Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/96867/?format=api
http://patchwork.dpdk.org/api/patches/96867/?format=api", "web_url": "http://patchwork.dpdk.org/project/dpdk/patch/20210812135425.698189-10-radu.nicolau@intel.com/", "project": { "id": 1, "url": "http://patchwork.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20210812135425.698189-10-radu.nicolau@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20210812135425.698189-10-radu.nicolau@intel.com", "date": "2021-08-12T13:54:24", "name": "[v2,09/10] ipsec: add support for initial SQN value", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "8eee2987db0437c2ef62b054810ed45f3bf98c27", "submitter": { "id": 743, "url": "http://patchwork.dpdk.org/api/people/743/?format=api", "name": "Radu Nicolau", "email": "radu.nicolau@intel.com" }, "delegate": { "id": 6690, "url": "http://patchwork.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patchwork.dpdk.org/project/dpdk/patch/20210812135425.698189-10-radu.nicolau@intel.com/mbox/", "series": [ { "id": 18265, "url": "http://patchwork.dpdk.org/api/series/18265/?format=api", "web_url": "http://patchwork.dpdk.org/project/dpdk/list/?series=18265", "date": "2021-08-12T13:54:15", "name": "new features for ipsec and security libraries", "version": 2, "mbox": "http://patchwork.dpdk.org/series/18265/mbox/" } ], "comments": "http://patchwork.dpdk.org/api/patches/96867/comments/", "check": "success", "checks": "http://patchwork.dpdk.org/api/patches/96867/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 0EEC1A0C4E;\n\tThu, 12 Aug 2021 16:11:21 +0200 (CEST)", "from [217.70.189.124] (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id F375D41257;\n\tThu, 12 Aug 2021 16:10:38 +0200 (CEST)", "from mga05.intel.com (mga05.intel.com [192.55.52.43])\n by mails.dpdk.org (Postfix) with ESMTP id 70F8941244\n for <dev@dpdk.org>; Thu, 12 Aug 2021 16:10:36 +0200 (CEST)", "from fmsmga007.fm.intel.com ([10.253.24.52])\n by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 12 Aug 2021 07:10:36 -0700", "from silpixa00400884.ir.intel.com ([10.243.22.82])\n by fmsmga007.fm.intel.com with ESMTP; 12 Aug 2021 07:10:32 -0700" ], "X-IronPort-AV": [ "E=McAfee;i=\"6200,9189,10074\"; a=\"300944468\"", "E=Sophos;i=\"5.84,316,1620716400\"; d=\"scan'208\";a=\"300944468\"", "E=Sophos;i=\"5.84,316,1620716400\"; d=\"scan'208\";a=\"446554493\"" ], "X-ExtLoop1": "1", "From": "Radu Nicolau <radu.nicolau@intel.com>", "To": "", "Cc": "dev@dpdk.org, mdr@ashroe.eu, konstantin.ananyev@intel.com,\n vladimir.medvedkin@intel.com, bruce.richardson@intel.com,\n hemant.agrawal@nxp.com, gakhil@marvell.com, anoobj@marvell.com,\n declan.doherty@intel.com, abhijit.sinha@intel.com,\n daniel.m.buckley@intel.com, marchana@marvell.com, ktejasree@marvell.com,\n matan@nvidia.com, Radu Nicolau <radu.nicolau@intel.com>,\n Abhijit Sinha <abhijits.sinha@intel.com>", "Date": "Thu, 12 Aug 2021 14:54:24 +0100", "Message-Id": "<20210812135425.698189-10-radu.nicolau@intel.com>", "X-Mailer": "git-send-email 2.25.1", "In-Reply-To": "<20210812135425.698189-1-radu.nicolau@intel.com>", "References": "<20210713133542.3550525-1-radu.nicolau@intel.com>\n <20210812135425.698189-1-radu.nicolau@intel.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Subject": "[dpdk-dev] [PATCH v2 09/10] ipsec: add support for initial SQN value", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "Update IPsec library to support initial SQN value.\n\nSigned-off-by: Declan Doherty <declan.doherty@intel.com>\nSigned-off-by: Radu Nicolau <radu.nicolau@intel.com>\nSigned-off-by: Abhijit Sinha <abhijits.sinha@intel.com>\nSigned-off-by: Daniel Martin Buckley <daniel.m.buckley@intel.com>\n---\n lib/ipsec/esp_outb.c | 19 ++++++++++++-------\n lib/ipsec/sa.c | 29 ++++++++++++++++++++++-------\n 2 files changed, 34 insertions(+), 14 deletions(-)", "diff": "diff --git a/lib/ipsec/esp_outb.c b/lib/ipsec/esp_outb.c\nindex 2c02c3bb12..8a6d09558f 100644\n--- a/lib/ipsec/esp_outb.c\n+++ b/lib/ipsec/esp_outb.c\n@@ -661,7 +661,7 @@ esp_outb_sqh_process(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[],\n */\n static inline void\n inline_outb_mbuf_prepare(const struct rte_ipsec_session *ss,\n-\tstruct rte_mbuf *mb[], uint16_t num)\n+\tstruct rte_mbuf *mb[], uint16_t num, uint64_t *sqn)\n {\n \tuint32_t i, ol_flags, bytes = 0;\n \n@@ -672,7 +672,7 @@ inline_outb_mbuf_prepare(const struct rte_ipsec_session *ss,\n \t\tbytes += mb[i]->data_len;\n \t\tif (ol_flags != 0)\n \t\t\trte_security_set_pkt_metadata(ss->security.ctx,\n-\t\t\t\tss->security.ses, mb[i], NULL);\n+\t\t\t\tss->security.ses, mb[i], sqn);\n \t}\n \tss->sa->statistics.count += num;\n \tss->sa->statistics.bytes += bytes - (ss->sa->hdr_len * num);\n@@ -764,7 +764,10 @@ inline_outb_tun_pkt_process(const struct rte_ipsec_session *ss,\n \tif (k != num && k != 0)\n \t\tmove_bad_mbufs(mb, dr, num, num - k);\n \n-\tinline_outb_mbuf_prepare(ss, mb, k);\n+\tif (sa->sqn_mask > UINT32_MAX)\n+\t\tinline_outb_mbuf_prepare(ss, mb, k, &sqn);\n+\telse\n+\t\tinline_outb_mbuf_prepare(ss, mb, k, NULL);\n \treturn k;\n }\n \n@@ -799,8 +802,7 @@ inline_outb_trs_pkt_process(const struct rte_ipsec_session *ss,\n \tif (nb_sqn_alloc != nb_sqn)\n \t\trte_errno = EOVERFLOW;\n \n-\tk = 0;\n-\tfor (i = 0; i != num; i++) {\n+\tfor (i = 0, k = 0; i != num; i++) {\n \n \t\tsqc = rte_cpu_to_be_64(sqn + i);\n \t\tgen_iv(iv, sqc);\n@@ -828,7 +830,10 @@ inline_outb_trs_pkt_process(const struct rte_ipsec_session *ss,\n \tif (k != num && k != 0)\n \t\tmove_bad_mbufs(mb, dr, num, num - k);\n \n-\tinline_outb_mbuf_prepare(ss, mb, k);\n+\tif (sa->sqn_mask > UINT32_MAX)\n+\t\tinline_outb_mbuf_prepare(ss, mb, k, &sqn);\n+\telse\n+\t\tinline_outb_mbuf_prepare(ss, mb, k, NULL);\n \treturn k;\n }\n \n@@ -840,6 +845,6 @@ uint16_t\n inline_proto_outb_pkt_process(const struct rte_ipsec_session *ss,\n \tstruct rte_mbuf *mb[], uint16_t num)\n {\n-\tinline_outb_mbuf_prepare(ss, mb, num);\n+\tinline_outb_mbuf_prepare(ss, mb, num, NULL);\n \treturn num;\n }\ndiff --git a/lib/ipsec/sa.c b/lib/ipsec/sa.c\nindex 5b55bbc098..242fdcd461 100644\n--- a/lib/ipsec/sa.c\n+++ b/lib/ipsec/sa.c\n@@ -294,11 +294,11 @@ esp_inb_tun_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm)\n * Init ESP outbound specific things.\n */\n static void\n-esp_outb_init(struct rte_ipsec_sa *sa, uint32_t hlen)\n+esp_outb_init(struct rte_ipsec_sa *sa, uint32_t hlen, uint64_t sqn)\n {\n \tuint8_t algo_type;\n \n-\tsa->sqn.outb = 1;\n+\tsa->sqn.outb = sqn;\n \n \talgo_type = sa->algo_type;\n \n@@ -356,6 +356,8 @@ esp_outb_init(struct rte_ipsec_sa *sa, uint32_t hlen)\n static void\n esp_outb_tun_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm)\n {\n+\tuint64_t sqn = prm->ipsec_xform.esn.value > 0 ?\n+\t\t\tprm->ipsec_xform.esn.value : 0;\n \tsa->proto = prm->tun.next_proto;\n \tsa->hdr_len = prm->tun.hdr_len;\n \tsa->hdr_l3_off = prm->tun.hdr_l3_off;\n@@ -366,7 +368,7 @@ esp_outb_tun_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm)\n \n \tmemcpy(sa->hdr, prm->tun.hdr, sa->hdr_len);\n \n-\tesp_outb_init(sa, sa->hdr_len);\n+\tesp_outb_init(sa, sa->hdr_len, sqn);\n }\n \n /*\n@@ -376,6 +378,8 @@ static int\n esp_sa_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm,\n \tconst struct crypto_xform *cxf)\n {\n+\tuint64_t sqn = prm->ipsec_xform.esn.value > 0 ?\n+\t\t\tprm->ipsec_xform.esn.value : 0;\n \tstatic const uint64_t msk = RTE_IPSEC_SATP_DIR_MASK |\n \t\t\t\tRTE_IPSEC_SATP_MODE_MASK |\n \t\t\t\tRTE_IPSEC_SATP_NATT_MASK;\n@@ -492,7 +496,7 @@ esp_sa_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm,\n \tcase (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TRANS |\n \t\t\tRTE_IPSEC_SATP_NATT_ENABLE):\n \tcase (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TRANS):\n-\t\tesp_outb_init(sa, 0);\n+\t\tesp_outb_init(sa, 0, sqn);\n \t\tbreak;\n \t}\n \n@@ -503,15 +507,19 @@ esp_sa_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm,\n * helper function, init SA replay structure.\n */\n static void\n-fill_sa_replay(struct rte_ipsec_sa *sa, uint32_t wnd_sz, uint32_t nb_bucket)\n+fill_sa_replay(struct rte_ipsec_sa *sa,\n+\t\tuint32_t wnd_sz, uint32_t nb_bucket, uint64_t sqn)\n {\n \tsa->replay.win_sz = wnd_sz;\n \tsa->replay.nb_bucket = nb_bucket;\n \tsa->replay.bucket_index_mask = nb_bucket - 1;\n \tsa->sqn.inb.rsn[0] = (struct replay_sqn *)(sa + 1);\n-\tif ((sa->type & RTE_IPSEC_SATP_SQN_MASK) == RTE_IPSEC_SATP_SQN_ATOM)\n+\tsa->sqn.inb.rsn[0]->sqn = sqn;\n+\tif ((sa->type & RTE_IPSEC_SATP_SQN_MASK) == RTE_IPSEC_SATP_SQN_ATOM) {\n \t\tsa->sqn.inb.rsn[1] = (struct replay_sqn *)\n \t\t\t((uintptr_t)sa->sqn.inb.rsn[0] + rsn_size(nb_bucket));\n+\t\tsa->sqn.inb.rsn[1]->sqn = sqn;\n+\t}\n }\n \n int\n@@ -830,13 +838,20 @@ rte_ipsec_sa_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm,\n \tsa->sqn_mask = (prm->ipsec_xform.options.esn == 0) ?\n \t\tUINT32_MAX : UINT64_MAX;\n \n+\t/* if we are starting from a non-zero sn value */\n+\tif (prm->ipsec_xform.esn.value > 0) {\n+\t\tif (prm->ipsec_xform.direction ==\n+\t\t\t\tRTE_SECURITY_IPSEC_SA_DIR_EGRESS)\n+\t\t\tsa->sqn.outb = prm->ipsec_xform.esn.value;\n+\t}\n+\n \trc = esp_sa_init(sa, prm, &cxf);\n \tif (rc != 0)\n \t\trte_ipsec_sa_fini(sa);\n \n \t/* fill replay window related fields */\n \tif (nb != 0)\n-\t\tfill_sa_replay(sa, wsz, nb);\n+\t\tfill_sa_replay(sa, wsz, nb, prm->ipsec_xform.esn.value);\n \n \treturn sz;\n }\n", "prefixes": [ "v2", "09/10" ] }{ "id": 96867, "url": "