From 2a41fb7c65259e36a8fb1c60eb2c5fc73ade9575 Mon Sep 17 00:00:00 2001 From: Aviad Yehezkel Date: Tue, 24 Oct 2017 15:49:00 +0300 Subject: [PATCH] examples/ipsec-secgw: convert IV to big endian According to rfc4106 the IV should be unique and can be implemented as counter. The changed was created because putting an analyzer on wire and comparing packets generated by this application and Linux kernel. Linux kernel sets IV as BE, so it is worth to do the same for future debug / comparison. Signed-off-by: Aviad Yehezkel Acked-by: Radu Nicolau --- examples/ipsec-secgw/esp.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c index 063e63fb0e..a63fb954c2 100644 --- a/examples/ipsec-secgw/esp.c +++ b/examples/ipsec-secgw/esp.c @@ -331,7 +331,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa, if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) { uint8_t *aad; - *iv = sa->seq; + *iv = rte_cpu_to_be_64(sa->seq); sym_cop->aead.data.offset = ip_hdr_len + sizeof(struct esp_hdr) + sa->iv_len; sym_cop->aead.data.length = pad_payload_len; @@ -344,7 +344,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa, struct cnt_blk *icb = get_cnt_blk(m); icb->salt = sa->salt; - icb->iv = sa->seq; + icb->iv = rte_cpu_to_be_64(sa->seq); icb->cnt = rte_cpu_to_be_32(1); aad = get_aad(m); @@ -367,7 +367,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa, sym_cop->cipher.data.length = pad_payload_len + sa->iv_len; break; case RTE_CRYPTO_CIPHER_AES_CTR: - *iv = sa->seq; + *iv = rte_cpu_to_be_64(sa->seq); sym_cop->cipher.data.offset = ip_hdr_len + sizeof(struct esp_hdr) + sa->iv_len; sym_cop->cipher.data.length = pad_payload_len; @@ -386,7 +386,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa, struct cnt_blk *icb = get_cnt_blk(m); icb->salt = sa->salt; - icb->iv = sa->seq; + icb->iv = rte_cpu_to_be_64(sa->seq); icb->cnt = rte_cpu_to_be_32(1); switch (sa->auth_algo) { -- 2.20.1