From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 75B73A0558 for ; Wed, 25 May 2022 15:59:23 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 9F7B742824; Wed, 25 May 2022 15:59:22 +0200 (CEST) Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mails.dpdk.org (Postfix) with ESMTP id 6EDA740146; Wed, 25 May 2022 15:59:20 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1653487160; x=1685023160; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=wy1TnQuHjghdW9kUG/O7dm5fAjCskpE7oydX7vd7Unk=; b=nZXD0BQGaEfm3zCn+UMB8PxCX1zDqtNJhyhFBoZ0Jus4aFYuSiMzFn/V Kz4jGmBrdzQhBCwy2UY7E7+yCFEKN9f0E8gZUWCU3nJKnjIPvh9aZXKlz WFH2+L3BtNNTC/WelfJDbngDsvj+wb8f/aOoMFfSwgquICCYfTa4XzG22 B8pGf9AqG3IlnCvicLEJSh3bP1lXnXlGX8Bk27dlWgprhlrIB8PxFAQuC 2EZ7jpzZcWCVmRnzc8AwS+9ql1JJPuUED9fTEzI6Cx5RFxq8T/bM4OeQS 9Q9ZBlWO/zgJNOab/eB5ZO7Mx1pHs7W1GNPC1p960VWjKakM0dq/Zpiha Q==; X-IronPort-AV: E=McAfee;i="6400,9594,10358"; a="299152564" X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="299152564" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 May 2022 06:59:18 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="745757078" Received: from silpixa00400884.ir.intel.com ([10.243.22.82]) by orsmga005.jf.intel.com with ESMTP; 25 May 2022 06:59:15 -0700 From: Radu Nicolau To: Konstantin Ananyev , Bernard Iremonger , Vladimir Medvedkin Cc: dev@dpdk.org, daniel.m.buckley@intel.com, qi.z.zhang@intel.com, Radu Nicolau , stable@dpdk.org Subject: [PATCH 1/3] ipsec: fix NAT-T ports and length Date: Wed, 25 May 2022 14:59:10 +0100 Message-Id: <20220525135912.181765-1-radu.nicolau@intel.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Fix the UDP header fields, wrong byte order used for src and dst port and wrong offset used when updating UDP datagram length. Fixes: 01eef5907fc3 ("ipsec: support NAT-T") Cc: stable@dpdk.org Signed-off-by: Radu Nicolau --- lib/ipsec/esp_outb.c | 2 +- lib/ipsec/sa.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/ipsec/esp_outb.c b/lib/ipsec/esp_outb.c index 6925bb9945..5a5429a12b 100644 --- a/lib/ipsec/esp_outb.c +++ b/lib/ipsec/esp_outb.c @@ -196,7 +196,7 @@ outb_tun_pkt_prepare(struct rte_ipsec_sa *sa, rte_be64_t sqc, /* if UDP encap is enabled update the dgram_len */ if (sa->type & RTE_IPSEC_SATP_NATT_ENABLE) { struct rte_udp_hdr *udph = (struct rte_udp_hdr *) - (ph - sizeof(struct rte_udp_hdr)); + (ph + sa->hdr_len - sizeof(struct rte_udp_hdr)); udph->dgram_len = rte_cpu_to_be_16(mb->pkt_len - sqh_len - sa->hdr_l3_off - sa->hdr_len); } diff --git a/lib/ipsec/sa.c b/lib/ipsec/sa.c index 1b673b6a18..59a547637d 100644 --- a/lib/ipsec/sa.c +++ b/lib/ipsec/sa.c @@ -364,8 +364,8 @@ esp_outb_tun_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm) struct rte_udp_hdr *udph = (struct rte_udp_hdr *) &sa->hdr[prm->tun.hdr_len]; sa->hdr_len += sizeof(struct rte_udp_hdr); - udph->src_port = prm->ipsec_xform.udp.sport; - udph->dst_port = prm->ipsec_xform.udp.dport; + udph->src_port = rte_cpu_to_be_16(prm->ipsec_xform.udp.sport); + udph->dst_port = rte_cpu_to_be_16(prm->ipsec_xform.udp.dport); udph->dgram_cksum = 0; } -- 2.25.1