From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <konstantin.ananyev@intel.com>
Received: from mga11.intel.com (mga11.intel.com [192.55.52.93])
 by dpdk.org (Postfix) with ESMTP id 0269444C3
 for <dev@dpdk.org>; Tue, 30 Apr 2019 17:05:33 +0200 (CEST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga001.jf.intel.com ([10.7.209.18])
 by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 30 Apr 2019 08:05:33 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.60,414,1549958400"; d="scan'208";a="228085538"
Received: from irsmsx108.ger.corp.intel.com ([163.33.3.3])
 by orsmga001.jf.intel.com with ESMTP; 30 Apr 2019 08:05:31 -0700
Received: from irsmsx111.ger.corp.intel.com (10.108.20.4) by
 IRSMSX108.ger.corp.intel.com (163.33.3.3) with Microsoft SMTP Server (TLS) id
 14.3.408.0; Tue, 30 Apr 2019 16:05:30 +0100
Received: from irsmsx105.ger.corp.intel.com ([169.254.7.31]) by
 irsmsx111.ger.corp.intel.com ([169.254.2.85]) with mapi id 14.03.0415.000;
 Tue, 30 Apr 2019 16:05:30 +0100
From: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>
To: Lukasz Bartosik <lbartosik@marvell.com>
CC: "dev@dpdk.org" <dev@dpdk.org>, "anoobj@marvell.com" <anoobj@marvell.com>
Thread-Topic: [PATCH] ipsec: include high order bytes of esn in pkt len
Thread-Index: AQHU/2Tjbnoxxn6xQkWOyA+XCdWcPKZUy7AQ
Date: Tue, 30 Apr 2019 15:05:29 +0000
Message-ID: <2601191342CEEE43887BDE71AB9772580148A9DA2D@irsmsx105.ger.corp.intel.com>
References: <1556636155-26299-1-git-send-email-lbartosik@marvell.com>
In-Reply-To: <1556636155-26299-1-git-send-email-lbartosik@marvell.com>
Accept-Language: en-IE, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiOTJhYTYzN2EtZjdiNy00OGY2LWFjOGEtNjU3NTg5ODQ5ODQ1IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiM0lwNDRzenRyVFgyOHdsSDZGaWE0NHYwajQ0a1NCVGhQTDJSTndEbUlQUnhBZjFnTjdUNWZnbU80Tm9DSVZSSyJ9
x-ctpclassification: CTP_NT
dlp-product: dlpe-windows
dlp-version: 11.0.600.7
dlp-reaction: no-action
x-originating-ip: [163.33.239.180]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [dpdk-dev] [PATCH] ipsec: include high order bytes of esn in
	pkt len
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Apr 2019 15:05:34 -0000



> -----Original Message-----
> From: Lukasz Bartosik [mailto:lbartosik@marvell.com]
> Sent: Tuesday, April 30, 2019 3:56 PM
> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>
> Cc: dev@dpdk.org; anoobj@marvell.com; Lukasz Bartosik <lbartosik@marvell.=
com>
> Subject: [PATCH] ipsec: include high order bytes of esn in pkt len
>=20
> When esn is used then high-order 32 bits are included in ICV
> calculation however are not transmitted. Update packet length
> to be consistent with auth data offset and length before crypto
> operation. High-order 32 bits of esn will be removed from packet
> length in crypto post processing.

Hi Lukasz,
Why you want to do it?
I deliberately didn't include SQH bits into the pkt_len/data_len,
because it is a temporary data and we are going to drop it anyway.=20
Konstantin

>=20
> Change-Id: I5ba50e341059a8d6a5e4ce7c626dfe7b9173740b
> Signed-off-by: Lukasz Bartosik <lbartosik@marvell.com>
> ---
>  lib/librte_ipsec/esp_inb.c  | 56 +++++++++++++++++++++++++++++++++++++--=
------
>  lib/librte_ipsec/esp_outb.c | 31 +++++++++++++++++++++++++
>  lib/librte_ipsec/sa.c       |  4 ++--
>  lib/librte_ipsec/sa.h       |  8 +++++++
>  4 files changed, 87 insertions(+), 12 deletions(-)
>=20
> diff --git a/lib/librte_ipsec/esp_inb.c b/lib/librte_ipsec/esp_inb.c
> index 4e0e12a..eb899e3 100644
> --- a/lib/librte_ipsec/esp_inb.c
> +++ b/lib/librte_ipsec/esp_inb.c
> @@ -16,7 +16,8 @@
>  #include "pad.h"
>=20
>  typedef uint16_t (*esp_inb_process_t)(const struct rte_ipsec_sa *sa,
> -	struct rte_mbuf *mb[], uint32_t sqn[], uint32_t dr[], uint16_t num);
> +	struct rte_mbuf *mb[], uint32_t sqn[], uint32_t dr[], uint16_t num,
> +	uint8_t is_inline);
>=20
>  /*
>   * helper function to fill crypto_sym op for cipher+auth algorithms.
> @@ -181,6 +182,15 @@ inb_pkt_prepare(const struct rte_ipsec_sa *sa, const=
 struct replay_sqn *rsn,
>  	icv->va =3D rte_pktmbuf_mtod_offset(ml, void *, icv_ofs);
>  	icv->pa =3D rte_pktmbuf_iova_offset(ml, icv_ofs);
>=20
> +	/*
> +	 * if esn is used then high-order 32 bits are also used in ICV
> +	 * calculation but are not transmitted, update packet length
> +	 * to be consistent with auth data length and offset, this will
> +	 * be subtracted from packet length in post crypto processing
> +	 */
> +	mb->pkt_len +=3D sa->sqh_len;
> +	ml->data_len +=3D sa->sqh_len;
> +
>  	inb_pkt_xprepare(sa, sqn, icv);
>  	return plen;
>  }
> @@ -373,14 +383,20 @@ tun_process_step3(struct rte_mbuf *mb, uint64_t txo=
f_msk, uint64_t txof_val)
>   */
>  static inline uint16_t
>  tun_process(const struct rte_ipsec_sa *sa, struct rte_mbuf *mb[],
> -	uint32_t sqn[], uint32_t dr[], uint16_t num)
> +	uint32_t sqn[], uint32_t dr[], uint16_t num, uint8_t is_inline)
>  {
>  	uint32_t adj, i, k, tl;
>  	uint32_t hl[num];
>  	struct esp_tail espt[num];
>  	struct rte_mbuf *ml[num];
>=20
> -	const uint32_t tlen =3D sa->icv_len + sizeof(espt[0]);
> +	/*
> +	 * remove high-order 32 bits of esn from packet length
> +	 * which was added before crypto processing, this doesn't
> +	 * apply to inline case
> +	 */
> +	const uint32_t tlen =3D sa->icv_len + sizeof(espt[0]) +
> +				(is_inline ? 0 : sa->sqh_len);
>  	const uint32_t cofs =3D sa->ctp.cipher.offset;
>=20
>  	/*
> @@ -420,7 +436,7 @@ tun_process(const struct rte_ipsec_sa *sa, struct rte=
_mbuf *mb[],
>   */
>  static inline uint16_t
>  trs_process(const struct rte_ipsec_sa *sa, struct rte_mbuf *mb[],
> -	uint32_t sqn[], uint32_t dr[], uint16_t num)
> +	uint32_t sqn[], uint32_t dr[], uint16_t num, uint8_t is_inline)
>  {
>  	char *np;
>  	uint32_t i, k, l2, tl;
> @@ -428,7 +444,13 @@ trs_process(const struct rte_ipsec_sa *sa, struct rt=
e_mbuf *mb[],
>  	struct esp_tail espt[num];
>  	struct rte_mbuf *ml[num];
>=20
> -	const uint32_t tlen =3D sa->icv_len + sizeof(espt[0]);
> +	/*
> +	 * remove high-order 32 bits of esn from packet length
> +	 * which was added before crypto processing, this doesn't
> +	 * apply to inline case
> +	 */
> +	const uint32_t tlen =3D sa->icv_len + sizeof(espt[0]) +
> +				(is_inline ? 0 : sa->sqh_len);
>  	const uint32_t cofs =3D sa->ctp.cipher.offset;
>=20
>  	/*
> @@ -496,8 +518,8 @@ esp_inb_rsn_update(struct rte_ipsec_sa *sa, const uin=
t32_t sqn[],
>   * process group of ESP inbound packets.
>   */
>  static inline uint16_t
> -esp_inb_pkt_process(const struct rte_ipsec_session *ss,
> -	struct rte_mbuf *mb[], uint16_t num, esp_inb_process_t process)
> +esp_inb_pkt_process(const struct rte_ipsec_session *ss, struct rte_mbuf =
*mb[],
> +	uint16_t num, uint8_t is_inline, esp_inb_process_t process)
>  {
>  	uint32_t k, n;
>  	struct rte_ipsec_sa *sa;
> @@ -507,7 +529,7 @@ esp_inb_pkt_process(const struct rte_ipsec_session *s=
s,
>  	sa =3D ss->sa;
>=20
>  	/* process packets, extract seq numbers */
> -	k =3D process(sa, mb, sqn, dr, num);
> +	k =3D process(sa, mb, sqn, dr, num, is_inline);
>=20
>  	/* handle unprocessed mbufs */
>  	if (k !=3D num && k !=3D 0)
> @@ -533,7 +555,14 @@ uint16_t
>  esp_inb_tun_pkt_process(const struct rte_ipsec_session *ss,
>  	struct rte_mbuf *mb[], uint16_t num)
>  {
> -	return esp_inb_pkt_process(ss, mb, num, tun_process);
> +	return esp_inb_pkt_process(ss, mb, num, 0, tun_process);
> +}
> +
> +uint16_t
> +inline_inb_tun_pkt_process(const struct rte_ipsec_session *ss,
> +	struct rte_mbuf *mb[], uint16_t num)
> +{
> +	return esp_inb_pkt_process(ss, mb, num, 1, tun_process);
>  }
>=20
>  /*
> @@ -543,5 +572,12 @@ uint16_t
>  esp_inb_trs_pkt_process(const struct rte_ipsec_session *ss,
>  	struct rte_mbuf *mb[], uint16_t num)
>  {
> -	return esp_inb_pkt_process(ss, mb, num, trs_process);
> +	return esp_inb_pkt_process(ss, mb, num, 0, trs_process);
> +}
> +
> +uint16_t
> +inline_inb_trs_pkt_process(const struct rte_ipsec_session *ss,
> +	struct rte_mbuf *mb[], uint16_t num)
> +{
> +	return esp_inb_pkt_process(ss, mb, num, 1, trs_process);
>  }
> diff --git a/lib/librte_ipsec/esp_outb.c b/lib/librte_ipsec/esp_outb.c
> index c798bc4..71a595e 100644
> --- a/lib/librte_ipsec/esp_outb.c
> +++ b/lib/librte_ipsec/esp_outb.c
> @@ -221,6 +221,7 @@ esp_outb_tun_prepare(const struct rte_ipsec_session *=
ss, struct rte_mbuf *mb[],
>  	uint32_t i, k, n;
>  	uint64_t sqn;
>  	rte_be64_t sqc;
> +	struct rte_mbuf *ml;
>  	struct rte_ipsec_sa *sa;
>  	struct rte_cryptodev_sym_session *cs;
>  	union sym_op_data icv;
> @@ -246,6 +247,19 @@ esp_outb_tun_prepare(const struct rte_ipsec_session =
*ss, struct rte_mbuf *mb[],
>=20
>  		/* success, setup crypto op */
>  		if (rc >=3D 0) {
> +			/*
> +			 * if esn is used then high-order 32 bits are also
> +			 * used in ICV calculation but are not transmitted,
> +			 * update packet length to be consistent with auth
> +			 * data length and offset, this will be subtracted
> +			 * from packet length in post crypto processing
> +			 */
> +			if (sa->sqh_len) {
> +				mb[i]->pkt_len +=3D sa->sqh_len;
> +				ml =3D rte_pktmbuf_lastseg(mb[i]);
> +				ml->data_len +=3D sa->sqh_len;
> +			}
> +
>  			outb_pkt_xprepare(sa, sqc, &icv);
>  			lksd_none_cop_prepare(cop[k], cs, mb[i]);
>  			outb_cop_prepare(cop[k], sa, iv, &icv, 0, rc);
> @@ -356,6 +370,7 @@ esp_outb_trs_prepare(const struct rte_ipsec_session *=
ss, struct rte_mbuf *mb[],
>  	uint32_t i, k, n, l2, l3;
>  	uint64_t sqn;
>  	rte_be64_t sqc;
> +	struct rte_mbuf *ml;
>  	struct rte_ipsec_sa *sa;
>  	struct rte_cryptodev_sym_session *cs;
>  	union sym_op_data icv;
> @@ -384,6 +399,19 @@ esp_outb_trs_prepare(const struct rte_ipsec_session =
*ss, struct rte_mbuf *mb[],
>=20
>  		/* success, setup crypto op */
>  		if (rc >=3D 0) {
> +			/*
> +			 * if esn is used then high-order 32 bits are also
> +			 * used in ICV calculation but are not transmitted,
> +			 * update packet length to be consistent with auth
> +			 * data length and offset, this will be subtracted
> +			 * from packet length in post crypto processing
> +			 */
> +			if (sa->sqh_len) {
> +				mb[i]->pkt_len +=3D sa->sqh_len;
> +				ml =3D rte_pktmbuf_lastseg(mb[i]);
> +				ml->data_len +=3D sa->sqh_len;
> +			}
> +
>  			outb_pkt_xprepare(sa, sqc, &icv);
>  			lksd_none_cop_prepare(cop[k], cs, mb[i]);
>  			outb_cop_prepare(cop[k], sa, iv, &icv, l2 + l3, rc);
> @@ -425,6 +453,9 @@ esp_outb_sqh_process(const struct rte_ipsec_session *=
ss, struct rte_mbuf *mb[],
>  	for (i =3D 0; i !=3D num; i++) {
>  		if ((mb[i]->ol_flags & PKT_RX_SEC_OFFLOAD_FAILED) =3D=3D 0) {
>  			ml =3D rte_pktmbuf_lastseg(mb[i]);
> +			/* remove high-order 32 bits of esn from packet len */
> +			mb[i]->pkt_len -=3D sa->sqh_len;
> +			ml->data_len -=3D sa->sqh_len;
>  			icv =3D rte_pktmbuf_mtod_offset(ml, void *,
>  				ml->data_len - icv_len);
>  			remove_sqh(icv, icv_len);
> diff --git a/lib/librte_ipsec/sa.c b/lib/librte_ipsec/sa.c
> index 846e317..ff01358 100644
> --- a/lib/librte_ipsec/sa.c
> +++ b/lib/librte_ipsec/sa.c
> @@ -610,10 +610,10 @@ inline_crypto_pkt_func_select(const struct rte_ipse=
c_sa *sa,
>  	switch (sa->type & msk) {
>  	case (RTE_IPSEC_SATP_DIR_IB | RTE_IPSEC_SATP_MODE_TUNLV4):
>  	case (RTE_IPSEC_SATP_DIR_IB | RTE_IPSEC_SATP_MODE_TUNLV6):
> -		pf->process =3D esp_inb_tun_pkt_process;
> +		pf->process =3D inline_inb_tun_pkt_process;
>  		break;
>  	case (RTE_IPSEC_SATP_DIR_IB | RTE_IPSEC_SATP_MODE_TRANS):
> -		pf->process =3D esp_inb_trs_pkt_process;
> +		pf->process =3D inline_inb_trs_pkt_process;
>  		break;
>  	case (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TUNLV4):
>  	case (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TUNLV6):
> diff --git a/lib/librte_ipsec/sa.h b/lib/librte_ipsec/sa.h
> index ffb5fb4..20c0a65 100644
> --- a/lib/librte_ipsec/sa.h
> +++ b/lib/librte_ipsec/sa.h
> @@ -143,9 +143,17 @@ esp_inb_tun_pkt_process(const struct rte_ipsec_sessi=
on *ss,
>  	struct rte_mbuf *mb[], uint16_t num);
>=20
>  uint16_t
> +inline_inb_tun_pkt_process(const struct rte_ipsec_session *ss,
> +	struct rte_mbuf *mb[], uint16_t num);
> +
> +uint16_t
>  esp_inb_trs_pkt_process(const struct rte_ipsec_session *ss,
>  	struct rte_mbuf *mb[], uint16_t num);
>=20
> +uint16_t
> +inline_inb_trs_pkt_process(const struct rte_ipsec_session *ss,
> +	struct rte_mbuf *mb[], uint16_t num);
> +
>  /* outbound processing */
>=20
>  uint16_t
> --
> 2.7.4

From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by dpdk.space (Postfix) with ESMTP id C4006A0679
	for <public@inbox.dpdk.org>; Tue, 30 Apr 2019 17:05:36 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id B84955B2C;
	Tue, 30 Apr 2019 17:05:35 +0200 (CEST)
Received: from mga11.intel.com (mga11.intel.com [192.55.52.93])
 by dpdk.org (Postfix) with ESMTP id 0269444C3
 for <dev@dpdk.org>; Tue, 30 Apr 2019 17:05:33 +0200 (CEST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga001.jf.intel.com ([10.7.209.18])
 by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 30 Apr 2019 08:05:33 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.60,414,1549958400"; d="scan'208";a="228085538"
Received: from irsmsx108.ger.corp.intel.com ([163.33.3.3])
 by orsmga001.jf.intel.com with ESMTP; 30 Apr 2019 08:05:31 -0700
Received: from irsmsx111.ger.corp.intel.com (10.108.20.4) by
 IRSMSX108.ger.corp.intel.com (163.33.3.3) with Microsoft SMTP Server (TLS) id
 14.3.408.0; Tue, 30 Apr 2019 16:05:30 +0100
Received: from irsmsx105.ger.corp.intel.com ([169.254.7.31]) by
 irsmsx111.ger.corp.intel.com ([169.254.2.85]) with mapi id 14.03.0415.000;
 Tue, 30 Apr 2019 16:05:30 +0100
From: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>
To: Lukasz Bartosik <lbartosik@marvell.com>
CC: "dev@dpdk.org" <dev@dpdk.org>, "anoobj@marvell.com" <anoobj@marvell.com>
Thread-Topic: [PATCH] ipsec: include high order bytes of esn in pkt len
Thread-Index: AQHU/2Tjbnoxxn6xQkWOyA+XCdWcPKZUy7AQ
Date: Tue, 30 Apr 2019 15:05:29 +0000
Message-ID:
 <2601191342CEEE43887BDE71AB9772580148A9DA2D@irsmsx105.ger.corp.intel.com>
References: <1556636155-26299-1-git-send-email-lbartosik@marvell.com>
In-Reply-To: <1556636155-26299-1-git-send-email-lbartosik@marvell.com>
Accept-Language: en-IE, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiOTJhYTYzN2EtZjdiNy00OGY2LWFjOGEtNjU3NTg5ODQ5ODQ1IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiM0lwNDRzenRyVFgyOHdsSDZGaWE0NHYwajQ0a1NCVGhQTDJSTndEbUlQUnhBZjFnTjdUNWZnbU80Tm9DSVZSSyJ9
x-ctpclassification: CTP_NT
dlp-product: dlpe-windows
dlp-version: 11.0.600.7
dlp-reaction: no-action
x-originating-ip: [163.33.239.180]
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [dpdk-dev] [PATCH] ipsec: include high order bytes of esn in
	pkt len
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>
Message-ID: <20190430150529.XtgWqzjNpjorUuOAfokUF3OBye9CFQ-5NMzfVBzRfxA@z>



> -----Original Message-----
> From: Lukasz Bartosik [mailto:lbartosik@marvell.com]
> Sent: Tuesday, April 30, 2019 3:56 PM
> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>
> Cc: dev@dpdk.org; anoobj@marvell.com; Lukasz Bartosik <lbartosik@marvell.=
com>
> Subject: [PATCH] ipsec: include high order bytes of esn in pkt len
>=20
> When esn is used then high-order 32 bits are included in ICV
> calculation however are not transmitted. Update packet length
> to be consistent with auth data offset and length before crypto
> operation. High-order 32 bits of esn will be removed from packet
> length in crypto post processing.

Hi Lukasz,
Why you want to do it?
I deliberately didn't include SQH bits into the pkt_len/data_len,
because it is a temporary data and we are going to drop it anyway.=20
Konstantin

>=20
> Change-Id: I5ba50e341059a8d6a5e4ce7c626dfe7b9173740b
> Signed-off-by: Lukasz Bartosik <lbartosik@marvell.com>
> ---
>  lib/librte_ipsec/esp_inb.c  | 56 +++++++++++++++++++++++++++++++++++++--=
------
>  lib/librte_ipsec/esp_outb.c | 31 +++++++++++++++++++++++++
>  lib/librte_ipsec/sa.c       |  4 ++--
>  lib/librte_ipsec/sa.h       |  8 +++++++
>  4 files changed, 87 insertions(+), 12 deletions(-)
>=20
> diff --git a/lib/librte_ipsec/esp_inb.c b/lib/librte_ipsec/esp_inb.c
> index 4e0e12a..eb899e3 100644
> --- a/lib/librte_ipsec/esp_inb.c
> +++ b/lib/librte_ipsec/esp_inb.c
> @@ -16,7 +16,8 @@
>  #include "pad.h"
>=20
>  typedef uint16_t (*esp_inb_process_t)(const struct rte_ipsec_sa *sa,
> -	struct rte_mbuf *mb[], uint32_t sqn[], uint32_t dr[], uint16_t num);
> +	struct rte_mbuf *mb[], uint32_t sqn[], uint32_t dr[], uint16_t num,
> +	uint8_t is_inline);
>=20
>  /*
>   * helper function to fill crypto_sym op for cipher+auth algorithms.
> @@ -181,6 +182,15 @@ inb_pkt_prepare(const struct rte_ipsec_sa *sa, const=
 struct replay_sqn *rsn,
>  	icv->va =3D rte_pktmbuf_mtod_offset(ml, void *, icv_ofs);
>  	icv->pa =3D rte_pktmbuf_iova_offset(ml, icv_ofs);
>=20
> +	/*
> +	 * if esn is used then high-order 32 bits are also used in ICV
> +	 * calculation but are not transmitted, update packet length
> +	 * to be consistent with auth data length and offset, this will
> +	 * be subtracted from packet length in post crypto processing
> +	 */
> +	mb->pkt_len +=3D sa->sqh_len;
> +	ml->data_len +=3D sa->sqh_len;
> +
>  	inb_pkt_xprepare(sa, sqn, icv);
>  	return plen;
>  }
> @@ -373,14 +383,20 @@ tun_process_step3(struct rte_mbuf *mb, uint64_t txo=
f_msk, uint64_t txof_val)
>   */
>  static inline uint16_t
>  tun_process(const struct rte_ipsec_sa *sa, struct rte_mbuf *mb[],
> -	uint32_t sqn[], uint32_t dr[], uint16_t num)
> +	uint32_t sqn[], uint32_t dr[], uint16_t num, uint8_t is_inline)
>  {
>  	uint32_t adj, i, k, tl;
>  	uint32_t hl[num];
>  	struct esp_tail espt[num];
>  	struct rte_mbuf *ml[num];
>=20
> -	const uint32_t tlen =3D sa->icv_len + sizeof(espt[0]);
> +	/*
> +	 * remove high-order 32 bits of esn from packet length
> +	 * which was added before crypto processing, this doesn't
> +	 * apply to inline case
> +	 */
> +	const uint32_t tlen =3D sa->icv_len + sizeof(espt[0]) +
> +				(is_inline ? 0 : sa->sqh_len);
>  	const uint32_t cofs =3D sa->ctp.cipher.offset;
>=20
>  	/*
> @@ -420,7 +436,7 @@ tun_process(const struct rte_ipsec_sa *sa, struct rte=
_mbuf *mb[],
>   */
>  static inline uint16_t
>  trs_process(const struct rte_ipsec_sa *sa, struct rte_mbuf *mb[],
> -	uint32_t sqn[], uint32_t dr[], uint16_t num)
> +	uint32_t sqn[], uint32_t dr[], uint16_t num, uint8_t is_inline)
>  {
>  	char *np;
>  	uint32_t i, k, l2, tl;
> @@ -428,7 +444,13 @@ trs_process(const struct rte_ipsec_sa *sa, struct rt=
e_mbuf *mb[],
>  	struct esp_tail espt[num];
>  	struct rte_mbuf *ml[num];
>=20
> -	const uint32_t tlen =3D sa->icv_len + sizeof(espt[0]);
> +	/*
> +	 * remove high-order 32 bits of esn from packet length
> +	 * which was added before crypto processing, this doesn't
> +	 * apply to inline case
> +	 */
> +	const uint32_t tlen =3D sa->icv_len + sizeof(espt[0]) +
> +				(is_inline ? 0 : sa->sqh_len);
>  	const uint32_t cofs =3D sa->ctp.cipher.offset;
>=20
>  	/*
> @@ -496,8 +518,8 @@ esp_inb_rsn_update(struct rte_ipsec_sa *sa, const uin=
t32_t sqn[],
>   * process group of ESP inbound packets.
>   */
>  static inline uint16_t
> -esp_inb_pkt_process(const struct rte_ipsec_session *ss,
> -	struct rte_mbuf *mb[], uint16_t num, esp_inb_process_t process)
> +esp_inb_pkt_process(const struct rte_ipsec_session *ss, struct rte_mbuf =
*mb[],
> +	uint16_t num, uint8_t is_inline, esp_inb_process_t process)
>  {
>  	uint32_t k, n;
>  	struct rte_ipsec_sa *sa;
> @@ -507,7 +529,7 @@ esp_inb_pkt_process(const struct rte_ipsec_session *s=
s,
>  	sa =3D ss->sa;
>=20
>  	/* process packets, extract seq numbers */
> -	k =3D process(sa, mb, sqn, dr, num);
> +	k =3D process(sa, mb, sqn, dr, num, is_inline);
>=20
>  	/* handle unprocessed mbufs */
>  	if (k !=3D num && k !=3D 0)
> @@ -533,7 +555,14 @@ uint16_t
>  esp_inb_tun_pkt_process(const struct rte_ipsec_session *ss,
>  	struct rte_mbuf *mb[], uint16_t num)
>  {
> -	return esp_inb_pkt_process(ss, mb, num, tun_process);
> +	return esp_inb_pkt_process(ss, mb, num, 0, tun_process);
> +}
> +
> +uint16_t
> +inline_inb_tun_pkt_process(const struct rte_ipsec_session *ss,
> +	struct rte_mbuf *mb[], uint16_t num)
> +{
> +	return esp_inb_pkt_process(ss, mb, num, 1, tun_process);
>  }
>=20
>  /*
> @@ -543,5 +572,12 @@ uint16_t
>  esp_inb_trs_pkt_process(const struct rte_ipsec_session *ss,
>  	struct rte_mbuf *mb[], uint16_t num)
>  {
> -	return esp_inb_pkt_process(ss, mb, num, trs_process);
> +	return esp_inb_pkt_process(ss, mb, num, 0, trs_process);
> +}
> +
> +uint16_t
> +inline_inb_trs_pkt_process(const struct rte_ipsec_session *ss,
> +	struct rte_mbuf *mb[], uint16_t num)
> +{
> +	return esp_inb_pkt_process(ss, mb, num, 1, trs_process);
>  }
> diff --git a/lib/librte_ipsec/esp_outb.c b/lib/librte_ipsec/esp_outb.c
> index c798bc4..71a595e 100644
> --- a/lib/librte_ipsec/esp_outb.c
> +++ b/lib/librte_ipsec/esp_outb.c
> @@ -221,6 +221,7 @@ esp_outb_tun_prepare(const struct rte_ipsec_session *=
ss, struct rte_mbuf *mb[],
>  	uint32_t i, k, n;
>  	uint64_t sqn;
>  	rte_be64_t sqc;
> +	struct rte_mbuf *ml;
>  	struct rte_ipsec_sa *sa;
>  	struct rte_cryptodev_sym_session *cs;
>  	union sym_op_data icv;
> @@ -246,6 +247,19 @@ esp_outb_tun_prepare(const struct rte_ipsec_session =
*ss, struct rte_mbuf *mb[],
>=20
>  		/* success, setup crypto op */
>  		if (rc >=3D 0) {
> +			/*
> +			 * if esn is used then high-order 32 bits are also
> +			 * used in ICV calculation but are not transmitted,
> +			 * update packet length to be consistent with auth
> +			 * data length and offset, this will be subtracted
> +			 * from packet length in post crypto processing
> +			 */
> +			if (sa->sqh_len) {
> +				mb[i]->pkt_len +=3D sa->sqh_len;
> +				ml =3D rte_pktmbuf_lastseg(mb[i]);
> +				ml->data_len +=3D sa->sqh_len;
> +			}
> +
>  			outb_pkt_xprepare(sa, sqc, &icv);
>  			lksd_none_cop_prepare(cop[k], cs, mb[i]);
>  			outb_cop_prepare(cop[k], sa, iv, &icv, 0, rc);
> @@ -356,6 +370,7 @@ esp_outb_trs_prepare(const struct rte_ipsec_session *=
ss, struct rte_mbuf *mb[],
>  	uint32_t i, k, n, l2, l3;
>  	uint64_t sqn;
>  	rte_be64_t sqc;
> +	struct rte_mbuf *ml;
>  	struct rte_ipsec_sa *sa;
>  	struct rte_cryptodev_sym_session *cs;
>  	union sym_op_data icv;
> @@ -384,6 +399,19 @@ esp_outb_trs_prepare(const struct rte_ipsec_session =
*ss, struct rte_mbuf *mb[],
>=20
>  		/* success, setup crypto op */
>  		if (rc >=3D 0) {
> +			/*
> +			 * if esn is used then high-order 32 bits are also
> +			 * used in ICV calculation but are not transmitted,
> +			 * update packet length to be consistent with auth
> +			 * data length and offset, this will be subtracted
> +			 * from packet length in post crypto processing
> +			 */
> +			if (sa->sqh_len) {
> +				mb[i]->pkt_len +=3D sa->sqh_len;
> +				ml =3D rte_pktmbuf_lastseg(mb[i]);
> +				ml->data_len +=3D sa->sqh_len;
> +			}
> +
>  			outb_pkt_xprepare(sa, sqc, &icv);
>  			lksd_none_cop_prepare(cop[k], cs, mb[i]);
>  			outb_cop_prepare(cop[k], sa, iv, &icv, l2 + l3, rc);
> @@ -425,6 +453,9 @@ esp_outb_sqh_process(const struct rte_ipsec_session *=
ss, struct rte_mbuf *mb[],
>  	for (i =3D 0; i !=3D num; i++) {
>  		if ((mb[i]->ol_flags & PKT_RX_SEC_OFFLOAD_FAILED) =3D=3D 0) {
>  			ml =3D rte_pktmbuf_lastseg(mb[i]);
> +			/* remove high-order 32 bits of esn from packet len */
> +			mb[i]->pkt_len -=3D sa->sqh_len;
> +			ml->data_len -=3D sa->sqh_len;
>  			icv =3D rte_pktmbuf_mtod_offset(ml, void *,
>  				ml->data_len - icv_len);
>  			remove_sqh(icv, icv_len);
> diff --git a/lib/librte_ipsec/sa.c b/lib/librte_ipsec/sa.c
> index 846e317..ff01358 100644
> --- a/lib/librte_ipsec/sa.c
> +++ b/lib/librte_ipsec/sa.c
> @@ -610,10 +610,10 @@ inline_crypto_pkt_func_select(const struct rte_ipse=
c_sa *sa,
>  	switch (sa->type & msk) {
>  	case (RTE_IPSEC_SATP_DIR_IB | RTE_IPSEC_SATP_MODE_TUNLV4):
>  	case (RTE_IPSEC_SATP_DIR_IB | RTE_IPSEC_SATP_MODE_TUNLV6):
> -		pf->process =3D esp_inb_tun_pkt_process;
> +		pf->process =3D inline_inb_tun_pkt_process;
>  		break;
>  	case (RTE_IPSEC_SATP_DIR_IB | RTE_IPSEC_SATP_MODE_TRANS):
> -		pf->process =3D esp_inb_trs_pkt_process;
> +		pf->process =3D inline_inb_trs_pkt_process;
>  		break;
>  	case (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TUNLV4):
>  	case (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TUNLV6):
> diff --git a/lib/librte_ipsec/sa.h b/lib/librte_ipsec/sa.h
> index ffb5fb4..20c0a65 100644
> --- a/lib/librte_ipsec/sa.h
> +++ b/lib/librte_ipsec/sa.h
> @@ -143,9 +143,17 @@ esp_inb_tun_pkt_process(const struct rte_ipsec_sessi=
on *ss,
>  	struct rte_mbuf *mb[], uint16_t num);
>=20
>  uint16_t
> +inline_inb_tun_pkt_process(const struct rte_ipsec_session *ss,
> +	struct rte_mbuf *mb[], uint16_t num);
> +
> +uint16_t
>  esp_inb_trs_pkt_process(const struct rte_ipsec_session *ss,
>  	struct rte_mbuf *mb[], uint16_t num);
>=20
> +uint16_t
> +inline_inb_trs_pkt_process(const struct rte_ipsec_session *ss,
> +	struct rte_mbuf *mb[], uint16_t num);
> +
>  /* outbound processing */
>=20
>  uint16_t
> --
> 2.7.4