From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by dpdk.space (Postfix) with ESMTP id 6B187A046B for ; Wed, 26 Jun 2019 01:17:16 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 37D5F1B970; Wed, 26 Jun 2019 01:17:16 +0200 (CEST) Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by dpdk.org (Postfix) with ESMTP id 96DFD1B970; Wed, 26 Jun 2019 01:17:14 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 25 Jun 2019 16:17:12 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.63,417,1557212400"; d="scan'208";a="245236009" Received: from sivswdev08.ir.intel.com ([10.237.217.47]) by orsmga001.jf.intel.com with ESMTP; 25 Jun 2019 16:17:11 -0700 From: Konstantin Ananyev To: dev@dpdk.org Cc: akhil.goyal@nxp.com, Konstantin Ananyev , stable@dpdk.org Date: Wed, 26 Jun 2019 00:16:46 +0100 Message-Id: <20190625231649.22560-2-konstantin.ananyev@intel.com> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20190625231649.22560-1-konstantin.ananyev@intel.com> References: <20190606115151.27805-1-konstantin.ananyev@intel.com> <20190625231649.22560-1-konstantin.ananyev@intel.com> Subject: [dpdk-dev] [PATCH v3 1/4] examples/ipsec-secgw: fix invalid packet length X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" for packets smaller then 64B some NICs reports pkt_len=64B. As ipsec-secgw (and librte_ipsec) relies on pkt_len value to determine payload length, that causes problems for small packets. To fix the issue, check that pkt_len matches values in IPv4/IPv6 header and re-adjust pkt_len if necessary. Fixes: 906257e965b7 ("examples/ipsec-secgw: support IPv6") Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application") Cc: stable@dpdk.org Signed-off-by: Konstantin Ananyev --- examples/ipsec-secgw/ipsec-secgw.c | 57 ++++++++++++++++++++++-------- 1 file changed, 43 insertions(+), 14 deletions(-) diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c index 3911e6a60..33c438964 100644 --- a/examples/ipsec-secgw/ipsec-secgw.c +++ b/examples/ipsec-secgw/ipsec-secgw.c @@ -230,34 +230,65 @@ static struct rte_eth_conf port_conf = { static struct socket_ctx socket_ctx[NB_SOCKETS]; +static inline void +adjust_ipv4_pktlen(struct rte_mbuf *m, const struct rte_ipv4_hdr *iph, + uint32_t l2_len) +{ + uint32_t plen, trim; + + plen = rte_be_to_cpu_16(iph->total_length) + l2_len; + if (plen < m->pkt_len) { + trim = m->pkt_len - plen; + rte_pktmbuf_trim(m, trim); + } +} + +static inline void +adjust_ipv6_pktlen(struct rte_mbuf *m, const struct rte_ipv6_hdr *iph, + uint32_t l2_len) +{ + uint32_t plen, trim; + + plen = rte_be_to_cpu_16(iph->payload_len) + sizeof(*iph) + l2_len; + if (plen < m->pkt_len) { + trim = m->pkt_len - plen; + rte_pktmbuf_trim(m, trim); + } +} + static inline void prepare_one_packet(struct rte_mbuf *pkt, struct ipsec_traffic *t) { - uint8_t *nlp; - struct rte_ether_hdr *eth; + const struct rte_ether_hdr *eth; + const struct rte_ipv4_hdr *iph4; + const struct rte_ipv6_hdr *iph6; - eth = rte_pktmbuf_mtod(pkt, struct rte_ether_hdr *); + eth = rte_pktmbuf_mtod(pkt, const struct rte_ether_hdr *); if (eth->ether_type == rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4)) { - nlp = (uint8_t *)rte_pktmbuf_adj(pkt, RTE_ETHER_HDR_LEN); - nlp = RTE_PTR_ADD(nlp, offsetof(struct ip, ip_p)); - if (*nlp == IPPROTO_ESP) + + iph4 = (const struct rte_ipv4_hdr *)rte_pktmbuf_adj(pkt, + RTE_ETHER_HDR_LEN); + adjust_ipv4_pktlen(pkt, iph4, 0); + + if (iph4->next_proto_id == IPPROTO_ESP) t->ipsec.pkts[(t->ipsec.num)++] = pkt; else { - t->ip4.data[t->ip4.num] = nlp; + t->ip4.data[t->ip4.num] = &iph4->next_proto_id; t->ip4.pkts[(t->ip4.num)++] = pkt; } pkt->l2_len = 0; - pkt->l3_len = sizeof(struct ip); + pkt->l3_len = sizeof(*iph4); } else if (eth->ether_type == rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6)) { int next_proto; size_t l3len, ext_len; - struct rte_ipv6_hdr *v6h; uint8_t *p; /* get protocol type */ - v6h = (struct rte_ipv6_hdr *)rte_pktmbuf_adj(pkt, + iph6 = (const struct rte_ipv6_hdr *)rte_pktmbuf_adj(pkt, RTE_ETHER_HDR_LEN); - next_proto = v6h->proto; + adjust_ipv6_pktlen(pkt, iph6, 0); + + next_proto = iph6->proto; /* determine l3 header size up to ESP extension */ l3len = sizeof(struct ip6_hdr); @@ -276,9 +307,7 @@ prepare_one_packet(struct rte_mbuf *pkt, struct ipsec_traffic *t) if (next_proto == IPPROTO_ESP) t->ipsec.pkts[(t->ipsec.num)++] = pkt; else { - t->ip6.data[t->ip6.num] = rte_pktmbuf_mtod_offset(pkt, - uint8_t *, - offsetof(struct rte_ipv6_hdr, proto)); + t->ip6.data[t->ip6.num] = &iph6->proto; t->ip6.pkts[(t->ip6.num)++] = pkt; } pkt->l2_len = 0; -- 2.17.1