diff mbox

[dpdk-dev,v2,5/6] examples/ipsec-secgw: iv should be be64

Message ID	1508439184-17893-5-git-send-email-aviadye@dev.mellanox.co.il (mailing list archive)
State	Superseded, archived
Delegated to:	Pablo de Lara Guarch
Headers	From: aviadye@dev.mellanox.co.il To: dev@dpdk.org, sergio.gonzalez.monroy@intel.com, pablo.de.lara.guarch@intel.com, aviadye@mellanox.com Cc: borisp@mellanox.com, akhil.goyal@nxp.com, hemant.agrawal@nxp.com, radu.nicolau@intel.com, declan.doherty@intel.com, aviadye@dev.mellanox.co.il, liranl@mellanox.com, nelio.laranjeiro@6wind.com, thomas@monjalon.net Date: Thu, 19 Oct 2017 21:53:03 +0300 Message-Id: <1508439184-17893-5-git-send-email-aviadye@dev.mellanox.co.il> In-Reply-To: <1508439184-17893-1-git-send-email-aviadye@dev.mellanox.co.il> References: <1507987683-12315-1-git-send-email-aviadye@dev.mellanox.co.il> <1508439184-17893-1-git-send-email-aviadye@dev.mellanox.co.il> Subject: [dpdk-dev] [PATCH v2 5/6] examples/ipsec-secgw: iv should be be64 Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/Intel-compilation	success	Compilation OK

Commit Message

Aviad Yehezkel Oct. 19, 2017, 6:53 p.m. UTC

  From: Aviad Yehezkel <aviadye@mellanox.com>

According to rfc4106 the IV should be unique
and can be implemented as counter.
The changed was created because putting an analyzer
on wire and comparing packets generated by this
application and Linux kernel.
Linux kernel sets IV as BE, so it is worth to do
the same for future debug / comparison.

Issue: None
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
--
v2:
* Fix commit message
---
 examples/ipsec-secgw/esp.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

Comments

Radu Nicolau Oct. 20, 2017, 3:28 p.m. UTC | #1

On 10/19/2017 7:53 PM, aviadye@dev.mellanox.co.il wrote:
> From: Aviad Yehezkel <aviadye@mellanox.com>
>
> According to rfc4106 the IV should be unique
> and can be implemented as counter.
> The changed was created because putting an analyzer
> on wire and comparing packets generated by this
> application and Linux kernel.
> Linux kernel sets IV as BE, so it is worth to do
> the same for future debug / comparison.
>
> Issue: None
> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
> --
> v2:
> * Fix commit message
> ---
>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>

diff mbox

Patch

diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 6215ad4..de55c35 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -336,7 +336,7 @@  esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 	if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
 		uint8_t *aad;
 
-		*iv = sa->seq;
+		*iv = rte_cpu_to_be_64(sa->seq);
 		sym_cop->aead.data.offset = ip_hdr_len +
 			sizeof(struct esp_hdr) + sa->iv_len;
 		sym_cop->aead.data.length = pad_payload_len;
@@ -349,7 +349,7 @@  esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 
 		struct cnt_blk *icb = get_cnt_blk(m);
 		icb->salt = sa->salt;
-		icb->iv = sa->seq;
+		icb->iv = rte_cpu_to_be_64(sa->seq);
 		icb->cnt = rte_cpu_to_be_32(1);
 
 		aad = get_aad(m);
@@ -372,7 +372,7 @@  esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 			sym_cop->cipher.data.length = pad_payload_len + sa->iv_len;
 			break;
 		case RTE_CRYPTO_CIPHER_AES_CTR:
-			*iv = sa->seq;
+			*iv = rte_cpu_to_be_64(sa->seq);
 			sym_cop->cipher.data.offset = ip_hdr_len +
 				sizeof(struct esp_hdr) + sa->iv_len;
 			sym_cop->cipher.data.length = pad_payload_len;
@@ -391,7 +391,7 @@  esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
 
 		struct cnt_blk *icb = get_cnt_blk(m);
 		icb->salt = sa->salt;
-		icb->iv = sa->seq;
+		icb->iv = rte_cpu_to_be_64(sa->seq);
 		icb->cnt = rte_cpu_to_be_32(1);
 
 		switch (sa->auth_algo) {