From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 54480A0548; Mon, 27 Sep 2021 15:27:26 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 3B58A410DD; Mon, 27 Sep 2021 15:27:26 +0200 (CEST) Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mails.dpdk.org (Postfix) with ESMTP id 207B6410DC for ; Mon, 27 Sep 2021 15:27:23 +0200 (CEST) X-IronPort-AV: E=McAfee;i="6200,9189,10119"; a="211722957" X-IronPort-AV: E=Sophos;i="5.85,326,1624345200"; d="scan'208";a="211722957" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Sep 2021 06:27:21 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.85,326,1624345200"; d="scan'208";a="486150390" Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15]) by orsmga008.jf.intel.com with ESMTP; 27 Sep 2021 06:27:20 -0700 Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Mon, 27 Sep 2021 06:27:20 -0700 Received: from orsmsx606.amr.corp.intel.com (10.22.229.19) by ORSMSX611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Mon, 27 Sep 2021 06:27:20 -0700 Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx606.amr.corp.intel.com (10.22.229.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12 via Frontend Transport; Mon, 27 Sep 2021 06:27:20 -0700 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.169) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.12; Mon, 27 Sep 2021 06:27:19 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZQIMB4K2U6ND10HvWicG+u0jKdFxoFu78HWw/jZHjWhWgtmcVrHZtfKgzOD57cAIo6IdULkPCxffVZdkCNWUhMR8IEvSSf57cFPEbGFFaggALzLGG+PyZj2BUDnT+ta0VS9mxQROW0ahH1oMBNddaOD/IjYVEnObwPhRbllGhgjmldFwhkSsNGPh1jAGwALEB3mouDGU50VwOSCeDRWJDzb5f/J/JN0WQS1GtOX4MUqRHgYITfKxuucne6UDEnrjR1UIWF1OXZPw9c+YqpW/prsijtR0dEC1WA3fkgtO+xWxeEo7HNQ3gIjH1GX9g209Ktyaz4yekoHosErXhizJog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=6N+aZ2Om0vNBwiD+0DIvyqK85CME8ISiG0pvj/lFLeg=; b=MD/lShzIa6bbHJLoC4dwYRqXCWzrKTbvriUSW31xUeC2jPKda4waceVaNT6ugqn4GxfVMXJXNAu1oPQZ1wrQAtbc7P/eVJsUwhK3gI4B1YhO5i53C0g+uPIEsTb0tEeFG9dUQFmMoWf5MssDXLEGHeVBkvflFpkg6tx6cCBDHBxdRawt+LVXtT5Y1c6HDhxpd/lo9lmvyqHNY1mCB7leslD6TrYG/ntgANHAn0yIqMqRCPZmOCsiUrpbxkectnPWtWXty3HSsaYgjxuI7loOqejyBUxZ//EJUBGGMrHDUgTIWxmBWC6s116uXjsQWmUZJkslxPm59/X+Pjl9jCK7Fw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6N+aZ2Om0vNBwiD+0DIvyqK85CME8ISiG0pvj/lFLeg=; b=p/05I06kG6YlVeIjO+HjIVz17SzOFeU2aV4lixwG3NMgJ+xHeP7ZwS6SSb2JfoglTsioOMGOlfz1psHezDDRQZspcvvZvS7HiczWmnKzGQHpGxyT2L4xP56VtmB59NuuNsxKei80icwr9wkeidt9WAAuyfRLkP4l1veXcWm4OuU= Authentication-Results: nvidia.com; dkim=none (message not signed) header.d=none;nvidia.com; dmarc=none action=none header.from=intel.com; Received: from CO1PR11MB4868.namprd11.prod.outlook.com (2603:10b6:303:90::19) by CO1PR11MB4819.namprd11.prod.outlook.com (2603:10b6:303:91::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.15; Mon, 27 Sep 2021 13:27:18 +0000 Received: from CO1PR11MB4868.namprd11.prod.outlook.com ([fe80::4dcc:489e:1d86:47cb]) by CO1PR11MB4868.namprd11.prod.outlook.com ([fe80::4dcc:489e:1d86:47cb%9]) with mapi id 15.20.4544.022; Mon, 27 Sep 2021 13:27:18 +0000 To: "Ananyev, Konstantin" , "Iremonger, Bernard" , "Medvedkin, Vladimir" CC: "dev@dpdk.org" , "mdr@ashroe.eu" , "Richardson, Bruce" , "Zhang, Roy Fan" , "hemant.agrawal@nxp.com" , "gakhil@marvell.com" , "anoobj@marvell.com" , "Doherty, Declan" , "Sinha, Abhijit" , "Buckley, Daniel M" , "marchana@marvell.com" , "ktejasree@marvell.com" , "matan@nvidia.com" References: <20210713133542.3550525-1-radu.nicolau@intel.com> <20210917091747.1528262-1-radu.nicolau@intel.com> <20210917091747.1528262-8-radu.nicolau@intel.com> From: "Nicolau, Radu" Message-ID: <4be5cbe4-316c-84a0-df0c-8b57282a2484@intel.com> Date: Mon, 27 Sep 2021 14:27:09 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0 Thunderbird/78.14.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-GB X-ClientProxiedBy: DU2PR04CA0326.eurprd04.prod.outlook.com (2603:10a6:10:2b5::31) To CO1PR11MB4868.namprd11.prod.outlook.com (2603:10b6:303:90::19) MIME-Version: 1.0 Received: from [192.168.1.12] (109.255.186.106) by DU2PR04CA0326.eurprd04.prod.outlook.com (2603:10a6:10:2b5::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.13 via Frontend Transport; Mon, 27 Sep 2021 13:27:14 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: f3e94ce6-3d80-4830-d6ad-08d981ba86f2 X-MS-TrafficTypeDiagnostic: CO1PR11MB4819: X-LD-Processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Ntj3PENbQ/DvRIfksI8wkeh3mQlTiyY4G4GGk6u8daiFQbOh0soSbhL6Z0ObVf5cSlNIRnqMi+3Al8l6N7ghDzsFKKOb91XwYh5m2unAXlhQvyWHwUyRdKu3SAfQjPp0GvC9+yzDC+S+HNItrBsn+hoN/RgM/BNCEomBZg4lkv7D6heeokachNYh7/NZJqDu0u5rlrNAjB5rgh4gduH1X7nO77kIWzg4CdPmP9B8fA5Km5QJZt4TwhR/9kpiy7G9nT23vqKPCYUgUDQemxG1Dh9vv4wPjOUOTQPVB8Hxl56cnV04zOdmfrpi9vR6vMFvxTmmlW+OLUuFzUR0z018e2737mhxYqnFmiSDHkGwjKyEUZ6IrqXHpL1mOvrXXC+2klCa+TM515auIUFf3f4PJy+1FVhvquMdTsKy9zgcNPMuSabDrBtQZJRnBYZRxhTR6qmwW2rdSl5enB/Cy8bUX/FPnogyExfQyy2SF8oGSym1dhrmKiOlB9Zry2Webtj60a+yAvSndj+pNORtY7kAyIMHgoDDpq59ZZWVH46PFg2iim7Tq77K8ljD+wUh66R5lO8532EhwJ0DOaxjmgqTWpE2Lgkflpt2NP0644DcU+KIcvphCgO2Cma2hwHqr2obBqUCOCddVaYN99P45ULKOZ0/bKpwSTyQaJ2OUrEyUD4oMfqjmdrSJKENgdDxg7aI/c4TU4KWvphEmTQhZUCgYuZIelkWegqBj2FOQ3EDc1rESksxD4GAttJYD0L7+wAw X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR11MB4868.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(83380400001)(8676002)(53546011)(6666004)(5660300002)(38100700002)(55236004)(8936002)(26005)(2906002)(508600001)(36756003)(66556008)(66946007)(86362001)(66476007)(31686004)(6486002)(31696002)(6636002)(54906003)(4326008)(316002)(110136005)(186003)(956004)(2616005)(16576012)(45980500001)(43740500002); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?NElRZUFIeWF0RVdKbnZzMFh1VnVVRGMrdGlWRkxLQXE0cFpBSTBVNCt6cnN1?= =?utf-8?B?akM5NzlTMWpLMU1yTlBVUGhaeXFBeWNYNFAxbkhDaUpWVm5BZG5aendmMGFu?= =?utf-8?B?NGlxc3RrbCs0NzVadktjdWoyL05BZkQ3NVYvaUx3cW16cWxJWE9HOEZPdVkx?= =?utf-8?B?aE85enBlSm5zYWNxeDkwUTV2UGJSSFJZUnd2dVBuTjlBKzB0Y3VpOWpFOW1U?= =?utf-8?B?b1FVQjBTdkNNVlIrR0NaT1kvRlJ0ZndOMTRuNldTTHlmNy9SaHkwTHMvN2R6?= =?utf-8?B?NDBGSTFveDZJVS9TSGUwYzc5dGdPL3h4NExTQXVIazA3UHIxdUNYaU14c0Rq?= =?utf-8?B?ZVRHOVVUK1NXVW10d3NOUXNZdWQrNWw1RHZPSS9qM3F0c251OHNUTkJkUU9w?= =?utf-8?B?cG1aRzg4TVJGUndwd2pDMHVGaXFMVjl1K0VjYnM1eDhtcDZLaVZzKzdKZmdZ?= =?utf-8?B?WFhVM3JQSFpDZks0WTh6Z3BKWTYvQUZ6VzI4dVIxdHFVai9FYjh1YUphb3NF?= =?utf-8?B?WFlBL0tEOWY2aUJTazV4ZFlCWm5pb0JibzlDSmZoYmUrbFVxNHRqUlVSK20x?= =?utf-8?B?WXYySmoxM0tpZUd4eDFZcVlpdHNma1Y0Vmh3U21nUlgwdDAxalB5Y1h4UFRX?= =?utf-8?B?NVJKMVh4S1l1Zkh1ZGdEOUI4VDZmZEVkOHQzSTg3empvSGRoMVJ3eWEvcHdj?= =?utf-8?B?UEZZMEZiNTFUL0swRUxxeHl6TENldHBjOE5oS1lrWXFTdXMyQ1hiR0ZrQjBE?= =?utf-8?B?K3VQUzRVYXg3RnlWYzVIZXQrUlNHOUxqQ0UxRjNBVkxkaEl3MWlSc1hKQXBl?= =?utf-8?B?UWhFc3IvVjhqM3o4T3p6RXZaQ1ZmNW9hNkVzUTBTRnlCVlJIdG1OaTBWcmVl?= =?utf-8?B?c051QlA1ME9KMElmOTFhQXR3WTBCSHpEckhQRVZiN1Q1Z3c2aVhvZjBCZkR6?= =?utf-8?B?VDJWODQ1OGFCem5FVkt6WWlCbEg4K0s2V09MNGJtUkZvd25wL3hURUttbmt2?= =?utf-8?B?WGhQUWZ6QW1qUXRSMlBjVnprcTYzUnh3Wlc4VFh0TVBETTBOclRmM0dMUThQ?= =?utf-8?B?dFo3YkoyZnlodHlJYnc2dFdGV2dNSWJaMkRIOTQxUG84RmZmQVJBcDlWWXVa?= =?utf-8?B?WjdBMXgzeG5YSlRFZDFYaW94dWhneXRoWmtYWjc3NXp6T3hPZno1czArcWNJ?= =?utf-8?B?STI4VnZESUpKRTFMeXdpd3lpclZDUHVnOTlqWkNFRWpIM2FKcnJCeEFrK3Vq?= =?utf-8?B?VEIxSkJETUl4b3IyOWQxZWtORE5SQ2xFQzR1NXJOdDgyMTY0dSs0TWJheWg3?= =?utf-8?B?ZHF4T0RWa2Iwd255NDZDcmdMNFpWOFRFTEx3ZmFiUlNodDJ2MjVMbStpOWJU?= =?utf-8?B?eXVwenYrWnNidEhlOGljMkU5V3FWZnhISS9sL2wwRVFsdFMyS0pmYmhjM2lT?= =?utf-8?B?Skw1Z0hMakVpOUpWaDJjczY2SWZOSzNuQktweEU1SldYL2FJWkhnZXlDMm5D?= =?utf-8?B?TVNKYWlPVkowQ2EydGQyM05EN2NUSWxpbTR0eWR0bFEzZHFtOUdYY0ZNR0pI?= =?utf-8?B?enppbk1DWnFsRkZUeHpTNHRvQWVoVmVXdks5OU5wZ3cxWm9nNGMyOXUrOE9n?= =?utf-8?B?a2oxSlhaSEVnbUwyYWxQSXQ4TGN1ZlpkdXpYMjZaZG9zZTBiL2Q0VFhMSEZK?= =?utf-8?B?Zm04QUswTVJidWQ0a1c5WDFaVHMwY2ZpUzN1bjBtUzZOQ2RTSEp3YThSdUhn?= =?utf-8?Q?5NnkDCVE8SWtnE3AIZhJm9+FrUd6J9Tmdm1OBDP?= X-MS-Exchange-CrossTenant-Network-Message-Id: f3e94ce6-3d80-4830-d6ad-08d981ba86f2 X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB4868.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Sep 2021 13:27:17.8951 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: oOzxIVOo11WoRrh+6xjnh8tuE0vhwh4H9fLSDdJWvjigVfIiaWP1ZjdtpE6fNl6ybMPRJwbRcIThVP3tDA73ew== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR11MB4819 X-OriginatorOrg: intel.com Subject: Re: [dpdk-dev] [PATCH v6 07/10] ipsec: add support for NAT-T X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On 9/23/2021 5:43 PM, Ananyev, Konstantin wrote: > >> Add support for the IPsec NAT-Traversal use case for Tunnel mode >> packets. >> >> Signed-off-by: Declan Doherty >> Signed-off-by: Radu Nicolau >> Signed-off-by: Abhijit Sinha >> Signed-off-by: Daniel Martin Buckley >> Acked-by: Fan Zhang >> --- >> lib/ipsec/iph.h | 17 +++++++++++++++++ >> lib/ipsec/rte_ipsec_sa.h | 8 +++++++- >> lib/ipsec/sa.c | 13 ++++++++++++- >> lib/ipsec/sa.h | 4 ++++ >> 4 files changed, 40 insertions(+), 2 deletions(-) >> >> diff --git a/lib/ipsec/iph.h b/lib/ipsec/iph.h >> index 2d223199ac..c5c213a2b4 100644 >> --- a/lib/ipsec/iph.h >> +++ b/lib/ipsec/iph.h >> @@ -251,6 +251,7 @@ update_tun_outb_l3hdr(const struct rte_ipsec_sa *sa, void *outh, >> { >> struct rte_ipv4_hdr *v4h; >> struct rte_ipv6_hdr *v6h; >> + struct rte_udp_hdr *udph; >> uint8_t is_outh_ipv4; >> >> if (sa->type & RTE_IPSEC_SATP_MODE_TUNLV4) { >> @@ -258,11 +259,27 @@ update_tun_outb_l3hdr(const struct rte_ipsec_sa *sa, void *outh, >> v4h = outh; >> v4h->packet_id = pid; >> v4h->total_length = rte_cpu_to_be_16(plen - l2len); >> + >> + if (sa->type & RTE_IPSEC_SATP_NATT_ENABLE) { >> + udph = (struct rte_udp_hdr *)(v4h + 1); >> + udph->dst_port = sa->natt.dport; >> + udph->src_port = sa->natt.sport; >> + udph->dgram_len = rte_cpu_to_be_16(plen - l2len - >> + (sizeof(*v4h) + sizeof(*udph))); >> + } >> } else { >> is_outh_ipv4 = 0; >> v6h = outh; >> v6h->payload_len = rte_cpu_to_be_16(plen - l2len - >> sizeof(*v6h)); >> + >> + if (sa->type & RTE_IPSEC_SATP_NATT_ENABLE) { >> + udph = (struct rte_udp_hdr *)(v6h + 1); > Why you presume there would be always ipv6 with no options? > Shouldn't we use hdr_l3_len provided by user? Yes, I will use hdr_l3_len. > Another thing - I am not sure we need 'natt' field in rte_ipsec_sa at all. > UDP header (sport, dport) is consitant and could be part of header template > provided by user at sa initialization time. The rte_security_ipsec_sa_options::udp_encap flag assumes that the UDP encapsulation i.e. adding the header is not the responsibility of the user, so we can append it (transparently to the user) to the header template but the user should not do it. Will this work? > >> + udph->dst_port = sa->natt.dport; >> + udph->src_port = sa->natt.sport; >> + udph->dgram_len = rte_cpu_to_be_16(plen - l2len - >> + (sizeof(*v6h) + sizeof(*udph))); > Whose responsibility will be to update cksum field? According to the RFC it should be zero and the rx side must not check/use it. I will set it as zero