From: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>
To: Lukas Bartosik <lbartosik@marvell.com>
Cc: "dev@dpdk.org" <dev@dpdk.org>, Anoob Joseph <anoobj@marvell.com>
Subject: Re: [dpdk-dev] [EXT] Re: [PATCH] ipsec: include high order bytes of esn in pkt len
Date: Tue, 14 May 2019 13:52:31 +0000 [thread overview]
Message-ID: <2601191342CEEE43887BDE71AB9772580161632AB4@irsmsx105.ger.corp.intel.com> (raw)
Message-ID: <20190514135231._Cm7Nuo-ICuhzHSjKBa-GmNVNdOT-fO3NBf0Cw4sV6g@z> (raw)
In-Reply-To: <96a01cc7-6368-8096-4976-b117de8c31f0@marvell.com>
Hi Lukasz,
> >>
> >> When esn is used then high-order 32 bits are included in ICV
> >> calculation however are not transmitted. Update packet length
> >> to be consistent with auth data offset and length before crypto
> >> operation. High-order 32 bits of esn will be removed from packet
> >> length in crypto post processing.
> >
> > Hi Lukasz,
> > Why you want to do it?
> > I deliberately didn't include SQH bits into the pkt_len/data_len,
> > because it is a temporary data and we are going to drop it anyway.
> > Konstantin
> >
> > Hi Konstantin,
> > Our OcteonTx crypto driver validates pkt_len with auth data length/offset and it complains
> > because it is told to authenticate more data that a packet holds (according to pkt_len).
Thanks for explanation, just to confirm about the check in your PMD:
You are talking about struct rte_crypto_sym_op auth.data.offset and auth.data.length,
i.e: auth.data.offset + auth.data.length > pkt_len
Or something else?
find drivers/*/octeon* -type f | xargs grep -l 'auth\.data\.'
returns no results.
Konstantin
> > I came across this when running IPSec tests which use esn.
> > I understand that sqh 32 bits are temporary and included only for ICV calculation however
> > not including them in pkt_len for crypto processing is inconsistent in my opinion.
> > Thanks,
> > Lukasz
> >
>
> Hi Konstantin,
>
> I should have elaborated more. When 32 high bits of esn are not included in
> packet length then auth offset and data point to data which is outside packet
> (according to packet length).
> This makes crypto request (auth data length and offset) incoherent with a packet
> which the crypto request points to.
>
> This is my argument for including 32 high bits of esn into packet length even
> though the inclusion is only temporary.
>
> Thanks,
> Lukasz
>
next prev parent reply other threads:[~2019-05-14 13:52 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-30 14:55 [dpdk-dev] " Lukasz Bartosik
2019-04-30 14:55 ` Lukasz Bartosik
2019-04-30 15:05 ` Ananyev, Konstantin
2019-04-30 15:05 ` Ananyev, Konstantin
2019-04-30 15:38 ` Lukas Bartosik
2019-04-30 15:38 ` Lukas Bartosik
2019-05-07 14:48 ` [dpdk-dev] [EXT] " Lukas Bartosik
2019-05-07 14:48 ` Lukas Bartosik
2019-05-09 11:59 ` Ananyev, Konstantin
2019-05-09 11:59 ` Ananyev, Konstantin
2019-05-14 13:52 ` Ananyev, Konstantin [this message]
2019-05-14 13:52 ` Ananyev, Konstantin
2019-05-14 14:31 ` Lukas Bartosik
2019-05-14 14:31 ` Lukas Bartosik
2019-05-19 14:47 ` [dpdk-dev] " Ananyev, Konstantin
2019-05-20 11:13 ` Lukas Bartosik
2019-05-23 12:11 ` [dpdk-dev] [PATCH v2] " Lukasz Bartosik
2019-05-30 16:51 ` Ananyev, Konstantin
2019-05-31 16:09 ` Lukas Bartosik
2019-06-05 15:31 ` [dpdk-dev] [PATCH v3] " Lukasz Bartosik
2019-06-06 14:45 ` Ananyev, Konstantin
2019-06-20 13:25 ` Akhil Goyal
2019-06-25 12:49 ` Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2601191342CEEE43887BDE71AB9772580161632AB4@irsmsx105.ger.corp.intel.com \
--to=konstantin.ananyev@intel.com \
--cc=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=lbartosik@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).