Re: [vpp-dev] There is bug in esp decrypt

2022-11-23 Thread jiangxiaoming
Ikev2 not use spd policy, maybe has no the problem. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#22232): https://lists.fd.io/g/vpp-dev/message/22232 Mute This Topic: https://lists.fd.io/mt/95086868/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsu

Re: [vpp-dev] There is bug in esp decrypt

2022-11-23 Thread Benoit Ganne (bganne) via lists.fd.io
> Neale's suggestion is very usefull, the sa deleting crash was solved by > deleting policy and sa in two barrier calls. But is it a bug you see in the open source VPP ikev2 plugin? I'm asking because if so, we need to fix it... Best ben -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages s

Re: [vpp-dev] There is bug in esp decrypt

2022-11-23 Thread jiangxiaoming
Neale's suggestion is very usefull, the sa deleting crash was solved by deleting policy and sa in two barrier calls. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#22230): https://lists.fd.io/g/vpp-dev/message/22230 Mute This Topic: https://lists.f

Re: [vpp-dev] There is bug in esp decrypt

2022-11-23 Thread Benoit Ganne (bganne) via lists.fd.io
nal Message- > From: vpp-dev@lists.fd.io On Behalf Of Neale Ranns > Sent: Tuesday, November 22, 2022 22:28 > To: vpp-dev@lists.fd.io > Subject: Re: [vpp-dev] There is bug in esp decrypt > > > > A SA is in-use if it is referred to by a policy. Remove it from the policy >

Re: [vpp-dev] There is bug in esp decrypt

2022-11-22 Thread Neale Ranns
: Monday, 21 November 2022 at 12:30 To: vpp-dev@lists.fd.io Subject: Re: [vpp-dev] There is bug in esp decrypt Hi neale, Currently there is only one way detecting whether the sa is in using by checking sa counter. But if the ike is timeout and is rekeying the sa which first used by ipsec4-input

Re: [vpp-dev] There is bug in esp decrypt

2022-11-20 Thread jiangxiaoming
Hi neale, Currently there is only one way detecting whether the sa is in using by checking sa counter. But if the ike is timeout and is rekeying the  sa which first used by ipsec4-input-feature, the sa may has been deleted in esp_encrypt node. I rewrite the ike plugin, in my test case, there are

Re: [vpp-dev] There is bug in esp decrypt

2022-11-20 Thread Neale Ranns
Deleting an SA that is in-use, should return an error and be prevented. /neale From: vpp-dev@lists.fd.io on behalf of Guangming via lists.fd.io Date: Saturday, 19 November 2022 at 00:27 To: vpp-dev Subject: Re: [vpp-dev] There is bug in esp decrypt I got the same issue when use cli

Re: [vpp-dev] There is bug in esp decrypt

2022-11-18 Thread Guangming
I got the same issue when use cli "ipsec sa del id" delete sa that was used by esp encrypt/decrypt zhangguangm...@baicells.com From: jiangxiaoming Date: 2022-11-18 19:13 To: vpp-dev Subject: Re: [vpp-dev] There is bug in esp decrypt Hi neale, The function ipsec_sa_g

Re: [vpp-dev] There is bug in esp decrypt

2022-11-18 Thread jiangxiaoming
Hi neale, The function ipsec_sa_get call in esp_encrypt_inline/esp_decrypt_inline has mem issue. In ipsec4-input-feature node, vnet_buffer (b[0])->ipsec.sad_index was setted by sa, but the sa maybe freed by main thread just after the node dispatch finish, the next dispatch loop the sa reference

Re: [vpp-dev] There is bug in esp decrypt

2022-11-18 Thread jiangxiaoming
Hi neale, The function ipsec_sa_get call in esp_encrypt_inline/ esp_decrypt_inline has mem issue. In ipsec4-input-feature node, vnet_buffer (b[0])->ipsec.sad_index was setted by sa, but the sa maybe freed by main thread just after the node dispatch finish, the next dispatch loop the sa referenc

Re: [vpp-dev] There is bug in esp decrypt

2022-11-17 Thread Neale Ranns
https://gerrit.fd.io/r/c/vpp/+/37677 /neale From: vpp-dev@lists.fd.io on behalf of Guangming via lists.fd.io Date: Friday, 18 November 2022 at 13:55 To: vpp-dev Subject: Re: [vpp-dev] There is bug in esp decrypt Thanks neale Guangming zhangguangm

Re: [vpp-dev] There is bug in esp decrypt

2022-11-17 Thread Guangming
Thanks neale Guangming zhangguangm...@baicells.com From: Neale Ranns Date: 2022-11-18 09:32 To: vpp-dev@lists.fd.io Subject: Re: [vpp-dev] There is bug in esp decrypt Hi, I’ll push a patch with UT shortly. Many thanks, neale From: vpp-dev@lists.fd.io on behalf of jiangxiaoming via

Re: [vpp-dev] There is bug in esp decrypt

2022-11-17 Thread Guangming
Thanks ,Xiaoming Can you give me a guide that how to push a patch to community? zhangguangm...@baicells.com From: jiangxiaoming Date: 2022-11-18 08:58 To: vpp-dev Subject: Re: [vpp-dev] There is bug in esp decrypt Hi Guangming, You are right, you can push a patch to https

Re: [vpp-dev] There is bug in esp decrypt

2022-11-17 Thread Neale Ranns
Hi, I’ll push a patch with UT shortly. Many thanks, neale From: vpp-dev@lists.fd.io on behalf of jiangxiaoming via lists.fd.io Date: Friday, 18 November 2022 at 11:58 To: vpp-dev@lists.fd.io Subject: Re: [vpp-dev] There is bug in esp decrypt Hi Guangming, You are right, you can push a

Re: [vpp-dev] There is bug in esp decrypt

2022-11-17 Thread jiangxiaoming
Hi Guangming, You are right, you can push a patch to https://gerrit.fd.io/r , ipsec maintainers will review it Xiaoming -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#22195): https://lists.fd.io/g/vpp-dev/message/22195 Mute This Topic: https://lis

[vpp-dev] There is bug in esp decrypt

2022-11-17 Thread Guangming
Hi, I think there is bug in esp decrypt function. The right parameter should be n_sync like esp encrypt. The current code may be crash in esp_process_ops becasuse bufs is not sync_bufs. the current code: esp_decrypt_prepare_sync_op ( vm, node, ptd, &crypto_ops, &integ_ops, op, sa0, payload