Line data Source code
1 : /*
2 : * Copyright (c) 2015 Cisco and/or its affiliates.
3 : * Licensed under the Apache License, Version 2.0 (the "License");
4 : * you may not use this file except in compliance with the License.
5 : * You may obtain a copy of the License at:
6 : *
7 : * http://www.apache.org/licenses/LICENSE-2.0
8 : *
9 : * Unless required by applicable law or agreed to in writing, software
10 : * distributed under the License is distributed on an "AS IS" BASIS,
11 : * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 : * See the License for the specific language governing permissions and
13 : * limitations under the License.
14 : */
15 : #ifndef __IPSEC_SPD_SA_H__
16 : #define __IPSEC_SPD_SA_H__
17 :
18 : #include <vlib/vlib.h>
19 : #include <vppinfra/pcg.h>
20 : #include <vnet/crypto/crypto.h>
21 : #include <vnet/ip/ip.h>
22 : #include <vnet/fib/fib_node.h>
23 : #include <vnet/tunnel/tunnel.h>
24 :
25 : #define ESP_MAX_ICV_SIZE (32)
26 : #define ESP_MAX_IV_SIZE (16)
27 : #define ESP_MAX_BLOCK_SIZE (16)
28 :
29 : #define foreach_ipsec_crypto_alg \
30 : _ (0, NONE, "none") \
31 : _ (1, AES_CBC_128, "aes-cbc-128") \
32 : _ (2, AES_CBC_192, "aes-cbc-192") \
33 : _ (3, AES_CBC_256, "aes-cbc-256") \
34 : _ (4, AES_CTR_128, "aes-ctr-128") \
35 : _ (5, AES_CTR_192, "aes-ctr-192") \
36 : _ (6, AES_CTR_256, "aes-ctr-256") \
37 : _ (7, AES_GCM_128, "aes-gcm-128") \
38 : _ (8, AES_GCM_192, "aes-gcm-192") \
39 : _ (9, AES_GCM_256, "aes-gcm-256") \
40 : _ (10, DES_CBC, "des-cbc") \
41 : _ (11, 3DES_CBC, "3des-cbc") \
42 : _ (12, CHACHA20_POLY1305, "chacha20-poly1305")
43 :
44 : typedef enum
45 : {
46 : #define _(v, f, s) IPSEC_CRYPTO_ALG_##f = v,
47 : foreach_ipsec_crypto_alg
48 : #undef _
49 : IPSEC_CRYPTO_N_ALG,
50 : } __clib_packed ipsec_crypto_alg_t;
51 :
52 : #define IPSEC_CRYPTO_ALG_IS_GCM(_alg) \
53 : (((_alg == IPSEC_CRYPTO_ALG_AES_GCM_128) || \
54 : (_alg == IPSEC_CRYPTO_ALG_AES_GCM_192) || \
55 : (_alg == IPSEC_CRYPTO_ALG_AES_GCM_256)))
56 :
57 : #define IPSEC_CRYPTO_ALG_IS_CTR(_alg) \
58 : (((_alg == IPSEC_CRYPTO_ALG_AES_CTR_128) || \
59 : (_alg == IPSEC_CRYPTO_ALG_AES_CTR_192) || \
60 : (_alg == IPSEC_CRYPTO_ALG_AES_CTR_256)))
61 :
62 : #define IPSEC_CRYPTO_ALG_CTR_AEAD_OTHERS(_alg) \
63 : (_alg == IPSEC_CRYPTO_ALG_CHACHA20_POLY1305)
64 :
65 : #define foreach_ipsec_integ_alg \
66 : _ (0, NONE, "none") \
67 : _ (1, MD5_96, "md5-96") /* RFC2403 */ \
68 : _ (2, SHA1_96, "sha1-96") /* RFC2404 */ \
69 : _ (3, SHA_256_96, "sha-256-96") /* draft-ietf-ipsec-ciph-sha-256-00 */ \
70 : _ (4, SHA_256_128, "sha-256-128") /* RFC4868 */ \
71 : _ (5, SHA_384_192, "sha-384-192") /* RFC4868 */ \
72 : _ (6, SHA_512_256, "sha-512-256") /* RFC4868 */
73 :
74 : typedef enum
75 : {
76 : #define _(v, f, s) IPSEC_INTEG_ALG_##f = v,
77 : foreach_ipsec_integ_alg
78 : #undef _
79 : IPSEC_INTEG_N_ALG,
80 : } __clib_packed ipsec_integ_alg_t;
81 :
82 : typedef enum
83 : {
84 : IPSEC_PROTOCOL_AH = 0,
85 : IPSEC_PROTOCOL_ESP = 1
86 : } __clib_packed ipsec_protocol_t;
87 :
88 : #define IPSEC_KEY_MAX_LEN 128
89 : typedef struct ipsec_key_t_
90 : {
91 : u8 len;
92 : u8 data[IPSEC_KEY_MAX_LEN];
93 : } ipsec_key_t;
94 :
95 : /*
96 : * Enable extended sequence numbers
97 : * Enable Anti-replay
98 : * IPsec tunnel mode if non-zero, else transport mode
99 : * IPsec tunnel mode is IPv6 if non-zero,
100 : * else IPv4 tunnel only valid if is_tunnel is non-zero
101 : * enable UDP encapsulation for NAT traversal
102 : */
103 : #define foreach_ipsec_sa_flags \
104 : _ (0, NONE, "none") \
105 : _ (1, USE_ESN, "esn") \
106 : _ (2, USE_ANTI_REPLAY, "anti-replay") \
107 : _ (4, IS_TUNNEL, "tunnel") \
108 : _ (8, IS_TUNNEL_V6, "tunnel-v6") \
109 : _ (16, UDP_ENCAP, "udp-encap") \
110 : _ (32, IS_PROTECT, "Protect") \
111 : _ (64, IS_INBOUND, "inbound") \
112 : _ (128, IS_AEAD, "aead") \
113 : _ (256, IS_CTR, "ctr") \
114 : _ (512, IS_ASYNC, "async") \
115 : _ (1024, NO_ALGO_NO_DROP, "no-algo-no-drop")
116 :
117 : typedef enum ipsec_sad_flags_t_
118 : {
119 : #define _(v, f, s) IPSEC_SA_FLAG_##f = v,
120 : foreach_ipsec_sa_flags
121 : #undef _
122 : } __clib_packed ipsec_sa_flags_t;
123 :
124 : STATIC_ASSERT (sizeof (ipsec_sa_flags_t) == 2, "IPSEC SA flags != 2 byte");
125 :
126 : #define foreach_ipsec_sa_err \
127 : _ (0, LOST, lost, "packets lost") \
128 : _ (1, HANDOFF, handoff, "hand-off") \
129 : _ (2, INTEG_ERROR, integ_error, "Integrity check failed") \
130 : _ (3, DECRYPTION_FAILED, decryption_failed, "Decryption failed") \
131 : _ (4, CRYPTO_ENGINE_ERROR, crypto_engine_error, \
132 : "crypto engine error (dropped)") \
133 : _ (5, REPLAY, replay, "SA replayed packet") \
134 : _ (6, RUNT, runt, "undersized packet") \
135 : _ (7, NO_BUFFERS, no_buffers, "no buffers (dropped)") \
136 : _ (8, OVERSIZED_HEADER, oversized_header, \
137 : "buffer with oversized header (dropped)") \
138 : _ (9, NO_TAIL_SPACE, no_tail_space, \
139 : "no enough buffer tail space (dropped)") \
140 : _ (10, TUN_NO_PROTO, tun_no_proto, "no tunnel protocol") \
141 : _ (11, UNSUP_PAYLOAD, unsup_payload, "unsupported payload") \
142 : _ (12, SEQ_CYCLED, seq_cycled, "sequence number cycled (dropped)") \
143 : _ (13, CRYPTO_QUEUE_FULL, crypto_queue_full, "crypto queue full (dropped)") \
144 : _ (14, NO_ENCRYPTION, no_encryption, "no Encrypting SA (dropped)") \
145 : _ (15, DROP_FRAGMENTS, drop_fragments, "IP fragments drop")
146 :
147 : typedef enum
148 : {
149 : #define _(v, f, s, d) IPSEC_SA_ERROR_##f = v,
150 : foreach_ipsec_sa_err
151 : #undef _
152 : IPSEC_SA_N_ERRORS,
153 : } __clib_packed ipsec_sa_err_t;
154 :
155 : typedef struct
156 : {
157 : CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
158 :
159 : clib_pcg64i_random_t iv_prng;
160 :
161 : u64 replay_window;
162 : dpo_id_t dpo;
163 :
164 : vnet_crypto_key_index_t crypto_key_index;
165 : vnet_crypto_key_index_t integ_key_index;
166 :
167 : u32 spi;
168 : u32 seq;
169 : u32 seq_hi;
170 :
171 : u16 crypto_enc_op_id;
172 : u16 crypto_dec_op_id;
173 : u16 integ_op_id;
174 : ipsec_sa_flags_t flags;
175 : u16 thread_index;
176 :
177 : u16 integ_icv_size : 6;
178 : u16 crypto_iv_size : 5;
179 : u16 esp_block_align : 5;
180 :
181 : CLIB_CACHE_LINE_ALIGN_MARK (cacheline1);
182 :
183 : union
184 : {
185 : ip4_header_t ip4_hdr;
186 : ip6_header_t ip6_hdr;
187 : };
188 : udp_header_t udp_hdr;
189 :
190 : /* Salt used in CTR modes (incl. GCM) - stored in network byte order */
191 : u32 salt;
192 :
193 : ipsec_protocol_t protocol;
194 : tunnel_encap_decap_flags_t tunnel_flags;
195 : u8 __pad[2];
196 :
197 : /* data accessed by dataplane code should be above this comment */
198 : CLIB_CACHE_LINE_ALIGN_MARK (cacheline2);
199 :
200 : /* Elements with u64 size multiples */
201 : tunnel_t tunnel;
202 : fib_node_t node;
203 :
204 : /* elements with u32 size */
205 : u32 id;
206 : u32 stat_index;
207 : vnet_crypto_alg_t integ_calg;
208 : vnet_crypto_alg_t crypto_calg;
209 : u32 crypto_sync_key_index;
210 : u32 integ_sync_key_index;
211 : u32 crypto_async_key_index;
212 :
213 : /* elements with u16 size */
214 : u16 crypto_sync_enc_op_id;
215 : u16 crypto_sync_dec_op_id;
216 : u16 integ_sync_op_id;
217 : u16 crypto_async_enc_op_id;
218 : u16 crypto_async_dec_op_id;
219 :
220 : /* else u8 packed */
221 : ipsec_crypto_alg_t crypto_alg;
222 : ipsec_integ_alg_t integ_alg;
223 :
224 : ipsec_key_t integ_key;
225 : ipsec_key_t crypto_key;
226 : } ipsec_sa_t;
227 :
228 : STATIC_ASSERT (VNET_CRYPTO_N_OP_IDS < (1 << 16), "crypto ops overflow");
229 : STATIC_ASSERT (ESP_MAX_ICV_SIZE < (1 << 6), "integer icv overflow");
230 : STATIC_ASSERT (ESP_MAX_IV_SIZE < (1 << 5), "esp iv overflow");
231 : STATIC_ASSERT (ESP_MAX_BLOCK_SIZE < (1 << 5), "esp alignment overflow");
232 : STATIC_ASSERT_OFFSET_OF (ipsec_sa_t, cacheline1, CLIB_CACHE_LINE_BYTES);
233 : STATIC_ASSERT_OFFSET_OF (ipsec_sa_t, cacheline2, 2 * CLIB_CACHE_LINE_BYTES);
234 :
235 : /**
236 : * Pool of IPSec SAs
237 : */
238 : extern ipsec_sa_t *ipsec_sa_pool;
239 :
240 : /*
241 : * Ensure that the IPsec data does not overlap with the IP data in
242 : * the buffer meta data
243 : */
244 : STATIC_ASSERT (STRUCT_OFFSET_OF (vnet_buffer_opaque_t, ipsec.sad_index) ==
245 : STRUCT_OFFSET_OF (vnet_buffer_opaque_t, ip.save_protocol),
246 : "IPSec data is overlapping with IP data");
247 :
248 : #define _(a,v,s) \
249 : always_inline int \
250 : ipsec_sa_is_set_##v (const ipsec_sa_t *sa) { \
251 : return (sa->flags & IPSEC_SA_FLAG_##v); \
252 : }
253 3841897 : foreach_ipsec_sa_flags
254 : #undef _
255 : #define _(a,v,s) \
256 : always_inline int \
257 : ipsec_sa_set_##v (ipsec_sa_t *sa) { \
258 : return (sa->flags |= IPSEC_SA_FLAG_##v); \
259 : }
260 6392 : foreach_ipsec_sa_flags
261 : #undef _
262 : #define _(a,v,s) \
263 : always_inline int \
264 : ipsec_sa_unset_##v (ipsec_sa_t *sa) { \
265 : return (sa->flags &= ~IPSEC_SA_FLAG_##v); \
266 : }
267 440 : foreach_ipsec_sa_flags
268 : #undef _
269 : /**
270 : * @brief
271 : * SA packet & bytes counters
272 : */
273 : extern vlib_combined_counter_main_t ipsec_sa_counters;
274 : extern vlib_simple_counter_main_t ipsec_sa_err_counters[IPSEC_SA_N_ERRORS];
275 :
276 : extern void ipsec_mk_key (ipsec_key_t * key, const u8 * data, u8 len);
277 :
278 : extern int ipsec_sa_update (u32 id, u16 src_port, u16 dst_port,
279 : const tunnel_t *tun, bool is_tun);
280 : extern int
281 : ipsec_sa_add_and_lock (u32 id, u32 spi, ipsec_protocol_t proto,
282 : ipsec_crypto_alg_t crypto_alg, const ipsec_key_t *ck,
283 : ipsec_integ_alg_t integ_alg, const ipsec_key_t *ik,
284 : ipsec_sa_flags_t flags, u32 salt, u16 src_port,
285 : u16 dst_port, const tunnel_t *tun, u32 *sa_out_index);
286 : extern int ipsec_sa_bind (u32 id, u32 worker, bool bind);
287 : extern index_t ipsec_sa_find_and_lock (u32 id);
288 : extern int ipsec_sa_unlock_id (u32 id);
289 : extern void ipsec_sa_unlock (index_t sai);
290 : extern void ipsec_sa_lock (index_t sai);
291 : extern void ipsec_sa_clear (index_t sai);
292 : extern void ipsec_sa_set_crypto_alg (ipsec_sa_t * sa,
293 : ipsec_crypto_alg_t crypto_alg);
294 : extern void ipsec_sa_set_integ_alg (ipsec_sa_t * sa,
295 : ipsec_integ_alg_t integ_alg);
296 : extern void ipsec_sa_set_async_mode (ipsec_sa_t *sa, int is_enabled);
297 :
298 : typedef walk_rc_t (*ipsec_sa_walk_cb_t) (ipsec_sa_t * sa, void *ctx);
299 : extern void ipsec_sa_walk (ipsec_sa_walk_cb_t cd, void *ctx);
300 :
301 : extern u8 *format_ipsec_replay_window (u8 *s, va_list *args);
302 : extern u8 *format_ipsec_crypto_alg (u8 * s, va_list * args);
303 : extern u8 *format_ipsec_integ_alg (u8 * s, va_list * args);
304 : extern u8 *format_ipsec_sa (u8 * s, va_list * args);
305 : extern u8 *format_ipsec_key (u8 * s, va_list * args);
306 : extern uword unformat_ipsec_crypto_alg (unformat_input_t * input,
307 : va_list * args);
308 : extern uword unformat_ipsec_integ_alg (unformat_input_t * input,
309 : va_list * args);
310 : extern uword unformat_ipsec_key (unformat_input_t * input, va_list * args);
311 :
312 : #define IPSEC_UDP_PORT_NONE ((u16)~0)
313 :
314 : /*
315 : * Anti Replay definitions
316 : */
317 :
318 : #define IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE (64)
319 : #define IPSEC_SA_ANTI_REPLAY_WINDOW_MAX_INDEX (IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE-1)
320 :
321 : /*
322 : * sequence number less than the lower bound are outside of the window
323 : * From RFC4303 Appendix A:
324 : * Bl = Tl - W + 1
325 : */
326 : #define IPSEC_SA_ANTI_REPLAY_WINDOW_LOWER_BOUND(_tl) (_tl - IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE + 1)
327 :
328 : always_inline int
329 1900 : ipsec_sa_anti_replay_check (const ipsec_sa_t *sa, u32 seq)
330 : {
331 1900 : if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa) &&
332 1900 : sa->replay_window & (1ULL << (sa->seq - seq)))
333 1672 : return 1;
334 : else
335 228 : return 0;
336 : }
337 :
338 : /*
339 : * Anti replay check.
340 : * inputs need to be in host byte order.
341 : *
342 : * The function runs in two contexts. pre and post decrypt.
343 : * Pre-decrypt it:
344 : * 1 - determines if a packet is a replay - a simple check in the window
345 : * 2 - returns the hi-seq number that should be used to decrypt.
346 : * post-decrypt:
347 : * Checks whether the packet is a replay or falls out of window
348 : *
349 : * This funcion should be called even without anti-replay enabled to ensure
350 : * the high sequence number is set.
351 : */
352 : always_inline int
353 451150 : ipsec_sa_anti_replay_and_sn_advance (const ipsec_sa_t *sa, u32 seq,
354 : u32 hi_seq_used, bool post_decrypt,
355 : u32 *hi_seq_req)
356 : {
357 451150 : ASSERT ((post_decrypt == false) == (hi_seq_req != 0));
358 :
359 451150 : if (!ipsec_sa_is_set_USE_ESN (sa))
360 : {
361 249183 : if (hi_seq_req)
362 : /* no ESN, therefore the hi-seq is always 0 */
363 126398 : *hi_seq_req = 0;
364 :
365 249183 : if (!ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
366 136428 : return 0;
367 :
368 112755 : if (PREDICT_TRUE (seq > sa->seq))
369 109979 : return 0;
370 :
371 2776 : u32 diff = sa->seq - seq;
372 :
373 2776 : if (IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE > diff)
374 1965 : return ((sa->replay_window & (1ULL << diff)) ? 1 : 0);
375 : else
376 811 : return 1;
377 :
378 : return 0;
379 : }
380 :
381 201967 : if (!ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
382 : {
383 : /* there's no AR configured for this SA, but in order
384 : * to know whether a packet has wrapped the hi ESN we need
385 : * to know whether it is out of window. if we use the default
386 : * lower bound then we are effectively forcing AR because
387 : * out of window packets will get the increased hi seq number
388 : * and will thus fail to decrypt. IOW we need a window to know
389 : * if the SN has wrapped, but we don't want a window to check for
390 : * anti replay. to resolve the contradiction we use a huge window.
391 : * if the packet is not within 2^30 of the current SN, we'll consider
392 : * it a wrap.
393 : */
394 96848 : if (hi_seq_req)
395 : {
396 48462 : if (seq >= sa->seq)
397 : /* The packet's sequence number is larger that the SA's.
398 : * that can't be a warp - unless we lost more than
399 : * 2^32 packets ... how could we know? */
400 48158 : *hi_seq_req = sa->seq_hi;
401 : else
402 : {
403 : /* The packet's SN is less than the SAs, so either the SN has
404 : * wrapped or the SN is just old. */
405 304 : if (sa->seq - seq > (1 << 30))
406 : /* It's really really really old => it wrapped */
407 152 : *hi_seq_req = sa->seq_hi + 1;
408 : else
409 152 : *hi_seq_req = sa->seq_hi;
410 : }
411 : }
412 : /*
413 : * else
414 : * this is post-decrpyt and since it decrypted we accept it
415 : */
416 96848 : return 0;
417 : }
418 105119 : if (PREDICT_TRUE (sa->seq >= (IPSEC_SA_ANTI_REPLAY_WINDOW_MAX_INDEX)))
419 : {
420 : /*
421 : * the last sequence number VPP recieved is more than one
422 : * window size greater than zero.
423 : * Case A from RFC4303 Appendix A.
424 : */
425 68127 : if (seq < IPSEC_SA_ANTI_REPLAY_WINDOW_LOWER_BOUND (sa->seq))
426 : {
427 : /*
428 : * the received sequence number is lower than the lower bound
429 : * of the window, this could mean either a replay packet or that
430 : * the high sequence number has wrapped. if it decrypts corrently
431 : * then it's the latter.
432 : */
433 1140 : if (post_decrypt)
434 : {
435 190 : if (hi_seq_used == sa->seq_hi)
436 : /* the high sequence number used to succesfully decrypt this
437 : * packet is the same as the last-sequnence number of the SA.
438 : * that means this packet did not cause a wrap.
439 : * this packet is thus out of window and should be dropped */
440 38 : return 1;
441 : else
442 : /* The packet decrypted with a different high sequence number
443 : * to the SA, that means it is the wrap packet and should be
444 : * accepted */
445 152 : return 0;
446 : }
447 : else
448 : {
449 : /* pre-decrypt it might be the might that casues a wrap, we
450 : * need to decrpyt to find out */
451 950 : if (hi_seq_req)
452 950 : *hi_seq_req = sa->seq_hi + 1;
453 950 : return 0;
454 : }
455 : }
456 : else
457 : {
458 : /*
459 : * the recieved sequence number greater than the low
460 : * end of the window.
461 : */
462 66987 : if (hi_seq_req)
463 32841 : *hi_seq_req = sa->seq_hi;
464 66987 : if (seq <= sa->seq)
465 : /*
466 : * The recieved seq number is within bounds of the window
467 : * check if it's a duplicate
468 : */
469 304 : return (ipsec_sa_anti_replay_check (sa, seq));
470 : else
471 : /*
472 : * The received sequence number is greater than the window
473 : * upper bound. this packet will move the window along, assuming
474 : * it decrypts correctly.
475 : */
476 66683 : return 0;
477 : }
478 : }
479 : else
480 : {
481 : /*
482 : * the last sequence number VPP recieved is within one window
483 : * size of zero, i.e. 0 < TL < WINDOW_SIZE, the lower bound is thus a
484 : * large sequence number.
485 : * Note that the check below uses unsiged integer arthimetic, so the
486 : * RHS will be a larger number.
487 : * Case B from RFC4303 Appendix A.
488 : */
489 36992 : if (seq < IPSEC_SA_ANTI_REPLAY_WINDOW_LOWER_BOUND (sa->seq))
490 : {
491 : /*
492 : * the sequence number is less than the lower bound.
493 : */
494 36916 : if (seq <= sa->seq)
495 : {
496 : /*
497 : * the packet is within the window upper bound.
498 : * check for duplicates.
499 : */
500 1520 : if (hi_seq_req)
501 1254 : *hi_seq_req = sa->seq_hi;
502 1520 : return (ipsec_sa_anti_replay_check (sa, seq));
503 : }
504 : else
505 : {
506 : /*
507 : * the packet is less the window lower bound or greater than
508 : * the higher bound, depending on how you look at it...
509 : * We're assuming, given that the last sequence number received,
510 : * TL < WINDOW_SIZE, that a largeer seq num is more likely to be
511 : * a packet that moves the window forward, than a packet that has
512 : * wrapped the high sequence again. If it were the latter then
513 : * we've lost close to 2^32 packets.
514 : */
515 35396 : if (hi_seq_req)
516 19218 : *hi_seq_req = sa->seq_hi;
517 35396 : return 0;
518 : }
519 : }
520 : else
521 : {
522 : /*
523 : * the packet seq number is between the lower bound (a large nubmer)
524 : * and MAX_SEQ_NUM. This is in the window since the window upper bound
525 : * tl > 0.
526 : * However, since TL is the other side of 0 to the received
527 : * packet, the SA has moved on to a higher sequence number.
528 : */
529 76 : if (hi_seq_req)
530 38 : *hi_seq_req = sa->seq_hi - 1;
531 76 : return (ipsec_sa_anti_replay_check (sa, seq));
532 : }
533 : }
534 :
535 : /* unhandled case */
536 : ASSERT (0);
537 : return 0;
538 : }
539 :
540 : always_inline u32
541 220695 : ipsec_sa_anti_replay_window_shift (ipsec_sa_t *sa, u32 inc)
542 : {
543 220695 : u32 n_lost = 0;
544 :
545 220695 : if (inc < IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE)
546 : {
547 219757 : if (sa->seq > IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE)
548 : {
549 : /*
550 : * count how many holes there are in the portion
551 : * of the window that we will right shift of the end
552 : * as a result of this increments
553 : */
554 145522 : u64 mask = (((u64) 1 << inc) - 1) << (BITS (u64) - inc);
555 145522 : u64 old = sa->replay_window & mask;
556 : /* the number of packets we saw in this section of the window */
557 145522 : u64 seen = count_set_bits (old);
558 :
559 : /*
560 : * the number we missed is the size of the window section
561 : * minus the number we saw.
562 : */
563 145522 : n_lost = inc - seen;
564 : }
565 219757 : sa->replay_window = ((sa->replay_window) << inc) | 1;
566 : }
567 : else
568 : {
569 : /* holes in the replay window are lost packets */
570 938 : n_lost = BITS (u64) - count_set_bits (sa->replay_window);
571 :
572 : /* any sequence numbers that now fall outside the window
573 : * are forever lost */
574 938 : n_lost += inc - IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE;
575 :
576 938 : sa->replay_window = 1;
577 : }
578 :
579 220695 : return (n_lost);
580 : }
581 :
582 : /*
583 : * Anti replay window advance
584 : * inputs need to be in host byte order.
585 : * This function both advances the anti-replay window and the sequence number
586 : * We always need to move on the SN but the window updates are only needed
587 : * if AR is on.
588 : * However, updating the window is trivial, so we do it anyway to save
589 : * the branch cost.
590 : */
591 : always_inline u64
592 221360 : ipsec_sa_anti_replay_advance (ipsec_sa_t *sa, u32 thread_index, u32 seq,
593 : u32 hi_seq)
594 : {
595 221360 : u64 n_lost = 0;
596 : u32 pos;
597 :
598 221360 : if (ipsec_sa_is_set_USE_ESN (sa))
599 : {
600 98900 : int wrap = hi_seq - sa->seq_hi;
601 :
602 98900 : if (wrap == 0 && seq > sa->seq)
603 : {
604 98368 : pos = seq - sa->seq;
605 98368 : n_lost = ipsec_sa_anti_replay_window_shift (sa, pos);
606 98368 : sa->seq = seq;
607 : }
608 532 : else if (wrap > 0)
609 : {
610 228 : pos = ~seq + sa->seq + 1;
611 228 : n_lost = ipsec_sa_anti_replay_window_shift (sa, pos);
612 228 : sa->seq = seq;
613 228 : sa->seq_hi = hi_seq;
614 : }
615 304 : else if (wrap < 0)
616 : {
617 38 : pos = ~seq + sa->seq + 1;
618 38 : sa->replay_window |= (1ULL << pos);
619 : }
620 : else
621 : {
622 266 : pos = sa->seq - seq;
623 266 : sa->replay_window |= (1ULL << pos);
624 : }
625 : }
626 : else
627 : {
628 122460 : if (seq > sa->seq)
629 : {
630 122099 : pos = seq - sa->seq;
631 122099 : n_lost = ipsec_sa_anti_replay_window_shift (sa, pos);
632 122099 : sa->seq = seq;
633 : }
634 : else
635 : {
636 361 : pos = sa->seq - seq;
637 361 : sa->replay_window |= (1ULL << pos);
638 : }
639 : }
640 :
641 221360 : return n_lost;
642 : }
643 :
644 :
645 : /*
646 : * Makes choice for thread_id should be assigned.
647 : * if input ~0, gets random worker_id based on unix_time_now_nsec
648 : */
649 : always_inline u16
650 19 : ipsec_sa_assign_thread (u16 thread_id)
651 : {
652 : return ((thread_id) ? thread_id
653 19 : : (unix_time_now_nsec () % vlib_num_workers ()) + 1);
654 : }
655 :
656 : always_inline ipsec_sa_t *
657 987572 : ipsec_sa_get (u32 sa_index)
658 : {
659 987572 : return (pool_elt_at_index (ipsec_sa_pool, sa_index));
660 : }
661 :
662 : #endif /* __IPSEC_SPD_SA_H__ */
663 :
664 : /*
665 : * fd.io coding-style-patch-verification: ON
666 : *
667 : * Local Variables:
668 : * eval: (c-set-style "gnu")
669 : * End:
670 : */
|
