Re: [dpdk-dev] [PATCH 08/11] examples/ipsec-secgw: iv should be be64

Mon, 16 Oct 2017 03:35:41 -0700 


On 10/16/2017 12:42 PM, Sergio Gonzalez Monroy wrote:

On 14/10/2017 14:28, avia...@dev.mellanox.co.il wrote:

From: Aviad Yehezkel <avia...@mellanox.com>

To be compatibile with Linux kernel


I am not sure what you are trying to achieve with this change.
The requirement is that the IV is unique, IMO changing the endianess is irrelevant here. 
Can you provide case/example where current code does not work?

Thanks,
Sergio

You are right, according to rfc4106 the IV should be unique and can be
implemented as counter.
The changed was created because I put analyzer on wire and compare
packets generated by this application and Linux kernel.
Linux kernel sets IV as BE, so I thought it is worth to do the same for
future debug / comparison.

Thanks,
Aviad.




Signed-off-by: Aviad Yehezkel <avia...@mellanox.com>
---
  examples/ipsec-secgw/esp.c | 8 ++++----
  1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index aa2233d..81ebf55 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -336,7 +336,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa, 
      if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
          uint8_t *aad;
  -        *iv = sa->seq;
+        *iv = rte_cpu_to_be_64(sa->seq);
          sym_cop->aead.data.offset = ip_hdr_len +
              sizeof(struct esp_hdr) + sa->iv_len;
          sym_cop->aead.data.length = pad_payload_len;
@@ -349,7 +349,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa, 
            struct cnt_blk *icb = get_cnt_blk(m);
          icb->salt = sa->salt;
-        icb->iv = sa->seq;
+        icb->iv = rte_cpu_to_be_64(sa->seq);
          icb->cnt = rte_cpu_to_be_32(1);
            aad = get_aad(m);
@@ -371,7 +371,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,               sym_cop->cipher.data.length = pad_payload_len + sa->iv_len; 
              break;
          case RTE_CRYPTO_CIPHER_AES_CTR:
-            *iv = sa->seq;
+            *iv = rte_cpu_to_be_64(sa->seq);
              sym_cop->cipher.data.offset = ip_hdr_len +
                  sizeof(struct esp_hdr) + sa->iv_len;
              sym_cop->cipher.data.length = pad_payload_len;
@@ -390,7 +390,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa, 
            struct cnt_blk *icb = get_cnt_blk(m);
          icb->salt = sa->salt;
-        icb->iv = sa->seq;
+        icb->iv = rte_cpu_to_be_64(sa->seq);
          icb->cnt = rte_cpu_to_be_32(1);
            switch (sa->auth_algo) {

Reply via email to