From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id C7CE045B69; Fri, 18 Oct 2024 16:08:22 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id AA8AC40DDC; Fri, 18 Oct 2024 16:06:58 +0200 (CEST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mails.dpdk.org (Postfix) with ESMTP id B67B640B97 for ; Fri, 18 Oct 2024 16:06:53 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1729260413; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ujXnQoDinkTppKnEBAeOAnqC7QSJE3IrVMdMCj7CBAY=; b=e/9BnS3knFfTpF1sQ+Hi3CVg6hfdlzZXXufD4Wc7NdBVrj/0A0B5K8M9L1FzlpLnRzz8vz mpnZWiXThxEjRlH9jxQSuVhOq8ToU266yQ+xIgEFMUIKnthp+jFrqu4ix25lezWgurG5sR A8W5M3UDuUD4NGYLdk1BCiBY9IH8nS0= Received: from mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-216-UPIyCuJVOYqKm1czODBCCQ-1; Fri, 18 Oct 2024 10:06:50 -0400 X-MC-Unique: UPIyCuJVOYqKm1czODBCCQ-1 Received: from mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 062711955F69; Fri, 18 Oct 2024 14:06:47 +0000 (UTC) Received: from ringo.redhat.com (unknown [10.39.208.23]) by mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id A698F19560A2; Fri, 18 Oct 2024 14:06:43 +0000 (UTC) From: Robin Jarry To: dev@dpdk.org, Nithin Dabilpuram , Kiran Kumar K , Sunil Kumar Kori , Satha Rao , Harman Kalra , Jingjing Wu , Chaoyong He , Radu Nicolau , Akhil Goyal , Cristian Dumitrescu , Anoob Joseph Subject: [PATCH dpdk v5 12/17] security: use IPv6 address structure Date: Fri, 18 Oct 2024 16:05:48 +0200 Message-ID: <20241018140553.79789-13-rjarry@redhat.com> In-Reply-To: <20241018140553.79789-1-rjarry@redhat.com> References: <20240821162516.610624-17-rjarry@redhat.com> <20241018140553.79789-1-rjarry@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.12 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII"; x-default=true X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org For consistency with the rest of the code base, update rte_security_ipsec_tunnel_param to use rte_ipv6_addr structures instead of in6_addr. Signed-off-by: Robin Jarry --- doc/guides/rel_notes/release_24_11.rst | 2 ++ drivers/common/cnxk/cnxk_security.c | 14 ++++++-------- drivers/net/iavf/iavf_ipsec_crypto.c | 3 +-- drivers/net/nfp/nfp_ipsec.c | 4 ++-- examples/ipsec-secgw/ipsec.c | 12 ++++++------ lib/pipeline/rte_swx_ipsec.c | 8 ++------ lib/security/rte_security.h | 5 +++-- 7 files changed, 22 insertions(+), 26 deletions(-) diff --git a/doc/guides/rel_notes/release_24_11.rst b/doc/guides/rel_notes/release_24_11.rst index 77459dbbff33..f3d0e170d134 100644 --- a/doc/guides/rel_notes/release_24_11.rst +++ b/doc/guides/rel_notes/release_24_11.rst @@ -316,6 +316,8 @@ API Changes - ``struct rte_swx_ipsec_sa_encap_params`` - ``struct rte_table_action_ipv6_header`` - ``struct rte_table_action_nat_params`` + security + - ``struct rte_security_ipsec_tunnel_param`` table - ``struct rte_table_lpm_ipv6_key`` - ``RTE_LPM_IPV6_ADDR_SIZE`` (deprecated, replaced with ``RTE_IPV6_ADDR_SIZE``) diff --git a/drivers/common/cnxk/cnxk_security.c b/drivers/common/cnxk/cnxk_security.c index e67c3f233187..c2871ad2bda5 100644 --- a/drivers/common/cnxk/cnxk_security.c +++ b/drivers/common/cnxk/cnxk_security.c @@ -271,9 +271,9 @@ ot_ipsec_inb_tunnel_hdr_fill(struct roc_ot_ipsec_inb_sa *sa, case RTE_SECURITY_IPSEC_TUNNEL_IPV6: sa->w2.s.outer_ip_ver = ROC_IE_SA_IP_VERSION_6; memcpy(&sa->outer_hdr.ipv6.src_addr, &tunnel->ipv6.src_addr, - sizeof(struct in6_addr)); + sizeof(sa->outer_hdr.ipv6.src_addr)); memcpy(&sa->outer_hdr.ipv6.dst_addr, &tunnel->ipv6.dst_addr, - sizeof(struct in6_addr)); + sizeof(sa->outer_hdr.ipv6.dst_addr)); /* IP Source and Dest are in LE/CPU endian */ ot_ipsec_update_ipv6_addr_endianness((uint64_t *)&sa->outer_hdr.ipv6.src_addr); @@ -472,9 +472,9 @@ cnxk_ot_ipsec_outb_sa_fill(struct roc_ot_ipsec_outb_sa *sa, case RTE_SECURITY_IPSEC_TUNNEL_IPV6: sa->w2.s.outer_ip_ver = ROC_IE_SA_IP_VERSION_6; memcpy(&sa->outer_hdr.ipv6.src_addr, &tunnel->ipv6.src_addr, - sizeof(struct in6_addr)); + sizeof(sa->outer_hdr.ipv6.src_addr)); memcpy(&sa->outer_hdr.ipv6.dst_addr, &tunnel->ipv6.dst_addr, - sizeof(struct in6_addr)); + sizeof(sa->outer_hdr.ipv6.dst_addr)); /* IP Source and Dest are in LE/CPU endian */ ot_ipsec_update_ipv6_addr_endianness((uint64_t *)&sa->outer_hdr.ipv6.src_addr); @@ -1087,10 +1087,8 @@ cnxk_on_ipsec_outb_sa_create(struct rte_security_ipsec_xform *ipsec, ip6->hop_limits = ipsec->tunnel.ipv6.hlimit ? ipsec->tunnel.ipv6.hlimit : 0x40; - memcpy(&ip6->src_addr, &ipsec->tunnel.ipv6.src_addr, - sizeof(struct in6_addr)); - memcpy(&ip6->dst_addr, &ipsec->tunnel.ipv6.dst_addr, - sizeof(struct in6_addr)); + ip6->src_addr = ipsec->tunnel.ipv6.src_addr; + ip6->dst_addr = ipsec->tunnel.ipv6.dst_addr; } } else ctx_len += sizeof(template->ip4); diff --git a/drivers/net/iavf/iavf_ipsec_crypto.c b/drivers/net/iavf/iavf_ipsec_crypto.c index 89dd5af5500f..90421a66c309 100644 --- a/drivers/net/iavf/iavf_ipsec_crypto.c +++ b/drivers/net/iavf/iavf_ipsec_crypto.c @@ -510,8 +510,7 @@ iavf_ipsec_crypto_security_association_add(struct iavf_adapter *adapter, *((uint32_t *)sa_cfg->dst_addr) = htonl(conf->ipsec.tunnel.ipv4.dst_ip.s_addr); } else { - uint32_t *v6_dst_addr = - (uint32_t *)conf->ipsec.tunnel.ipv6.dst_addr.s6_addr; + uint32_t *v6_dst_addr = (uint32_t *)&conf->ipsec.tunnel.ipv6.dst_addr; sa_cfg->virtchnl_ip_type = VIRTCHNL_IPV6; diff --git a/drivers/net/nfp/nfp_ipsec.c b/drivers/net/nfp/nfp_ipsec.c index 89116af1b22f..13f2b850e59d 100644 --- a/drivers/net/nfp/nfp_ipsec.c +++ b/drivers/net/nfp/nfp_ipsec.c @@ -1042,8 +1042,8 @@ nfp_ipsec_msg_build(struct rte_eth_dev *eth_dev, cfg->dst_ip[0] = rte_be_to_cpu_32(dst_ip[0]); cfg->ipv6 = 0; } else if (type == RTE_SECURITY_IPSEC_TUNNEL_IPV6) { - src_ip = (rte_be32_t *)conf->ipsec.tunnel.ipv6.src_addr.s6_addr; - dst_ip = (rte_be32_t *)conf->ipsec.tunnel.ipv6.dst_addr.s6_addr; + src_ip = (rte_be32_t *)&conf->ipsec.tunnel.ipv6.src_addr; + dst_ip = (rte_be32_t *)&conf->ipsec.tunnel.ipv6.dst_addr; for (i = 0; i < 4; i++) { cfg->src_ip[i] = rte_be_to_cpu_32(src_ip[i]); cfg->dst_ip[i] = rte_be_to_cpu_32(dst_ip[i]); diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c index 3b1e2a710971..c65efd1c166a 100644 --- a/examples/ipsec-secgw/ipsec.c +++ b/examples/ipsec-secgw/ipsec.c @@ -41,8 +41,8 @@ set_ipsec_conf(struct ipsec_sa *sa, struct rte_security_ipsec_xform *ipsec) tunnel->ipv6.hlimit = IPDEFTTL; tunnel->ipv6.dscp = 0; tunnel->ipv6.flabel = 0; - memcpy(&tunnel->ipv6.src_addr, &sa->src.ip.ip6, 16); - memcpy(&tunnel->ipv6.dst_addr, &sa->dst.ip.ip6, 16); + tunnel->ipv6.src_addr = sa->src.ip.ip6; + tunnel->ipv6.dst_addr = sa->dst.ip.ip6; } /* TODO support for Transport */ } @@ -446,8 +446,8 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa, sess_conf.ipsec.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV6; - memcpy(&sess_conf.ipsec.tunnel.ipv6.src_addr, &sa->src.ip.ip6, 16); - memcpy(&sess_conf.ipsec.tunnel.ipv6.dst_addr, &sa->dst.ip.ip6, 16); + sess_conf.ipsec.tunnel.ipv6.src_addr = sa->src.ip.ip6; + sess_conf.ipsec.tunnel.ipv6.dst_addr = sa->dst.ip.ip6; } } else if (IS_TUNNEL(sa->flags)) { sess_conf.ipsec.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL; @@ -464,8 +464,8 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa, sess_conf.ipsec.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV6; - memcpy(&sess_conf.ipsec.tunnel.ipv6.src_addr, &sa->src.ip.ip6, 16); - memcpy(&sess_conf.ipsec.tunnel.ipv6.dst_addr, &sa->dst.ip.ip6, 16); + sess_conf.ipsec.tunnel.ipv6.src_addr = sa->src.ip.ip6; + sess_conf.ipsec.tunnel.ipv6.dst_addr = sa->dst.ip.ip6; } else { RTE_LOG(ERR, IPSEC, "invalid tunnel type\n"); return -1; diff --git a/lib/pipeline/rte_swx_ipsec.c b/lib/pipeline/rte_swx_ipsec.c index 6bc81145409b..17a9d2b98bc0 100644 --- a/lib/pipeline/rte_swx_ipsec.c +++ b/lib/pipeline/rte_swx_ipsec.c @@ -1579,12 +1579,8 @@ ipsec_xform_get(struct rte_swx_ipsec_sa_params *p, ipsec_xform->tunnel.ipv4.df = 0; ipsec_xform->tunnel.ipv4.ttl = 64; } else { - memcpy(&ipsec_xform->tunnel.ipv6.src_addr, - &p->encap.tunnel.ipv6.src_addr, - sizeof(ipsec_xform->tunnel.ipv6.src_addr)); - memcpy(&ipsec_xform->tunnel.ipv6.dst_addr, - &p->encap.tunnel.ipv6.dst_addr, - sizeof(ipsec_xform->tunnel.ipv6.dst_addr)); + ipsec_xform->tunnel.ipv6.src_addr = p->encap.tunnel.ipv6.src_addr; + ipsec_xform->tunnel.ipv6.dst_addr = p->encap.tunnel.ipv6.dst_addr; ipsec_xform->tunnel.ipv6.dscp = 0; ipsec_xform->tunnel.ipv6.flabel = 0; ipsec_xform->tunnel.ipv6.hlimit = 64; diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h index 7a9bafa0fa72..032bf9c5fbfa 100644 --- a/lib/security/rte_security.h +++ b/lib/security/rte_security.h @@ -18,6 +18,7 @@ #include #include #include +#include #include #ifdef __cplusplus @@ -85,9 +86,9 @@ struct rte_security_ipsec_tunnel_param { } ipv4; /**< IPv4 header parameters */ struct { - struct in6_addr src_addr; + struct rte_ipv6_addr src_addr; /**< IPv6 source address */ - struct in6_addr dst_addr; + struct rte_ipv6_addr dst_addr; /**< IPv6 destination address */ uint8_t dscp; /**< IPv6 Differentiated Services Code Point */ -- 2.47.0