From: Lukas Bartosik <lbartosik@marvell.com>
To: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>
Cc: "dev@dpdk.org" <dev@dpdk.org>, Anoob Joseph <anoobj@marvell.com>
Subject: Re: [dpdk-dev] [EXT] Re: [PATCH] ipsec: include high order bytes of esn in pkt len
Date: Tue, 14 May 2019 14:31:18 +0000 [thread overview]
Message-ID: <e513aabc-add5-82b3-f473-28ae045df513@marvell.com> (raw)
Message-ID: <20190514143118.j2mrKX3Gla0ozxTM5GvYJWJkb_wEdJW-CKaZcJ8n_HU@z> (raw)
In-Reply-To: <2601191342CEEE43887BDE71AB9772580161632AB4@irsmsx105.ger.corp.intel.com>
On 14.05.2019 15:52, Ananyev, Konstantin wrote:
> Hi Lukasz,
>
>>>>
>>>> When esn is used then high-order 32 bits are included in ICV
>>>> calculation however are not transmitted. Update packet length
>>>> to be consistent with auth data offset and length before crypto
>>>> operation. High-order 32 bits of esn will be removed from packet
>>>> length in crypto post processing.
>>>
>>> Hi Lukasz,
>>> Why you want to do it?
>>> I deliberately didn't include SQH bits into the pkt_len/data_len,
>>> because it is a temporary data and we are going to drop it anyway.
>>> Konstantin
>>>
>>> Hi Konstantin,
>>> Our OcteonTx crypto driver validates pkt_len with auth data length/offset and it complains
>>> because it is told to authenticate more data that a packet holds (according to pkt_len).
>
> Thanks for explanation, just to confirm about the check in your PMD:
> You are talking about struct rte_crypto_sym_op auth.data.offset and auth.data.length,
> i.e: auth.data.offset + auth.data.length > pkt_len
> Or something else?
>
> find drivers/*/octeon* -type f | xargs grep -l 'auth\.data\.'
> returns no results.
>
> Konstantin
>
Hi Konstantin
This is exactly auth.data.length and auth.data.offset from rte_crypto_sym_op.
The check takes place in drivers/common/cpt/cpt_ucode.h in cpt_dec_hmac_prep function
although there is no direct check for auth.data.offset + auth.data.length > pkt_len
as at this point auth.data.offset, auth.data.length and pkt_len are stored in
internal structures related to how we process crypto requests.
Thanks,
Lukasz
>>> I came across this when running IPSec tests which use esn.
>>> I understand that sqh 32 bits are temporary and included only for ICV calculation however
>>> not including them in pkt_len for crypto processing is inconsistent in my opinion.
>>> Thanks,
>>> Lukasz
>>>
>>
>> Hi Konstantin,
>>
>> I should have elaborated more. When 32 high bits of esn are not included in
>> packet length then auth offset and data point to data which is outside packet
>> (according to packet length).
>> This makes crypto request (auth data length and offset) incoherent with a packet
>> which the crypto request points to.
>>
>> This is my argument for including 32 high bits of esn into packet length even
>> though the inclusion is only temporary.
>>
>> Thanks,
>> Lukasz
>>
next prev parent reply other threads:[~2019-05-14 14:31 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-30 14:55 [dpdk-dev] " Lukasz Bartosik
2019-04-30 14:55 ` Lukasz Bartosik
2019-04-30 15:05 ` Ananyev, Konstantin
2019-04-30 15:05 ` Ananyev, Konstantin
2019-04-30 15:38 ` Lukas Bartosik
2019-04-30 15:38 ` Lukas Bartosik
2019-05-07 14:48 ` [dpdk-dev] [EXT] " Lukas Bartosik
2019-05-07 14:48 ` Lukas Bartosik
2019-05-09 11:59 ` Ananyev, Konstantin
2019-05-09 11:59 ` Ananyev, Konstantin
2019-05-14 13:52 ` Ananyev, Konstantin
2019-05-14 13:52 ` Ananyev, Konstantin
2019-05-14 14:31 ` Lukas Bartosik [this message]
2019-05-14 14:31 ` Lukas Bartosik
2019-05-19 14:47 ` [dpdk-dev] " Ananyev, Konstantin
2019-05-20 11:13 ` Lukas Bartosik
2019-05-23 12:11 ` [dpdk-dev] [PATCH v2] " Lukasz Bartosik
2019-05-30 16:51 ` Ananyev, Konstantin
2019-05-31 16:09 ` Lukas Bartosik
2019-06-05 15:31 ` [dpdk-dev] [PATCH v3] " Lukasz Bartosik
2019-06-06 14:45 ` Ananyev, Konstantin
2019-06-20 13:25 ` Akhil Goyal
2019-06-25 12:49 ` Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e513aabc-add5-82b3-f473-28ae045df513@marvell.com \
--to=lbartosik@marvell.com \
--cc=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=konstantin.ananyev@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).