From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 92F86A0547; Sun, 5 Sep 2021 17:00:55 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 5C64140042; Sun, 5 Sep 2021 17:00:55 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id B659D4003D for ; Sun, 5 Sep 2021 17:00:53 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 185CPPZU000844; Sun, 5 Sep 2021 08:00:51 -0700 Received: from nam10-bn7-obe.outbound.protection.outlook.com (mail-bn7nam10lp2107.outbound.protection.outlook.com [104.47.70.107]) by mx0b-0016f401.pphosted.com with ESMTP id 3av8amu95s-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 05 Sep 2021 08:00:51 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IsNGOvhOwvrbt/TuXNAJhqs7NMcR5sXpbR/3u3s13CyEbIa1vUXbJvJavBHo8JMfcXGf0A8CrEzkxlcmy3ZGLGCL/QVQJqosrqSUH6qdLhCtRFM3ctiPlGw8jxKcW43i9QrtRB7v4JM4jz2v2pOuuQz4Ndo2JOfP7HUbnnThcpJnOo9QRlcInDiJJyjNli4LBOimYktKKy7xD7w3cj6rsHYeFbNwQfAbKNgwbmH8R4UTCp1Jt1zSvpS+qqcjmaRn7StdHGesGLN8PzJeUSiQN1vHSf/7oj0ZWEO8Uxko4IOvpCTgjehwVJbqiAorG4QahNT14aWt/tPU3OOaW/dy5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=hXH21w2Gw6Aa5cmNaFZTcNdjOjf1mJN75m88E49YrcA=; b=Z5DYTxv3DlFiXVkr8l2Ij6dtw0dsF8sdBAkui2Yvc2P1+ndHBN2bJQw8RC1obHgC2KGByEnEK3FtG0vY5KVvxi4ulH0bxW+1adRtUn3Bn+Yt369dM6fOvZua8FhRH/veAUCBle6rQ8kAOCJ7O3zg9aSZqciZCaSIuRMZBMMypJnnUliLfLpGDU6FartbRrT5fs2yjCFc6FOiHrk7hn5MuqTIcgElYguGKnoHhSgZPGh8pNi3YQ/ZmQWd6wPfrr8CofYazTBrRmfW/g4gDOyBLrXAMVtlbvj0PC4a4rqC7xkteYG3Z/mXeoUXj3f9F2djqnH3ddb6XzVBqUYGK/g89A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com; dkim=pass header.d=marvell.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.onmicrosoft.com; s=selector1-marvell-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hXH21w2Gw6Aa5cmNaFZTcNdjOjf1mJN75m88E49YrcA=; b=DR+CRMfpEtSBAoHC7G8IVgRId6I3siE7OJ/FWPfO8WXHEVP8HvgjiKf6ZlZr7s8ZPA1E4BVKljbWV5S+KxnPKEuBbdpmd4Yrch+G/PgBXpK5EbVcCMw4cSsx4r+zjtN0eRqg/rhxvH+lsUjQmf93uUWYEw871FuOQotjUDySJPM= Received: from CO6PR18MB4484.namprd18.prod.outlook.com (2603:10b6:5:359::9) by CO1PR18MB4730.namprd18.prod.outlook.com (2603:10b6:303:e9::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.17; Sun, 5 Sep 2021 15:00:49 +0000 Received: from CO6PR18MB4484.namprd18.prod.outlook.com ([fe80::411f:5b87:321e:de29]) by CO6PR18MB4484.namprd18.prod.outlook.com ([fe80::411f:5b87:321e:de29%3]) with mapi id 15.20.4478.025; Sun, 5 Sep 2021 15:00:49 +0000 From: Akhil Goyal To: Radu Nicolau , Konstantin Ananyev , Bernard Iremonger , Vladimir Medvedkin CC: "dev@dpdk.org" , "mdr@ashroe.eu" , "bruce.richardson@intel.com" , "roy.fan.zhang@intel.com" , "hemant.agrawal@nxp.com" , Anoob Joseph , "declan.doherty@intel.com" , "abhijit.sinha@intel.com" , "daniel.m.buckley@intel.com" , Archana Muniganti , Tejasree Kondoj , "matan@nvidia.com" Thread-Topic: [EXT] [PATCH v4 07/10] ipsec: add support for NAT-T Thread-Index: AQHXoLdyQmqr3ElPRkqIw0U9MvFw36uVi7xA Date: Sun, 5 Sep 2021 15:00:49 +0000 Message-ID: References: <20210713133542.3550525-1-radu.nicolau@intel.com> <20210903112626.304692-1-radu.nicolau@intel.com> <20210903112626.304692-8-radu.nicolau@intel.com> In-Reply-To: <20210903112626.304692-8-radu.nicolau@intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=marvell.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 24cb8044-8c8c-45d6-8c91-08d9707df2eb x-ms-traffictypediagnostic: CO1PR18MB4730: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7219; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: v4Q+05ulJlEeuqoEJM7LGvakcesIRdDB8z1AjlsqvsjaF84MdjR/3Qv0pvGIRF0gbxK9J/G4UvK1eK+gUiWZ678L+fyJ/bCy3G97N9xe0Q9aKXfoFpzqDr9QejNnn7DWNgFpxmHZi68buxrziVZELVxskPzf7wL8JKoNYImm1rO39kgf9Ix7+RsMz3ntt/5JTRo5fZm6v+B75CcId742WHe8SwZ4LwsZP1HNJckO9EbEBZYIT8kAP9754DuY4mFb6WcYZlCvKJLfl6LhEtQ3oR0YTpeftx28UmVXfqPKVCGgB+z5Vdn1qyS4Rcwzk2ajbljPlzrKG8vHbJdEZiPb6gphjoJzn8qPNm1ra1CxbvCWONwupGT6kL+Vas3qEhbFMEwwk/F4oL0fTFwB/2m24K5Srq2F3FmsGVIj/VxXSG3C4YKZBWbJM6KGGkB3+HwxDaifVGAzcbg7RFTJ/Pj5v/66Rq3+MmSbDx5ZDoxNmu5hCcCiCBJxldxuavmtsxUCQpsSg3DgiS7pclO9KdlTvufLdTeY5v08b6gzKggUUfKzrucIQioY281uairhlCVF59bRHSzWD4gWIwa/UG6f3kXogPUW+t7gnhw3DQFVKr+Vlkkh8y2UxgcfZIOLbEo8CBHkoEWAbDPuC1786W7LxSw+D6ion2o0oYbesVe8WD+VHf3bmUb0J3wRlPSYDE2A/8pwjjhfJ+UlVEBNkwe5OA== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO6PR18MB4484.namprd18.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39850400004)(346002)(366004)(376002)(136003)(396003)(66556008)(66446008)(66476007)(64756008)(478600001)(7696005)(66946007)(186003)(6506007)(8936002)(54906003)(55016002)(8676002)(110136005)(7416002)(86362001)(52536014)(38070700005)(33656002)(71200400001)(2906002)(76116006)(316002)(4326008)(38100700002)(83380400001)(122000001)(26005)(9686003)(5660300002)(55236004); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?N25JfsHCfbGbQmua0orLia8Vs2/h5ow3AhDZfWADBm4SU7bzn0gMbkgyBmZ7?= =?us-ascii?Q?ywmyfWV5e4EkxLNKDdtLmiy9O5cjqVRwQRYE1142e+yeXivw20sOScSfD1ja?= =?us-ascii?Q?Csn1stl4n/daMk7ObRtKjr2G7MZNEVayuoeu5oWTk+RyLYQyowkW0t3KbI4V?= =?us-ascii?Q?L+lZE1W4orJE/dteTobYH5n55o6W0k8iDMNwlCFogjyFizloILHd1/vw+iQD?= =?us-ascii?Q?y1MmJGoBVlDG6i93kHq5VGTMue6tZfuyRT1YzmLtL3qa9DW5ETh0Ft5Ohh8c?= =?us-ascii?Q?4zxNpViHZH5lHu40euHhLrDoy9PUQ0RAMB/o0lc+NZMuJcjEwNJ47/qQ67A9?= =?us-ascii?Q?4dvMOBEetX2XIxBE4tS5tM7m9mcT9Q4q9/PZXwiw+z6SgStLPcy4NPbna4jO?= =?us-ascii?Q?uBU/9vGuc7/eexFWfM7IKH7gJr0ZFQdoxlOZKLBM5X6zsPKau6Up80hD1iIS?= =?us-ascii?Q?CIGpXi33tbzwl28AGjLevKcdMtQ851I+rWWQLhDN9ZvbUTNnZnmU6IoNsQVK?= =?us-ascii?Q?dyHTNHpLojWOMxG1bo3R9p6RoOJattlSSo0pVoA53AyjuleW2L8iQVF3X/HI?= =?us-ascii?Q?ujt1CBq+2aRku2S3p7JL94oVOeVjypp5zfjRA98lZBvqSg4WF4EM7XchGl98?= =?us-ascii?Q?eMqe17hzXCIitOdC/jX1i028G/TBzspILxp4fNzj3owvEdanxUjlCfcu8WP5?= =?us-ascii?Q?2Raq4o+bu8oTaI3uahM7UyTyn/bPwzCqXAmZ7J0mrMCVZ5dWGClgQng6n5rC?= =?us-ascii?Q?xWy4EpBJ2pJrnDZLFSUDwSx46/fYFvPf7V4SwIp7wVfWkYzab5QQo/Af6c5i?= =?us-ascii?Q?tGxWzLeHcSPSoPLsER7u5FrvSckbcjkkPlXiORTS2per1ringR6O5ztSCpp/?= =?us-ascii?Q?akq9Fgz7/R/bdGQ6EEXsyGJPZ0chiNLuWEMvnz2LXnhcQA4woYVoNWUUd2ZW?= =?us-ascii?Q?ZgiTrv5zv1lk62FL/4M2cQG6uZjFGflgGzaf48Hty6nIikFPWCCRNzB1HFRh?= =?us-ascii?Q?VXS3CoEoWCUE5YOaonMnmEbpzqFs8zCvTzaRFv8yHaEbYnn+ggOh1zFKSqQm?= =?us-ascii?Q?0abp9GqfGqZl6dhSavROXjnN/tzk6cBb+3Ksz5JtfjWuuSSdX3mnlbKttjLo?= =?us-ascii?Q?+Rw+wGNcqnYAxTxyYTIXcjqdS5OnQ6EXrm9i12Q4LGMJWGQIlG4pQ9ArM9xn?= =?us-ascii?Q?RLYEFHXTaCjs/txk5G7q7faa4G8mNebDpaASvgbDWxEHTmIJkFgr5WUq91vb?= =?us-ascii?Q?YGAyMj4E9if8J31qAlGXYyam4kwibhKlsO4W3H3uHOxaLhPOp4oqkrh6wl/k?= =?us-ascii?Q?H7iCWAS+FuPiEytz3RxV/p5r?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: marvell.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CO6PR18MB4484.namprd18.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 24cb8044-8c8c-45d6-8c91-08d9707df2eb X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Sep 2021 15:00:49.6649 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 9/zeask2hIrgaVs1tRl0UI8r2FMOUYTxWd6j7shKX6WQkOTXH7rTCRANYVuHP6jbfWIyvHgbac/dOheuuj1bEQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR18MB4730 X-Proofpoint-GUID: NsjxrkjeZajRwosQiyZlAPMae9JUnme6 X-Proofpoint-ORIG-GUID: NsjxrkjeZajRwosQiyZlAPMae9JUnme6 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-04_09,2021-09-03_01,2020-04-07_01 Subject: Re: [dpdk-dev] [EXT] [PATCH v4 07/10] ipsec: add support for NAT-T X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" > Add support for the IPsec NAT-Traversal use case for Tunnel mode > packets. >=20 > Signed-off-by: Declan Doherty > Signed-off-by: Radu Nicolau > Signed-off-by: Abhijit Sinha > Signed-off-by: Daniel Martin Buckley > --- > lib/ipsec/iph.h | 13 +++++++++++++ > lib/ipsec/rte_ipsec_sa.h | 8 +++++++- > lib/ipsec/sa.c | 13 ++++++++++++- > lib/ipsec/sa.h | 4 ++++ > 4 files changed, 36 insertions(+), 2 deletions(-) >=20 > diff --git a/lib/ipsec/iph.h b/lib/ipsec/iph.h > index 2d223199ac..093f86d34a 100644 > --- a/lib/ipsec/iph.h > +++ b/lib/ipsec/iph.h > @@ -251,6 +251,7 @@ update_tun_outb_l3hdr(const struct rte_ipsec_sa > *sa, void *outh, > { > struct rte_ipv4_hdr *v4h; > struct rte_ipv6_hdr *v6h; > + struct rte_udp_hdr *udph; > uint8_t is_outh_ipv4; >=20 > if (sa->type & RTE_IPSEC_SATP_MODE_TUNLV4) { > @@ -258,11 +259,23 @@ update_tun_outb_l3hdr(const struct rte_ipsec_sa > *sa, void *outh, > v4h =3D outh; > v4h->packet_id =3D pid; > v4h->total_length =3D rte_cpu_to_be_16(plen - l2len); > + > + if (sa->type & RTE_IPSEC_SATP_NATT_ENABLE) { > + udph =3D (struct rte_udp_hdr *)(v4h + 1); > + udph->dgram_len =3D rte_cpu_to_be_16(plen - l2len - > + (sizeof(*v4h) + sizeof(*udph))); > + } > } else { > is_outh_ipv4 =3D 0; > v6h =3D outh; > v6h->payload_len =3D rte_cpu_to_be_16(plen - l2len - > sizeof(*v6h)); > + > + if (sa->type & RTE_IPSEC_SATP_NATT_ENABLE) { > + udph =3D (struct rte_udp_hdr *)(v6h + 1); > + udph->dgram_len =3D rte_cpu_to_be_16(plen - l2len - > + (sizeof(*v6h) + sizeof(*udph))); > + } > } >=20 > if (sa->type & TUN_HDR_MSK) > diff --git a/lib/ipsec/rte_ipsec_sa.h b/lib/ipsec/rte_ipsec_sa.h > index cf51ad8338..40d1e70d45 100644 > --- a/lib/ipsec/rte_ipsec_sa.h > +++ b/lib/ipsec/rte_ipsec_sa.h > @@ -76,6 +76,7 @@ struct rte_ipsec_sa_prm { > * - inbound/outbound > * - mode (TRANSPORT/TUNNEL) > * - for TUNNEL outer IP version (IPv4/IPv6) > + * - NAT-T UDP encapsulated (TUNNEL mode only) > * - are SA SQN operations 'atomic' > * - ESN enabled/disabled > * ... > @@ -86,7 +87,8 @@ enum { > RTE_SATP_LOG2_PROTO, > RTE_SATP_LOG2_DIR, > RTE_SATP_LOG2_MODE, > - RTE_SATP_LOG2_SQN =3D RTE_SATP_LOG2_MODE + 2, > + RTE_SATP_LOG2_NATT =3D RTE_SATP_LOG2_MODE + 2, > + RTE_SATP_LOG2_SQN, > RTE_SATP_LOG2_ESN, > RTE_SATP_LOG2_ECN, > RTE_SATP_LOG2_DSCP > @@ -109,6 +111,10 @@ enum { > #define RTE_IPSEC_SATP_MODE_TUNLV4 (1ULL << > RTE_SATP_LOG2_MODE) > #define RTE_IPSEC_SATP_MODE_TUNLV6 (2ULL << > RTE_SATP_LOG2_MODE) >=20 > +#define RTE_IPSEC_SATP_NATT_MASK (1ULL << > RTE_SATP_LOG2_NATT) > +#define RTE_IPSEC_SATP_NATT_DISABLE (0ULL << > RTE_SATP_LOG2_NATT) > +#define RTE_IPSEC_SATP_NATT_ENABLE (1ULL << > RTE_SATP_LOG2_NATT) > + > #define RTE_IPSEC_SATP_SQN_MASK (1ULL << > RTE_SATP_LOG2_SQN) > #define RTE_IPSEC_SATP_SQN_RAW (0ULL << > RTE_SATP_LOG2_SQN) > #define RTE_IPSEC_SATP_SQN_ATOM (1ULL << > RTE_SATP_LOG2_SQN) > diff --git a/lib/ipsec/sa.c b/lib/ipsec/sa.c > index 2ecbbce0a4..8e369e4618 100644 > --- a/lib/ipsec/sa.c > +++ b/lib/ipsec/sa.c > @@ -217,6 +217,10 @@ fill_sa_type(const struct rte_ipsec_sa_prm *prm, > uint64_t *type) > } else > return -EINVAL; >=20 > + /* check for UDP encapsulation flag */ > + if (prm->ipsec_xform.options.udp_encap =3D=3D 1) > + tp |=3D RTE_IPSEC_SATP_NATT_ENABLE; > + > /* check for ESN flag */ > if (prm->ipsec_xform.options.esn =3D=3D 0) > tp |=3D RTE_IPSEC_SATP_ESN_DISABLE; > @@ -372,7 +376,8 @@ esp_sa_init(struct rte_ipsec_sa *sa, const struct > rte_ipsec_sa_prm *prm, > const struct crypto_xform *cxf) > { > static const uint64_t msk =3D RTE_IPSEC_SATP_DIR_MASK | > - RTE_IPSEC_SATP_MODE_MASK; > + RTE_IPSEC_SATP_MODE_MASK | > + RTE_IPSEC_SATP_NATT_MASK; >=20 > if (prm->ipsec_xform.options.ecn) > sa->tos_mask |=3D RTE_IPV4_HDR_ECN_MASK; > @@ -475,10 +480,16 @@ esp_sa_init(struct rte_ipsec_sa *sa, const struct > rte_ipsec_sa_prm *prm, > case (RTE_IPSEC_SATP_DIR_IB | RTE_IPSEC_SATP_MODE_TRANS): > esp_inb_init(sa); > break; > + case (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TUNLV4 | > + RTE_IPSEC_SATP_NATT_ENABLE): > + case (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TUNLV6 | > + RTE_IPSEC_SATP_NATT_ENABLE): > case (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TUNLV4): > case (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TUNLV6): > esp_outb_tun_init(sa, prm); > break; > + case (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TRANS | > + RTE_IPSEC_SATP_NATT_ENABLE): > case (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TRANS): > esp_outb_init(sa, 0); > break; > diff --git a/lib/ipsec/sa.h b/lib/ipsec/sa.h > index 5e237f3525..3f38921eb3 100644 > --- a/lib/ipsec/sa.h > +++ b/lib/ipsec/sa.h > @@ -101,6 +101,10 @@ struct rte_ipsec_sa { > uint64_t msk; > uint64_t val; > } tx_offload; > + struct { > + uint16_t sport; > + uint16_t dport; > + } natt; These ports are not getting used in this patch, As indicated in the previous patch, do we really need these? As for NAT-T, 4500 is the default port.