Revision df30f7408b187929dbde72661c7f7c615268f1d0 authored by pravin shelar on 26 December 2016, 16:31:27 UTC, committed by David S. Miller on 27 December 2016, 17:28:07 UTC
Networking stack accelerate vlan tag handling by
keeping topmost vlan header in skb. This works as
long as packet remains in OVS datapath. But during
OVS upcall vlan header is pushed on to the packet.
When such packet is sent back to OVS datapath, core
networking stack might not handle it correctly. Following
patch avoids this issue by accelerating the vlan tag
during flow key extract. This simplifies datapath by
bringing uniform packet processing for packets from
all code paths.
Fixes: 5108bbaddc ("openvswitch: add processing of L3 packets").
CC: Jarno Rajahalme <jarno@ovn.org>
CC: Jiri Benc <jbenc@redhat.com>
Signed-off-by: Pravin B Shelar <pshelar@ovn.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent 56ab6b9
xts.h
#ifndef _CRYPTO_XTS_H
#define _CRYPTO_XTS_H
#include <crypto/b128ops.h>
#include <crypto/internal/skcipher.h>
#include <linux/fips.h>
struct scatterlist;
struct blkcipher_desc;
#define XTS_BLOCK_SIZE 16
struct xts_crypt_req {
be128 *tbuf;
unsigned int tbuflen;
void *tweak_ctx;
void (*tweak_fn)(void *ctx, u8* dst, const u8* src);
void *crypt_ctx;
void (*crypt_fn)(void *ctx, u8 *blks, unsigned int nbytes);
};
#define XTS_TWEAK_CAST(x) ((void (*)(void *, u8*, const u8*))(x))
int xts_crypt(struct blkcipher_desc *desc, struct scatterlist *dst,
struct scatterlist *src, unsigned int nbytes,
struct xts_crypt_req *req);
static inline int xts_check_key(struct crypto_tfm *tfm,
const u8 *key, unsigned int keylen)
{
u32 *flags = &tfm->crt_flags;
/*
* key consists of keys of equal size concatenated, therefore
* the length must be even.
*/
if (keylen % 2) {
*flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
return -EINVAL;
}
/* ensure that the AES and tweak key are not identical */
if (fips_enabled &&
!crypto_memneq(key, key + (keylen / 2), keylen / 2)) {
*flags |= CRYPTO_TFM_RES_WEAK_KEY;
return -EINVAL;
}
return 0;
}
static inline int xts_verify_key(struct crypto_skcipher *tfm,
const u8 *key, unsigned int keylen)
{
/*
* key consists of keys of equal size concatenated, therefore
* the length must be even.
*/
if (keylen % 2) {
crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
return -EINVAL;
}
/* ensure that the AES and tweak key are not identical */
if ((fips_enabled || crypto_skcipher_get_flags(tfm) &
CRYPTO_TFM_REQ_WEAK_KEY) &&
!crypto_memneq(key, key + (keylen / 2), keylen / 2)) {
crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_WEAK_KEY);
return -EINVAL;
}
return 0;
}
#endif /* _CRYPTO_XTS_H */
Computing file changes ...
