Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/89114/?format=api
http://patchwork.dpdk.org/api/patches/89114/?format=api", "web_url": "http://patchwork.dpdk.org/project/dpdk/patch/20210315103616.31364-3-ktejasree@marvell.com/", "project": { "id": 1, "url": "http://patchwork.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20210315103616.31364-3-ktejasree@marvell.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20210315103616.31364-3-ktejasree@marvell.com", "date": "2021-03-15T10:36:15", "name": "[2/3] examples/ipsec-secgw: add UDP encapsulation support", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "111e0ad10491fef74c87a5cc256fa26218211525", "submitter": { "id": 1789, "url": "http://patchwork.dpdk.org/api/people/1789/?format=api", "name": "Tejasree Kondoj", "email": "ktejasree@marvell.com" }, "delegate": { "id": 6690, "url": "http://patchwork.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patchwork.dpdk.org/project/dpdk/patch/20210315103616.31364-3-ktejasree@marvell.com/mbox/", "series": [ { "id": 15655, "url": "http://patchwork.dpdk.org/api/series/15655/?format=api", "web_url": "http://patchwork.dpdk.org/project/dpdk/list/?series=15655", "date": "2021-03-15T10:36:13", "name": "add lookaside IPsec UDP encapsulation and transport mode", "version": 1, "mbox": "http://patchwork.dpdk.org/series/15655/mbox/" } ], "comments": "http://patchwork.dpdk.org/api/patches/89114/comments/", "check": "success", "checks": "http://patchwork.dpdk.org/api/patches/89114/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 4ACF9A054F;\n\tMon, 15 Mar 2021 10:39:59 +0100 (CET)", "from [217.70.189.124] (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id 3A5502425FF;\n\tMon, 15 Mar 2021 10:39:59 +0100 (CET)", "from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com\n [67.231.156.173])\n by mails.dpdk.org (Postfix) with ESMTP id A446F242609\n for <dev@dpdk.org>; Mon, 15 Mar 2021 10:39:57 +0100 (CET)", "from pps.filterd (m0045851.ppops.net [127.0.0.1])\n by mx0b-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id\n 12F9QpNE002529; Mon, 15 Mar 2021 02:39:57 -0700", "from dc6wp-exch01.marvell.com ([4.21.29.232])\n by mx0b-0016f401.pphosted.com with ESMTP id 378wsqkuxy-2\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);\n Mon, 15 Mar 2021 02:39:57 -0700", "from DC6WP-EXCH01.marvell.com (10.76.176.21) by\n DC6WP-EXCH01.marvell.com (10.76.176.21) with Microsoft SMTP Server (TLS) id\n 15.0.1497.2; Mon, 15 Mar 2021 05:39:55 -0400", "from maili.marvell.com (10.76.176.51) by DC6WP-EXCH01.marvell.com\n (10.76.176.21) with Microsoft SMTP Server id 15.0.1497.2 via Frontend\n Transport; Mon, 15 Mar 2021 05:39:55 -0400", "from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11])\n by maili.marvell.com (Postfix) with ESMTP id 3BF753F703F;\n Mon, 15 Mar 2021 02:39:53 -0700 (PDT)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;\n h=from : to : cc :\n subject : date : message-id : in-reply-to : references : mime-version :\n content-transfer-encoding : content-type; s=pfpt0220;\n bh=PU0/krn4QjDI4uLKw6j4FsOH0XkXLJMgaaZRLQ1ngiw=;\n b=VTAOqBJAKiSBDadc4AVabfWyplCwOPrQHKrxoydNZMAV2wbuk3iCihCTOo0T9ASs+bvX\n mptSV/VEIHJN+9tnhjuMWjesU3tIFiTETdNizuTAXunn2oSN5ySlOO4ySiDkfHNsGfkZ\n 0H0GxdaWo+AV5HH59r3sOXyUt8qeLdQsEhgKswWP62y0J29JLrRhbbf/m7cKzo8eg+zc\n tRnKrnwov18Q2cF23udr+HQevYi/Xyfnx6dKX/yrk9YUJ7OdgaLwH9OBI8TLg1mz8Yaw\n StkVMS3Afm4yzVNUIfA3UUJpEmaDzRD6JGu05Nyj72TVoZ7JWyLQ1Bdv5jzlNmDxXkSw nA==", "From": "Tejasree Kondoj <ktejasree@marvell.com>", "To": "Akhil Goyal <gakhil@marvell.com>, Radu Nicolau <radu.nicolau@intel.com>", "CC": "Tejasree Kondoj <ktejasree@marvell.com>,\n Anoob Joseph <anoobj@marvell.com>,\n Ankur Dwivedi <adwivedi@marvell.com>, Jerin Jacob\n <jerinj@marvell.com>, <dev@dpdk.org>", "Date": "Mon, 15 Mar 2021 16:06:15 +0530", "Message-ID": "<20210315103616.31364-3-ktejasree@marvell.com>", "X-Mailer": "git-send-email 2.27.0", "In-Reply-To": "<20210315103616.31364-1-ktejasree@marvell.com>", "References": "<20210315103616.31364-1-ktejasree@marvell.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-Proofpoint-Virus-Version": "vendor=fsecure engine=2.50.10434:6.0.369, 18.0.761\n definitions=2021-03-15_03:2021-03-15,\n 2021-03-15 signatures=0", "Subject": "[dpdk-dev] [PATCH 2/3] examples/ipsec-secgw: add UDP encapsulation\n support", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "Adding lookaside IPsec UDP encapsulation support\nfor NAT traversal.\nAdded --udp-encap option for application to specify\nif UDP encapsulation need to be enabled.\nExample secgw command with UDP encapsultation enabled:\n<secgw> -c 0x1 -- -P -p 0x1 --config \"(0,0,0)\" -f ep0.cfg --udp-encap\n\nSigned-off-by: Tejasree Kondoj <ktejasree@marvell.com>\n---\n doc/guides/rel_notes/release_21_05.rst | 5 ++++\n doc/guides/sample_app_ug/ipsec_secgw.rst | 5 +++-\n examples/ipsec-secgw/ipsec-secgw.c | 33 ++++++++++++++++++++++--\n examples/ipsec-secgw/ipsec-secgw.h | 2 ++\n examples/ipsec-secgw/ipsec.c | 1 +\n examples/ipsec-secgw/ipsec.h | 1 +\n examples/ipsec-secgw/sad.h | 5 +++-\n 7 files changed, 48 insertions(+), 4 deletions(-)", "diff": "diff --git a/doc/guides/rel_notes/release_21_05.rst b/doc/guides/rel_notes/release_21_05.rst\nindex 66e28e21be..2e67038bfe 100644\n--- a/doc/guides/rel_notes/release_21_05.rst\n+++ b/doc/guides/rel_notes/release_21_05.rst\n@@ -75,6 +75,11 @@ New Features\n * Added command to display Rx queue used descriptor count.\n ``show port (port_id) rxq (queue_id) desc used count``\n \n+* **Updated ipsec-secgw sample application.**\n+\n+ * Updated the ``ipsec-secgw`` sample application with UDP encapsulation\n+ support for NAT Traversal.\n+\n \n Removed Items\n -------------\ndiff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst\nindex 176e292d3f..099f499c18 100644\n--- a/doc/guides/sample_app_ug/ipsec_secgw.rst\n+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst\n@@ -139,6 +139,7 @@ The application has a number of command line options::\n --reassemble NUM\n --mtu MTU\n --frag-ttl FRAG_TTL_NS\n+ --udp-encap\n \n Where:\n \n@@ -234,6 +235,8 @@ Where:\n Should be lower for low number of reassembly buckets.\n Valid values: from 1 ns to 10 s. Default value: 10000000 (10 s).\n \n+* ``--udp-encap``: enables IPsec UDP Encapsulation for NAT Traversal.\n+\n \n The mapping of lcores to port/queues is similar to other l3fwd applications.\n \n@@ -1023,4 +1026,4 @@ Available options:\n * ``-h`` Show usage.\n \n If <ipsec_mode> is specified, only tests for that mode will be invoked. For the\n-list of available modes please refer to run_test.sh.\n\\ No newline at end of file\n+list of available modes please refer to run_test.sh.\ndiff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c\nindex 20d69ba813..57c8973e9d 100644\n--- a/examples/ipsec-secgw/ipsec-secgw.c\n+++ b/examples/ipsec-secgw/ipsec-secgw.c\n@@ -115,6 +115,7 @@ struct flow_info flow_info_tbl[RTE_MAX_ETHPORTS];\n #define CMD_LINE_OPT_REASSEMBLE\t\t\"reassemble\"\n #define CMD_LINE_OPT_MTU\t\t\"mtu\"\n #define CMD_LINE_OPT_FRAG_TTL\t\t\"frag-ttl\"\n+#define CMD_LINE_OPT_UDP_ENCAP\t\t\"udp-encap\"\n \n #define CMD_LINE_ARG_EVENT\t\"event\"\n #define CMD_LINE_ARG_POLL\t\"poll\"\n@@ -139,6 +140,7 @@ enum {\n \tCMD_LINE_OPT_REASSEMBLE_NUM,\n \tCMD_LINE_OPT_MTU_NUM,\n \tCMD_LINE_OPT_FRAG_TTL_NUM,\n+\tCMD_LINE_OPT_UDP_ENCAP_NUM,\n };\n \n static const struct option lgopts[] = {\n@@ -152,6 +154,7 @@ static const struct option lgopts[] = {\n \t{CMD_LINE_OPT_REASSEMBLE, 1, 0, CMD_LINE_OPT_REASSEMBLE_NUM},\n \t{CMD_LINE_OPT_MTU, 1, 0, CMD_LINE_OPT_MTU_NUM},\n \t{CMD_LINE_OPT_FRAG_TTL, 1, 0, CMD_LINE_OPT_FRAG_TTL_NUM},\n+\t{CMD_LINE_OPT_UDP_ENCAP, 0, 0, CMD_LINE_OPT_UDP_ENCAP_NUM},\n \t{NULL, 0, 0, 0}\n };\n \n@@ -360,6 +363,9 @@ prepare_one_packet(struct rte_mbuf *pkt, struct ipsec_traffic *t)\n \tconst struct rte_ether_hdr *eth;\n \tconst struct rte_ipv4_hdr *iph4;\n \tconst struct rte_ipv6_hdr *iph6;\n+\tconst struct rte_udp_hdr *udp;\n+\tuint16_t nat_port;\n+\tuint16_t ip4_hdr_len;\n \n \teth = rte_pktmbuf_mtod(pkt, const struct rte_ether_hdr *);\n \tif (eth->ether_type == rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4)) {\n@@ -368,9 +374,26 @@ prepare_one_packet(struct rte_mbuf *pkt, struct ipsec_traffic *t)\n \t\t\tRTE_ETHER_HDR_LEN);\n \t\tadjust_ipv4_pktlen(pkt, iph4, 0);\n \n-\t\tif (iph4->next_proto_id == IPPROTO_ESP)\n+\t\tswitch (iph4->next_proto_id) {\n+\t\tcase IPPROTO_ESP:\n \t\t\tt->ipsec.pkts[(t->ipsec.num)++] = pkt;\n-\t\telse {\n+\t\t\tbreak;\n+\t\tcase IPPROTO_UDP:\n+\t\t\tif (app_sa_prm.udp_encap == 1) {\n+\t\t\t\tip4_hdr_len = ((iph4->version_ihl &\n+\t\t\t\t\tRTE_IPV4_HDR_IHL_MASK) *\n+\t\t\t\t\tRTE_IPV4_IHL_MULTIPLIER);\n+\t\t\t\tudp = rte_pktmbuf_mtod_offset(pkt,\n+\t\t\t\t\tstruct rte_udp_hdr *, ip4_hdr_len);\n+\t\t\t\tnat_port = rte_cpu_to_be_16(IPSEC_NAT_T_PORT);\n+\t\t\t\tif (udp->src_port == nat_port ||\n+\t\t\t\t\tudp->dst_port == nat_port){\n+\t\t\t\t\tt->ipsec.pkts[(t->ipsec.num)++] = pkt;\n+\t\t\t\t\tbreak;\n+\t\t\t\t}\n+\t\t\t}\n+\t\t/* Fall through */\n+\t\tdefault:\n \t\t\tt->ip4.data[t->ip4.num] = &iph4->next_proto_id;\n \t\t\tt->ip4.pkts[(t->ip4.num)++] = pkt;\n \t\t}\n@@ -1378,6 +1401,7 @@ print_usage(const char *prgname)\n \t\t\" [--\" CMD_LINE_OPT_TX_OFFLOAD \" TX_OFFLOAD_MASK]\"\n \t\t\" [--\" CMD_LINE_OPT_REASSEMBLE \" REASSEMBLE_TABLE_SIZE]\"\n \t\t\" [--\" CMD_LINE_OPT_MTU \" MTU]\"\n+\t\t\" [--\" CMD_LINE_OPT_UDP_ENCAP \"]\"\n \t\t\"\\n\\n\"\n \t\t\" -p PORTMASK: Hexadecimal bitmask of ports to configure\\n\"\n \t\t\" -P : Enable promiscuous mode\\n\"\n@@ -1431,6 +1455,8 @@ print_usage(const char *prgname)\n \t\t\" --\" CMD_LINE_OPT_FRAG_TTL \" FRAG_TTL_NS\"\n \t\t\": fragments lifetime in nanoseconds, default\\n\"\n \t\t\" and maximum value is 10.000.000.000 ns (10 s)\\n\"\n+\t\t\" --\" CMD_LINE_OPT_UDP_ENCAP\n+\t\t\": enables UDP Encapsulation for NAT Traversal\\n\"\n \t\t\"\\n\",\n \t\tprgname);\n }\n@@ -1780,6 +1806,9 @@ parse_args(int32_t argc, char **argv, struct eh_conf *eh_conf)\n \t\t\t}\n \t\t\tfrag_ttl_ns = ret;\n \t\t\tbreak;\n+\t\tcase CMD_LINE_OPT_UDP_ENCAP_NUM:\n+\t\t\tapp_sa_prm.udp_encap = 1;\n+\t\t\tbreak;\n \t\tdefault:\n \t\t\tprint_usage(prgname);\n \t\t\treturn -1;\ndiff --git a/examples/ipsec-secgw/ipsec-secgw.h b/examples/ipsec-secgw/ipsec-secgw.h\nindex f2281e73cf..6887d752ab 100644\n--- a/examples/ipsec-secgw/ipsec-secgw.h\n+++ b/examples/ipsec-secgw/ipsec-secgw.h\n@@ -47,6 +47,8 @@\n \n #define ETHADDR(a, b, c, d, e, f) (__BYTES_TO_UINT64(a, b, c, d, e, f, 0, 0))\n \n+#define IPSEC_NAT_T_PORT 4500\n+\n struct traffic_type {\n \tconst uint8_t *data[MAX_PKT_BURST * 2];\n \tstruct rte_mbuf *pkts[MAX_PKT_BURST * 2];\ndiff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c\nindex 6baeeb342f..6e0caa198d 100644\n--- a/examples/ipsec-secgw/ipsec.c\n+++ b/examples/ipsec-secgw/ipsec.c\n@@ -52,6 +52,7 @@ set_ipsec_conf(struct ipsec_sa *sa, struct rte_security_ipsec_xform *ipsec)\n \tipsec->esn_soft_limit = IPSEC_OFFLOAD_ESN_SOFTLIMIT;\n \tipsec->replay_win_sz = app_sa_prm.window_size;\n \tipsec->options.esn = app_sa_prm.enable_esn;\n+\tipsec->options.udp_encap = app_sa_prm.udp_encap;\n }\n \n int\ndiff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h\nindex 7031e28c46..430afea688 100644\n--- a/examples/ipsec-secgw/ipsec.h\n+++ b/examples/ipsec-secgw/ipsec.h\n@@ -75,6 +75,7 @@ struct app_sa_prm {\n \tuint32_t window_size; /* replay window size */\n \tuint32_t enable_esn; /* enable/disable ESN support */\n \tuint32_t cache_sz;\t/* per lcore SA cache size */\n+\tuint32_t udp_encap; /* enable/disable UDP Encapsulation */\n \tuint64_t flags; /* rte_ipsec_sa_prm.flags */\n };\n \ndiff --git a/examples/ipsec-secgw/sad.h b/examples/ipsec-secgw/sad.h\nindex 473aaa938e..89b50488ec 100644\n--- a/examples/ipsec-secgw/sad.h\n+++ b/examples/ipsec-secgw/sad.h\n@@ -77,6 +77,7 @@ sad_lookup(struct ipsec_sad *sad, struct rte_mbuf *pkts[],\n \tuint32_t spi, cache_idx;\n \tstruct ipsec_sad_cache *cache;\n \tstruct ipsec_sa *cached_sa;\n+\tuint16_t udp_hdr_len = 0;\n \tint is_ipv4;\n \n \tcache = &RTE_PER_LCORE(sad_cache);\n@@ -85,8 +86,10 @@ sad_lookup(struct ipsec_sad *sad, struct rte_mbuf *pkts[],\n \tfor (i = 0; i < nb_pkts; i++) {\n \t\tipv4 = rte_pktmbuf_mtod(pkts[i], struct rte_ipv4_hdr *);\n \t\tipv6 = rte_pktmbuf_mtod(pkts[i], struct rte_ipv6_hdr *);\n+\t\tif (app_sa_prm.udp_encap == 1)\n+\t\t\tudp_hdr_len = sizeof(struct rte_udp_hdr);\n \t\tesp = rte_pktmbuf_mtod_offset(pkts[i], struct rte_esp_hdr *,\n-\t\t\t\tpkts[i]->l3_len);\n+\t\t\t\tpkts[i]->l3_len + udp_hdr_len);\n \n \t\tis_ipv4 = pkts[i]->packet_type & RTE_PTYPE_L3_IPV4;\n \t\tspi = rte_be_to_cpu_32(esp->spi);\n", "prefixes": [ "2/3" ] }{ "id": 89114, "url": "