DPDK patches and discussions
 help / color / mirror / Atom feed
From: Konstantin Ananyev <konstantin.ananyev@intel.com>
To: dev@dpdk.org
Cc: akhil.goyal@nxp.com, olivier.matz@6wind.com,
	Konstantin Ananyev <konstantin.ananyev@intel.com>
Subject: [dpdk-dev] [PATCH v3 6/8] ipsec: reorder packet check for esp inbound
Date: Tue, 26 Mar 2019 15:43:18 +0000	[thread overview]
Message-ID: <20190326154320.29913-7-konstantin.ananyev@intel.com> (raw)
Message-ID: <20190326154318.4RUBdGlnsEPIhlyoOlNV_h_4pHj64rigQ0rSaT1gTdQ@z> (raw)
In-Reply-To: <20190326154320.29913-1-konstantin.ananyev@intel.com>

Right now check for packet length and padding is done inside cop_prepare().
It makes sense to have all necessary checks in one place at early stage:
inside pkt_prepare().
That allows to simplify (and later hopefully) optimize cop_prepare() part.

Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
---
 lib/librte_ipsec/esp_inb.c | 41 +++++++++++++++++---------------------
 1 file changed, 18 insertions(+), 23 deletions(-)

diff --git a/lib/librte_ipsec/esp_inb.c b/lib/librte_ipsec/esp_inb.c
index 2a2b1be82..ea95e21e1 100644
--- a/lib/librte_ipsec/esp_inb.c
+++ b/lib/librte_ipsec/esp_inb.c
@@ -18,7 +18,7 @@
 /*
  * setup crypto op and crypto sym op for ESP inbound tunnel packet.
  */
-static inline int32_t
+static inline void
 inb_cop_prepare(struct rte_crypto_op *cop,
 	const struct rte_ipsec_sa *sa, struct rte_mbuf *mb,
 	const union sym_op_data *icv, uint32_t pofs, uint32_t plen)
@@ -27,11 +27,7 @@ inb_cop_prepare(struct rte_crypto_op *cop,
 	struct aead_gcm_iv *gcm;
 	struct aesctr_cnt_blk *ctr;
 	uint64_t *ivc, *ivp;
-	uint32_t algo, clen;
-
-	clen = plen - sa->ctp.cipher.length;
-	if ((int32_t)clen < 0 || (clen & (sa->pad_align - 1)) != 0)
-		return -EINVAL;
+	uint32_t algo;
 
 	algo = sa->algo_type;
 
@@ -41,7 +37,7 @@ inb_cop_prepare(struct rte_crypto_op *cop,
 	switch (algo) {
 	case ALGO_TYPE_AES_GCM:
 		sop->aead.data.offset = pofs + sa->ctp.cipher.offset;
-		sop->aead.data.length = clen;
+		sop->aead.data.length = plen - sa->ctp.cipher.length;
 		sop->aead.digest.data = icv->va;
 		sop->aead.digest.phys_addr = icv->pa;
 		sop->aead.aad.data = icv->va + sa->icv_len;
@@ -57,7 +53,7 @@ inb_cop_prepare(struct rte_crypto_op *cop,
 	case ALGO_TYPE_AES_CBC:
 	case ALGO_TYPE_3DES_CBC:
 		sop->cipher.data.offset = pofs + sa->ctp.cipher.offset;
-		sop->cipher.data.length = clen;
+		sop->cipher.data.length = plen - sa->ctp.cipher.length;
 		sop->auth.data.offset = pofs + sa->ctp.auth.offset;
 		sop->auth.data.length = plen - sa->ctp.auth.length;
 		sop->auth.digest.data = icv->va;
@@ -71,7 +67,7 @@ inb_cop_prepare(struct rte_crypto_op *cop,
 		break;
 	case ALGO_TYPE_AES_CTR:
 		sop->cipher.data.offset = pofs + sa->ctp.cipher.offset;
-		sop->cipher.data.length = clen;
+		sop->cipher.data.length = plen - sa->ctp.cipher.length;
 		sop->auth.data.offset = pofs + sa->ctp.auth.offset;
 		sop->auth.data.length = plen - sa->ctp.auth.length;
 		sop->auth.digest.data = icv->va;
@@ -86,17 +82,13 @@ inb_cop_prepare(struct rte_crypto_op *cop,
 		break;
 	case ALGO_TYPE_NULL:
 		sop->cipher.data.offset = pofs + sa->ctp.cipher.offset;
-		sop->cipher.data.length = clen;
+		sop->cipher.data.length = plen - sa->ctp.cipher.length;
 		sop->auth.data.offset = pofs + sa->ctp.auth.offset;
 		sop->auth.data.length = plen - sa->ctp.auth.length;
 		sop->auth.digest.data = icv->va;
 		sop->auth.digest.phys_addr = icv->pa;
 		break;
-	default:
-		return -EINVAL;
 	}
-
-	return 0;
 }
 
 /*
@@ -132,7 +124,7 @@ inb_pkt_prepare(const struct rte_ipsec_sa *sa, const struct replay_sqn *rsn,
 {
 	int32_t rc;
 	uint64_t sqn;
-	uint32_t icv_ofs, plen;
+	uint32_t clen, icv_ofs, plen;
 	struct rte_mbuf *ml;
 	struct esp_hdr *esph;
 
@@ -159,6 +151,11 @@ inb_pkt_prepare(const struct rte_ipsec_sa *sa, const struct replay_sqn *rsn,
 	ml = rte_pktmbuf_lastseg(mb);
 	icv_ofs = ml->data_len - sa->icv_len + sa->sqh_len;
 
+	/* check that packet has a valid length */
+	clen = plen - sa->ctp.cipher.length;
+	if ((int32_t)clen < 0 || (clen & (sa->pad_align - 1)) != 0)
+		return -EBADMSG;
+
 	/* we have to allocate space for AAD somewhere,
 	 * right now - just use free trailing space at the last segment.
 	 * Would probably be more convenient to reserve space for AAD
@@ -201,21 +198,19 @@ esp_inb_pkt_prepare(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[],
 		rc = inb_pkt_prepare(sa, rsn, mb[i], hl, &icv);
 		if (rc >= 0) {
 			lksd_none_cop_prepare(cop[k], cs, mb[i]);
-			rc = inb_cop_prepare(cop[k], sa, mb[i], &icv, hl, rc);
-		}
-
-		k += (rc == 0);
-		if (rc != 0) {
+			inb_cop_prepare(cop[k], sa, mb[i], &icv, hl, rc);
+			k++;
+		} else
 			dr[i - k] = i;
-			rte_errno = -rc;
-		}
 	}
 
 	rsn_release(sa, rsn);
 
 	/* copy not prepared mbufs beyond good ones */
-	if (k != num && k != 0)
+	if (k != num && k != 0) {
 		mbuf_bad_move(mb, dr, num, num - k);
+		rte_errno = EBADMSG;
+	}
 
 	return k;
 }
-- 
2.17.1


  parent reply	other threads:[~2019-03-26 15:44 UTC|newest]

Thread overview: 163+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-02-28 19:20 [dpdk-dev] [PATCH 0/6] Few small improvements for ipsec library Konstantin Ananyev
2019-02-28 19:20 ` [dpdk-dev] [PATCH 1/6] mbuf: new function to generate raw Tx offload value Konstantin Ananyev
2019-02-28 19:20 ` [dpdk-dev] [PATCH 2/6] ipsec: add Tx offload template into SA Konstantin Ananyev
2019-02-28 19:20 ` [dpdk-dev] [PATCH 3/6] ipsec: change the order in filling crypto op Konstantin Ananyev
2019-02-28 19:20 ` [dpdk-dev] [PATCH 4/6] ipsec: change the way unprocessed mbufs are accounted Konstantin Ananyev
2019-02-28 19:21 ` [dpdk-dev] [PATCH 5/6] ipsec: move inbound and outbound code into different files Konstantin Ananyev
2019-02-28 19:21 ` [dpdk-dev] [PATCH 6/6] ipsec: reorder packet check for esp inbound Konstantin Ananyev
2019-03-20 17:24 ` [dpdk-dev] [PATCH v2 0/7] Few small improvements for ipsec library Konstantin Ananyev
2019-03-20 17:24   ` Konstantin Ananyev
2019-03-20 17:24 ` [dpdk-dev] [PATCH v2 1/7] mbuf: new function to generate raw Tx offload value Konstantin Ananyev
2019-03-20 17:24   ` Konstantin Ananyev
2019-03-20 17:53   ` Wiles, Keith
2019-03-20 17:53     ` Wiles, Keith
2019-03-22 17:37     ` Ananyev, Konstantin
2019-03-22 17:37       ` Ananyev, Konstantin
2019-03-20 17:24 ` [dpdk-dev] [PATCH v2 2/7] ipsec: add Tx offload template into SA Konstantin Ananyev
2019-03-20 17:24   ` Konstantin Ananyev
2019-03-20 17:24 ` [dpdk-dev] [PATCH v2 3/7] ipsec: change the order in filling crypto op Konstantin Ananyev
2019-03-20 17:24   ` Konstantin Ananyev
2019-03-20 17:24 ` [dpdk-dev] [PATCH v2 4/7] ipsec: change the way unprocessed mbufs are accounted Konstantin Ananyev
2019-03-20 17:24   ` Konstantin Ananyev
2019-03-20 17:24 ` [dpdk-dev] [PATCH v2 5/7] ipsec: move inbound and outbound code into different files Konstantin Ananyev
2019-03-20 17:24   ` Konstantin Ananyev
2019-03-20 17:24 ` [dpdk-dev] [PATCH v2 6/7] ipsec: reorder packet check for esp inbound Konstantin Ananyev
2019-03-20 17:24   ` Konstantin Ananyev
2019-03-20 17:24 ` [dpdk-dev] [PATCH v2 7/7] ipsec: reorder packet process " Konstantin Ananyev
2019-03-20 17:24   ` Konstantin Ananyev
2019-03-20 18:46 ` [dpdk-dev] [PATCH v2 0/7] Few small improvements for ipsec library Konstantin Ananyev
2019-03-20 18:46   ` Konstantin Ananyev
2019-03-20 18:46   ` [dpdk-dev] [PATCH v2 1/7] mbuf: new function to generate raw Tx offload value Konstantin Ananyev
2019-03-20 18:46     ` Konstantin Ananyev
2019-03-21  3:33     ` Jerin Jacob Kollanukkaran
2019-03-21  3:33       ` Jerin Jacob Kollanukkaran
2019-03-21  6:04     ` Shahaf Shuler
2019-03-21  6:04       ` Shahaf Shuler
2019-03-21 13:51       ` Ananyev, Konstantin
2019-03-21 13:51         ` Ananyev, Konstantin
2019-03-24  8:00         ` Shahaf Shuler
2019-03-24  8:00           ` Shahaf Shuler
2019-03-26 15:43     ` [dpdk-dev] [PATCH v3 0/8] Few small improvements for ipsec library Konstantin Ananyev
2019-03-26 15:43       ` Konstantin Ananyev
2019-03-26 15:43       ` [dpdk-dev] [PATCH v3 1/8] mbuf: new function to generate raw Tx offload value Konstantin Ananyev
2019-03-26 15:43         ` Konstantin Ananyev
2019-03-28  8:16         ` Akhil Goyal
2019-03-28  8:16           ` Akhil Goyal
2019-03-26 15:43       ` [dpdk-dev] [PATCH v3 2/8] ipsec: add Tx offload template into SA Konstantin Ananyev
2019-03-26 15:43         ` Konstantin Ananyev
2019-03-28  8:52         ` Akhil Goyal
2019-03-28  8:52           ` Akhil Goyal
2019-03-26 15:43       ` [dpdk-dev] [PATCH v3 3/8] ipsec: change the order in filling crypto op Konstantin Ananyev
2019-03-26 15:43         ` Konstantin Ananyev
2019-03-28  9:02         ` Akhil Goyal
2019-03-28  9:02           ` Akhil Goyal
2019-03-26 15:43       ` [dpdk-dev] [PATCH v3 4/8] ipsec: change the way unprocessed mbufs are accounted Konstantin Ananyev
2019-03-26 15:43         ` Konstantin Ananyev
2019-03-28 10:52         ` Akhil Goyal
2019-03-28 10:52           ` Akhil Goyal
2019-03-26 15:43       ` [dpdk-dev] [PATCH v3 5/8] ipsec: move inbound and outbound code into different files Konstantin Ananyev
2019-03-26 15:43         ` Konstantin Ananyev
2019-03-28 11:20         ` Akhil Goyal
2019-03-28 11:20           ` Akhil Goyal
2019-03-26 15:43       ` Konstantin Ananyev [this message]
2019-03-26 15:43         ` [dpdk-dev] [PATCH v3 6/8] ipsec: reorder packet check for esp inbound Konstantin Ananyev
2019-03-28 11:27         ` Akhil Goyal
2019-03-28 11:27           ` Akhil Goyal
2019-03-26 15:43       ` [dpdk-dev] [PATCH v3 7/8] ipsec: reorder packet process " Konstantin Ananyev
2019-03-26 15:43         ` Konstantin Ananyev
2019-03-26 15:43       ` [dpdk-dev] [PATCH v3 8/8] ipsec: de-duplicate crypto op prepare code-path Konstantin Ananyev
2019-03-26 15:43         ` Konstantin Ananyev
2019-03-28 11:35         ` Akhil Goyal
2019-03-28 11:35           ` Akhil Goyal
2019-03-28 11:21       ` [dpdk-dev] [PATCH v3 0/8] Few small improvements for ipsec library Akhil Goyal
2019-03-28 11:21         ` Akhil Goyal
2019-03-28 11:49         ` Ananyev, Konstantin
2019-03-28 11:49           ` Ananyev, Konstantin
2019-03-29 10:27       ` [dpdk-dev] [PATCH v4 0/9] " Konstantin Ananyev
2019-03-29 10:27         ` Konstantin Ananyev
2019-03-29 10:27         ` [dpdk-dev] [PATCH v4 1/9] mbuf: new function to generate raw Tx offload value Konstantin Ananyev
2019-03-29 10:27           ` Konstantin Ananyev
2019-03-29 12:54           ` Olivier Matz
2019-03-29 12:54             ` Olivier Matz
2019-03-30 14:20             ` Ananyev, Konstantin
2019-03-30 14:20               ` Ananyev, Konstantin
2019-03-29 10:27         ` [dpdk-dev] [PATCH v4 2/9] ipsec: add Tx offload template into SA Konstantin Ananyev
2019-03-29 10:27           ` Konstantin Ananyev
2019-03-29 10:27         ` [dpdk-dev] [PATCH v4 3/9] ipsec: change the order in filling crypto op Konstantin Ananyev
2019-03-29 10:27           ` Konstantin Ananyev
2019-03-29 10:27         ` [dpdk-dev] [PATCH v4 4/9] ipsec: change the way unprocessed mbufs are accounted Konstantin Ananyev
2019-03-29 10:27           ` Konstantin Ananyev
2019-03-29 10:27         ` [dpdk-dev] [PATCH v4 5/9] ipsec: move inbound and outbound code into different files Konstantin Ananyev
2019-03-29 10:27           ` Konstantin Ananyev
2019-03-29 10:27         ` [dpdk-dev] [PATCH v4 6/9] ipsec: reorder packet check for esp inbound Konstantin Ananyev
2019-03-29 10:27           ` Konstantin Ananyev
2019-03-29 10:27         ` [dpdk-dev] [PATCH v4 7/9] ipsec: reorder packet process " Konstantin Ananyev
2019-03-29 10:27           ` Konstantin Ananyev
2019-03-29 10:27         ` [dpdk-dev] [PATCH v4 8/9] ipsec: de-duplicate crypto op prepare code-path Konstantin Ananyev
2019-03-29 10:27           ` Konstantin Ananyev
2019-03-29 10:27         ` [dpdk-dev] [PATCH v4 9/9] doc: add ipsec lib into shared libraries list Konstantin Ananyev
2019-03-29 10:27           ` Konstantin Ananyev
2019-03-29 16:03           ` Akhil Goyal
2019-03-29 16:03             ` Akhil Goyal
2019-04-01 12:56         ` [dpdk-dev] [PATCH v5 0/9] Few small improvements for ipsec library Konstantin Ananyev
2019-04-01 12:56           ` Konstantin Ananyev
2019-04-01 12:56           ` [dpdk-dev] [PATCH v5 1/9] mbuf: new function to generate raw Tx offload value Konstantin Ananyev
2019-04-01 12:56             ` Konstantin Ananyev
2019-04-01 13:18             ` Akhil Goyal
2019-04-01 13:18               ` Akhil Goyal
2019-04-01 13:22             ` Olivier Matz
2019-04-01 13:22               ` Olivier Matz
2019-04-01 13:55               ` Ananyev, Konstantin
2019-04-01 13:55                 ` Ananyev, Konstantin
2019-04-01 12:56           ` [dpdk-dev] [PATCH v5 2/9] ipsec: add Tx offload template into SA Konstantin Ananyev
2019-04-01 12:56             ` Konstantin Ananyev
2019-04-01 12:56           ` [dpdk-dev] [PATCH v5 3/9] ipsec: change the order in filling crypto op Konstantin Ananyev
2019-04-01 12:56             ` Konstantin Ananyev
2019-04-01 12:56           ` [dpdk-dev] [PATCH v5 4/9] ipsec: change the way unprocessed mbufs are accounted Konstantin Ananyev
2019-04-01 12:56             ` Konstantin Ananyev
2019-04-01 12:56           ` [dpdk-dev] [PATCH v5 5/9] ipsec: move inbound and outbound code into different files Konstantin Ananyev
2019-04-01 12:56             ` Konstantin Ananyev
2019-04-01 12:56           ` [dpdk-dev] [PATCH v5 6/9] ipsec: reorder packet check for esp inbound Konstantin Ananyev
2019-04-01 12:56             ` Konstantin Ananyev
2019-04-01 12:56           ` [dpdk-dev] [PATCH v5 7/9] ipsec: reorder packet process " Konstantin Ananyev
2019-04-01 12:56             ` Konstantin Ananyev
2019-04-01 12:56           ` [dpdk-dev] [PATCH v5 8/9] ipsec: de-duplicate crypto op prepare code-path Konstantin Ananyev
2019-04-01 12:56             ` Konstantin Ananyev
2019-04-01 12:56           ` [dpdk-dev] [PATCH v5 9/9] doc: add ipsec lib into shared libraries list Konstantin Ananyev
2019-04-01 12:56             ` Konstantin Ananyev
2019-04-02  8:34           ` [dpdk-dev] [PATCH v6 0/9] Few small improvements for ipsec library Konstantin Ananyev
2019-04-02  8:34             ` Konstantin Ananyev
2019-04-02  8:34             ` [dpdk-dev] [PATCH v6 1/9] mbuf: new function to generate raw Tx offload value Konstantin Ananyev
2019-04-02  8:34               ` Konstantin Ananyev
2019-04-02  8:49               ` Olivier Matz
2019-04-02  8:49                 ` Olivier Matz
2019-04-02  8:34             ` [dpdk-dev] [PATCH v6 2/9] ipsec: add Tx offload template into SA Konstantin Ananyev
2019-04-02  8:34               ` Konstantin Ananyev
2019-04-02  8:34             ` [dpdk-dev] [PATCH v6 3/9] ipsec: change the order in filling crypto op Konstantin Ananyev
2019-04-02  8:34               ` Konstantin Ananyev
2019-04-02  8:34             ` [dpdk-dev] [PATCH v6 4/9] ipsec: change the way unprocessed mbufs are accounted Konstantin Ananyev
2019-04-02  8:34               ` Konstantin Ananyev
2019-04-02  8:34             ` [dpdk-dev] [PATCH v6 5/9] ipsec: move inbound and outbound code into different files Konstantin Ananyev
2019-04-02  8:34               ` Konstantin Ananyev
2019-04-02  8:34             ` [dpdk-dev] [PATCH v6 6/9] ipsec: reorder packet check for esp inbound Konstantin Ananyev
2019-04-02  8:34               ` Konstantin Ananyev
2019-04-02  8:34             ` [dpdk-dev] [PATCH v6 7/9] ipsec: reorder packet process " Konstantin Ananyev
2019-04-02  8:34               ` Konstantin Ananyev
2019-04-02  8:34             ` [dpdk-dev] [PATCH v6 8/9] ipsec: de-duplicate crypto op prepare code-path Konstantin Ananyev
2019-04-02  8:34               ` Konstantin Ananyev
2019-04-02  8:34             ` [dpdk-dev] [PATCH v6 9/9] doc: add ipsec lib into shared libraries list Konstantin Ananyev
2019-04-02  8:34               ` Konstantin Ananyev
2019-04-02 15:36             ` [dpdk-dev] [PATCH v6 0/9] Few small improvements for ipsec library Akhil Goyal
2019-04-02 15:36               ` Akhil Goyal
2019-03-20 18:46   ` [dpdk-dev] [PATCH v2 2/7] ipsec: add Tx offload template into SA Konstantin Ananyev
2019-03-20 18:46     ` Konstantin Ananyev
2019-03-20 18:46   ` [dpdk-dev] [PATCH v2 3/7] ipsec: change the order in filling crypto op Konstantin Ananyev
2019-03-20 18:46     ` Konstantin Ananyev
2019-03-20 18:46   ` [dpdk-dev] [PATCH v2 4/7] ipsec: change the way unprocessed mbufs are accounted Konstantin Ananyev
2019-03-20 18:46     ` Konstantin Ananyev
2019-03-20 18:46   ` [dpdk-dev] [PATCH v2 5/7] ipsec: move inbound and outbound code into different files Konstantin Ananyev
2019-03-20 18:46     ` Konstantin Ananyev
2019-03-20 18:46   ` [dpdk-dev] [PATCH v2 6/7] ipsec: reorder packet check for esp inbound Konstantin Ananyev
2019-03-20 18:46     ` Konstantin Ananyev
2019-03-20 18:46   ` [dpdk-dev] [PATCH v2 7/7] ipsec: reorder packet process " Konstantin Ananyev
2019-03-20 18:46     ` Konstantin Ananyev

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190326154320.29913-7-konstantin.ananyev@intel.com \
    --to=konstantin.ananyev@intel.com \
    --cc=akhil.goyal@nxp.com \
    --cc=dev@dpdk.org \
    --cc=olivier.matz@6wind.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).