2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
15 #ifndef __IPSEC_SPD_SA_H__
16 #define __IPSEC_SPD_SA_H__
18 #include <vlib/vlib.h>
19 #include <vppinfra/pcg.h>
20 #include <vnet/crypto/crypto.h>
21 #include <vnet/ip/ip.h>
22 #include <vnet/fib/fib_node.h>
23 #include <vnet/tunnel/tunnel.h>
25 #define ESP_MAX_ICV_SIZE (32)
26 #define ESP_MAX_IV_SIZE (16)
27 #define ESP_MAX_BLOCK_SIZE (16)
29 #define foreach_ipsec_crypto_alg \
31 _ (1, AES_CBC_128, "aes-cbc-128") \
32 _ (2, AES_CBC_192, "aes-cbc-192") \
33 _ (3, AES_CBC_256, "aes-cbc-256") \
34 _ (4, AES_CTR_128, "aes-ctr-128") \
35 _ (5, AES_CTR_192, "aes-ctr-192") \
36 _ (6, AES_CTR_256, "aes-ctr-256") \
37 _ (7, AES_GCM_128, "aes-gcm-128") \
38 _ (8, AES_GCM_192, "aes-gcm-192") \
39 _ (9, AES_GCM_256, "aes-gcm-256") \
40 _ (10, DES_CBC, "des-cbc") \
41 _ (11, 3DES_CBC, "3des-cbc") \
42 _ (12, CHACHA20_POLY1305, "chacha20-poly1305") \
43 _ (13, AES_NULL_GMAC_128, "aes-null-gmac-128") \
44 _ (14, AES_NULL_GMAC_192, "aes-null-gmac-192") \
45 _ (15, AES_NULL_GMAC_256, "aes-null-gmac-256")
49 #define _(v, f, s) IPSEC_CRYPTO_ALG_##f = v,
50 foreach_ipsec_crypto_alg
53 } __clib_packed ipsec_crypto_alg_t;
55 #define IPSEC_CRYPTO_ALG_IS_NULL_GMAC(_alg) \
56 ((_alg == IPSEC_CRYPTO_ALG_AES_NULL_GMAC_128) || \
57 (_alg == IPSEC_CRYPTO_ALG_AES_NULL_GMAC_192) || \
58 (_alg == IPSEC_CRYPTO_ALG_AES_NULL_GMAC_256))
60 #define IPSEC_CRYPTO_ALG_IS_GCM(_alg) \
61 (((_alg == IPSEC_CRYPTO_ALG_AES_GCM_128) || \
62 (_alg == IPSEC_CRYPTO_ALG_AES_GCM_192) || \
63 (_alg == IPSEC_CRYPTO_ALG_AES_GCM_256)))
65 #define IPSEC_CRYPTO_ALG_IS_CTR(_alg) \
66 (((_alg == IPSEC_CRYPTO_ALG_AES_CTR_128) || \
67 (_alg == IPSEC_CRYPTO_ALG_AES_CTR_192) || \
68 (_alg == IPSEC_CRYPTO_ALG_AES_CTR_256)))
70 #define IPSEC_CRYPTO_ALG_CTR_AEAD_OTHERS(_alg) \
71 (_alg == IPSEC_CRYPTO_ALG_CHACHA20_POLY1305)
73 #define foreach_ipsec_integ_alg \
75 _ (1, MD5_96, "md5-96") /* RFC2403 */ \
76 _ (2, SHA1_96, "sha1-96") /* RFC2404 */ \
77 _ (3, SHA_256_96, "sha-256-96") /* draft-ietf-ipsec-ciph-sha-256-00 */ \
78 _ (4, SHA_256_128, "sha-256-128") /* RFC4868 */ \
79 _ (5, SHA_384_192, "sha-384-192") /* RFC4868 */ \
80 _ (6, SHA_512_256, "sha-512-256") /* RFC4868 */
84 #define _(v, f, s) IPSEC_INTEG_ALG_##f = v,
85 foreach_ipsec_integ_alg
88 } __clib_packed ipsec_integ_alg_t;
92 IPSEC_PROTOCOL_AH = 0,
93 IPSEC_PROTOCOL_ESP = 1
94 } __clib_packed ipsec_protocol_t;
96 #define IPSEC_KEY_MAX_LEN 128
97 typedef struct ipsec_key_t_
100 u8 data[IPSEC_KEY_MAX_LEN];
104 * Enable extended sequence numbers
106 * IPsec tunnel mode if non-zero, else transport mode
107 * IPsec tunnel mode is IPv6 if non-zero,
108 * else IPv4 tunnel only valid if is_tunnel is non-zero
109 * enable UDP encapsulation for NAT traversal
111 #define foreach_ipsec_sa_flags \
112 _ (0, NONE, "none") \
113 _ (1, USE_ESN, "esn") \
114 _ (2, USE_ANTI_REPLAY, "anti-replay") \
115 _ (4, IS_TUNNEL, "tunnel") \
116 _ (8, IS_TUNNEL_V6, "tunnel-v6") \
117 _ (16, UDP_ENCAP, "udp-encap") \
118 _ (32, IS_PROTECT, "Protect") \
119 _ (64, IS_INBOUND, "inbound") \
120 _ (128, IS_AEAD, "aead") \
121 _ (256, IS_CTR, "ctr") \
122 _ (512, IS_ASYNC, "async") \
123 _ (1024, NO_ALGO_NO_DROP, "no-algo-no-drop") \
124 _ (2048, IS_NULL_GMAC, "null-gmac") \
125 _ (4096, ANTI_REPLAY_HUGE, "anti-replay-huge")
127 typedef enum ipsec_sad_flags_t_
129 #define _(v, f, s) IPSEC_SA_FLAG_##f = v,
130 foreach_ipsec_sa_flags
132 } __clib_packed ipsec_sa_flags_t;
134 STATIC_ASSERT (sizeof (ipsec_sa_flags_t) == 2, "IPSEC SA flags != 2 byte");
136 #define foreach_ipsec_sa_err \
137 _ (0, LOST, lost, "packets lost") \
138 _ (1, HANDOFF, handoff, "hand-off") \
139 _ (2, INTEG_ERROR, integ_error, "Integrity check failed") \
140 _ (3, DECRYPTION_FAILED, decryption_failed, "Decryption failed") \
141 _ (4, CRYPTO_ENGINE_ERROR, crypto_engine_error, \
142 "crypto engine error (dropped)") \
143 _ (5, REPLAY, replay, "SA replayed packet") \
144 _ (6, RUNT, runt, "undersized packet") \
145 _ (7, NO_BUFFERS, no_buffers, "no buffers (dropped)") \
146 _ (8, OVERSIZED_HEADER, oversized_header, \
147 "buffer with oversized header (dropped)") \
148 _ (9, NO_TAIL_SPACE, no_tail_space, \
149 "no enough buffer tail space (dropped)") \
150 _ (10, TUN_NO_PROTO, tun_no_proto, "no tunnel protocol") \
151 _ (11, UNSUP_PAYLOAD, unsup_payload, "unsupported payload") \
152 _ (12, SEQ_CYCLED, seq_cycled, "sequence number cycled (dropped)") \
153 _ (13, CRYPTO_QUEUE_FULL, crypto_queue_full, "crypto queue full (dropped)") \
154 _ (14, NO_ENCRYPTION, no_encryption, "no Encrypting SA (dropped)") \
155 _ (15, DROP_FRAGMENTS, drop_fragments, "IP fragments drop")
159 #define _(v, f, s, d) IPSEC_SA_ERROR_##f = v,
163 } __clib_packed ipsec_sa_err_t;
167 CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
169 clib_pcg64i_random_t iv_prng;
174 clib_bitmap_t *replay_window_huge;
178 vnet_crypto_key_index_t crypto_key_index;
179 vnet_crypto_key_index_t integ_key_index;
185 u16 crypto_enc_op_id;
186 u16 crypto_dec_op_id;
188 ipsec_sa_flags_t flags;
191 u16 integ_icv_size : 6;
192 u16 crypto_iv_size : 5;
193 u16 esp_block_align : 5;
195 CLIB_CACHE_LINE_ALIGN_MARK (cacheline1);
199 ip4_header_t ip4_hdr;
200 ip6_header_t ip6_hdr;
202 udp_header_t udp_hdr;
204 /* Salt used in CTR modes (incl. GCM) - stored in network byte order */
207 ipsec_protocol_t protocol;
208 tunnel_encap_decap_flags_t tunnel_flags;
211 /* data accessed by dataplane code should be above this comment */
212 CLIB_CACHE_LINE_ALIGN_MARK (cacheline2);
214 /* Elements with u64 size multiples */
218 /* elements with u32 size */
221 vnet_crypto_alg_t integ_calg;
222 vnet_crypto_alg_t crypto_calg;
223 u32 crypto_sync_key_index;
224 u32 integ_sync_key_index;
225 u32 crypto_async_key_index;
227 /* elements with u16 size */
228 u16 crypto_sync_enc_op_id;
229 u16 crypto_sync_dec_op_id;
230 u16 integ_sync_op_id;
231 u16 crypto_async_enc_op_id;
232 u16 crypto_async_dec_op_id;
235 ipsec_crypto_alg_t crypto_alg;
236 ipsec_integ_alg_t integ_alg;
238 ipsec_key_t integ_key;
239 ipsec_key_t crypto_key;
242 STATIC_ASSERT (VNET_CRYPTO_N_OP_IDS < (1 << 16), "crypto ops overflow");
243 STATIC_ASSERT (ESP_MAX_ICV_SIZE < (1 << 6), "integer icv overflow");
244 STATIC_ASSERT (ESP_MAX_IV_SIZE < (1 << 5), "esp iv overflow");
245 STATIC_ASSERT (ESP_MAX_BLOCK_SIZE < (1 << 5), "esp alignment overflow");
246 STATIC_ASSERT_OFFSET_OF (ipsec_sa_t, cacheline1, CLIB_CACHE_LINE_BYTES);
247 STATIC_ASSERT_OFFSET_OF (ipsec_sa_t, cacheline2, 2 * CLIB_CACHE_LINE_BYTES);
252 extern ipsec_sa_t *ipsec_sa_pool;
255 * Ensure that the IPsec data does not overlap with the IP data in
256 * the buffer meta data
258 STATIC_ASSERT (STRUCT_OFFSET_OF (vnet_buffer_opaque_t, ipsec.sad_index) ==
259 STRUCT_OFFSET_OF (vnet_buffer_opaque_t, ip.save_protocol),
260 "IPSec data is overlapping with IP data");
263 always_inline bool ipsec_sa_is_set_##v (const ipsec_sa_t *sa) \
265 return (sa->flags & IPSEC_SA_FLAG_##v); \
267 foreach_ipsec_sa_flags
270 always_inline void ipsec_sa_set_##v (ipsec_sa_t *sa) \
272 sa->flags |= IPSEC_SA_FLAG_##v; \
274 foreach_ipsec_sa_flags
277 always_inline int ipsec_sa_unset_##v (ipsec_sa_t *sa) \
279 return (sa->flags &= ~IPSEC_SA_FLAG_##v); \
281 foreach_ipsec_sa_flags
285 * SA packet & bytes counters
287 extern vlib_combined_counter_main_t ipsec_sa_counters;
288 extern vlib_simple_counter_main_t ipsec_sa_err_counters[IPSEC_SA_N_ERRORS];
290 extern void ipsec_mk_key (ipsec_key_t *key, const u8 *data, u8 len);
292 extern int ipsec_sa_update (u32 id, u16 src_port, u16 dst_port,
293 const tunnel_t *tun, bool is_tun);
294 extern int ipsec_sa_add_and_lock (
295 u32 id, u32 spi, ipsec_protocol_t proto, ipsec_crypto_alg_t crypto_alg,
296 const ipsec_key_t *ck, ipsec_integ_alg_t integ_alg, const ipsec_key_t *ik,
297 ipsec_sa_flags_t flags, u32 salt, u16 src_port, u16 dst_port,
298 u32 anti_replay_window_size, const tunnel_t *tun, u32 *sa_out_index);
299 extern int ipsec_sa_bind (u32 id, u32 worker, bool bind);
300 extern index_t ipsec_sa_find_and_lock (u32 id);
301 extern int ipsec_sa_unlock_id (u32 id);
302 extern void ipsec_sa_unlock (index_t sai);
303 extern void ipsec_sa_lock (index_t sai);
304 extern void ipsec_sa_clear (index_t sai);
305 extern void ipsec_sa_set_crypto_alg (ipsec_sa_t *sa,
306 ipsec_crypto_alg_t crypto_alg);
307 extern void ipsec_sa_set_integ_alg (ipsec_sa_t *sa,
308 ipsec_integ_alg_t integ_alg);
309 extern void ipsec_sa_set_async_mode (ipsec_sa_t *sa, int is_enabled);
311 typedef walk_rc_t (*ipsec_sa_walk_cb_t) (ipsec_sa_t *sa, void *ctx);
312 extern void ipsec_sa_walk (ipsec_sa_walk_cb_t cd, void *ctx);
314 extern u8 *format_ipsec_replay_window (u8 *s, va_list *args);
315 extern u8 *format_ipsec_crypto_alg (u8 *s, va_list *args);
316 extern u8 *format_ipsec_integ_alg (u8 *s, va_list *args);
317 extern u8 *format_ipsec_sa (u8 *s, va_list *args);
318 extern u8 *format_ipsec_key (u8 *s, va_list *args);
319 extern uword unformat_ipsec_crypto_alg (unformat_input_t *input,
321 extern uword unformat_ipsec_integ_alg (unformat_input_t *input, va_list *args);
322 extern uword unformat_ipsec_key (unformat_input_t *input, va_list *args);
324 #define IPSEC_UDP_PORT_NONE ((u16) ~0)
327 * Anti Replay definitions
330 #define IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE(_sa) \
331 (u32) (PREDICT_FALSE (ipsec_sa_is_set_ANTI_REPLAY_HUGE (_sa)) ? \
332 clib_bitmap_bytes (_sa->replay_window_huge) * 8 : \
333 BITS (_sa->replay_window))
335 #define IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE_KNOWN_WIN(_sa, _is_huge) \
336 (u32) (_is_huge ? clib_bitmap_bytes (_sa->replay_window_huge) * 8 : \
337 BITS (_sa->replay_window))
339 #define IPSEC_SA_ANTI_REPLAY_WINDOW_N_SEEN(_sa) \
340 (u64) (PREDICT_FALSE (ipsec_sa_is_set_ANTI_REPLAY_HUGE (_sa)) ? \
341 clib_bitmap_count_set_bits (_sa->replay_window_huge) : \
342 count_set_bits (_sa->replay_window))
344 #define IPSEC_SA_ANTI_REPLAY_WINDOW_N_SEEN_KNOWN_WIN(_sa, _is_huge) \
345 (u64) (_is_huge ? clib_bitmap_count_set_bits (_sa->replay_window_huge) : \
346 count_set_bits (_sa->replay_window))
348 #define IPSEC_SA_ANTI_REPLAY_WINDOW_MAX_INDEX(_sa) \
349 (u32) (IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE (_sa) - 1)
351 #define IPSEC_SA_ANTI_REPLAY_WINDOW_MAX_INDEX_KNOWN_WIN(_sa, _is_huge) \
352 (u32) (IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE (_sa, _is_huge) - 1)
355 * sequence number less than the lower bound are outside of the window
356 * From RFC4303 Appendix A:
359 #define IPSEC_SA_ANTI_REPLAY_WINDOW_LOWER_BOUND(_sa) \
360 (u32) (_sa->seq - IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE (_sa) + 1)
362 #define IPSEC_SA_ANTI_REPLAY_WINDOW_LOWER_BOUND_KNOWN_WIN(_sa, _is_huge) \
364 IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE_KNOWN_WIN (_sa, _is_huge) + 1)
367 ipsec_sa_anti_replay_get_64b_window (const ipsec_sa_t *sa)
369 if (!ipsec_sa_is_set_ANTI_REPLAY_HUGE (sa))
370 return sa->replay_window;
373 u32 window_size = IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE (sa);
374 u32 tl_win_index = sa->seq & (window_size - 1);
376 if (PREDICT_TRUE (tl_win_index >= 63))
377 return clib_bitmap_get_multiple (sa->replay_window_huge, tl_win_index - 63,
380 w = clib_bitmap_get_multiple_no_check (sa->replay_window_huge, 0,
382 << (63 - tl_win_index);
383 w |= clib_bitmap_get_multiple_no_check (sa->replay_window_huge,
384 window_size - 63 + tl_win_index,
391 ipsec_sa_anti_replay_check (const ipsec_sa_t *sa, u32 seq, bool ar_huge)
393 u32 window_size = IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE_KNOWN_WIN (sa, ar_huge);
395 /* we assume that the packet is in the window.
396 * if the packet falls left (sa->seq - seq >= window size),
397 * the result is wrong */
400 return clib_bitmap_get (sa->replay_window_huge, seq & (window_size - 1));
402 return (sa->replay_window >> (window_size + seq - sa->seq - 1)) & 1;
409 * inputs need to be in host byte order.
411 * The function runs in two contexts. pre and post decrypt.
413 * 1 - determines if a packet is a replay - a simple check in the window
414 * 2 - returns the hi-seq number that should be used to decrypt.
416 * Checks whether the packet is a replay or falls out of window
418 * This funcion should be called even without anti-replay enabled to ensure
419 * the high sequence number is set.
422 ipsec_sa_anti_replay_and_sn_advance (const ipsec_sa_t *sa, u32 seq,
423 u32 hi_seq_used, bool post_decrypt,
424 u32 *hi_seq_req, bool ar_huge)
426 ASSERT ((post_decrypt == false) == (hi_seq_req != 0));
428 u32 window_size = IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE_KNOWN_WIN (sa, ar_huge);
429 u32 window_lower_bound =
430 IPSEC_SA_ANTI_REPLAY_WINDOW_LOWER_BOUND_KNOWN_WIN (sa, ar_huge);
432 if (!ipsec_sa_is_set_USE_ESN (sa))
435 /* no ESN, therefore the hi-seq is always 0 */
438 if (!ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
441 if (PREDICT_TRUE (seq > sa->seq))
444 /* does the packet fall out on the left of the window */
445 if (sa->seq >= seq + window_size)
448 return ipsec_sa_anti_replay_check (sa, seq, ar_huge);
451 if (!ipsec_sa_is_set_USE_ANTI_REPLAY (sa))
453 /* there's no AR configured for this SA, but in order
454 * to know whether a packet has wrapped the hi ESN we need
455 * to know whether it is out of window. if we use the default
456 * lower bound then we are effectively forcing AR because
457 * out of window packets will get the increased hi seq number
458 * and will thus fail to decrypt. IOW we need a window to know
459 * if the SN has wrapped, but we don't want a window to check for
460 * anti replay. to resolve the contradiction we use a huge window.
461 * if the packet is not within 2^30 of the current SN, we'll consider
467 /* The packet's sequence number is larger that the SA's.
468 * that can't be a warp - unless we lost more than
469 * 2^32 packets ... how could we know? */
470 *hi_seq_req = sa->seq_hi;
473 /* The packet's SN is less than the SAs, so either the SN has
474 * wrapped or the SN is just old. */
475 if (sa->seq - seq > (1 << 30))
476 /* It's really really really old => it wrapped */
477 *hi_seq_req = sa->seq_hi + 1;
479 *hi_seq_req = sa->seq_hi;
484 * this is post-decrpyt and since it decrypted we accept it
489 if (PREDICT_TRUE (sa->seq >= window_size - 1))
492 * the last sequence number VPP received is more than one
493 * window size greater than zero.
494 * Case A from RFC4303 Appendix A.
496 if (seq < window_lower_bound)
499 * the received sequence number is lower than the lower bound
500 * of the window, this could mean either a replay packet or that
501 * the high sequence number has wrapped. if it decrypts corrently
502 * then it's the latter.
506 if (hi_seq_used == sa->seq_hi)
507 /* the high sequence number used to succesfully decrypt this
508 * packet is the same as the last-sequence number of the SA.
509 * that means this packet did not cause a wrap.
510 * this packet is thus out of window and should be dropped */
513 /* The packet decrypted with a different high sequence number
514 * to the SA, that means it is the wrap packet and should be
520 /* pre-decrypt it might be the packet that causes a wrap, we
521 * need to decrypt it to find out */
523 *hi_seq_req = sa->seq_hi + 1;
530 * the received sequence number greater than the low
534 *hi_seq_req = sa->seq_hi;
537 * The received seq number is within bounds of the window
538 * check if it's a duplicate
540 return ipsec_sa_anti_replay_check (sa, seq, ar_huge);
543 * The received sequence number is greater than the window
544 * upper bound. this packet will move the window along, assuming
545 * it decrypts correctly.
553 * the last sequence number VPP received is within one window
554 * size of zero, i.e. 0 < TL < WINDOW_SIZE, the lower bound is thus a
555 * large sequence number.
556 * Note that the check below uses unsigned integer arithmetic, so the
557 * RHS will be a larger number.
558 * Case B from RFC4303 Appendix A.
560 if (seq < window_lower_bound)
563 * the sequence number is less than the lower bound.
568 * the packet is within the window upper bound.
569 * check for duplicates.
572 *hi_seq_req = sa->seq_hi;
573 return ipsec_sa_anti_replay_check (sa, seq, ar_huge);
578 * the packet is less the window lower bound or greater than
579 * the higher bound, depending on how you look at it...
580 * We're assuming, given that the last sequence number received,
581 * TL < WINDOW_SIZE, that a larger seq num is more likely to be
582 * a packet that moves the window forward, than a packet that has
583 * wrapped the high sequence again. If it were the latter then
584 * we've lost close to 2^32 packets.
587 *hi_seq_req = sa->seq_hi;
594 * the packet seq number is between the lower bound (a large number)
595 * and MAX_SEQ_NUM. This is in the window since the window upper
596 * bound tl > 0. However, since TL is the other side of 0 to the
597 * received packet, the SA has moved on to a higher sequence number.
600 *hi_seq_req = sa->seq_hi - 1;
601 return ipsec_sa_anti_replay_check (sa, seq, ar_huge);
611 ipsec_sa_anti_replay_window_shift (ipsec_sa_t *sa, u32 inc, bool ar_huge)
615 u32 window_size = IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE_KNOWN_WIN (sa, ar_huge);
617 if (inc < window_size)
621 /* the number of packets we saw in this section of the window */
622 clib_bitmap_t *window = sa->replay_window_huge;
623 u32 window_lower_bound = (sa->seq + 1) & (window_size - 1);
624 u32 window_next_lower_bound =
625 (window_lower_bound + inc) & (window_size - 1);
627 uword i_block, i_word_start, i_word_end, full_words;
628 uword n_blocks = window_size >> log2_uword_bits;
631 i_block = window_lower_bound >> log2_uword_bits;
633 i_word_start = window_lower_bound & (uword_bits - 1);
634 i_word_end = window_next_lower_bound & (uword_bits - 1);
636 /* We stay in the same word */
637 if (i_word_start + inc <= uword_bits)
639 mask = pow2_mask (inc) << i_word_start;
640 seen += count_set_bits (window[i_block] & mask);
641 window[i_block] &= ~mask;
645 full_words = (inc + i_word_start - uword_bits - i_word_end) >>
648 /* count set bits in the first word */
649 mask = (uword) ~0 << i_word_start;
650 seen += count_set_bits (window[i_block] & mask);
651 window[i_block] &= ~mask;
652 i_block = (i_block + 1) & (n_blocks - 1);
654 /* count set bits in the next full words */
655 /* even if the last word need to be fully counted, we treat it
657 while (full_words >= 8)
659 if (full_words >= 16)
661 /* prefect the next 8 blocks (64 bytes) */
662 clib_prefetch_store (
663 &window[(i_block + 8) & (n_blocks - 1)]);
666 seen += count_set_bits (window[i_block]);
668 count_set_bits (window[(i_block + 1) & (n_blocks - 1)]);
670 count_set_bits (window[(i_block + 2) & (n_blocks - 1)]);
672 count_set_bits (window[(i_block + 3) & (n_blocks - 1)]);
674 count_set_bits (window[(i_block + 4) & (n_blocks - 1)]);
676 count_set_bits (window[(i_block + 5) & (n_blocks - 1)]);
678 count_set_bits (window[(i_block + 6) & (n_blocks - 1)]);
680 count_set_bits (window[(i_block + 7) & (n_blocks - 1)]);
682 window[(i_block + 1) & (n_blocks - 1)] = 0;
683 window[(i_block + 2) & (n_blocks - 1)] = 0;
684 window[(i_block + 3) & (n_blocks - 1)] = 0;
685 window[(i_block + 4) & (n_blocks - 1)] = 0;
686 window[(i_block + 5) & (n_blocks - 1)] = 0;
687 window[(i_block + 6) & (n_blocks - 1)] = 0;
688 window[(i_block + 7) & (n_blocks - 1)] = 0;
690 i_block = (i_block + 8) & (n_blocks - 1);
693 while (full_words > 0)
695 // last word is treated after the loop
696 seen += count_set_bits (window[i_block]);
698 i_block = (i_block + 1) & (n_blocks - 1);
703 mask = pow2_mask (i_word_end);
704 seen += count_set_bits (window[i_block] & mask);
705 window[i_block] &= ~mask;
708 clib_bitmap_set_no_check (window,
709 (sa->seq + inc) & (window_size - 1), 1);
714 * count how many holes there are in the portion
715 * of the window that we will right shift of the end
716 * as a result of this increments
718 u64 old = sa->replay_window & pow2_mask (inc);
719 /* the number of packets we saw in this section of the window */
720 seen = count_set_bits (old);
722 ((sa->replay_window) >> inc) | (1ULL << (window_size - 1));
726 * the number we missed is the size of the window section
727 * minus the number we saw.
733 /* holes in the replay window are lost packets */
734 n_lost = window_size - IPSEC_SA_ANTI_REPLAY_WINDOW_N_SEEN (sa);
736 /* any sequence numbers that now fall outside the window
737 * are forever lost */
738 n_lost += inc - window_size;
740 if (PREDICT_FALSE (ipsec_sa_is_set_ANTI_REPLAY_HUGE (sa)))
742 clib_bitmap_zero (sa->replay_window_huge);
743 clib_bitmap_set_no_check (sa->replay_window_huge,
744 (sa->seq + inc) & (window_size - 1), 1);
748 sa->replay_window = 1ULL << (window_size - 1);
756 * Anti replay window advance
757 * inputs need to be in host byte order.
758 * This function both advances the anti-replay window and the sequence number
759 * We always need to move on the SN but the window updates are only needed
761 * However, updating the window is trivial, so we do it anyway to save
765 ipsec_sa_anti_replay_advance (ipsec_sa_t *sa, u32 thread_index, u32 seq,
766 u32 hi_seq, bool ar_huge)
769 u32 window_size = IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE_KNOWN_WIN (sa, ar_huge);
772 if (ipsec_sa_is_set_USE_ESN (sa))
774 int wrap = hi_seq - sa->seq_hi;
776 if (wrap == 0 && seq > sa->seq)
779 n_lost = ipsec_sa_anti_replay_window_shift (sa, pos, ar_huge);
784 pos = seq + ~sa->seq + 1;
785 n_lost = ipsec_sa_anti_replay_window_shift (sa, pos, ar_huge);
791 pos = ~seq + sa->seq + 1;
793 clib_bitmap_set_no_check (sa->replay_window_huge,
794 seq & (window_size - 1), 1);
796 sa->replay_window |= (1ULL << (window_size - 1 - pos));
802 clib_bitmap_set_no_check (sa->replay_window_huge,
803 seq & (window_size - 1), 1);
805 sa->replay_window |= (1ULL << (window_size - 1 - pos));
813 n_lost = ipsec_sa_anti_replay_window_shift (sa, pos, ar_huge);
820 clib_bitmap_set_no_check (sa->replay_window_huge,
821 seq & (window_size - 1), 1);
823 sa->replay_window |= (1ULL << (window_size - 1 - pos));
832 * Makes choice for thread_id should be assigned.
833 * if input ~0, gets random worker_id based on unix_time_now_nsec
836 ipsec_sa_assign_thread (u16 thread_id)
838 return ((thread_id) ? thread_id
839 : (unix_time_now_nsec () % vlib_num_workers ()) + 1);
842 always_inline ipsec_sa_t *
843 ipsec_sa_get (u32 sa_index)
845 return (pool_elt_at_index (ipsec_sa_pool, sa_index));
848 #endif /* __IPSEC_SPD_SA_H__ */
851 * fd.io coding-style-patch-verification: ON
854 * eval: (c-set-style "gnu")