Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/96903/?format=api
{ "id": 96903, "url": "http://patchwork.dpdk.org/api/patches/96903/?format=api", "web_url": "http://patchwork.dpdk.org/project/dpdk/patch/20210813093019.785286-8-radu.nicolau@intel.com/", "project": { "id": 1, "url": "http://patchwork.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20210813093019.785286-8-radu.nicolau@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20210813093019.785286-8-radu.nicolau@intel.com", "date": "2021-08-13T09:30:16", "name": "[v3,07/10] ipsec: add support for NAT-T", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "44cf5a365fa0f49e5961d4cb6f40c5eb9440ae6b", "submitter": { "id": 743, "url": "http://patchwork.dpdk.org/api/people/743/?format=api", "name": "Radu Nicolau", "email": "radu.nicolau@intel.com" }, "delegate": { "id": 6690, "url": "http://patchwork.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patchwork.dpdk.org/project/dpdk/patch/20210813093019.785286-8-radu.nicolau@intel.com/mbox/", "series": [ { "id": 18279, "url": "http://patchwork.dpdk.org/api/series/18279/?format=api", "web_url": "http://patchwork.dpdk.org/project/dpdk/list/?series=18279", "date": "2021-08-13T09:30:09", "name": "new features for ipsec and security libraries", "version": 3, "mbox": "http://patchwork.dpdk.org/series/18279/mbox/" } ], "comments": "http://patchwork.dpdk.org/api/patches/96903/comments/", "check": "success", "checks": "http://patchwork.dpdk.org/api/patches/96903/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 754F1A0C4D;\n\tFri, 13 Aug 2021 11:46:51 +0200 (CEST)", "from [217.70.189.124] (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id BA6F941253;\n\tFri, 13 Aug 2021 11:46:27 +0200 (CEST)", "from mga07.intel.com (mga07.intel.com [134.134.136.100])\n by mails.dpdk.org (Postfix) with ESMTP id 3C88641253\n for <dev@dpdk.org>; Fri, 13 Aug 2021 11:46:26 +0200 (CEST)", "from fmsmga004.fm.intel.com ([10.253.24.48])\n by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 13 Aug 2021 02:46:25 -0700", "from silpixa00400884.ir.intel.com ([10.243.22.82])\n by fmsmga004.fm.intel.com with ESMTP; 13 Aug 2021 02:46:22 -0700" ], "X-IronPort-AV": [ "E=McAfee;i=\"6200,9189,10074\"; a=\"279274410\"", "E=Sophos;i=\"5.84,318,1620716400\"; d=\"scan'208\";a=\"279274410\"", "E=Sophos;i=\"5.84,318,1620716400\"; d=\"scan'208\";a=\"508165988\"" ], "X-ExtLoop1": "1", "From": "Radu Nicolau <radu.nicolau@intel.com>", "To": "Konstantin Ananyev <konstantin.ananyev@intel.com>,\n Bernard Iremonger <bernard.iremonger@intel.com>,\n Vladimir Medvedkin <vladimir.medvedkin@intel.com>", "Cc": "dev@dpdk.org, mdr@ashroe.eu, bruce.richardson@intel.com,\n hemant.agrawal@nxp.com, gakhil@marvell.com, anoobj@marvell.com,\n declan.doherty@intel.com, abhijit.sinha@intel.com,\n daniel.m.buckley@intel.com, marchana@marvell.com, ktejasree@marvell.com,\n matan@nvidia.com, Radu Nicolau <radu.nicolau@intel.com>", "Date": "Fri, 13 Aug 2021 10:30:16 +0100", "Message-Id": "<20210813093019.785286-8-radu.nicolau@intel.com>", "X-Mailer": "git-send-email 2.25.1", "In-Reply-To": "<20210813093019.785286-1-radu.nicolau@intel.com>", "References": "<20210713133542.3550525-1-radu.nicolau@intel.com>\n <20210813093019.785286-1-radu.nicolau@intel.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Subject": "[dpdk-dev] [PATCH v3 07/10] ipsec: add support for NAT-T", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "Add support for the IPsec NAT-Traversal use case for Tunnel mode\npackets.\n\nSigned-off-by: Declan Doherty <declan.doherty@intel.com>\nSigned-off-by: Radu Nicolau <radu.nicolau@intel.com>\nSigned-off-by: Abhijit Sinha <abhijit.sinha@intel.com>\nSigned-off-by: Daniel Martin Buckley <daniel.m.buckley@intel.com>\n---\n lib/ipsec/iph.h | 13 +++++++++++++\n lib/ipsec/rte_ipsec_sa.h | 8 +++++++-\n lib/ipsec/sa.c | 13 ++++++++++++-\n lib/ipsec/sa.h | 4 ++++\n 4 files changed, 36 insertions(+), 2 deletions(-)", "diff": "diff --git a/lib/ipsec/iph.h b/lib/ipsec/iph.h\nindex 2d223199ac..093f86d34a 100644\n--- a/lib/ipsec/iph.h\n+++ b/lib/ipsec/iph.h\n@@ -251,6 +251,7 @@ update_tun_outb_l3hdr(const struct rte_ipsec_sa *sa, void *outh,\n {\n \tstruct rte_ipv4_hdr *v4h;\n \tstruct rte_ipv6_hdr *v6h;\n+\tstruct rte_udp_hdr *udph;\n \tuint8_t is_outh_ipv4;\n \n \tif (sa->type & RTE_IPSEC_SATP_MODE_TUNLV4) {\n@@ -258,11 +259,23 @@ update_tun_outb_l3hdr(const struct rte_ipsec_sa *sa, void *outh,\n \t\tv4h = outh;\n \t\tv4h->packet_id = pid;\n \t\tv4h->total_length = rte_cpu_to_be_16(plen - l2len);\n+\n+\t\tif (sa->type & RTE_IPSEC_SATP_NATT_ENABLE) {\n+\t\t\tudph = (struct rte_udp_hdr *)(v4h + 1);\n+\t\t\tudph->dgram_len = rte_cpu_to_be_16(plen - l2len -\n+\t\t\t\t(sizeof(*v4h) + sizeof(*udph)));\n+\t\t}\n \t} else {\n \t\tis_outh_ipv4 = 0;\n \t\tv6h = outh;\n \t\tv6h->payload_len = rte_cpu_to_be_16(plen - l2len -\n \t\t\t\tsizeof(*v6h));\n+\n+\t\tif (sa->type & RTE_IPSEC_SATP_NATT_ENABLE) {\n+\t\t\tudph = (struct rte_udp_hdr *)(v6h + 1);\n+\t\t\tudph->dgram_len = rte_cpu_to_be_16(plen - l2len -\n+\t\t\t\t(sizeof(*v6h) + sizeof(*udph)));\n+\t\t}\n \t}\n \n \tif (sa->type & TUN_HDR_MSK)\ndiff --git a/lib/ipsec/rte_ipsec_sa.h b/lib/ipsec/rte_ipsec_sa.h\nindex cf51ad8338..40d1e70d45 100644\n--- a/lib/ipsec/rte_ipsec_sa.h\n+++ b/lib/ipsec/rte_ipsec_sa.h\n@@ -76,6 +76,7 @@ struct rte_ipsec_sa_prm {\n * - inbound/outbound\n * - mode (TRANSPORT/TUNNEL)\n * - for TUNNEL outer IP version (IPv4/IPv6)\n+ * - NAT-T UDP encapsulated (TUNNEL mode only)\n * - are SA SQN operations 'atomic'\n * - ESN enabled/disabled\n * ...\n@@ -86,7 +87,8 @@ enum {\n \tRTE_SATP_LOG2_PROTO,\n \tRTE_SATP_LOG2_DIR,\n \tRTE_SATP_LOG2_MODE,\n-\tRTE_SATP_LOG2_SQN = RTE_SATP_LOG2_MODE + 2,\n+\tRTE_SATP_LOG2_NATT = RTE_SATP_LOG2_MODE + 2,\n+\tRTE_SATP_LOG2_SQN,\n \tRTE_SATP_LOG2_ESN,\n \tRTE_SATP_LOG2_ECN,\n \tRTE_SATP_LOG2_DSCP\n@@ -109,6 +111,10 @@ enum {\n #define RTE_IPSEC_SATP_MODE_TUNLV4\t(1ULL << RTE_SATP_LOG2_MODE)\n #define RTE_IPSEC_SATP_MODE_TUNLV6\t(2ULL << RTE_SATP_LOG2_MODE)\n \n+#define RTE_IPSEC_SATP_NATT_MASK\t(1ULL << RTE_SATP_LOG2_NATT)\n+#define RTE_IPSEC_SATP_NATT_DISABLE\t(0ULL << RTE_SATP_LOG2_NATT)\n+#define RTE_IPSEC_SATP_NATT_ENABLE\t(1ULL << RTE_SATP_LOG2_NATT)\n+\n #define RTE_IPSEC_SATP_SQN_MASK\t\t(1ULL << RTE_SATP_LOG2_SQN)\n #define RTE_IPSEC_SATP_SQN_RAW\t\t(0ULL << RTE_SATP_LOG2_SQN)\n #define RTE_IPSEC_SATP_SQN_ATOM\t\t(1ULL << RTE_SATP_LOG2_SQN)\ndiff --git a/lib/ipsec/sa.c b/lib/ipsec/sa.c\nindex 2ecbbce0a4..8e369e4618 100644\n--- a/lib/ipsec/sa.c\n+++ b/lib/ipsec/sa.c\n@@ -217,6 +217,10 @@ fill_sa_type(const struct rte_ipsec_sa_prm *prm, uint64_t *type)\n \t} else\n \t\treturn -EINVAL;\n \n+\t/* check for UDP encapsulation flag */\n+\tif (prm->ipsec_xform.options.udp_encap == 1)\n+\t\ttp |= RTE_IPSEC_SATP_NATT_ENABLE;\n+\n \t/* check for ESN flag */\n \tif (prm->ipsec_xform.options.esn == 0)\n \t\ttp |= RTE_IPSEC_SATP_ESN_DISABLE;\n@@ -372,7 +376,8 @@ esp_sa_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm,\n \tconst struct crypto_xform *cxf)\n {\n \tstatic const uint64_t msk = RTE_IPSEC_SATP_DIR_MASK |\n-\t\t\t\tRTE_IPSEC_SATP_MODE_MASK;\n+\t\t\t\tRTE_IPSEC_SATP_MODE_MASK |\n+\t\t\t\tRTE_IPSEC_SATP_NATT_MASK;\n \n \tif (prm->ipsec_xform.options.ecn)\n \t\tsa->tos_mask |= RTE_IPV4_HDR_ECN_MASK;\n@@ -475,10 +480,16 @@ esp_sa_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm,\n \tcase (RTE_IPSEC_SATP_DIR_IB | RTE_IPSEC_SATP_MODE_TRANS):\n \t\tesp_inb_init(sa);\n \t\tbreak;\n+\tcase (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TUNLV4 |\n+\t\t\tRTE_IPSEC_SATP_NATT_ENABLE):\n+\tcase (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TUNLV6 |\n+\t\t\tRTE_IPSEC_SATP_NATT_ENABLE):\n \tcase (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TUNLV4):\n \tcase (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TUNLV6):\n \t\tesp_outb_tun_init(sa, prm);\n \t\tbreak;\n+\tcase (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TRANS |\n+\t\t\tRTE_IPSEC_SATP_NATT_ENABLE):\n \tcase (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TRANS):\n \t\tesp_outb_init(sa, 0);\n \t\tbreak;\ndiff --git a/lib/ipsec/sa.h b/lib/ipsec/sa.h\nindex 5e237f3525..3f38921eb3 100644\n--- a/lib/ipsec/sa.h\n+++ b/lib/ipsec/sa.h\n@@ -101,6 +101,10 @@ struct rte_ipsec_sa {\n \t\tuint64_t msk;\n \t\tuint64_t val;\n \t} tx_offload;\n+\tstruct {\n+\t\tuint16_t sport;\n+\t\tuint16_t dport;\n+\t} natt;\n \tuint32_t salt;\n \tuint8_t algo_type;\n \tuint8_t proto; /* next proto */\n", "prefixes": [ "v3", "07/10" ] }