From patchwork Wed May 25 13:59:10 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Radu Nicolau X-Patchwork-Id: 111807 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id D442EA0558; Wed, 25 May 2022 15:59:21 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C3E80427F5; Wed, 25 May 2022 15:59:21 +0200 (CEST) Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mails.dpdk.org (Postfix) with ESMTP id 6EDA740146; Wed, 25 May 2022 15:59:20 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1653487160; x=1685023160; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=wy1TnQuHjghdW9kUG/O7dm5fAjCskpE7oydX7vd7Unk=; b=nZXD0BQGaEfm3zCn+UMB8PxCX1zDqtNJhyhFBoZ0Jus4aFYuSiMzFn/V Kz4jGmBrdzQhBCwy2UY7E7+yCFEKN9f0E8gZUWCU3nJKnjIPvh9aZXKlz WFH2+L3BtNNTC/WelfJDbngDsvj+wb8f/aOoMFfSwgquICCYfTa4XzG22 B8pGf9AqG3IlnCvicLEJSh3bP1lXnXlGX8Bk27dlWgprhlrIB8PxFAQuC 2EZ7jpzZcWCVmRnzc8AwS+9ql1JJPuUED9fTEzI6Cx5RFxq8T/bM4OeQS 9Q9ZBlWO/zgJNOab/eB5ZO7Mx1pHs7W1GNPC1p960VWjKakM0dq/Zpiha Q==; X-IronPort-AV: E=McAfee;i="6400,9594,10358"; a="299152564" X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="299152564" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 May 2022 06:59:18 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="745757078" Received: from silpixa00400884.ir.intel.com ([10.243.22.82]) by orsmga005.jf.intel.com with ESMTP; 25 May 2022 06:59:15 -0700 From: Radu Nicolau To: Konstantin Ananyev , Bernard Iremonger , Vladimir Medvedkin Cc: dev@dpdk.org, daniel.m.buckley@intel.com, qi.z.zhang@intel.com, Radu Nicolau , stable@dpdk.org Subject: [PATCH 1/3] ipsec: fix NAT-T ports and length Date: Wed, 25 May 2022 14:59:10 +0100 Message-Id: <20220525135912.181765-1-radu.nicolau@intel.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Fix the UDP header fields, wrong byte order used for src and dst port and wrong offset used when updating UDP datagram length. Fixes: 01eef5907fc3 ("ipsec: support NAT-T") Cc: stable@dpdk.org Signed-off-by: Radu Nicolau Acked-by: Fan Zhang --- lib/ipsec/esp_outb.c | 2 +- lib/ipsec/sa.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/ipsec/esp_outb.c b/lib/ipsec/esp_outb.c index 6925bb9945..5a5429a12b 100644 --- a/lib/ipsec/esp_outb.c +++ b/lib/ipsec/esp_outb.c @@ -196,7 +196,7 @@ outb_tun_pkt_prepare(struct rte_ipsec_sa *sa, rte_be64_t sqc, /* if UDP encap is enabled update the dgram_len */ if (sa->type & RTE_IPSEC_SATP_NATT_ENABLE) { struct rte_udp_hdr *udph = (struct rte_udp_hdr *) - (ph - sizeof(struct rte_udp_hdr)); + (ph + sa->hdr_len - sizeof(struct rte_udp_hdr)); udph->dgram_len = rte_cpu_to_be_16(mb->pkt_len - sqh_len - sa->hdr_l3_off - sa->hdr_len); } diff --git a/lib/ipsec/sa.c b/lib/ipsec/sa.c index 1b673b6a18..59a547637d 100644 --- a/lib/ipsec/sa.c +++ b/lib/ipsec/sa.c @@ -364,8 +364,8 @@ esp_outb_tun_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm) struct rte_udp_hdr *udph = (struct rte_udp_hdr *) &sa->hdr[prm->tun.hdr_len]; sa->hdr_len += sizeof(struct rte_udp_hdr); - udph->src_port = prm->ipsec_xform.udp.sport; - udph->dst_port = prm->ipsec_xform.udp.dport; + udph->src_port = rte_cpu_to_be_16(prm->ipsec_xform.udp.sport); + udph->dst_port = rte_cpu_to_be_16(prm->ipsec_xform.udp.dport); udph->dgram_cksum = 0; } From patchwork Wed May 25 13:59:11 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Radu Nicolau X-Patchwork-Id: 111808 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 57910A0558; Wed, 25 May 2022 15:59:27 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id BF4CE42824; Wed, 25 May 2022 15:59:24 +0200 (CEST) Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mails.dpdk.org (Postfix) with ESMTP id ECD6F40150; Wed, 25 May 2022 15:59:20 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1653487161; x=1685023161; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=ZyW1XLIsWyW3Vy2xOOvskY2wtb+IVd6rLpQ9SbWZbAM=; b=Eyy9o+0SBLdSbMu9tRbsWxaJAU+IUtGLWKgGDrfY3wrduREz3wAKtc9J NMDD+1/4gM8TxPjS2VDxF/yNsa5DXQYWqVxSX3icDoxRruOHwq6Y7w/EW 133M/+4qDg9+QLllMea3l78SLXUObTdTJ0PGdbW4vdZNHG6JS0ZX3ed3o cLqw9htCRkMlFvDuVVQHCqWeTIxHcUYIQ4XC0Ue6KwXiE7HxTbf5tETfF J3AhL+1vp9AHqvqJ9nNoxy2yF10ihMUuQ17MBUrBNMTWqC5b0P7H4tIl+ bp5w4hMy1mUNyFSEhc8G+aZCcKtUCGLpF4qLghX46Gi94YWGGUSw+FJMq A==; X-IronPort-AV: E=McAfee;i="6400,9594,10358"; a="299152575" X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="299152575" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 May 2022 06:59:20 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="745757084" Received: from silpixa00400884.ir.intel.com ([10.243.22.82]) by orsmga005.jf.intel.com with ESMTP; 25 May 2022 06:59:18 -0700 From: Radu Nicolau To: Radu Nicolau , Akhil Goyal Cc: dev@dpdk.org, daniel.m.buckley@intel.com, qi.z.zhang@intel.com, stable@dpdk.org Subject: [PATCH 2/3] examples/ipsec-secgw: fix NAT-T header fields Date: Wed, 25 May 2022 14:59:11 +0100 Message-Id: <20220525135912.181765-2-radu.nicolau@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220525135912.181765-1-radu.nicolau@intel.com> References: <20220525135912.181765-1-radu.nicolau@intel.com> MIME-Version: 1.0 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Use the proper IP protocol (UDP instead of ESP) and set the ports when UDP encapsulation is enabled. Fixes: 9ae86b4cfc77 ("examples/ipsec-secgw: support UDP encap for inline crypto") Cc: stable@dpdk.org Signed-off-by: Radu Nicolau Acked-by: Fan Zhang --- examples/ipsec-secgw/sa.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c index 1839ac71af..45509c5c68 100644 --- a/examples/ipsec-secgw/sa.c +++ b/examples/ipsec-secgw/sa.c @@ -1458,6 +1458,8 @@ fill_ipsec_sa_prm(struct rte_ipsec_sa_prm *prm, const struct ipsec_sa *ss, RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT : RTE_SECURITY_IPSEC_SA_MODE_TUNNEL; prm->ipsec_xform.options.udp_encap = ss->udp_encap; + prm->ipsec_xform.udp.dport = ss->udp.dport; + prm->ipsec_xform.udp.sport = ss->udp.sport; prm->ipsec_xform.options.ecn = 1; prm->ipsec_xform.options.copy_dscp = 1; @@ -1513,13 +1515,13 @@ ipsec_sa_init(struct ipsec_sa *lsa, struct rte_ipsec_sa *sa, uint32_t sa_size) .version_ihl = IPVERSION << 4 | sizeof(v4) / RTE_IPV4_IHL_MULTIPLIER, .time_to_live = IPDEFTTL, - .next_proto_id = IPPROTO_ESP, + .next_proto_id = lsa->udp_encap ? IPPROTO_UDP : IPPROTO_ESP, .src_addr = lsa->src.ip.ip4, .dst_addr = lsa->dst.ip.ip4, }; struct rte_ipv6_hdr v6 = { .vtc_flow = htonl(IP6_VERSION << 28), - .proto = IPPROTO_ESP, + .proto = lsa->udp_encap ? IPPROTO_UDP : IPPROTO_ESP, }; if (IS_IP6_TUNNEL(lsa->flags)) { From patchwork Wed May 25 13:59:12 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Radu Nicolau X-Patchwork-Id: 111809 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id B9CDBA0558; Wed, 25 May 2022 15:59:33 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 32FB240151; Wed, 25 May 2022 15:59:28 +0200 (CEST) Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mails.dpdk.org (Postfix) with ESMTP id 1197742B6E; Wed, 25 May 2022 15:59:22 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1653487164; x=1685023164; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Q9ZqCNz9aThgsnUOCaDpkhMi9qBMO5xfF6clfhLl2uw=; b=jJJN74F/tfwb0uh3J2kTVRqCmCyA4sbu8QK6IZ+shc548t1ZXiJKOEF/ tsz5wnbzlFZkwJpB9Bz5sVs2phaFZhXq3gzOqn69s9O/7gBrrp+j+A1LZ hY5kN+TJyPR3sEhkehfXDMdZPjXkuabLiQZgqpRmYbnlTSYp7F9QAZops BSvRvBJtaaQRIrT0kodKyNCZEMeoa9PaCx3DAxIr//lSBD9LXNgbfUPxC tYfaCAx2CvC0Js4NGyFcs5dNJ3TFAcmEcfcLdcbTwVXEePOx6yrehn6oy qfd/6WPz/nCSmwSmEaf4l1BGCYVLSd039QCuY1pboSScG8aIschwcRPF2 w==; X-IronPort-AV: E=McAfee;i="6400,9594,10358"; a="299152584" X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="299152584" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 May 2022 06:59:22 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="745757100" Received: from silpixa00400884.ir.intel.com ([10.243.22.82]) by orsmga005.jf.intel.com with ESMTP; 25 May 2022 06:59:20 -0700 From: Radu Nicolau To: Jingjing Wu , Beilei Xing Cc: dev@dpdk.org, daniel.m.buckley@intel.com, qi.z.zhang@intel.com, Radu Nicolau , stable@dpdk.org Subject: [PATCH 3/3] net/iavf: fix NAT-T payload length Date: Wed, 25 May 2022 14:59:12 +0100 Message-Id: <20220525135912.181765-3-radu.nicolau@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220525135912.181765-1-radu.nicolau@intel.com> References: <20220525135912.181765-1-radu.nicolau@intel.com> MIME-Version: 1.0 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Correct the length calculation used for NAT-T Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto") Cc: stable@dpdk.org Signed-off-by: Radu Nicolau Acked-by: Fan Zhang --- drivers/net/iavf/iavf_ipsec_crypto.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/drivers/net/iavf/iavf_ipsec_crypto.c b/drivers/net/iavf/iavf_ipsec_crypto.c index b1949cee91..b398819096 100644 --- a/drivers/net/iavf/iavf_ipsec_crypto.c +++ b/drivers/net/iavf/iavf_ipsec_crypto.c @@ -1118,11 +1118,14 @@ iavf_ipsec_crypto_compute_l4_payload_length(struct rte_mbuf *m, * ipv4/6 hdr + ext hdrs */ - if (s->udp_encap.enabled) + if (s->udp_encap.enabled) { ol4_len = sizeof(struct rte_udp_hdr); - - l3_len = m->l3_len; - l4_len = m->l4_len; + l3_len = m->l3_len - ol4_len; + l4_len = l3_len; + } else { + l3_len = m->l3_len; + l4_len = m->l4_len; + } return rte_pktmbuf_pkt_len(m) - (ol2_len + ol3_len + ol4_len + esp_hlen + l3_len + l4_len + esp_tlen);