From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id AE49EA0558 for ; Wed, 25 May 2022 15:59:25 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id A253942B72; Wed, 25 May 2022 15:59:25 +0200 (CEST) Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mails.dpdk.org (Postfix) with ESMTP id ECD6F40150; Wed, 25 May 2022 15:59:20 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1653487161; x=1685023161; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=ZyW1XLIsWyW3Vy2xOOvskY2wtb+IVd6rLpQ9SbWZbAM=; b=Eyy9o+0SBLdSbMu9tRbsWxaJAU+IUtGLWKgGDrfY3wrduREz3wAKtc9J NMDD+1/4gM8TxPjS2VDxF/yNsa5DXQYWqVxSX3icDoxRruOHwq6Y7w/EW 133M/+4qDg9+QLllMea3l78SLXUObTdTJ0PGdbW4vdZNHG6JS0ZX3ed3o cLqw9htCRkMlFvDuVVQHCqWeTIxHcUYIQ4XC0Ue6KwXiE7HxTbf5tETfF J3AhL+1vp9AHqvqJ9nNoxy2yF10ihMUuQ17MBUrBNMTWqC5b0P7H4tIl+ bp5w4hMy1mUNyFSEhc8G+aZCcKtUCGLpF4qLghX46Gi94YWGGUSw+FJMq A==; X-IronPort-AV: E=McAfee;i="6400,9594,10358"; a="299152575" X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="299152575" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 May 2022 06:59:20 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="745757084" Received: from silpixa00400884.ir.intel.com ([10.243.22.82]) by orsmga005.jf.intel.com with ESMTP; 25 May 2022 06:59:18 -0700 From: Radu Nicolau To: Radu Nicolau , Akhil Goyal Cc: dev@dpdk.org, daniel.m.buckley@intel.com, qi.z.zhang@intel.com, stable@dpdk.org Subject: [PATCH 2/3] examples/ipsec-secgw: fix NAT-T header fields Date: Wed, 25 May 2022 14:59:11 +0100 Message-Id: <20220525135912.181765-2-radu.nicolau@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220525135912.181765-1-radu.nicolau@intel.com> References: <20220525135912.181765-1-radu.nicolau@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Use the proper IP protocol (UDP instead of ESP) and set the ports when UDP encapsulation is enabled. Fixes: 9ae86b4cfc77 ("examples/ipsec-secgw: support UDP encap for inline crypto") Cc: stable@dpdk.org Signed-off-by: Radu Nicolau --- examples/ipsec-secgw/sa.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c index 1839ac71af..45509c5c68 100644 --- a/examples/ipsec-secgw/sa.c +++ b/examples/ipsec-secgw/sa.c @@ -1458,6 +1458,8 @@ fill_ipsec_sa_prm(struct rte_ipsec_sa_prm *prm, const struct ipsec_sa *ss, RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT : RTE_SECURITY_IPSEC_SA_MODE_TUNNEL; prm->ipsec_xform.options.udp_encap = ss->udp_encap; + prm->ipsec_xform.udp.dport = ss->udp.dport; + prm->ipsec_xform.udp.sport = ss->udp.sport; prm->ipsec_xform.options.ecn = 1; prm->ipsec_xform.options.copy_dscp = 1; @@ -1513,13 +1515,13 @@ ipsec_sa_init(struct ipsec_sa *lsa, struct rte_ipsec_sa *sa, uint32_t sa_size) .version_ihl = IPVERSION << 4 | sizeof(v4) / RTE_IPV4_IHL_MULTIPLIER, .time_to_live = IPDEFTTL, - .next_proto_id = IPPROTO_ESP, + .next_proto_id = lsa->udp_encap ? IPPROTO_UDP : IPPROTO_ESP, .src_addr = lsa->src.ip.ip4, .dst_addr = lsa->dst.ip.ip4, }; struct rte_ipv6_hdr v6 = { .vtc_flow = htonl(IP6_VERSION << 28), - .proto = IPPROTO_ESP, + .proto = lsa->udp_encap ? IPPROTO_UDP : IPPROTO_ESP, }; if (IS_IP6_TUNNEL(lsa->flags)) { -- 2.25.1