From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 8BFF445B68; Fri, 18 Oct 2024 11:19:12 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 9FB2C4067E; Fri, 18 Oct 2024 11:18:27 +0200 (CEST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mails.dpdk.org (Postfix) with ESMTP id 79D1C40DF8 for ; Fri, 18 Oct 2024 11:18:24 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1729243104; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=CaAIbtlDt0aoFpBHmTvheNW4t+J8bbbUDfHgikDhcFg=; b=g22Op8i3wqBAxwx65fUxfFxzqfp/eWQF6qmmww+SfAq6TEMtJ6+flVkePf7tI46QoJn9fl D2otwtSnIT06Berwa5RQlKtRQjP1e4KYR+vbRwk+UBFQuF5EzWv84rZdEBDmG1awURlzJF TOYl7j5XKpmATIpbm0FHsk5PW+5+j8Q= Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-612-9TWCV0cjOROCtI3c_7_8ug-1; Fri, 18 Oct 2024 05:18:20 -0400 X-MC-Unique: 9TWCV0cjOROCtI3c_7_8ug-1 Received: from mx-prod-int-04.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-04.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id BB6251955F43; Fri, 18 Oct 2024 09:18:19 +0000 (UTC) Received: from ringo.redhat.com (unknown [10.39.208.23]) by mx-prod-int-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id EF8E319560AD; Fri, 18 Oct 2024 09:18:17 +0000 (UTC) From: Robin Jarry To: dev@dpdk.org, Konstantin Ananyev , Vladimir Medvedkin , Radu Nicolau , Akhil Goyal Subject: [PATCH dpdk v4 11/17] ipsec: use IPv6 address structure Date: Fri, 18 Oct 2024 11:17:28 +0200 Message-ID: <20241018091734.64601-12-rjarry@redhat.com> In-Reply-To: <20241018091734.64601-1-rjarry@redhat.com> References: <20240821162516.610624-17-rjarry@redhat.com> <20241018091734.64601-1-rjarry@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.40 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII"; x-default=true X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Update rte_ipsec_sadv6_key to use rte_ipv6_addr structures instead of uint8_t[16] arrays. Signed-off-by: Robin Jarry --- app/test-sad/main.c | 24 ++-- app/test/test_ipsec_sad.c | 46 ++++---- doc/guides/prog_guide/ipsec_lib.rst | 4 +- doc/guides/rel_notes/deprecation.rst | 2 - doc/guides/rel_notes/release_24_11.rst | 2 + examples/ipsec-secgw/flow.c | 20 ++-- examples/ipsec-secgw/ipsec.c | 33 ++---- examples/ipsec-secgw/ipsec.h | 5 +- examples/ipsec-secgw/parser.c | 2 +- examples/ipsec-secgw/parser.h | 4 +- examples/ipsec-secgw/rt.c | 4 +- examples/ipsec-secgw/sa.c | 37 +++--- examples/ipsec-secgw/sad.h | 12 +- examples/ipsec-secgw/sp6.c | 154 ++++++++++++++----------- lib/ipsec/rte_ipsec_sad.h | 5 +- 15 files changed, 171 insertions(+), 183 deletions(-) diff --git a/app/test-sad/main.c b/app/test-sad/main.c index addfc0714521..54e3fa0c91e6 100644 --- a/app/test-sad/main.c +++ b/app/test-sad/main.c @@ -248,8 +248,8 @@ get_random_rules(struct rule *tbl, uint32_t nb_rules, int rule_tbl) (uint64_t)(edge + step)); if (config.ipv6) { for (j = 0; j < 16; j++) { - tbl[i].tuple.v6.dip[j] = rte_rand(); - tbl[i].tuple.v6.sip[j] = rte_rand(); + tbl[i].tuple.v6.dip.a[j] = rte_rand(); + tbl[i].tuple.v6.sip.a[j] = rte_rand(); } } else { tbl[i].tuple.v4.dip = rte_rand(); @@ -274,9 +274,9 @@ get_random_rules(struct rule *tbl, uint32_t nb_rules, int rule_tbl) (uint64_t)(edge + step)); if (config.ipv6) { for (j = 0; j < 16; j++) { - tbl[i].tuple.v6.dip[j] = + tbl[i].tuple.v6.dip.a[j] = rte_rand(); - tbl[i].tuple.v6.sip[j] = + tbl[i].tuple.v6.sip.a[j] = rte_rand(); } } else { @@ -289,12 +289,8 @@ get_random_rules(struct rule *tbl, uint32_t nb_rules, int rule_tbl) config.nb_rules].tuple.v4.spi; if (config.ipv6) { int r_idx = i % config.nb_rules; - memcpy(tbl[i].tuple.v6.dip, - rules_tbl[r_idx].tuple.v6.dip, - sizeof(tbl[i].tuple.v6.dip)); - memcpy(tbl[i].tuple.v6.sip, - rules_tbl[r_idx].tuple.v6.sip, - sizeof(tbl[i].tuple.v6.sip)); + tbl[i].tuple.v6.dip = rules_tbl[r_idx].tuple.v6.dip; + tbl[i].tuple.v6.sip = rules_tbl[r_idx].tuple.v6.sip; } else { tbl[i].tuple.v4.dip = rules_tbl[i % config.nb_rules].tuple.v4.dip; @@ -472,8 +468,8 @@ print_result(const union rte_ipsec_sad_key *key, void *res) v4 = &key->v4; v6 = &key->v6; spi = (config.ipv6 == 0) ? v4->spi : v6->spi; - dip = (config.ipv6 == 0) ? &v4->dip : (const void *)v6->dip; - sip = (config.ipv6 == 0) ? &v4->sip : (const void *)v6->sip; + dip = (config.ipv6 == 0) ? &v4->dip : (const void *)&v6->dip; + sip = (config.ipv6 == 0) ? &v4->sip : (const void *)&v6->sip; if (res == NULL) { printf("TUPLE: "); @@ -500,8 +496,8 @@ print_result(const union rte_ipsec_sad_key *key, void *res) v4 = &rule->tuple.v4; v6 = &rule->tuple.v6; spi = (config.ipv6 == 0) ? v4->spi : v6->spi; - dip = (config.ipv6 == 0) ? &v4->dip : (const void *)v6->dip; - sip = (config.ipv6 == 0) ? &v4->sip : (const void *)v6->sip; + dip = (config.ipv6 == 0) ? &v4->dip : (const void *)&v6->dip; + sip = (config.ipv6 == 0) ? &v4->sip : (const void *)&v6->sip; printf("\n\tpoints to RULE ID %zu ", RTE_PTR_DIFF(res, rules_tbl)/sizeof(struct rule)); print_tuple(af, spi, dip, sip); diff --git a/app/test/test_ipsec_sad.c b/app/test/test_ipsec_sad.c index 7534f16f89d0..642643eb639e 100644 --- a/app/test/test_ipsec_sad.c +++ b/app/test/test_ipsec_sad.c @@ -212,7 +212,8 @@ test_add_invalid(void) { int status; struct rte_ipsec_sadv4_key tuple_v4 = {10, 20, 30}; - struct rte_ipsec_sadv6_key tuple_v6 = {10, {20, }, {30, } }; + struct rte_ipsec_sadv6_key tuple_v6 = {10, + RTE_IPV6(0x1400, 0, 0, 0, 0, 0, 0, 0), RTE_IPV6(0x1e00, 0, 0, 0, 0, 0, 0, 0)}; status = __test_add_invalid(0, (union rte_ipsec_sad_key *)&tuple_v4); if (status != TEST_SUCCESS) @@ -271,8 +272,8 @@ test_delete_invalid(void) { int status; struct rte_ipsec_sadv4_key tuple_v4 = {SPI, DIP, SIP}; - struct rte_ipsec_sadv6_key tuple_v6 = {SPI, {0xbe, 0xef, }, - {0xf0, 0x0d, } }; + struct rte_ipsec_sadv6_key tuple_v6 = {SPI, + RTE_IPV6(0xbeef, 0, 0, 0, 0, 0, 0, 0), RTE_IPV6(0xf00d, 0, 0, 0, 0, 0, 0, 0)}; status = __test_delete_invalid(0, (union rte_ipsec_sad_key *)&tuple_v4); if (status != TEST_SUCCESS) @@ -329,7 +330,8 @@ test_lookup_invalid(void) { int status; struct rte_ipsec_sadv4_key tuple_v4 = {10, 20, 30}; - struct rte_ipsec_sadv6_key tuple_v6 = {10, {20, }, {30, } }; + struct rte_ipsec_sadv6_key tuple_v6 = {10, + RTE_IPV6(0x1400, 0, 0, 0, 0, 0, 0, 0), RTE_IPV6(0x1e00, 0, 0, 0, 0, 0, 0, 0)}; status = __test_lookup_invalid(0, (union rte_ipsec_sad_key *)&tuple_v4); @@ -405,10 +407,10 @@ test_lookup_basic(void) int status; struct rte_ipsec_sadv4_key tuple_v4 = {SPI, DIP, SIP}; struct rte_ipsec_sadv4_key tuple_v4_1 = {SPI, BAD, BAD}; - struct rte_ipsec_sadv6_key tuple_v6 = {SPI, {0xbe, 0xef, }, - {0xf0, 0x0d, } }; - struct rte_ipsec_sadv6_key tuple_v6_1 = {SPI, {0x0b, 0xad, }, - {0x0b, 0xad, } }; + struct rte_ipsec_sadv6_key tuple_v6 = {SPI, + RTE_IPV6(0xbeef, 0, 0, 0, 0, 0, 0, 0), RTE_IPV6(0xf00d, 0, 0, 0, 0, 0, 0, 0)}; + struct rte_ipsec_sadv6_key tuple_v6_1 = {SPI, + RTE_IPV6(0x0bad, 0, 0, 0, 0, 0, 0, 0), RTE_IPV6(0x0bad, 0, 0, 0, 0, 0, 0, 0)}; status = __test_lookup_basic(0, (union rte_ipsec_sad_key *)&tuple_v4, (union rte_ipsec_sad_key *)&tuple_v4_1); @@ -654,14 +656,14 @@ test_lookup_adv(void) struct rte_ipsec_sadv4_key tuple_v4_3 = {BAD, DIP, SIP}; /* key to install*/ - struct rte_ipsec_sadv6_key tuple_v6 = {SPI, {0xbe, 0xef, }, - {0xf0, 0x0d, } }; - struct rte_ipsec_sadv6_key tuple_v6_1 = {SPI, {0xbe, 0xef, }, - {0x0b, 0xad, } }; - struct rte_ipsec_sadv6_key tuple_v6_2 = {SPI, {0x0b, 0xad, }, - {0xf0, 0x0d, } }; - struct rte_ipsec_sadv6_key tuple_v6_3 = {BAD, {0xbe, 0xef, }, - {0xf0, 0x0d, } }; + struct rte_ipsec_sadv6_key tuple_v6 = {SPI, + RTE_IPV6(0xbeef, 0, 0, 0, 0, 0, 0, 0), RTE_IPV6(0xf00d, 0, 0, 0, 0, 0, 0, 0)}; + struct rte_ipsec_sadv6_key tuple_v6_1 = {SPI, + RTE_IPV6(0xbeef, 0, 0, 0, 0, 0, 0, 0), RTE_IPV6(0x0bad, 0, 0, 0, 0, 0, 0, 0)}; + struct rte_ipsec_sadv6_key tuple_v6_2 = {SPI, + RTE_IPV6(0x0bad, 0, 0, 0, 0, 0, 0, 0), RTE_IPV6(0xf00d, 0, 0, 0, 0, 0, 0, 0)}; + struct rte_ipsec_sadv6_key tuple_v6_3 = {BAD, + RTE_IPV6(0xbeef, 0, 0, 0, 0, 0, 0, 0), RTE_IPV6(0xf00d, 0, 0, 0, 0, 0, 0, 0)}; const union rte_ipsec_sad_key *key_arr[] = { (union rte_ipsec_sad_key *)&tuple_v4, @@ -852,12 +854,12 @@ test_lookup_order(void) struct rte_ipsec_sadv4_key tuple_v4_1 = {SPI, DIP, BAD}; struct rte_ipsec_sadv4_key tuple_v4_2 = {SPI, BAD, SIP}; /* key to install*/ - struct rte_ipsec_sadv6_key tuple_v6 = {SPI, {0xbe, 0xef, }, - {0xf0, 0x0d, } }; - struct rte_ipsec_sadv6_key tuple_v6_1 = {SPI, {0xbe, 0xef, }, - {0x0b, 0xad, } }; - struct rte_ipsec_sadv6_key tuple_v6_2 = {SPI, {0x0b, 0xad, }, - {0xf0, 0x0d, } }; + struct rte_ipsec_sadv6_key tuple_v6 = {SPI, + RTE_IPV6(0xbeef, 0, 0, 0, 0, 0, 0, 0), RTE_IPV6(0xf00d, 0, 0, 0, 0, 0, 0, 0)}; + struct rte_ipsec_sadv6_key tuple_v6_1 = {SPI, + RTE_IPV6(0xbeef, 0, 0, 0, 0, 0, 0, 0), RTE_IPV6(0x0bad, 0, 0, 0, 0, 0, 0, 0)}; + struct rte_ipsec_sadv6_key tuple_v6_2 = {SPI, + RTE_IPV6(0x0bad, 0, 0, 0, 0, 0, 0, 0), RTE_IPV6(0xf00d, 0, 0, 0, 0, 0, 0, 0)}; status = __test_lookup_order(0, (union rte_ipsec_sad_key *)&tuple_v4, (union rte_ipsec_sad_key *)&tuple_v4_1, diff --git a/doc/guides/prog_guide/ipsec_lib.rst b/doc/guides/prog_guide/ipsec_lib.rst index 3fa0a70d1325..458a82828ce8 100644 --- a/doc/guides/prog_guide/ipsec_lib.rst +++ b/doc/guides/prog_guide/ipsec_lib.rst @@ -275,8 +275,8 @@ and v6 is a tuple for IPv6: struct rte_ipsec_sadv6_key { uint32_t spi; - uint8_t dip[16]; - uint8_t sip[16]; + struct rte_ipv6_addr dip; + struct rte_ipv6_addr sip; }; As an example, lookup related code could look like that: diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst index c41124ee6e4a..d67d63d37275 100644 --- a/doc/guides/rel_notes/deprecation.rst +++ b/doc/guides/rel_notes/deprecation.rst @@ -74,8 +74,6 @@ Deprecation Notices - ``struct tcp6_flow_key`` hash - ``struct rte_ipv6_tuple`` - ipsec - - ``struct rte_ipsec_sadv6_key`` * net, ethdev: The flow item ``RTE_FLOW_ITEM_TYPE_VXLAN_GPE`` is replaced with ``RTE_FLOW_ITEM_TYPE_VXLAN``. diff --git a/doc/guides/rel_notes/release_24_11.rst b/doc/guides/rel_notes/release_24_11.rst index cd6c4cf25ecc..ca8b9441d430 100644 --- a/doc/guides/rel_notes/release_24_11.rst +++ b/doc/guides/rel_notes/release_24_11.rst @@ -295,6 +295,8 @@ API Changes - ``rte_fib6_add()`` - ``rte_fib6_delete()`` - ``rte_fib6_lookup_bulk()`` + ipsec + - ``struct rte_ipsec_sadv6_key`` lpm - ``rte_lpm6_add()`` - ``rte_lpm6_delete()`` diff --git a/examples/ipsec-secgw/flow.c b/examples/ipsec-secgw/flow.c index 3f7630f5fd53..70742387c6be 100644 --- a/examples/ipsec-secgw/flow.c +++ b/examples/ipsec-secgw/flow.c @@ -88,10 +88,10 @@ ipv6_hdr_print(struct rte_ipv6_hdr *hdr) } static int -ipv6_addr_cpy(uint8_t *spec, uint8_t *mask, char *token, +ipv6_addr_cpy(struct rte_ipv6_addr *spec, struct rte_ipv6_addr *mask, char *token, struct parse_status *status) { - struct in6_addr ip; + struct rte_ipv6_addr ip; uint32_t depth, i; APP_CHECK(parse_ipv6_addr(token, &ip, &depth) == 0, status, @@ -99,11 +99,11 @@ ipv6_addr_cpy(uint8_t *spec, uint8_t *mask, char *token, if (status->status < 0) return -1; - memcpy(mask, &rte_flow_item_ipv6_mask.hdr.src_addr, sizeof(ip)); - memcpy(spec, ip.s6_addr, sizeof(struct in6_addr)); + *mask = rte_flow_item_ipv6_mask.hdr.src_addr; + *spec = ip; - for (i = 0; i < depth && (i%8 <= sizeof(struct in6_addr)); i++) - mask[i/8] &= ~(1 << (7-i%8)); + for (i = 0; i < depth && (i%8 <= sizeof(*mask)); i++) + mask->a[i/8] &= ~(1 << (7-i%8)); return 0; } @@ -175,8 +175,8 @@ parse_flow_tokens(char **tokens, uint32_t n_tokens, INCREMENT_TOKEN_INDEX(ti, n_tokens, status); if (status->status < 0) return; - if (ipv6_addr_cpy(rule->ipv6.spec.hdr.src_addr.a, - rule->ipv6.mask.hdr.src_addr.a, + if (ipv6_addr_cpy(&rule->ipv6.spec.hdr.src_addr, + &rule->ipv6.mask.hdr.src_addr, tokens[ti], status)) return; } @@ -184,8 +184,8 @@ parse_flow_tokens(char **tokens, uint32_t n_tokens, INCREMENT_TOKEN_INDEX(ti, n_tokens, status); if (status->status < 0) return; - if (ipv6_addr_cpy(rule->ipv6.spec.hdr.dst_addr.a, - rule->ipv6.mask.hdr.dst_addr.a, + if (ipv6_addr_cpy(&rule->ipv6.spec.hdr.dst_addr, + &rule->ipv6.mask.hdr.dst_addr, tokens[ti], status)) return; } diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c index ebde28639c12..3b1e2a710971 100644 --- a/examples/ipsec-secgw/ipsec.c +++ b/examples/ipsec-secgw/ipsec.c @@ -41,12 +41,8 @@ set_ipsec_conf(struct ipsec_sa *sa, struct rte_security_ipsec_xform *ipsec) tunnel->ipv6.hlimit = IPDEFTTL; tunnel->ipv6.dscp = 0; tunnel->ipv6.flabel = 0; - - memcpy((uint8_t *)&tunnel->ipv6.src_addr, - (uint8_t *)&sa->src.ip.ip6.ip6_b, 16); - - memcpy((uint8_t *)&tunnel->ipv6.dst_addr, - (uint8_t *)&sa->dst.ip.ip6.ip6_b, 16); + memcpy(&tunnel->ipv6.src_addr, &sa->src.ip.ip6, 16); + memcpy(&tunnel->ipv6.dst_addr, &sa->dst.ip.ip6, 16); } /* TODO support for Transport */ } @@ -450,10 +446,8 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa, sess_conf.ipsec.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV6; - memcpy(sess_conf.ipsec.tunnel.ipv6.src_addr.s6_addr, - sa->src.ip.ip6.ip6_b, 16); - memcpy(sess_conf.ipsec.tunnel.ipv6.dst_addr.s6_addr, - sa->dst.ip.ip6.ip6_b, 16); + memcpy(&sess_conf.ipsec.tunnel.ipv6.src_addr, &sa->src.ip.ip6, 16); + memcpy(&sess_conf.ipsec.tunnel.ipv6.dst_addr, &sa->dst.ip.ip6, 16); } } else if (IS_TUNNEL(sa->flags)) { sess_conf.ipsec.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL; @@ -470,10 +464,8 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa, sess_conf.ipsec.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV6; - memcpy(sess_conf.ipsec.tunnel.ipv6.src_addr.s6_addr, - sa->src.ip.ip6.ip6_b, 16); - memcpy(sess_conf.ipsec.tunnel.ipv6.dst_addr.s6_addr, - sa->dst.ip.ip6.ip6_b, 16); + memcpy(&sess_conf.ipsec.tunnel.ipv6.src_addr, &sa->src.ip.ip6, 16); + memcpy(&sess_conf.ipsec.tunnel.ipv6.dst_addr, &sa->dst.ip.ip6, 16); } else { RTE_LOG(ERR, IPSEC, "invalid tunnel type\n"); return -1; @@ -528,11 +520,8 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa, sa->pattern[1].mask = &rte_flow_item_ipv6_mask; sa->pattern[1].type = RTE_FLOW_ITEM_TYPE_IPV6; sa->pattern[1].spec = &sa->ipv6_spec; - - memcpy(&sa->ipv6_spec.hdr.dst_addr, - sa->dst.ip.ip6.ip6_b, 16); - memcpy(&sa->ipv6_spec.hdr.src_addr, - sa->src.ip.ip6.ip6_b, 16); + sa->ipv6_spec.hdr.dst_addr = sa->dst.ip.ip6; + sa->ipv6_spec.hdr.src_addr = sa->src.ip.ip6; } else if (IS_IP4(sa->flags)) { sa->pattern[1].mask = &rte_flow_item_ipv4_mask; sa->pattern[1].type = RTE_FLOW_ITEM_TYPE_IPV4; @@ -735,10 +724,8 @@ create_ipsec_esp_flow(struct ipsec_sa *sa) sa->pattern[1].mask = &rte_flow_item_ipv6_mask; sa->pattern[1].type = RTE_FLOW_ITEM_TYPE_IPV6; sa->pattern[1].spec = &sa->ipv6_spec; - memcpy(&sa->ipv6_spec.hdr.dst_addr, - sa->dst.ip.ip6.ip6_b, sizeof(sa->dst.ip.ip6.ip6_b)); - memcpy(&sa->ipv6_spec.hdr.src_addr, - sa->src.ip.ip6.ip6_b, sizeof(sa->src.ip.ip6.ip6_b)); + sa->ipv6_spec.hdr.dst_addr = sa->dst.ip.ip6; + sa->ipv6_spec.hdr.src_addr = sa->src.ip.ip6; sa->pattern[2].type = RTE_FLOW_ITEM_TYPE_ESP; sa->pattern[2].spec = &sa->esp_spec; sa->pattern[2].mask = &rte_flow_item_esp_mask; diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h index 1fe6b97168db..f12f57e2d5c7 100644 --- a/examples/ipsec-secgw/ipsec.h +++ b/examples/ipsec-secgw/ipsec.h @@ -65,10 +65,7 @@ typedef int32_t (*ipsec_xform_fn)(struct rte_mbuf *m, struct ipsec_sa *sa, struct ip_addr { union { uint32_t ip4; - union { - uint64_t ip6[2]; - uint8_t ip6_b[16]; - } ip6; + struct rte_ipv6_addr ip6; } ip; }; diff --git a/examples/ipsec-secgw/parser.c b/examples/ipsec-secgw/parser.c index 2bd6df335b47..cb463c704f97 100644 --- a/examples/ipsec-secgw/parser.c +++ b/examples/ipsec-secgw/parser.c @@ -75,7 +75,7 @@ parse_ipv4_addr(const char *token, struct in_addr *ipv4, uint32_t *mask) } int -parse_ipv6_addr(const char *token, struct in6_addr *ipv6, uint32_t *mask) +parse_ipv6_addr(const char *token, struct rte_ipv6_addr *ipv6, uint32_t *mask) { char ip_str[256] = {0}; char *pch; diff --git a/examples/ipsec-secgw/parser.h b/examples/ipsec-secgw/parser.h index b5c5d0210f04..63f7844ed89f 100644 --- a/examples/ipsec-secgw/parser.h +++ b/examples/ipsec-secgw/parser.h @@ -11,6 +11,8 @@ #include #include +#include + struct parse_status { int status; char parse_msg[256]; @@ -63,7 +65,7 @@ int parse_ipv4_addr(const char *token, struct in_addr *ipv4, uint32_t *mask); int -parse_ipv6_addr(const char *token, struct in6_addr *ipv6, uint32_t *mask); +parse_ipv6_addr(const char *token, struct rte_ipv6_addr *ipv6, uint32_t *mask); int parse_range(const char *token, uint16_t *low, uint16_t *high); diff --git a/examples/ipsec-secgw/rt.c b/examples/ipsec-secgw/rt.c index 059fc0c8f28c..132e200adb2a 100644 --- a/examples/ipsec-secgw/rt.c +++ b/examples/ipsec-secgw/rt.c @@ -89,7 +89,7 @@ parse_rt_tokens(char **tokens, uint32_t n_tokens, (uint32_t)ip.s_addr); route_ipv4->depth = (uint8_t)depth; } else { - struct in6_addr ip; + struct rte_ipv6_addr ip; uint32_t depth; APP_CHECK(parse_ipv6_addr(tokens[ti], @@ -99,7 +99,7 @@ parse_rt_tokens(char **tokens, uint32_t n_tokens, tokens[ti]); if (status->status < 0) return; - memcpy(&route_ipv6->ip, ip.s6_addr, 16); + route_ipv6->ip = ip; route_ipv6->depth = (uint8_t)depth; } } diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c index 1a0afd2ed2e8..425bfbf590fc 100644 --- a/examples/ipsec-secgw/sa.c +++ b/examples/ipsec-secgw/sa.c @@ -32,7 +32,7 @@ #define IP4_FULL_MASK (sizeof(((struct ip_addr *)NULL)->ip.ip4) * CHAR_BIT) -#define IP6_FULL_MASK (sizeof(((struct ip_addr *)NULL)->ip.ip6.ip6) * CHAR_BIT) +#define IP6_FULL_MASK RTE_IPV6_MAX_DEPTH #define MBUF_NO_SEC_OFFLOAD(m) ((m->ol_flags & RTE_MBUF_F_RX_SEC_OFFLOAD) == 0) @@ -661,7 +661,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens, rule->src.ip.ip4 = rte_bswap32( (uint32_t)ip.s_addr); } else if (IS_IP6_TUNNEL(rule->flags)) { - struct in6_addr ip; + struct rte_ipv6_addr ip; APP_CHECK(parse_ipv6_addr(tokens[ti], &ip, NULL) == 0, status, @@ -670,8 +670,8 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens, tokens[ti]); if (status->status < 0) return; - memcpy(rule->src.ip.ip6.ip6_b, - ip.s6_addr, 16); + + rule->src.ip.ip6 = ip; } else if (IS_TRANSPORT(rule->flags)) { APP_CHECK(0, status, "unrecognized input " "\"%s\"", tokens[ti]); @@ -704,7 +704,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens, rule->dst.ip.ip4 = rte_bswap32( (uint32_t)ip.s_addr); } else if (IS_IP6_TUNNEL(rule->flags)) { - struct in6_addr ip; + struct rte_ipv6_addr ip; APP_CHECK(parse_ipv6_addr(tokens[ti], &ip, NULL) == 0, status, @@ -713,7 +713,8 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens, tokens[ti]); if (status->status < 0) return; - memcpy(rule->dst.ip.ip6.ip6_b, ip.s6_addr, 16); + + rule->dst.ip.ip6 = ip; } else if (IS_TRANSPORT(rule->flags)) { APP_CHECK(0, status, "unrecognized " "input \"%s\"", tokens[ti]); @@ -1010,19 +1011,9 @@ print_one_sa_rule(const struct ipsec_sa *sa, int inbound) break; case IP6_TUNNEL: printf("IP6Tunnel "); - for (i = 0; i < 16; i++) { - if (i % 2 && i != 15) - printf("%.2x:", sa->src.ip.ip6.ip6_b[i]); - else - printf("%.2x", sa->src.ip.ip6.ip6_b[i]); - } + printf(RTE_IPV6_ADDR_FMT, RTE_IPV6_ADDR_SPLIT(&sa->src.ip.ip6)); printf(" "); - for (i = 0; i < 16; i++) { - if (i % 2 && i != 15) - printf("%.2x:", sa->dst.ip.ip6.ip6_b[i]); - else - printf("%.2x", sa->dst.ip.ip6.ip6_b[i]); - } + printf(RTE_IPV6_ADDR_FMT, RTE_IPV6_ADDR_SPLIT(&sa->dst.ip.ip6)); break; case TRANSPORT: printf("Transport "); @@ -1220,10 +1211,8 @@ sa_add_address_inline_crypto(struct ipsec_sa *sa) sa->flags |= IP6_TRANSPORT; if (mask[0] == IP6_FULL_MASK && mask[1] == IP6_FULL_MASK && - (ip_addr[0].ip.ip6.ip6[0] != 0 || - ip_addr[0].ip.ip6.ip6[1] != 0) && - (ip_addr[1].ip.ip6.ip6[0] != 0 || - ip_addr[1].ip.ip6.ip6[1] != 0)) { + !rte_ipv6_addr_is_unspec(&ip_addr[0].ip.ip6) && + !rte_ipv6_addr_is_unspec(&ip_addr[1].ip.ip6)) { sa->src.ip.ip6 = ip_addr[0].ip.ip6; sa->dst.ip.ip6 = ip_addr[1].ip.ip6; @@ -1571,8 +1560,8 @@ ipsec_sa_init(struct ipsec_sa *lsa, struct rte_ipsec_sa *sa, uint32_t sa_size, }; if (IS_IP6_TUNNEL(lsa->flags)) { - memcpy(&v6.src_addr, lsa->src.ip.ip6.ip6_b, sizeof(v6.src_addr)); - memcpy(&v6.dst_addr, lsa->dst.ip.ip6.ip6_b, sizeof(v6.dst_addr)); + v6.src_addr = lsa->src.ip.ip6; + v6.dst_addr = lsa->dst.ip.ip6; } rc = fill_ipsec_sa_prm(&prm, lsa, &v4, &v6); diff --git a/examples/ipsec-secgw/sad.h b/examples/ipsec-secgw/sad.h index fdb1d2ef1790..d8f3a91e7aa8 100644 --- a/examples/ipsec-secgw/sad.h +++ b/examples/ipsec-secgw/sad.h @@ -9,6 +9,8 @@ #include #include +#include "ipsec.h" + #define SA_CACHE_SZ 128 #define SPI2IDX(spi, mask) ((spi) & (mask)) @@ -39,8 +41,8 @@ cmp_sa_key(struct ipsec_sa *sa, int is_v4, struct rte_ipv4_hdr *ipv4, (sa->dst.ip.ip4 == ipv4->dst_addr)) || /* IPv6 check */ (!is_v4 && (sa_type == IP6_TUNNEL) && - (!memcmp(sa->src.ip.ip6.ip6, &ipv6->src_addr, 16)) && - (!memcmp(sa->dst.ip.ip6.ip6, &ipv6->dst_addr, 16)))) + (rte_ipv6_addr_eq(&sa->src.ip.ip6, &ipv6->src_addr)) && + (rte_ipv6_addr_eq(&sa->dst.ip.ip6, &ipv6->dst_addr)))) return 1; return 0; @@ -130,10 +132,8 @@ sad_lookup(struct ipsec_sad *sad, struct rte_mbuf *pkts[], } } v6[nb_v6].spi = esp->spi; - memcpy(v6[nb_v6].dip, &ipv6->dst_addr, - sizeof(ipv6->dst_addr)); - memcpy(v6[nb_v6].sip, &ipv6->src_addr, - sizeof(ipv6->src_addr)); + v6[nb_v6].dip = ipv6->dst_addr; + v6[nb_v6].sip = ipv6->src_addr; keys_v6[nb_v6] = (const union rte_ipsec_sad_key *) &v6[nb_v6]; v6_idxes[nb_v6++] = i; diff --git a/examples/ipsec-secgw/sp6.c b/examples/ipsec-secgw/sp6.c index cce4da78622e..ebc47dfe493c 100644 --- a/examples/ipsec-secgw/sp6.c +++ b/examples/ipsec-secgw/sp6.c @@ -17,36 +17,6 @@ #define INIT_ACL_RULE_NUM 128 -#define IPV6_FROM_SP(acr, fidx_low, fidx_high) \ - (((uint64_t)(acr).field[(fidx_high)].value.u32 << 32) | \ - (acr).field[(fidx_low)].value.u32) - -#define IPV6_DST_FROM_SP(addr, acr) do {\ - (addr).ip.ip6.ip6[0] = rte_cpu_to_be_64(IPV6_FROM_SP((acr), \ - IP6_DST1, IP6_DST0));\ - (addr).ip.ip6.ip6[1] = rte_cpu_to_be_64(IPV6_FROM_SP((acr), \ - IP6_DST3, IP6_DST2));\ - } while (0) - -#define IPV6_SRC_FROM_SP(addr, acr) do {\ - (addr).ip.ip6.ip6[0] = rte_cpu_to_be_64(IPV6_FROM_SP((acr), \ - IP6_SRC1, IP6_SRC0));\ - (addr).ip.ip6.ip6[1] = rte_cpu_to_be_64(IPV6_FROM_SP((acr), \ - IP6_SRC3, IP6_SRC2));\ - } while (0) - -#define IPV6_DST_MASK_FROM_SP(mask, acr) \ - ((mask) = (acr).field[IP6_DST0].mask_range.u32 + \ - (acr).field[IP6_DST1].mask_range.u32 + \ - (acr).field[IP6_DST2].mask_range.u32 + \ - (acr).field[IP6_DST3].mask_range.u32) - -#define IPV6_SRC_MASK_FROM_SP(mask, acr) \ - ((mask) = (acr).field[IP6_SRC0].mask_range.u32 + \ - (acr).field[IP6_SRC1].mask_range.u32 + \ - (acr).field[IP6_SRC2].mask_range.u32 + \ - (acr).field[IP6_SRC3].mask_range.u32) - enum { IP6_PROTO, IP6_SRC0, @@ -62,8 +32,6 @@ enum { IP6_NUM }; -#define IP6_ADDR_SIZE 16 - static struct rte_acl_field_def ip6_defs[IP6_NUM] = { { .type = RTE_ACL_FIELD_TYPE_BITMASK, @@ -154,6 +122,52 @@ static struct acl6_rules *acl6_rules_in; static uint32_t nb_acl6_rules_in; static uint32_t sp_in_sz; +static struct rte_ipv6_addr +ipv6_src_from_sp(const struct acl6_rules *rule) +{ + struct rte_ipv6_addr alignas(alignof(rte_be64_t)) addr = RTE_IPV6_ADDR_UNSPEC; + rte_be64_t *values = (rte_be64_t *)&addr; + + values[0] = rte_cpu_to_be_64((uint64_t)rule->field[IP6_SRC0].value.u32 << 32 | + rule->field[IP6_SRC1].value.u32); + values[1] = rte_cpu_to_be_64((uint64_t)rule->field[IP6_SRC2].value.u32 << 32 | + rule->field[IP6_SRC3].value.u32); + + return addr; +} + +static struct rte_ipv6_addr +ipv6_dst_from_sp(const struct acl6_rules *rule) +{ + struct rte_ipv6_addr alignas(alignof(rte_be64_t)) addr = RTE_IPV6_ADDR_UNSPEC; + rte_be64_t *values = (rte_be64_t *)&addr; + + values[0] = rte_cpu_to_be_64((uint64_t)rule->field[IP6_DST0].value.u32 << 32 | + rule->field[IP6_DST1].value.u32); + values[1] = rte_cpu_to_be_64((uint64_t)rule->field[IP6_DST2].value.u32 << 32 | + rule->field[IP6_DST3].value.u32); + + return addr; +} + +static uint32_t +ipv6_src_mask_from_sp(const struct acl6_rules *rule) +{ + return rule->field[IP6_SRC0].mask_range.u32 + + rule->field[IP6_SRC1].mask_range.u32 + + rule->field[IP6_SRC2].mask_range.u32 + + rule->field[IP6_SRC3].mask_range.u32; +} + +static uint32_t +ipv6_dst_mask_from_sp(const struct acl6_rules *rule) +{ + return rule->field[IP6_DST0].mask_range.u32 + + rule->field[IP6_DST1].mask_range.u32 + + rule->field[IP6_DST2].mask_range.u32 + + rule->field[IP6_DST3].mask_range.u32; +} + static int extend_sp_arr(struct acl6_rules **sp_tbl, uint32_t cur_cnt, uint32_t *cur_sz) { @@ -329,7 +343,7 @@ parse_sp6_tokens(char **tokens, uint32_t n_tokens, } if (strcmp(tokens[ti], "src") == 0) { - struct in6_addr ip; + struct rte_ipv6_addr ip; uint32_t depth; APP_CHECK_PRESENCE(src_p, tokens[ti], status); @@ -347,34 +361,34 @@ parse_sp6_tokens(char **tokens, uint32_t n_tokens, return; rule_ipv6->field[1].value.u32 = - (uint32_t)ip.s6_addr[0] << 24 | - (uint32_t)ip.s6_addr[1] << 16 | - (uint32_t)ip.s6_addr[2] << 8 | - (uint32_t)ip.s6_addr[3]; + (uint32_t)ip.a[0] << 24 | + (uint32_t)ip.a[1] << 16 | + (uint32_t)ip.a[2] << 8 | + (uint32_t)ip.a[3]; rule_ipv6->field[1].mask_range.u32 = (depth > 32) ? 32 : depth; depth = (depth > 32) ? (depth - 32) : 0; rule_ipv6->field[2].value.u32 = - (uint32_t)ip.s6_addr[4] << 24 | - (uint32_t)ip.s6_addr[5] << 16 | - (uint32_t)ip.s6_addr[6] << 8 | - (uint32_t)ip.s6_addr[7]; + (uint32_t)ip.a[4] << 24 | + (uint32_t)ip.a[5] << 16 | + (uint32_t)ip.a[6] << 8 | + (uint32_t)ip.a[7]; rule_ipv6->field[2].mask_range.u32 = (depth > 32) ? 32 : depth; depth = (depth > 32) ? (depth - 32) : 0; rule_ipv6->field[3].value.u32 = - (uint32_t)ip.s6_addr[8] << 24 | - (uint32_t)ip.s6_addr[9] << 16 | - (uint32_t)ip.s6_addr[10] << 8 | - (uint32_t)ip.s6_addr[11]; + (uint32_t)ip.a[8] << 24 | + (uint32_t)ip.a[9] << 16 | + (uint32_t)ip.a[10] << 8 | + (uint32_t)ip.a[11]; rule_ipv6->field[3].mask_range.u32 = (depth > 32) ? 32 : depth; depth = (depth > 32) ? (depth - 32) : 0; rule_ipv6->field[4].value.u32 = - (uint32_t)ip.s6_addr[12] << 24 | - (uint32_t)ip.s6_addr[13] << 16 | - (uint32_t)ip.s6_addr[14] << 8 | - (uint32_t)ip.s6_addr[15]; + (uint32_t)ip.a[12] << 24 | + (uint32_t)ip.a[13] << 16 | + (uint32_t)ip.a[14] << 8 | + (uint32_t)ip.a[15]; rule_ipv6->field[4].mask_range.u32 = (depth > 32) ? 32 : depth; @@ -383,7 +397,7 @@ parse_sp6_tokens(char **tokens, uint32_t n_tokens, } if (strcmp(tokens[ti], "dst") == 0) { - struct in6_addr ip; + struct rte_ipv6_addr ip; uint32_t depth; APP_CHECK_PRESENCE(dst_p, tokens[ti], status); @@ -401,34 +415,34 @@ parse_sp6_tokens(char **tokens, uint32_t n_tokens, return; rule_ipv6->field[5].value.u32 = - (uint32_t)ip.s6_addr[0] << 24 | - (uint32_t)ip.s6_addr[1] << 16 | - (uint32_t)ip.s6_addr[2] << 8 | - (uint32_t)ip.s6_addr[3]; + (uint32_t)ip.a[0] << 24 | + (uint32_t)ip.a[1] << 16 | + (uint32_t)ip.a[2] << 8 | + (uint32_t)ip.a[3]; rule_ipv6->field[5].mask_range.u32 = (depth > 32) ? 32 : depth; depth = (depth > 32) ? (depth - 32) : 0; rule_ipv6->field[6].value.u32 = - (uint32_t)ip.s6_addr[4] << 24 | - (uint32_t)ip.s6_addr[5] << 16 | - (uint32_t)ip.s6_addr[6] << 8 | - (uint32_t)ip.s6_addr[7]; + (uint32_t)ip.a[4] << 24 | + (uint32_t)ip.a[5] << 16 | + (uint32_t)ip.a[6] << 8 | + (uint32_t)ip.a[7]; rule_ipv6->field[6].mask_range.u32 = (depth > 32) ? 32 : depth; depth = (depth > 32) ? (depth - 32) : 0; rule_ipv6->field[7].value.u32 = - (uint32_t)ip.s6_addr[8] << 24 | - (uint32_t)ip.s6_addr[9] << 16 | - (uint32_t)ip.s6_addr[10] << 8 | - (uint32_t)ip.s6_addr[11]; + (uint32_t)ip.a[8] << 24 | + (uint32_t)ip.a[9] << 16 | + (uint32_t)ip.a[10] << 8 | + (uint32_t)ip.a[11]; rule_ipv6->field[7].mask_range.u32 = (depth > 32) ? 32 : depth; depth = (depth > 32) ? (depth - 32) : 0; rule_ipv6->field[8].value.u32 = - (uint32_t)ip.s6_addr[12] << 24 | - (uint32_t)ip.s6_addr[13] << 16 | - (uint32_t)ip.s6_addr[14] << 8 | - (uint32_t)ip.s6_addr[15]; + (uint32_t)ip.a[12] << 24 | + (uint32_t)ip.a[13] << 16 | + (uint32_t)ip.a[14] << 8 | + (uint32_t)ip.a[15]; rule_ipv6->field[8].mask_range.u32 = (depth > 32) ? 32 : depth; @@ -757,10 +771,10 @@ sp6_spi_present(uint32_t spi, int inbound, struct ip_addr ip_addr[2], rule = bsearch(&tmpl, acr, num, sizeof(struct acl6_rules), sp_cmp); if (rule != NULL) { if (NULL != ip_addr && NULL != mask) { - IPV6_SRC_FROM_SP(ip_addr[0], *rule); - IPV6_DST_FROM_SP(ip_addr[1], *rule); - IPV6_SRC_MASK_FROM_SP(mask[0], *rule); - IPV6_DST_MASK_FROM_SP(mask[1], *rule); + ip_addr[0].ip.ip6 = ipv6_src_from_sp(rule); + ip_addr[1].ip.ip6 = ipv6_dst_from_sp(rule); + mask[0] = ipv6_src_mask_from_sp(rule); + mask[1] = ipv6_dst_mask_from_sp(rule); } return RTE_PTR_DIFF(rule, acr) / sizeof(struct acl6_rules); } diff --git a/lib/ipsec/rte_ipsec_sad.h b/lib/ipsec/rte_ipsec_sad.h index 0adf89d9310c..c7fb4744304e 100644 --- a/lib/ipsec/rte_ipsec_sad.h +++ b/lib/ipsec/rte_ipsec_sad.h @@ -8,6 +8,7 @@ #include +#include /** * @file rte_ipsec_sad.h @@ -38,8 +39,8 @@ struct rte_ipsec_sadv4_key { struct rte_ipsec_sadv6_key { uint32_t spi; - uint8_t dip[16]; - uint8_t sip[16]; + struct rte_ipv6_addr dip; + struct rte_ipv6_addr sip; }; union rte_ipsec_sad_key { -- 2.47.0