7 +371,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa 
>> *sa,
>>               sym_cop->cipher.data.length = pad_payload_len + 
>> sa->iv_len;
>>               break;
>>           case RTE_CRYPTO_CIPHER_AES_CTR:
>> -            *iv = sa->seq;
>> +            *iv = rte_cpu_to_be_64(sa->seq);
>>               sym_cop->cipher.data.offset = ip_hdr_len +
>>                   sizeof(struct esp_hdr) + sa->iv_len;
>>               sym_cop->cipher.data.length = pad_payload_len;
>> @@ -390,7 +390,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa 
>> *sa,
>>             struct cnt_blk *icb = get_cnt_blk(m);
>>           icb->salt = sa->salt;
>> -        icb->iv = sa->seq;
>> +        icb->iv = rte_cpu_to_be_64(sa->seq);
>>           icb->cnt = rte_cpu_to_be_32(1);
>>             switch (sa->auth_algo) {
>
>