From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0087.outbound.protection.outlook.com [104.47.32.87]) by dpdk.org (Postfix) with ESMTP id AF524235 for ; Fri, 24 Nov 2017 10:28:47 +0100 (CET) Received: from DM5PR03CA0025.namprd03.prod.outlook.com (10.174.189.142) by BN3PR03MB2353.namprd03.prod.outlook.com (10.166.74.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.260.4; Fri, 24 Nov 2017 09:28:46 +0000 Received: from BN1AFFO11FD029.protection.gbl (2a01:111:f400:7c10::139) by DM5PR03CA0025.outlook.office365.com (2603:10b6:4:3b::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.260.4 via Frontend Transport; Fri, 24 Nov 2017 09:28:46 +0000 Authentication-Results: spf=fail (sender IP is 192.88.168.50) smtp.mailfrom=nxp.com; caviumnetworks.com; dkim=none (message not signed) header.d=none; Received-SPF: Fail (protection.outlook.com: domain of nxp.com does not designate 192.88.168.50 as permitted sender) receiver=protection.outlook.com; client-ip=192.88.168.50; helo=tx30smr01.am.freescale.net; Received: from tx30smr01.am.freescale.net (192.88.168.50) by BN1AFFO11FD029.mail.protection.outlook.com (10.58.52.184) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.20.218.12 via Frontend Transport; Fri, 24 Nov 2017 09:28:44 +0000 Received: from [10.232.134.49] ([10.232.134.49]) by tx30smr01.am.freescale.net (8.14.3/8.14.0) with ESMTP id vAO9SffD010276; Fri, 24 Nov 2017 02:28:41 -0700 To: Anoob Joseph , Declan Doherty , Sergio Gonzalez Monroy , Radu Nicolau CC: Narayana Prasad , Jerin Jacob , References: <1510673823-24475-1-git-send-email-anoob.joseph@caviumnetworks.com> <1510738915-14712-1-git-send-email-anoob.joseph@caviumnetworks.com> From: Akhil Goyal Message-ID: <0349861e-de98-92b5-8b6f-7ab944dd45bf@nxp.com> Date: Fri, 24 Nov 2017 14:58:40 +0530 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <1510738915-14712-1-git-send-email-anoob.joseph@caviumnetworks.com> Content-Type: text/plain; charset="utf-8"; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-EOPAttributedMessage: 0 X-Matching-Connectors: 131559893255144971; (91ab9b29-cfa4-454e-5278-08d120cd25b8); () X-Forefront-Antispam-Report: CIP:192.88.168.50; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(6009001)(336005)(39860400002)(39380400002)(376002)(346002)(2980300002)(1110001)(1109001)(339900001)(199003)(24454002)(189002)(5660300001)(53936002)(229853002)(6246003)(97736004)(498600001)(65956001)(65826007)(77096006)(65806001)(47776003)(36756003)(64126003)(4326008)(8936002)(2486003)(23676004)(189998001)(31696002)(68736007)(50466002)(86362001)(31686004)(356003)(33646002)(76176999)(54356999)(50986999)(230700001)(104016004)(305945005)(105606002)(53546010)(83506002)(58126008)(110136005)(81166006)(2906002)(81156014)(67846002)(8676002)(316002)(54906003)(2950100002)(106466001)(85426001); DIR:OUT; SFP:1101; SCL:1; SRVR:BN3PR03MB2353; H:tx30smr01.am.freescale.net; FPR:; SPF:Fail; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; BN1AFFO11FD029; 1:96PN3MyJxAcDk42KvY9chxYfpp9RcpF9+b5iibM0tkxEkXdypuJApt6ucsoJ/GiwN7f1oXY1Zkp/VW2ft19rGIDw1UzMkkCsi1AHvGkyTgnA+uZoc6/BoidlAJv5uoYa X-MS-PublicTrafficType: Email X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4628075)(201703131517081)(2017052603258); SRVR:BN3PR03MB2353; X-Microsoft-Exchange-Diagnostics: 1; BN3PR03MB2353; 3:UvXV3Gc/a7XfleNYIiE/Dwak7RJy8d0rpW2+iNc7sw7ThU/mxFUeFB8x+50lYvjZ3v4j8VxzLGHvGwGNY3B8pz4+BbEeHWb/ASDtFoG59fS+hLIywY2F2HKqR/zj6Y9eD92k16Fa6/1AYZsLnroDshgweVaL3qGeeJQA6CiFtkANRjQYhNmCTZ4B2P2ttUK4g4VPnwk8mdElUG3z/sdEAZtBNM3Z1lfj0v82AgF7lkgg2Z1MrEVfl9Z0GMsuk0wrDoT7zEuodDfjZB7+YNsWe64jF4UXD6wZGCDCwv89Yyba13e6z5YOsiULBAphUucoDf9snca0BTNwDfK40nGjslvzhRsq5d3OCojtlhTC7V8=; 25:6rxzyr/adwuSV3C3W6xbZRX+RVMwKOoC+HCy7I7nYJctDONoh41Dk9rWZ36RbFn2a/j9Kft5VbbUptoWWNNolJxRKWHZSJW1y65mW3y94F0Nhi8Ri+PywCgx08WL0R5T4AG/E1XFLew/EnL5XxI8P6FGWdrq93uwWPKEn51+lzzhrGJJq/J+mMBXFAcEa1QF3SS9fNIoAOnGMyMGIKKHw5p9QHVGS7ypEk/8WzaaRuuqfqB3SvKIj/Mta1tWXEg81Jxsp2fNhbYfBRwRon7fB+nznlgccl50KmBxc7x7e9+TqSKn1jGDpGinafzVFJiehGx8ICvtIySxZ0BeIskv0g== X-MS-TrafficTypeDiagnostic: BN3PR03MB2353: X-MS-Office365-Filtering-Correlation-Id: 6a78456c-6d68-4a2e-e4ab-08d5331dc29d X-Microsoft-Exchange-Diagnostics: 1; BN3PR03MB2353; 31:R2UXx6/OGITD658cAfYZ+X8dz8bfY7Wk8iUnVeEzoK6IrHKS89vZt2OoShjhPuXyq39JxO5aDixUAqlgeKSbYTj5dIzK+I8BIcB/NN6Khw11HyE/ViTQ/CG1EFqMKb5xiqeCqce9jqVUIK7PkfbCAZREnAza06/d+hC3Sp8lwgD3U+0OIf9Lf13vq9uGsbRsLuswyb0bb+JsX1GIP+EQD2l+84AecKe22KwhuBK0rZU=; 4:CHGXRP+SBMnTKPG+iG4W706xipaaMeK2Nhn486EUaZk15L51tOtZynUQY9YFQfjVeCJw4ORrX7zkcIUla0bGuhaaEdaKz1nqCb544kQ+QIuq/8Q8X/MzQZp7r5hJyL3Jws0L7MUQPUPbiWJnHv+Ptlwg6wzhvYGo1cSIpgFtQgetHJsZttgguDb1cQ4Iz7sBM9sAGs/HtGm1tNKCytTx9vaexOZYVabqaOHWbxAo5NP0rLs5iSwTW26SQUL3ukfzMnsCqVQOxhziAhEV3Z8LQU50On035yUpaQgslp9lNqIrdyrXmcfFwJY/TDy7oEeh X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(192374486261705); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6095135)(2401047)(5005006)(8121501046)(3231022)(93006095)(93001095)(10201501046)(3002001)(6055026)(6096035)(20161123561025)(20161123563025)(201703131430075)(201703131433075)(201703131448075)(201703161259150)(201703151042153)(20161123565025)(20161123559100)(20161123556025)(201708071742011); SRVR:BN3PR03MB2353; BCL:0; PCL:0; RULEID:(100000803101)(100110400095)(400006); SRVR:BN3PR03MB2353; X-Forefront-PRVS: 05015EB482 X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTjNQUjAzTUIyMzUzOzIzOmtLUjdCaW56TU5TYkJHbzgxUzNkWGIrbmE3?= =?utf-8?B?MFJyYkdyYlZFYTVMVVdnNW5mVFh4eHN3elJiUjN6aGtCb3FJdjFTRTBVTUFl?= =?utf-8?B?WmxNb09tZFd0YjJQdzFHbTZIZDlkeTQzVWxoRG1xY1FSVXdOQWFuSDFuY2JK?= =?utf-8?B?bGYxT0NoOWhWbUhPVmFoRitEUDdpMlB3NDBUY293N2VVcnpnYVRkeXMxUFdZ?= =?utf-8?B?NEhDZDVETTg3S0UzblZxT1BUQStFUDd2MXJ6UHlNOEhrNkt4V1hLYmVNV1Jh?= =?utf-8?B?UDlJYTNocGo4MTZrUmJhT1ZoL3UrUUJMdEhzbC9uNER4OHMwb0h0SFRJZUZE?= =?utf-8?B?RGlsRFhmUnBzLzNzckt1dXFZNUE4dXdsUm96SkFIMHl0ZUNPMzFhbmJKODVO?= =?utf-8?B?Tzl2NWplTzFoTEh2RFAxS24zczdZaUk4aU45eDR4WHg0bGJ4clBOT2ZTbXZ6?= =?utf-8?B?SXFmY3VZS2Q2NUFJTDFDdVNSQ3A0UVhMU1J6Tk9ZVllZWG9PRkhRaWF4L0Va?= =?utf-8?B?cnIwM3M4VTBxSmoybkxtenk1NWF1bVRoUWUyZktNemVaOXFHU0tuUFJRdDdP?= =?utf-8?B?aUxiVlhJcGlCY0Rya2JodjVvNFhENENYYnlOcTNNZ0g4Qy81ZDFibkIxQ3d4?= =?utf-8?B?K0FDcmlNMTF1OUgycnh2STJ3Y0VEaW1GUE55U2UxWlRLcHkySE9mdmJjdHh1?= =?utf-8?B?SWRVVHlteEtoSDJ1aDkrOFNXckJsSWhpbmpWaFl5VUpSRkhtNlltVk5DTU9y?= =?utf-8?B?SmQxWmFsbDI3bmtQUHcrUnNreE11WDZySkNsRzV3N2N5VUtyRnkveVNuWCti?= =?utf-8?B?TDFZeDlxb3dyL0NPcFRoRlk2ckdDMEVha3E4dDVLRU4zbWdWdEZpQ21kb29G?= =?utf-8?B?TXlpeFR0cDB6VFhGRm4zOHF1WDVQNGVSU0luMkJ2T1RYczBlQ3BUNmltdzh1?= =?utf-8?B?eWk4VlBabUcxbzNpYkxwem1aOUpwb1UvcWNXMDlLQ2xsajMydFR4WWd4bDV5?= =?utf-8?B?UjRKKzhIbmNGazhYSWx4TXgzMmwxWHZjZjRITC9XaC9aeklUZ3U5Y3hxQWFC?= =?utf-8?B?NGhIYmc3TGR1emp1ZEZjWEN2c3VxNnpmdmU4bERZaUhEdWY2Zk8zOEtaMDdR?= =?utf-8?B?R0FpSzJjeDVOeVlvNXZtb0tNbkpzdnhuVkMwcDV3VzJEMnpEVzhQYU5EUHhj?= =?utf-8?B?cmNyNjByTmhFV2g4cGJnTEpIbTg0QzAwN2RZbUl4Z3NmandDbXRmazhZeGxh?= =?utf-8?B?QjVTck5rQjBtaWhDYWt5OXdjaWhjVWo2UG1DcGFzWmE1eWtWaHQrL2cyZGFm?= =?utf-8?B?T0FhaDNKS0VISFRmWm9XR1FCSzV2OWFLTkU1UmV6bDJoSUxPTlVvaGxPWTZo?= =?utf-8?B?dVR1RHhQWkRKdEdmOUVKbnBRbWw0Zm4zbUZ0L3JmUjhJRnFUWUl0YjFIdGtl?= =?utf-8?B?aE5vTGR2NmR3eWZMSmdZYksyT1Y0cEVtWjlkSjZCcXVJbXlTY1VOUkNRRm5B?= =?utf-8?B?Q0lhNU95emZ3ME16V2ZIWjRjUFZPbXVmeGYxUHExVXl4UjlzMnpBMFB3K2pO?= =?utf-8?B?THlFdm1GZzhGdlRxbVpla0UzbnBudEV6M0NSTDhmM3p0U1ZoOEZBOWgrVkNX?= =?utf-8?B?VzZYYXpZT053b295ZFNxa044L1plZlBVUURWeWd4UVBtenVaU1QrYlExcDQy?= =?utf-8?B?RTNFR1A5Vk0vR29SNFdXL0RrckhmOTQ0M21wbVlPVGlKWTJKRjk0aHpIc0wr?= =?utf-8?B?eVFaUWJ3ZDJ4eTB0Y1hjSllJWHNBWnRJcDZZeTJxZHEwOUgwR2s5Vno2OFl1?= =?utf-8?B?OTdDM2J2RUZUVCtJR0FhdE1yemVjdWtQdm5qaTFtc2NUSlVTTGtSY202WUlv?= =?utf-8?Q?i55BQPZlriI=3D?= X-Microsoft-Exchange-Diagnostics: 1; BN3PR03MB2353; 6:twyRLbgeHd2tL73HiuGzekRovCZSYjTkagRdIZEAWhaFQcPKvo5eq6zVOpTwyqC54aG5CUktsXyuUEOc+plDW5P38wsap8DynGZevgaqdLfLO2p1Fg+oce8BBMm0+W+ySNZCt1CxWH1Do0FHW/u6PJyF1OAjnsCzhsMY1wAoPUu1K8IycQTYj/ifHmUbBCpCuzr40dMh0w4wZz6b0CL4+HalHJkJ7TKxC/pB++q2wYaWu/ilMHarf0MkqW6eGyP8b1IjcrA4upePCONDSVKoAetRBeF78G2oCjCO2IrtSJbMZ3MsF3PPmhRmNSZtjDWKNTkWO44Rcn17DNhoNmAZsLq2uMn5Ii47GxuHO0wy9kU=; 5:dBOVHFgNetTBiMEhIDcpFNZLPT9nGm5PONdo/OnVKXl4qG3MAW+IZEmcREkGVVuhnNPs5b0qzB3aa/3kdNu4fcWullQQSxFhYnNnYGKu4rtrjFea3kPQCqjIoRfCEStAosg+AxEikX+SGFp26xUZx3hZ/7BE4ds4l6mL0qh5G1s=; 24:Z9canfn13Xa/jbQNJvsdAs8vjkhnUv0N8noJPPtleYYfjL/d33o7PsZRBo5oclvqlPaFhNYtX9KxxAk4LKJmmSLAjwKYoLHDJr5k4R9/dNw=; 7:bXb8FVfswVxaODZsVfYhabbaMTSBxP1Zi1Yhzka6Pb9EGT08yrcLFWv1CDFBy3+QJ2qYMCQ36B80HeysZOvbudv1XcchkGdQV/GyPTNutWN8NjW5pNeaS39RaOwsi1jFnJ6HtO/hHxx5bGokY3mRFujdT20OOLoa8OzXhrfZnMh9oOXiEV8/crwnYQbEhqvHx2vKfwoJm8RSWVZ+rt6JP3hUy91b0WMfN9PeCbtEgR5c4QR6OBJ9Ceyoe1PgQu6C SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Nov 2017 09:28:44.9840 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 6a78456c-6d68-4a2e-e4ab-08d5331dc29d X-MS-Exchange-CrossTenant-Id: 5afe0b00-7697-4969-b663-5eab37d5f47e X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5afe0b00-7697-4969-b663-5eab37d5f47e; Ip=[192.88.168.50]; Helo=[tx30smr01.am.freescale.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR03MB2353 Subject: Re: [dpdk-dev] [PATCH v3] examples/ipsec-secgw: fix usage of incorrect port X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Nov 2017 09:28:48 -0000 Hi Anoob, On 11/15/2017 3:11 PM, Anoob Joseph wrote: > When security offload is enabled, the packet should be forwarded on the > port configured in the SA. Security session will be configured on that > port only, and sending the packet on other ports could result in > unencrypted packets being sent out. > > This would have performance improvements too, as the per packet LPM > lookup would be avoided for IPsec packets, in inline mode. > > Fixes: ec17993a145a ("examples/ipsec-secgw: support security offload") > > Signed-off-by: Anoob Joseph > --- > v3 > * Bug fix (fixed a wrong if condition) > * Minor changes in documentation > > v2: > * Updated documentation with the change in behavior for outbound inline > offloaded packets. > > doc/guides/sample_app_ug/ipsec_secgw.rst | 10 +++- > examples/ipsec-secgw/ipsec-secgw.c | 92 +++++++++++++++++++++++++++----- > 2 files changed, 87 insertions(+), 15 deletions(-) > > diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst > index d6cfdbf..ae18acd 100644 > --- a/doc/guides/sample_app_ug/ipsec_secgw.rst > +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst > @@ -61,6 +61,12 @@ In case of complete protocol offload, the processing of headers(ESP and outer > IP header) is done by the hardware and the application does not need to > add/remove them during outbound/inbound processing. > > +For inline offloaded outbound traffic, the application will not do the LPM > +lookup for routing, as the port on which the packet has to be forwarded will be > +part of the SA. Security parameters will be configured on that port only, and > +sending the packet on other ports could result in unencrypted packets being > +sent out. > + > The Path for IPsec Inbound traffic is: > > * Read packets from the port. > @@ -543,7 +549,9 @@ where each options means: > ```` > > * Port/device ID of the ethernet/crypto accelerator for which the SA is > - configured. This option is used when *type* is NOT *no-offload* > + configured. For *inline-crypto-offload* and *inline-protocol-offload*, this > + port will be used for routing. The routing table will not be referred in > + this case. > > * Optional: No, if *type* is not *no-offload* > > diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c > index c98454a..cfcb9d5 100644 > --- a/examples/ipsec-secgw/ipsec-secgw.c > +++ b/examples/ipsec-secgw/ipsec-secgw.c > @@ -585,31 +585,72 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx, > traffic->ip6.num = nb_pkts_out; > } > > +static inline int32_t > +get_hop_for_offload_pkt(struct rte_mbuf *pkt) > +{ > + struct ipsec_mbuf_metadata *priv; > + struct ipsec_sa *sa; > + > + priv = get_priv(pkt); > + > + sa = priv->sa; > + if (unlikely(sa == NULL)) { > + RTE_LOG(ERR, IPSEC, "SA not saved in private data\n"); > + return -1; > + } > + > + return sa->portid; > +} > + > static inline void > route4_pkts(struct rt_ctx *rt_ctx, struct rte_mbuf *pkts[], uint8_t nb_pkts) > { > uint32_t hop[MAX_PKT_BURST * 2]; > uint32_t dst_ip[MAX_PKT_BURST * 2]; > + int32_t pkt_hop = 0; > uint16_t i, offset; > + uint16_t lpm_pkts = 0; > > if (nb_pkts == 0) > return; > > + /* Need to do an LPM lookup for non-offload packets. Offload packets > + * will have port ID in the SA > + */ > + > for (i = 0; i < nb_pkts; i++) { > - offset = offsetof(struct ip, ip_dst); > - dst_ip[i] = *rte_pktmbuf_mtod_offset(pkts[i], > - uint32_t *, offset); > - dst_ip[i] = rte_be_to_cpu_32(dst_ip[i]); > + if (!(pkts[i]->ol_flags & PKT_TX_SEC_OFFLOAD)) { > + /* Security offload not enabled. So an LPM lookup is > + * required to get the hop > + */ > + offset = offsetof(struct ip, ip_dst); > + dst_ip[lpm_pkts] = *rte_pktmbuf_mtod_offset(pkts[i], > + uint32_t *, offset); > + dst_ip[lpm_pkts] = rte_be_to_cpu_32(dst_ip[lpm_pkts]); > + lpm_pkts++; > + } > } > > - rte_lpm_lookup_bulk((struct rte_lpm *)rt_ctx, dst_ip, hop, nb_pkts); > + rte_lpm_lookup_bulk((struct rte_lpm *)rt_ctx, dst_ip, hop, lpm_pkts); > + > + lpm_pkts = 0; > > for (i = 0; i < nb_pkts; i++) { > - if ((hop[i] & RTE_LPM_LOOKUP_SUCCESS) == 0) { > + if (pkts[i]->ol_flags & PKT_TX_SEC_OFFLOAD) { > + /* Read hop from the SA */ > + pkt_hop = get_hop_for_offload_pkt(pkts[i]); > + } else { > + /* Need to use hop returned by lookup */ > + pkt_hop = hop[lpm_pkts++]; > + if ((pkt_hop & RTE_LPM_LOOKUP_SUCCESS) == 0) > + pkt_hop = -1; > + } > + I believe the following check is redundant for non inline case. I believe get_hop_for_offload_pkt can also set the RTE_LPM_LOOKUP_SUCCESS if route is success and take the (pkt_hop & RTE_LPM_LOOKUP_SUCCESS) == 0 check outside the if else block and free the packet if it is unsuccessful. Same comment for route6_pkts. Checking with -1 may not be a good idea if we have a flag available for the same. Others can comment. > + if (pkt_hop == -1) { > rte_pktmbuf_free(pkts[i]); > continue; > } > - send_single_packet(pkts[i], hop[i] & 0xff); > + send_single_packet(pkts[i], pkt_hop & 0xff); > } > } > > @@ -619,26 +660,49 @@ route6_pkts(struct rt_ctx *rt_ctx, struct rte_mbuf *pkts[], uint8_t nb_pkts) > int32_t hop[MAX_PKT_BURST * 2]; > uint8_t dst_ip[MAX_PKT_BURST * 2][16]; > uint8_t *ip6_dst; > + int32_t pkt_hop = 0; > uint16_t i, offset; > + uint16_t lpm_pkts = 0; > > if (nb_pkts == 0) > return; > > + /* Need to do an LPM lookup for non-offload packets. Offload packets > + * will have port ID in the SA > + */ > + > for (i = 0; i < nb_pkts; i++) { > - offset = offsetof(struct ip6_hdr, ip6_dst); > - ip6_dst = rte_pktmbuf_mtod_offset(pkts[i], uint8_t *, offset); > - memcpy(&dst_ip[i][0], ip6_dst, 16); > + if (!(pkts[i]->ol_flags & PKT_TX_SEC_OFFLOAD)) { > + /* Security offload not enabled. So an LPM lookup is > + * required to get the hop > + */ > + offset = offsetof(struct ip6_hdr, ip6_dst); > + ip6_dst = rte_pktmbuf_mtod_offset(pkts[i], uint8_t *, > + offset); > + memcpy(&dst_ip[lpm_pkts][0], ip6_dst, 16); > + lpm_pkts++; > + } > } > > - rte_lpm6_lookup_bulk_func((struct rte_lpm6 *)rt_ctx, dst_ip, > - hop, nb_pkts); > + rte_lpm6_lookup_bulk_func((struct rte_lpm6 *)rt_ctx, dst_ip, hop, > + lpm_pkts); > + > + lpm_pkts = 0; > > for (i = 0; i < nb_pkts; i++) { > - if (hop[i] == -1) { > + if (pkts[i]->ol_flags & PKT_TX_SEC_OFFLOAD) { > + /* Read hop from the SA */ > + pkt_hop = get_hop_for_offload_pkt(pkts[i]); > + } else { > + /* Need to use hop returned by lookup */ > + pkt_hop = hop[lpm_pkts++]; > + } > + > + if (pkt_hop == -1) { > rte_pktmbuf_free(pkts[i]); > continue; > } > - send_single_packet(pkts[i], hop[i] & 0xff); > + send_single_packet(pkts[i], pkt_hop & 0xff); > } > } > >