ipsec: USE_EXTENDED_SEQ_NUM -> USE_ESN

Change-Id: Ib828ea5106f3ae280e4ce233f2462dee363580b7 Signed-off-by: Damjan Marion <damarion@cisco.com>
author: Damjan Marion <damarion@cisco.com> 2019-03-28 10:58:59 +0100
committer: Florin Coras <florin.coras@gmail.com> 2019-03-28 22:23:08 +0000
commit: 1e3aa5e213c23588981ee17d1413a0441a40527a (patch)
tree: ca5e171e1611a3340852034ba1172235f00ace4d
parent: 9fd24793a407f2edbdf5c2d3a031bdcf894f0a69 (diff)
14 files changed, 23 insertions, 24 deletions
diff --git a/src/plugins/dpdk/ipsec/esp_decrypt.c b/src/plugins/dpdk/ipsec/esp_decrypt.c
index 349f04c0f8c..47aff174e9e 100644
--- a/src/plugins/dpdk/ipsec/esp_decrypt.c
+++ b/src/plugins/dpdk/ipsec/esp_decrypt.c
@@ -327,7 +327,7 @@ dpdk_esp_decrypt_inline (vlib_main_t * vm,
 	      clib_memcpy_fast (aad, esp0, 8);
 
 	      /* _aad[3] should always be 0 */
-	      if (PREDICT_FALSE (ipsec_sa_is_set_USE_EXTENDED_SEQ_NUM (sa0)))
+	      if (PREDICT_FALSE (ipsec_sa_is_set_USE_ESN (sa0)))
 		_aad[2] = clib_host_to_net_u32 (sa0->seq_hi);
 	      else
 		_aad[2] = 0;
@@ -336,7 +336,7 @@ dpdk_esp_decrypt_inline (vlib_main_t * vm,
 	    {
 	      auth_len = sizeof (esp_header_t) + iv_size + payload_len;
 
-	      if (ipsec_sa_is_set_USE_EXTENDED_SEQ_NUM (sa0))
+	      if (ipsec_sa_is_set_USE_ESN (sa0))
 		{
 		  clib_memcpy_fast (priv->icv, digest, trunc_size);
 		  u32 *_digest = (u32 *) digest;
diff --git a/src/plugins/dpdk/ipsec/esp_encrypt.c b/src/plugins/dpdk/ipsec/esp_encrypt.c
index 25815d98748..908f846e315 100644
--- a/src/plugins/dpdk/ipsec/esp_encrypt.c
+++ b/src/plugins/dpdk/ipsec/esp_encrypt.c
@@ -513,7 +513,7 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm,
 	      aad[1] = clib_host_to_net_u32 (sa0->seq);
 
 	      /* aad[3] should always be 0 */
-	      if (PREDICT_FALSE (ipsec_sa_is_set_USE_EXTENDED_SEQ_NUM (sa0)))
+	      if (PREDICT_FALSE (ipsec_sa_is_set_USE_ESN (sa0)))
 		aad[2] = clib_host_to_net_u32 (sa0->seq_hi);
 	      else
 		aad[2] = 0;
@@ -522,7 +522,7 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm,
 	    {
 	      auth_len =
 		vlib_buffer_get_tail (b0) - ((u8 *) esp0) - trunc_size;
-	      if (ipsec_sa_is_set_USE_EXTENDED_SEQ_NUM (sa0))
+	      if (ipsec_sa_is_set_USE_ESN (sa0))
 		{
 		  u32 *_digest = (u32 *) digest;
 		  _digest[0] = clib_host_to_net_u32 (sa0->seq_hi);
diff --git a/src/plugins/dpdk/ipsec/ipsec.c b/src/plugins/dpdk/ipsec/ipsec.c
index cc06a4a87d5..682bcaf21c8 100644
--- a/src/plugins/dpdk/ipsec/ipsec.c
+++ b/src/plugins/dpdk/ipsec/ipsec.c
@@ -258,7 +258,7 @@ crypto_set_aead_xform (struct rte_crypto_sym_xform *xform,
     crypto_op_get_priv_offset () + offsetof (dpdk_op_priv_t, cb);
   xform->aead.iv.length = 12;
   xform->aead.digest_length = c->trunc_size;
-  xform->aead.aad_length = ipsec_sa_is_set_USE_EXTENDED_SEQ_NUM (sa) ? 12 : 8;
+  xform->aead.aad_length = ipsec_sa_is_set_USE_ESN (sa) ? 12 : 8;
   xform->next = NULL;
 
   if (is_outbound)
diff --git a/src/vat/api_format.c b/src/vat/api_format.c
index 46974d2d299..bfc9e3cb644 100644
--- a/src/vat/api_format.c
+++ b/src/vat/api_format.c
@@ -15231,8 +15231,7 @@ static void vl_api_ipsec_sa_details_t_handler_json
 			    ntohl (mp->entry.integrity_algorithm));
   flags = ntohl (mp->entry.flags);
   vat_json_object_add_uint (node, "use_esn",
-			    ! !(flags &
-				IPSEC_API_SAD_FLAG_USE_EXTENDED_SEQ_NUM));
+			    ! !(flags & IPSEC_API_SAD_FLAG_USE_ESN));
   vat_json_object_add_uint (node, "use_anti_replay",
 			    ! !(flags & IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY));
   vat_json_object_add_uint (node, "is_tunnel",
diff --git a/src/vnet/ipsec/esp.h b/src/vnet/ipsec/esp.h
index cc12785aaa4..2f734aa05ce 100644
--- a/src/vnet/ipsec/esp.h
+++ b/src/vnet/ipsec/esp.h
@@ -64,7 +64,7 @@ u8 *format_esp_header (u8 * s, va_list * args);
 always_inline int
 esp_seq_advance (ipsec_sa_t * sa)
 {
-  if (PREDICT_TRUE (ipsec_sa_is_set_USE_EXTENDED_SEQ_NUM (sa)))
+  if (PREDICT_TRUE (ipsec_sa_is_set_USE_ESN (sa)))
     {
       if (PREDICT_FALSE (sa->seq == ESP_SEQ_MAX))
 	{
@@ -104,7 +104,7 @@ hmac_calc (vlib_main_t * vm, ipsec_sa_t * sa, u8 * data, int data_len,
   op->dst = signature;
   op->hmac_trunc_len = sa->integ_trunc_size;
 
-  if (ipsec_sa_is_set_USE_EXTENDED_SEQ_NUM (sa))
+  if (ipsec_sa_is_set_USE_ESN (sa))
     {
       u32 seq_hi = clib_host_to_net_u32 (sa->seq_hi);
 
diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c
index c08ea7f6c10..fc1fe392f16 100644
--- a/src/vnet/ipsec/esp_encrypt.c
+++ b/src/vnet/ipsec/esp_encrypt.c
@@ -451,7 +451,7 @@ esp_encrypt_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
 	  op->len = payload_len - icv_sz + iv_sz + sizeof (esp_header_t);
 	  op->flags = 0;
 	  op->user_data = b - bufs;
-	  if (ipsec_sa_is_set_USE_EXTENDED_SEQ_NUM (sa0))
+	  if (ipsec_sa_is_set_USE_ESN (sa0))
 	    {
 	      u32 seq_hi = clib_net_to_host_u32 (sa0->seq_hi);
 	      clib_memcpy_fast (op->dst, &seq_hi, sizeof (seq_hi));
diff --git a/src/vnet/ipsec/ipsec.api b/src/vnet/ipsec/ipsec.api
index e6e1ce3667b..bc407f1d272 100644
--- a/src/vnet/ipsec/ipsec.api
+++ b/src/vnet/ipsec/ipsec.api
@@ -222,7 +222,7 @@ enum ipsec_sad_flags
 {
   IPSEC_API_SAD_FLAG_NONE = 0,
   /* Enable extended sequence numbers */
-  IPSEC_API_SAD_FLAG_USE_EXTENDED_SEQ_NUM = 0x01,
+  IPSEC_API_SAD_FLAG_USE_ESN = 0x01,
   /* Enable Anti-replay */
   IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY = 0x02,
   /* IPsec tunnel mode if non-zero, else transport mode */
diff --git a/src/vnet/ipsec/ipsec_api.c b/src/vnet/ipsec/ipsec_api.c
index da175b2e5b9..4c7242da30a 100644
--- a/src/vnet/ipsec/ipsec_api.c
+++ b/src/vnet/ipsec/ipsec_api.c
@@ -320,8 +320,8 @@ ipsec_sad_flags_encode (const ipsec_sa_t * sa)
 {
   vl_api_ipsec_sad_flags_t flags = IPSEC_API_SAD_FLAG_NONE;
 
-  if (ipsec_sa_is_set_USE_EXTENDED_SEQ_NUM (sa))
-    flags |= IPSEC_API_SAD_FLAG_USE_EXTENDED_SEQ_NUM;
+  if (ipsec_sa_is_set_USE_ESN (sa))
+    flags |= IPSEC_API_SAD_FLAG_USE_ESN;
   if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
     flags |= IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY;
   if (ipsec_sa_is_set_IS_TUNNEL (sa))
@@ -702,7 +702,7 @@ send_ipsec_sa_details (ipsec_sa_t * sa, vl_api_registration_t * reg,
   mp->salt = clib_host_to_net_u32 (sa->salt);
   mp->seq_outbound = clib_host_to_net_u64 (((u64) sa->seq));
   mp->last_seq_inbound = clib_host_to_net_u64 (((u64) sa->last_seq));
-  if (ipsec_sa_is_set_USE_EXTENDED_SEQ_NUM (sa))
+  if (ipsec_sa_is_set_USE_ESN (sa))
     {
       mp->seq_outbound |= (u64) (clib_host_to_net_u32 (sa->seq_hi));
       mp->last_seq_inbound |= (u64) (clib_host_to_net_u32 (sa->last_seq_hi));
diff --git a/src/vnet/ipsec/ipsec_format.c b/src/vnet/ipsec/ipsec_format.c
index 1ad3a53c45b..dd99f780be6 100644
--- a/src/vnet/ipsec/ipsec_format.c
+++ b/src/vnet/ipsec/ipsec_format.c
@@ -261,7 +261,7 @@ format_ipsec_sa (u8 * s, va_list * args)
 	      sa->protocol ? "esp" : "ah",
 	      ipsec_sa_is_set_UDP_ENCAP (sa) ? " udp-encap-enabled" : "",
 	      ipsec_sa_is_set_USE_ANTI_REPLAY (sa) ? " anti-replay" : "",
-	      ipsec_sa_is_set_USE_EXTENDED_SEQ_NUM (sa) ?
+	      ipsec_sa_is_set_USE_ESN (sa) ?
 	      " extended-sequence-number" : "");
   s = format (s, "\n   seq %u seq-hi %u", sa->seq, sa->seq_hi);
   s = format (s, "\n   last-seq %u last-seq-hi %u window %U",
diff --git a/src/vnet/ipsec/ipsec_if.c b/src/vnet/ipsec/ipsec_if.c
index af61178fbc8..7d6c725e539 100644
--- a/src/vnet/ipsec/ipsec_if.c
+++ b/src/vnet/ipsec/ipsec_if.c
@@ -290,7 +290,7 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
       if (args->udp_encap)
 	flags |= IPSEC_SA_FLAG_UDP_ENCAP;
       if (args->esn)
-	flags |= IPSEC_SA_FLAG_USE_EXTENDED_SEQ_NUM;
+	flags |= IPSEC_SA_FLAG_USE_ESN;
       if (args->anti_replay)
 	flags |= IPSEC_SA_FLAG_USE_ANTI_REPLAY;
 
diff --git a/src/vnet/ipsec/ipsec_sa.c b/src/vnet/ipsec/ipsec_sa.c
index 3d62395bd7c..eb21ecf81a4 100644
--- a/src/vnet/ipsec/ipsec_sa.c
+++ b/src/vnet/ipsec/ipsec_sa.c
@@ -155,8 +155,8 @@ ipsec_sa_add (u32 id,
   ip46_address_copy (&sa->tunnel_src_addr, tun_src);
   ip46_address_copy (&sa->tunnel_dst_addr, tun_dst);
 
-  if (flags & IPSEC_SA_FLAG_USE_EXTENDED_SEQ_NUM)
-    ipsec_sa_set_USE_EXTENDED_SEQ_NUM (sa);
+  if (flags & IPSEC_SA_FLAG_USE_ESN)
+    ipsec_sa_set_USE_ESN (sa);
   if (flags & IPSEC_SA_FLAG_USE_ANTI_REPLAY)
     ipsec_sa_set_USE_ANTI_REPLAY (sa);
   if (flags & IPSEC_SA_FLAG_IS_TUNNEL)
diff --git a/src/vnet/ipsec/ipsec_sa.h b/src/vnet/ipsec/ipsec_sa.h
index 44f9642ce47..94f1554112f 100644
--- a/src/vnet/ipsec/ipsec_sa.h
+++ b/src/vnet/ipsec/ipsec_sa.h
@@ -85,7 +85,7 @@ typedef struct ipsec_key_t_
  */
 #define foreach_ipsec_sa_flags                            \
   _ (0, NONE, "none")                                     \
-  _ (1, USE_EXTENDED_SEQ_NUM, "esn")                      \
+  _ (1, USE_ESN, "esn")                                   \
   _ (2, USE_ANTI_REPLAY, "anti-replay")                   \
   _ (4, IS_TUNNEL, "tunnel")                              \
   _ (8, IS_TUNNEL_V6, "tunnel-v6")                        \
@@ -227,7 +227,7 @@ ipsec_sa_anti_replay_check (ipsec_sa_t * sa, u32 * seqp)
 
   seq = clib_net_to_host_u32 (*seqp);
 
-  if ((sa->flags & IPSEC_SA_FLAG_USE_EXTENDED_SEQ_NUM) == 0)
+  if ((sa->flags & IPSEC_SA_FLAG_USE_ESN) == 0)
     {
 
       if (PREDICT_TRUE (seq > sa->last_seq))
@@ -291,7 +291,7 @@ ipsec_sa_anti_replay_advance (ipsec_sa_t * sa, u32 * seqp)
     return;
 
   seq = clib_host_to_net_u32 (*seqp);
-  if (PREDICT_TRUE (sa->flags & IPSEC_SA_FLAG_USE_EXTENDED_SEQ_NUM))
+  if (PREDICT_TRUE (sa->flags & IPSEC_SA_FLAG_USE_ESN))
     {
       int wrap = sa->seq_hi - sa->last_seq_hi;
 
diff --git a/test/template_ipsec.py b/test/template_ipsec.py
index 39db4ddc6f6..40e787eebb7 100644
--- a/test/template_ipsec.py
+++ b/test/template_ipsec.py
@@ -84,7 +84,7 @@ class IPsecIPv6Params(object):
 def config_tun_params(p, encryption_type, tun_if):
     ip_class_by_addr_type = {socket.AF_INET: IP, socket.AF_INET6: IPv6}
     use_esn = bool(p.flags & (VppEnum.vl_api_ipsec_sad_flags_t.
-                              IPSEC_API_SAD_FLAG_USE_EXTENDED_SEQ_NUM))
+                              IPSEC_API_SAD_FLAG_USE_ESN))
     p.scapy_tun_sa = SecurityAssociation(
         encryption_type, spi=p.vpp_tun_spi,
         crypt_algo=p.crypt_algo, crypt_key=p.crypt_key,
@@ -107,7 +107,7 @@ def config_tun_params(p, encryption_type, tun_if):
 
 def config_tra_params(p, encryption_type):
     use_esn = p.flags & (VppEnum.vl_api_ipsec_sad_flags_t.
-                         IPSEC_API_SAD_FLAG_USE_EXTENDED_SEQ_NUM)
+                         IPSEC_API_SAD_FLAG_USE_ESN)
     p.scapy_tra_sa = SecurityAssociation(
         encryption_type,
         spi=p.vpp_tra_spi,
diff --git a/test/test_ipsec_ah.py b/test/test_ipsec_ah.py
index af65850253c..0fb084199d8 100644
--- a/test/test_ipsec_ah.py
+++ b/test/test_ipsec_ah.py
@@ -243,7 +243,7 @@ class TestIpsecAh3(TemplateIpsecAh, IpsecTra46Tests, IpsecTun46Tests):
                        self.ipv6_params.addr_type: self.ipv6_params}
         for _, p in self.params.items():
             p.flags = (VppEnum.vl_api_ipsec_sad_flags_t.
-                       IPSEC_API_SAD_FLAG_USE_EXTENDED_SEQ_NUM)
+                       IPSEC_API_SAD_FLAG_USE_ESN)
 
 if __name__ == '__main__':
     unittest.main(testRunner=VppTestRunner)
author	Damjan Marion <damarion@cisco.com>	2019-03-28 10:58:59 +0100
committer	Florin Coras <florin.coras@gmail.com>	2019-03-28 22:23:08 +0000
commit	1e3aa5e213c23588981ee17d1413a0441a40527a (patch)
tree	ca5e171e1611a3340852034ba1172235f00ace4d
parent	9fd24793a407f2edbdf5c2d3a031bdcf894f0a69 (diff)