diff options
Diffstat (limited to 'src/plugins/dpdk/ipsec')
-rw-r--r-- | src/plugins/dpdk/ipsec/esp_decrypt.c | 5 | ||||
-rw-r--r-- | src/plugins/dpdk/ipsec/esp_encrypt.c | 13 | ||||
-rw-r--r-- | src/plugins/dpdk/ipsec/ipsec.c | 21 |
3 files changed, 14 insertions, 25 deletions
diff --git a/src/plugins/dpdk/ipsec/esp_decrypt.c b/src/plugins/dpdk/ipsec/esp_decrypt.c index afbab963009..112b96a12bd 100644 --- a/src/plugins/dpdk/ipsec/esp_decrypt.c +++ b/src/plugins/dpdk/ipsec/esp_decrypt.c @@ -330,7 +330,10 @@ dpdk_esp_decrypt_inline (vlib_main_t * vm, /* _aad[3] should always be 0 */ if (PREDICT_FALSE (ipsec_sa_is_set_USE_ESN (sa0))) - _aad[2] = clib_host_to_net_u32 (sa0->seq_hi); + { + _aad[2] = _aad[1]; + _aad[1] = clib_host_to_net_u32 (sa0->seq_hi); + } else _aad[2] = 0; } diff --git a/src/plugins/dpdk/ipsec/esp_encrypt.c b/src/plugins/dpdk/ipsec/esp_encrypt.c index 1d29841c5d7..dd37f081a15 100644 --- a/src/plugins/dpdk/ipsec/esp_encrypt.c +++ b/src/plugins/dpdk/ipsec/esp_encrypt.c @@ -530,14 +530,19 @@ dpdk_esp_encrypt_inline (vlib_main_t * vm, if (is_aead) { aad = (u32 *) priv->aad; - aad[0] = clib_host_to_net_u32 (sa0->spi); - aad[1] = clib_host_to_net_u32 (sa0->seq); + aad[0] = esp0->spi; /* aad[3] should always be 0 */ if (PREDICT_FALSE (ipsec_sa_is_set_USE_ESN (sa0))) - aad[2] = clib_host_to_net_u32 (sa0->seq_hi); + { + aad[1] = clib_host_to_net_u32 (sa0->seq_hi); + aad[2] = esp0->seq; + } else - aad[2] = 0; + { + aad[1] = esp0->seq; + aad[2] = 0; + } } else { diff --git a/src/plugins/dpdk/ipsec/ipsec.c b/src/plugins/dpdk/ipsec/ipsec.c index 93efc6bcf7e..260775b0695 100644 --- a/src/plugins/dpdk/ipsec/ipsec.c +++ b/src/plugins/dpdk/ipsec/ipsec.c @@ -494,7 +494,6 @@ dpdk_crypto_session_disposal (crypto_session_disposal_t * v, u64 ts) static clib_error_t * add_del_sa_session (u32 sa_index, u8 is_add) { - ipsec_main_t *im = &ipsec_main; dpdk_crypto_main_t *dcm = &dpdk_crypto_main; crypto_data_t *data; struct rte_cryptodev_sym_session *s; @@ -502,25 +501,7 @@ add_del_sa_session (u32 sa_index, u8 is_add) u32 drv_id; if (is_add) - { -#if 1 - ipsec_sa_t *sa = pool_elt_at_index (im->sad, sa_index); - u32 seed; - switch (sa->crypto_alg) - { - case IPSEC_CRYPTO_ALG_AES_GCM_128: - case IPSEC_CRYPTO_ALG_AES_GCM_192: - case IPSEC_CRYPTO_ALG_AES_GCM_256: - clib_memcpy (&sa->salt, - &sa->crypto_key.data[sa->crypto_key.len - 4], 4); - break; - default: - seed = (u32) clib_cpu_time_now (); - sa->salt = random_u32 (&seed); - } -#endif - return 0; - } + return 0; /* *INDENT-OFF* */ vec_foreach (data, dcm->data) |