Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/95812/?format=api
http://patchwork.dpdk.org/api/patches/95812/?format=api", "web_url": "http://patchwork.dpdk.org/project/dpdk/patch/20210713133542.3550525-8-radu.nicolau@intel.com/", "project": { "id": 1, "url": "http://patchwork.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20210713133542.3550525-8-radu.nicolau@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20210713133542.3550525-8-radu.nicolau@intel.com", "date": "2021-07-13T13:35:39", "name": "[07/10] ipsec: add support for NAT-T", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "44cf5a365fa0f49e5961d4cb6f40c5eb9440ae6b", "submitter": { "id": 743, "url": "http://patchwork.dpdk.org/api/people/743/?format=api", "name": "Radu Nicolau", "email": "radu.nicolau@intel.com" }, "delegate": { "id": 6690, "url": "http://patchwork.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patchwork.dpdk.org/project/dpdk/patch/20210713133542.3550525-8-radu.nicolau@intel.com/mbox/", "series": [ { "id": 17806, "url": "http://patchwork.dpdk.org/api/series/17806/?format=api", "web_url": "http://patchwork.dpdk.org/project/dpdk/list/?series=17806", "date": "2021-07-13T13:35:32", "name": "new features for ipsec and security libraries", "version": 1, "mbox": "http://patchwork.dpdk.org/series/17806/mbox/" } ], "comments": "http://patchwork.dpdk.org/api/patches/95812/comments/", "check": "success", "checks": "http://patchwork.dpdk.org/api/patches/95812/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 2BFE0A0C4F;\n\tTue, 13 Jul 2021 15:47:36 +0200 (CEST)", "from [217.70.189.124] (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id 3333D412EF;\n\tTue, 13 Jul 2021 15:47:09 +0200 (CEST)", "from mga12.intel.com (mga12.intel.com [192.55.52.136])\n by mails.dpdk.org (Postfix) with ESMTP id D4018412BA\n for <dev@dpdk.org>; Tue, 13 Jul 2021 15:47:07 +0200 (CEST)", "from orsmga007.jf.intel.com ([10.7.209.58])\n by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 13 Jul 2021 06:47:07 -0700", "from silpixa00400884.ir.intel.com ([10.243.22.82])\n by orsmga007.jf.intel.com with ESMTP; 13 Jul 2021 06:47:05 -0700" ], "X-IronPort-AV": [ "E=McAfee;i=\"6200,9189,10043\"; a=\"189847553\"", "E=Sophos;i=\"5.84,236,1620716400\"; d=\"scan'208\";a=\"189847553\"", "E=Sophos;i=\"5.84,236,1620716400\"; d=\"scan'208\";a=\"451761759\"" ], "X-ExtLoop1": "1", "From": "Radu Nicolau <radu.nicolau@intel.com>", "To": "Konstantin Ananyev <konstantin.ananyev@intel.com>,\n Bernard Iremonger <bernard.iremonger@intel.com>,\n Vladimir Medvedkin <vladimir.medvedkin@intel.com>", "Cc": "dev@dpdk.org, Radu Nicolau <radu.nicolau@intel.com>,\n Declan Doherty <declan.doherty@intel.com>,\n Abhijit Sinha <abhijit.sinha@intel.com>,\n Daniel Martin Buckley <daniel.m.buckley@intel.com>", "Date": "Tue, 13 Jul 2021 14:35:39 +0100", "Message-Id": "<20210713133542.3550525-8-radu.nicolau@intel.com>", "X-Mailer": "git-send-email 2.25.1", "In-Reply-To": "<20210713133542.3550525-1-radu.nicolau@intel.com>", "References": "<20210713133542.3550525-1-radu.nicolau@intel.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Subject": "[dpdk-dev] [PATCH 07/10] ipsec: add support for NAT-T", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "Add support for the IPsec NAT-Traversal use case for Tunnel mode\npackets.\n\nSigned-off-by: Declan Doherty <declan.doherty@intel.com>\nSigned-off-by: Radu Nicolau <radu.nicolau@intel.com>\nSigned-off-by: Abhijit Sinha <abhijit.sinha@intel.com>\nSigned-off-by: Daniel Martin Buckley <daniel.m.buckley@intel.com>\n---\n lib/ipsec/iph.h | 13 +++++++++++++\n lib/ipsec/rte_ipsec_sa.h | 8 +++++++-\n lib/ipsec/sa.c | 13 ++++++++++++-\n lib/ipsec/sa.h | 4 ++++\n 4 files changed, 36 insertions(+), 2 deletions(-)", "diff": "diff --git a/lib/ipsec/iph.h b/lib/ipsec/iph.h\nindex 2d223199ac..093f86d34a 100644\n--- a/lib/ipsec/iph.h\n+++ b/lib/ipsec/iph.h\n@@ -251,6 +251,7 @@ update_tun_outb_l3hdr(const struct rte_ipsec_sa *sa, void *outh,\n {\n \tstruct rte_ipv4_hdr *v4h;\n \tstruct rte_ipv6_hdr *v6h;\n+\tstruct rte_udp_hdr *udph;\n \tuint8_t is_outh_ipv4;\n \n \tif (sa->type & RTE_IPSEC_SATP_MODE_TUNLV4) {\n@@ -258,11 +259,23 @@ update_tun_outb_l3hdr(const struct rte_ipsec_sa *sa, void *outh,\n \t\tv4h = outh;\n \t\tv4h->packet_id = pid;\n \t\tv4h->total_length = rte_cpu_to_be_16(plen - l2len);\n+\n+\t\tif (sa->type & RTE_IPSEC_SATP_NATT_ENABLE) {\n+\t\t\tudph = (struct rte_udp_hdr *)(v4h + 1);\n+\t\t\tudph->dgram_len = rte_cpu_to_be_16(plen - l2len -\n+\t\t\t\t(sizeof(*v4h) + sizeof(*udph)));\n+\t\t}\n \t} else {\n \t\tis_outh_ipv4 = 0;\n \t\tv6h = outh;\n \t\tv6h->payload_len = rte_cpu_to_be_16(plen - l2len -\n \t\t\t\tsizeof(*v6h));\n+\n+\t\tif (sa->type & RTE_IPSEC_SATP_NATT_ENABLE) {\n+\t\t\tudph = (struct rte_udp_hdr *)(v6h + 1);\n+\t\t\tudph->dgram_len = rte_cpu_to_be_16(plen - l2len -\n+\t\t\t\t(sizeof(*v6h) + sizeof(*udph)));\n+\t\t}\n \t}\n \n \tif (sa->type & TUN_HDR_MSK)\ndiff --git a/lib/ipsec/rte_ipsec_sa.h b/lib/ipsec/rte_ipsec_sa.h\nindex cf51ad8338..40d1e70d45 100644\n--- a/lib/ipsec/rte_ipsec_sa.h\n+++ b/lib/ipsec/rte_ipsec_sa.h\n@@ -76,6 +76,7 @@ struct rte_ipsec_sa_prm {\n * - inbound/outbound\n * - mode (TRANSPORT/TUNNEL)\n * - for TUNNEL outer IP version (IPv4/IPv6)\n+ * - NAT-T UDP encapsulated (TUNNEL mode only)\n * - are SA SQN operations 'atomic'\n * - ESN enabled/disabled\n * ...\n@@ -86,7 +87,8 @@ enum {\n \tRTE_SATP_LOG2_PROTO,\n \tRTE_SATP_LOG2_DIR,\n \tRTE_SATP_LOG2_MODE,\n-\tRTE_SATP_LOG2_SQN = RTE_SATP_LOG2_MODE + 2,\n+\tRTE_SATP_LOG2_NATT = RTE_SATP_LOG2_MODE + 2,\n+\tRTE_SATP_LOG2_SQN,\n \tRTE_SATP_LOG2_ESN,\n \tRTE_SATP_LOG2_ECN,\n \tRTE_SATP_LOG2_DSCP\n@@ -109,6 +111,10 @@ enum {\n #define RTE_IPSEC_SATP_MODE_TUNLV4\t(1ULL << RTE_SATP_LOG2_MODE)\n #define RTE_IPSEC_SATP_MODE_TUNLV6\t(2ULL << RTE_SATP_LOG2_MODE)\n \n+#define RTE_IPSEC_SATP_NATT_MASK\t(1ULL << RTE_SATP_LOG2_NATT)\n+#define RTE_IPSEC_SATP_NATT_DISABLE\t(0ULL << RTE_SATP_LOG2_NATT)\n+#define RTE_IPSEC_SATP_NATT_ENABLE\t(1ULL << RTE_SATP_LOG2_NATT)\n+\n #define RTE_IPSEC_SATP_SQN_MASK\t\t(1ULL << RTE_SATP_LOG2_SQN)\n #define RTE_IPSEC_SATP_SQN_RAW\t\t(0ULL << RTE_SATP_LOG2_SQN)\n #define RTE_IPSEC_SATP_SQN_ATOM\t\t(1ULL << RTE_SATP_LOG2_SQN)\ndiff --git a/lib/ipsec/sa.c b/lib/ipsec/sa.c\nindex 2ecbbce0a4..8e369e4618 100644\n--- a/lib/ipsec/sa.c\n+++ b/lib/ipsec/sa.c\n@@ -217,6 +217,10 @@ fill_sa_type(const struct rte_ipsec_sa_prm *prm, uint64_t *type)\n \t} else\n \t\treturn -EINVAL;\n \n+\t/* check for UDP encapsulation flag */\n+\tif (prm->ipsec_xform.options.udp_encap == 1)\n+\t\ttp |= RTE_IPSEC_SATP_NATT_ENABLE;\n+\n \t/* check for ESN flag */\n \tif (prm->ipsec_xform.options.esn == 0)\n \t\ttp |= RTE_IPSEC_SATP_ESN_DISABLE;\n@@ -372,7 +376,8 @@ esp_sa_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm,\n \tconst struct crypto_xform *cxf)\n {\n \tstatic const uint64_t msk = RTE_IPSEC_SATP_DIR_MASK |\n-\t\t\t\tRTE_IPSEC_SATP_MODE_MASK;\n+\t\t\t\tRTE_IPSEC_SATP_MODE_MASK |\n+\t\t\t\tRTE_IPSEC_SATP_NATT_MASK;\n \n \tif (prm->ipsec_xform.options.ecn)\n \t\tsa->tos_mask |= RTE_IPV4_HDR_ECN_MASK;\n@@ -475,10 +480,16 @@ esp_sa_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm,\n \tcase (RTE_IPSEC_SATP_DIR_IB | RTE_IPSEC_SATP_MODE_TRANS):\n \t\tesp_inb_init(sa);\n \t\tbreak;\n+\tcase (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TUNLV4 |\n+\t\t\tRTE_IPSEC_SATP_NATT_ENABLE):\n+\tcase (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TUNLV6 |\n+\t\t\tRTE_IPSEC_SATP_NATT_ENABLE):\n \tcase (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TUNLV4):\n \tcase (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TUNLV6):\n \t\tesp_outb_tun_init(sa, prm);\n \t\tbreak;\n+\tcase (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TRANS |\n+\t\t\tRTE_IPSEC_SATP_NATT_ENABLE):\n \tcase (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TRANS):\n \t\tesp_outb_init(sa, 0);\n \t\tbreak;\ndiff --git a/lib/ipsec/sa.h b/lib/ipsec/sa.h\nindex 5e237f3525..3f38921eb3 100644\n--- a/lib/ipsec/sa.h\n+++ b/lib/ipsec/sa.h\n@@ -101,6 +101,10 @@ struct rte_ipsec_sa {\n \t\tuint64_t msk;\n \t\tuint64_t val;\n \t} tx_offload;\n+\tstruct {\n+\t\tuint16_t sport;\n+\t\tuint16_t dport;\n+\t} natt;\n \tuint32_t salt;\n \tuint8_t algo_type;\n \tuint8_t proto; /* next proto */\n", "prefixes": [ "07/10" ] }{ "id": 95812, "url": "