[dpdk-dev] [PATCH 08/11] examples/ipsec-secgw: iv should be be64
Sergio Gonzalez Monroy
sergio.gonzalez.monroy at intel.com
Mon Oct 16 13:59:59 CEST 2017
On 16/10/2017 11:35, Aviad Yehezkel wrote:
>
> On 10/16/2017 12:42 PM, Sergio Gonzalez Monroy wrote:
>> On 14/10/2017 14:28, aviadye at dev.mellanox.co.il wrote:
>>> From: Aviad Yehezkel <aviadye at mellanox.com>
>>>
>>> To be compatibile with Linux kernel
>>
>> I am not sure what you are trying to achieve with this change.
>> The requirement is that the IV is unique, IMO changing the endianess
>> is irrelevant here.
>> Can you provide case/example where current code does not work?
>>
>> Thanks,
>> Sergio
> You are right, according to rfc4106 the IV should be unique and can be
> implemented as counter.
> The changed was created because I put analyzer on wire and compare
> packets generated by this application and Linux kernel.
> Linux kernel sets IV as BE, so I thought it is worth to do the same for
> future debug / comparison.
>
I guess the performance impact is small (for LE platforms), so it would
be good to add this (or similar) information to the commit message.
Thanks,
Sergio
> Thanks,
> Aviad.
>
>>
>>> Signed-off-by: Aviad Yehezkel <aviadye at mellanox.com>
>>> ---
>>> examples/ipsec-secgw/esp.c | 8 ++++----
>>> 1 file changed, 4 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
>>> index aa2233d..81ebf55 100644
>>> --- a/examples/ipsec-secgw/esp.c
>>> +++ b/examples/ipsec-secgw/esp.c
>>> @@ -336,7 +336,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa
>>> *sa,
>>> if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
>>> uint8_t *aad;
>>> - *iv = sa->seq;
>>> + *iv = rte_cpu_to_be_64(sa->seq);
>>> sym_cop->aead.data.offset = ip_hdr_len +
>>> sizeof(struct esp_hdr) + sa->iv_len;
>>> sym_cop->aead.data.length = pad_payload_len;
>>> @@ -349,7 +349,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa
>>> *sa,
>>> struct cnt_blk *icb = get_cnt_blk(m);
>>> icb->salt = sa->salt;
>>> - icb->iv = sa->seq;
>>> + icb->iv = rte_cpu_to_be_64(sa->seq);
>>> icb->cnt = rte_cpu_to_be_32(1);
>>> aad = get_aad(m);
>>> @@ -371,7 +371,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa
>>> *sa,
>>> sym_cop->cipher.data.length = pad_payload_len +
>>> sa->iv_len;
>>> break;
>>> case RTE_CRYPTO_CIPHER_AES_CTR:
>>> - *iv = sa->seq;
>>> + *iv = rte_cpu_to_be_64(sa->seq);
>>> sym_cop->cipher.data.offset = ip_hdr_len +
>>> sizeof(struct esp_hdr) + sa->iv_len;
>>> sym_cop->cipher.data.length = pad_payload_len;
>>> @@ -390,7 +390,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa
>>> *sa,
>>> struct cnt_blk *icb = get_cnt_blk(m);
>>> icb->salt = sa->salt;
>>> - icb->iv = sa->seq;
>>> + icb->iv = rte_cpu_to_be_64(sa->seq);
>>> icb->cnt = rte_cpu_to_be_32(1);
>>> switch (sa->auth_algo) {
>>
>>
>
More information about the dev
mailing list