diff options
author | Florin Coras <florin.coras@gmail.com> | 2020-03-23 18:13:32 +0000 |
---|---|---|
committer | Dave Barach <openvpp@barachs.net> | 2020-03-23 21:24:34 +0000 |
commit | ae8102ec0ec49d8ab4dfa6f0199e773e1868e134 (patch) | |
tree | 7acdacd17a65df4fd7eb0ca8f1e8a901c82d16be /src/vnet/ipsec/esp_encrypt.c | |
parent | ef633187e2c8da9d68f018df7985dfb491f44e6c (diff) |
ipsec: Revert "ipsec: fix chained ESP"
This reverts commit c2c1bfd9b72aec88526c06479b128725eb525866.
Reason for revert: Seems it's breaking ipsec esp tests
Type: fix
Change-Id: Iac590eee23cbf92a10c62dafa789aa9c3b2284dd
Signed-off-by: Florin Coras <fcoras@cisco.com>
Diffstat (limited to 'src/vnet/ipsec/esp_encrypt.c')
-rw-r--r-- | src/vnet/ipsec/esp_encrypt.c | 39 |
1 files changed, 14 insertions, 25 deletions
diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c index 9b32d3fc38e..e06babd92ef 100644 --- a/src/vnet/ipsec/esp_encrypt.c +++ b/src/vnet/ipsec/esp_encrypt.c @@ -44,6 +44,7 @@ typedef enum _(SEQ_CYCLED, "sequence number cycled (packet dropped)") \ _(CRYPTO_ENGINE_ERROR, "crypto engine error (packet dropped)") \ _(NO_BUFFERS, "no buffers (packet dropped)") \ + _(NO_TRAILER_SPACE, "no trailer space (packet dropped)") typedef enum { @@ -90,8 +91,7 @@ format_esp_encrypt_trace (u8 * s, va_list * args) /* pad packet in input buffer */ static_always_inline u8 * -esp_add_footer_and_icv (vlib_main_t * vm, vlib_buffer_t ** last, - u8 block_size, u8 icv_sz, +esp_add_footer_and_icv (vlib_buffer_t * b, u8 block_size, u8 icv_sz, u16 * next, vlib_node_runtime_t * node, u16 buffer_data_size, uword total_len) { @@ -103,27 +103,18 @@ esp_add_footer_and_icv (vlib_main_t * vm, vlib_buffer_t ** last, u16 min_length = total_len + sizeof (esp_footer_t); u16 new_length = round_pow2 (min_length, block_size); u8 pad_bytes = new_length - min_length; - esp_footer_t *f = (esp_footer_t *) (vlib_buffer_get_current (last[0]) + - last[0]->current_length + pad_bytes); + esp_footer_t *f = (esp_footer_t *) (vlib_buffer_get_current (b) + + b->current_length + pad_bytes); u16 tail_sz = sizeof (esp_footer_t) + pad_bytes + icv_sz; - if (last[0]->current_length + tail_sz > buffer_data_size) + if (b->current_data + tail_sz > buffer_data_size) { - u32 tmp_bi = 0; - if (vlib_buffer_alloc (vm, &tmp_bi, 1) != 1) - return 0; - - vlib_buffer_t *tmp = vlib_get_buffer (vm, tmp_bi); - last[0]->next_buffer = tmp_bi; - last[0]->flags |= VLIB_BUFFER_NEXT_PRESENT; - f = (esp_footer_t *) (vlib_buffer_get_current (tmp) + pad_bytes); - tmp->current_length += tail_sz; - last[0] = tmp; + // TODO alloc new buffer + b->error = node->errors[ESP_ENCRYPT_ERROR_NO_TRAILER_SPACE]; + next[0] = ESP_ENCRYPT_NEXT_DROP; + return 0; } - else - last[0]->current_length += tail_sz; - f->pad_length = pad_bytes; if (pad_bytes) { ASSERT (pad_bytes <= ESP_MAX_BLOCK_SIZE); @@ -131,6 +122,8 @@ esp_add_footer_and_icv (vlib_main_t * vm, vlib_buffer_t ** last, clib_memcpy_fast ((u8 *) f - pad_bytes, pad_data, pad_bytes); } + f->pad_length = pad_bytes; + b->current_length += tail_sz; return &f->next_header; } @@ -409,17 +402,13 @@ esp_encrypt_inline (vlib_main_t * vm, vlib_node_runtime_t * node, if (ipsec_sa_is_set_IS_TUNNEL (sa0)) { payload = vlib_buffer_get_current (b[0]); - next_hdr_ptr = esp_add_footer_and_icv (vm, &lb, block_sz, icv_sz, + next_hdr_ptr = esp_add_footer_and_icv (lb, block_sz, icv_sz, next, node, buffer_data_size, vlib_buffer_length_in_chain (vm, b[0])); if (!next_hdr_ptr) - { - b[0]->error = node->errors[ESP_ENCRYPT_ERROR_NO_BUFFERS]; - next[0] = ESP_ENCRYPT_NEXT_DROP; - goto trace; - } + goto trace; b[0]->flags &= ~VLIB_BUFFER_TOTAL_LENGTH_VALID; payload_len = b[0]->current_length; payload_len_total = vlib_buffer_length_in_chain (vm, b[0]); @@ -482,7 +471,7 @@ esp_encrypt_inline (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_buffer_advance (b[0], ip_len); payload = vlib_buffer_get_current (b[0]); - next_hdr_ptr = esp_add_footer_and_icv (vm, &lb, block_sz, icv_sz, + next_hdr_ptr = esp_add_footer_and_icv (lb, block_sz, icv_sz, next, node, buffer_data_size, vlib_buffer_length_in_chain |