- struct crypto_testsuite_params *ts_params = &testsuite_params;
- debug_counter++;
- int result;
- u8 dest[8192]; // scratch buf, maximum packet
- u8 *data;
- struct ether_hdr *peth = rte_pktmbuf_mtod(mbuf, struct ether_hdr *);
- struct ipv4_hdr* pip4 = (struct ipv4_hdr *)(peth + 1);
- uint16_t ipv4_length = rte_be_to_cpu_16(pip4->total_length);
- struct rte_crypto_sym_op *sym_cop = get_sym_cop(cop);
-
- if (unlikely((pip4->version_ihl >> 4) != 4)) {
- plog_info("Received non IPv4 packet at esp tunnel input %i\n", pip4->version_ihl);
- // Drop packet
- return OUT_DISCARD;
- }
- if (pip4->time_to_live) {
- pip4->time_to_live--;
- }
- else {
- plog_info("TTL = 0 => Dropping\n");
- return OUT_DISCARD;
- }
-
- // Remove padding if any (we don't want to encapsulate garbage at end of IPv4 packet)
- int l1 = rte_pktmbuf_pkt_len(mbuf);
- int padding = l1 - (ipv4_length + sizeof(struct ether_hdr));
- if (unlikely(padding > 0)) {
- rte_pktmbuf_trim(mbuf, padding);
- }
-
- l1 = rte_pktmbuf_pkt_len(mbuf);
- int encrypt_len = l1 - sizeof(struct ether_hdr) + 2; // According to RFC4303 table 1, encrypt len is ip+tfc_pad(o)+pad+pad len(1) + next header(1)
- padding = 0;
- if ((encrypt_len & 0xf) != 0)
- {
- // now add padding
- padding = 16 - (encrypt_len % 16);
- encrypt_len += padding;
- }
-
- // Encapsulate, crypt in a separate buffer
-// memcpy(dest, pip4, encrypt_len);
- const int extra_space = sizeof(struct ipv4_hdr) + 4 + 4 + CIPHER_IV_LENGTH_AES_CBC; // + new IP header, SPI, SN, IV
- struct ether_addr src_mac = peth->s_addr;
- struct ether_addr dst_mac = peth->d_addr;
- uint32_t src_addr = pip4->src_addr;
- uint32_t dst_addr = pip4->dst_addr;
- uint8_t ttl = pip4->time_to_live;
- uint8_t version_ihl = pip4->version_ihl;
-
- peth = (struct ether_hdr *)rte_pktmbuf_prepend(mbuf, extra_space); // encap + prefix
- peth = (struct ether_hdr *)rte_pktmbuf_append(mbuf, 0 + 1 + 1 + padding + 4 + DIGEST_BYTE_LENGTH_SHA1); // padding + pad_len + next_head + seqn + ICV pad + ICV
- peth = rte_pktmbuf_mtod(mbuf, struct ether_hdr *);
- l1 = rte_pktmbuf_pkt_len(mbuf);
- peth->ether_type = ETYPE_IPv4;
- ether_addr_copy(&src_mac, &peth->s_addr);
- ether_addr_copy(&dst_mac, &peth->d_addr);
-
- pip4 = (struct ipv4_hdr *)(peth + 1);
- pip4->src_addr = task->local_ipv4;
- pip4->dst_addr = task->remote_ipv4;
- pip4->time_to_live = ttl;
- pip4->next_proto_id = 50; // 50 for ESP, ip in ip next proto trailer
- pip4->version_ihl = version_ihl; // 20 bytes, ipv4
- pip4->total_length = rte_cpu_to_be_16(ipv4_length + sizeof(struct ipv4_hdr) + 4 + 4 + CIPHER_IV_LENGTH_AES_CBC + padding + 1 + 1 + DIGEST_BYTE_LENGTH_SHA1); // iphdr+SPI+SN+IV+payload+padding+padlen+next header + crc + auth
- prox_ip_cksum_sw(pip4);
-
-// find the SA when there will be more than one
- if (task->ipaddr == pip4->src_addr)
- {
- }
- data = (u8*)(pip4 + 1);
- *((u32*) data) = 0x2016; // FIXME SPI
- *((u32*) data + 1) = 0x2; // FIXME SN
- u8 *padl = (u8*)data + (8 + encrypt_len - 2 + CIPHER_IV_LENGTH_AES_CBC); // No ESN yet. (-2 means NH is crypted)
-// padl += CIPHER_IV_LENGTH_AES_CBC;
- *padl = padding;
- *(padl + 1) = 4; // ipv4 in 4
-
-// one key for them all for now
- rte_crypto_op_attach_sym_session(cop, task->sess);
-
- sym_cop->auth.digest.data = data + 8 + CIPHER_IV_LENGTH_AES_CBC + encrypt_len + 2;
- sym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(mbuf, (sizeof (struct ether_hdr) + sizeof(struct ipv4_hdr) + 8 + CIPHER_IV_LENGTH_AES_CBC + encrypt_len + 2));
- sym_cop->auth.digest.length = DIGEST_BYTE_LENGTH_SHA1;
-
- sym_cop->cipher.iv.data = data + 8;
- sym_cop->cipher.iv.phys_addr = rte_pktmbuf_mtophys(mbuf) + sizeof (struct ether_hdr) + sizeof(struct ipv4_hdr) + 4 + 4;
- sym_cop->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
-
- rte_memcpy(sym_cop->cipher.iv.data, aes_cbc_iv, CIPHER_IV_LENGTH_AES_CBC);
-
- sym_cop->cipher.data.offset = sizeof (struct ether_hdr) + sizeof(struct ipv4_hdr) + 4 + 4 + CIPHER_IV_LENGTH_AES_CBC;
- sym_cop->cipher.data.length = encrypt_len;
-
- sym_cop->auth.data.offset = sizeof (struct ether_hdr) + sizeof(struct ipv4_hdr);
- sym_cop->auth.data.length = 4 + 4 + CIPHER_IV_LENGTH_AES_CBC + encrypt_len ;// + 4;// FIXME
-
- /* Process crypto operation */
- sym_cop->m_src = mbuf;
- return enqueue_crypto_request(task, cop, 0);
+ u8 *data;
+ struct ether_hdr *peth = rte_pktmbuf_mtod(mbuf, struct ether_hdr *);
+ struct ipv4_hdr* pip4 = (struct ipv4_hdr *)(peth + 1);
+ uint16_t ipv4_length = rte_be_to_cpu_16(pip4->total_length);
+ struct rte_crypto_sym_op *sym_cop = cop->sym;
+
+ if (unlikely((pip4->version_ihl >> 4) != 4)) {
+ plog_info("Received non IPv4 packet at esp enc %i\n", pip4->version_ihl);
+ plogdx_info(mbuf, "ENC RX: ");
+ return OUT_DISCARD;
+ }
+ if (pip4->time_to_live) {
+ pip4->time_to_live--;
+ }
+ else {
+ plog_info("TTL = 0 => Dropping\n");
+ return OUT_DISCARD;
+ }
+
+ // Remove padding if any (we don't want to encapsulate garbage at end of IPv4 packet)
+ int l1 = rte_pktmbuf_pkt_len(mbuf);
+ int padding = l1 - (ipv4_length + sizeof(struct ether_hdr));
+ if (unlikely(padding > 0)) {
+ rte_pktmbuf_trim(mbuf, padding);
+ }
+
+ l1 = rte_pktmbuf_pkt_len(mbuf);
+ int encrypt_len = l1 - sizeof(struct ether_hdr) + 2; // According to RFC4303 table 1, encrypt len is ip+tfc_pad(o)+pad+pad len(1) + next header(1)
+ padding = 0;
+ if ((encrypt_len & 0xf) != 0){
+ padding = 16 - (encrypt_len % 16);
+ encrypt_len += padding;
+ }
+
+ const int extra_space = sizeof(struct ipv4_hdr) + sizeof(struct esp_hdr) + CIPHER_IV_LENGTH_AES_CBC;
+
+ struct ether_addr src_mac = peth->s_addr;
+ struct ether_addr dst_mac = peth->d_addr;
+ uint32_t src_addr = pip4->src_addr;
+ uint32_t dst_addr = pip4->dst_addr;
+ uint8_t ttl = pip4->time_to_live;
+ uint8_t version_ihl = pip4->version_ihl;
+
+ peth = (struct ether_hdr *)rte_pktmbuf_prepend(mbuf, extra_space); // encap + prefix
+ peth = (struct ether_hdr *)rte_pktmbuf_append(mbuf, 0 + 1 + 1 + padding + 4 + DIGEST_BYTE_LENGTH_SHA1); // padding + pad_len + next_head + seqn + ICV pad + ICV
+ peth = rte_pktmbuf_mtod(mbuf, struct ether_hdr *);
+ l1 = rte_pktmbuf_pkt_len(mbuf);
+ peth->ether_type = ETYPE_IPv4;
+#if 0
+ //send it back
+ ether_addr_copy(&dst_mac, &peth->s_addr);
+ ether_addr_copy(&src_mac, &peth->d_addr);
+#else
+ ether_addr_copy(&task->local_mac, &peth->s_addr);
+ //ether_addr_copy(&dst_mac, &peth->d_addr);//IS: dstmac should be rewritten by arp
+ ether_addr_copy(&task->dst_mac, &peth->d_addr);
+#endif
+
+ pip4 = (struct ipv4_hdr *)(peth + 1);
+ pip4->src_addr = task->local_ipv4;
+ pip4->dst_addr = task->remote_ipv4;
+ pip4->time_to_live = ttl;
+ pip4->next_proto_id = IPPROTO_ESP; // 50 for ESP, ip in ip next proto trailer
+ pip4->version_ihl = version_ihl; // 20 bytes, ipv4
+ pip4->total_length = rte_cpu_to_be_16(ipv4_length + sizeof(struct ipv4_hdr) + sizeof(struct esp_hdr) + CIPHER_IV_LENGTH_AES_CBC + padding + 1 + 1 + DIGEST_BYTE_LENGTH_SHA1); // iphdr+SPI+SN+IV+payload+padding+padlen+next header + crc + auth
+ pip4->packet_id = 0x0101;
+ pip4->type_of_service = 0;
+ pip4->time_to_live = 64;
+ prox_ip_cksum(mbuf, pip4, sizeof(struct ether_hdr), sizeof(struct ipv4_hdr), 1);
+
+ data = (u8*)(pip4 + 1);
+#if 0
+ *((u32*) data) = 0x2016; // FIXME SPI
+ *((u32*) data + 1) = 0x2; // FIXME SN
+#else
+ struct esp_hdr *pesp = (struct esp_hdr*)(pip4+1);
+ pesp->spi = src_addr;//for simplicity assume 1 tunnel per source ip
+ static u32 sn = 0;
+ pesp->sn = ++sn;
+ pesp->spi=0xAAAAAAAA;//debug
+ pesp->sn =0xBBBBBBBB;//debug
+#endif
+ u8 *padl = (u8*)data + (8 + encrypt_len - 2 + CIPHER_IV_LENGTH_AES_CBC); // No ESN yet. (-2 means NH is crypted)
+ //padl += CIPHER_IV_LENGTH_AES_CBC;
+ *padl = padding;
+ *(padl + 1) = 4; // ipv4 in 4
+
+ sym_cop->auth.digest.data = data + 8 + CIPHER_IV_LENGTH_AES_CBC + encrypt_len;
+ //sym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(mbuf, (sizeof(struct ether_hdr) + sizeof(struct ipv4_hdr) + 8 + CIPHER_IV_LENGTH_AES_CBC + encrypt_len));
+ sym_cop->auth.digest.phys_addr = rte_pktmbuf_iova_offset(mbuf, (sizeof(struct ether_hdr) + sizeof(struct ipv4_hdr) + 8 + CIPHER_IV_LENGTH_AES_CBC + encrypt_len));
+ //sym_cop->auth.digest.length = DIGEST_BYTE_LENGTH_SHA1;
+
+ //sym_cop->cipher.iv.data = data + 8;
+ //sym_cop->cipher.iv.phys_addr = rte_pktmbuf_mtophys(mbuf) + sizeof(struct ether_hdr) + sizeof(struct ipv4_hdr) + 4 + 4;
+ //sym_cop->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
+
+ //rte_memcpy(sym_cop->cipher.iv.data, aes_cbc_iv, CIPHER_IV_LENGTH_AES_CBC);
+
+ uint8_t *iv_ptr = rte_crypto_op_ctod_offset(cop, uint8_t *, IV_OFFSET);
+ rte_memcpy(iv_ptr, aes_cbc_iv, CIPHER_IV_LENGTH_AES_CBC);
+
+#if 0//old
+ sym_cop->cipher.data.offset = sizeof(struct ether_hdr) + sizeof(struct ipv4_hdr) + 4 + 4 + CIPHER_IV_LENGTH_AES_CBC;
+ sym_cop->cipher.data.length = encrypt_len;
+
+ uint64_t *iv = (uint64_t *)(pesp + 1);
+ memset(iv, 0, CIPHER_IV_LENGTH_AES_CBC);
+#else
+ //uint64_t *iv = (uint64_t *)(pesp + 1);
+ //memset(iv, 0, CIPHER_IV_LENGTH_AES_CBC);
+ sym_cop->cipher.data.offset = sizeof(struct ether_hdr) + sizeof(struct ipv4_hdr) + sizeof(struct esp_hdr);
+ sym_cop->cipher.data.length = encrypt_len + CIPHER_IV_LENGTH_AES_CBC;
+#endif
+
+ sym_cop->auth.data.offset = sizeof(struct ether_hdr) + sizeof(struct ipv4_hdr);
+ sym_cop->auth.data.length = sizeof(struct esp_hdr) + CIPHER_IV_LENGTH_AES_CBC + encrypt_len;// + 4;// FIXME
+
+ sym_cop->m_src = mbuf;
+ rte_crypto_op_attach_sym_session(cop, task->sess);
+ //cop->type = RTE_CRYPTO_OP_TYPE_SYMMETRIC;
+ //cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
+
+ return 0;