summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/plugins/dpdk/ipsec/esp_decrypt.c5
-rw-r--r--src/plugins/dpdk/ipsec/esp_encrypt.c13
-rw-r--r--src/plugins/dpdk/ipsec/ipsec.c21
3 files changed, 14 insertions, 25 deletions
diff --git a/src/plugins/dpdk/ipsec/esp_decrypt.c b/src/plugins/dpdk/ipsec/esp_decrypt.c
index afbab963009..112b96a12bd 100644
--- a/src/plugins/dpdk/ipsec/esp_decrypt.c
+++ b/src/plugins/dpdk/ipsec/esp_decrypt.c
@@ -330,7 +330,10 @@ dpdk_esp_decrypt_inline (vlib_main_t * vm,
/* _aad[3] should always be 0 */
if (PREDICT_FALSE (ipsec_sa_is_set_USE_ESN (sa0)))
- _aad[2] = clib_host_to_net_u32 (sa0->seq_hi);
+ {
+ _aad[2] = _aad[1];
+ _aad[1] = clib_host_to_net_u32 (sa0->seq_hi);
+ }
else
_aad[2] = 0;
}
diff --git a/src/plugins/dpdk/ipsec/esp_encrypt.c b/src/plugins/dpdk/ipsec/esp_encrypt.c
index 1d29841c5d7..dd37f081a15 100644
--- a/src/plugins/dpdk/ipsec/esp_encrypt.c
+++ b/src/plugins/dpdk/ipsec/esp_encrypt.c
@@ -530,14 +530,19 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm,
if (is_aead)
{
aad = (u32 *) priv->aad;
- aad[0] = clib_host_to_net_u32 (sa0->spi);
- aad[1] = clib_host_to_net_u32 (sa0->seq);
+ aad[0] = esp0->spi;
/* aad[3] should always be 0 */
if (PREDICT_FALSE (ipsec_sa_is_set_USE_ESN (sa0)))
- aad[2] = clib_host_to_net_u32 (sa0->seq_hi);
+ {
+ aad[1] = clib_host_to_net_u32 (sa0->seq_hi);
+ aad[2] = esp0->seq;
+ }
else
- aad[2] = 0;
+ {
+ aad[1] = esp0->seq;
+ aad[2] = 0;
+ }
}
else
{
diff --git a/src/plugins/dpdk/ipsec/ipsec.c b/src/plugins/dpdk/ipsec/ipsec.c
index 93efc6bcf7e..260775b0695 100644
--- a/src/plugins/dpdk/ipsec/ipsec.c
+++ b/src/plugins/dpdk/ipsec/ipsec.c
@@ -494,7 +494,6 @@ dpdk_crypto_session_disposal (crypto_session_disposal_t * v, u64 ts)
static clib_error_t *
add_del_sa_session (u32 sa_index, u8 is_add)
{
- ipsec_main_t *im = &ipsec_main;
dpdk_crypto_main_t *dcm = &dpdk_crypto_main;
crypto_data_t *data;
struct rte_cryptodev_sym_session *s;
@@ -502,25 +501,7 @@ add_del_sa_session (u32 sa_index, u8 is_add)
u32 drv_id;
if (is_add)
- {
-#if 1
- ipsec_sa_t *sa = pool_elt_at_index (im->sad, sa_index);
- u32 seed;
- switch (sa->crypto_alg)
- {
- case IPSEC_CRYPTO_ALG_AES_GCM_128:
- case IPSEC_CRYPTO_ALG_AES_GCM_192:
- case IPSEC_CRYPTO_ALG_AES_GCM_256:
- clib_memcpy (&sa->salt,
- &sa->crypto_key.data[sa->crypto_key.len - 4], 4);
- break;
- default:
- seed = (u32) clib_cpu_time_now ();
- sa->salt = random_u32 (&seed);
- }
-#endif
- return 0;
- }
+ return 0;
/* *INDENT-OFF* */
vec_foreach (data, dcm->data)