From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0043.outbound.protection.outlook.com [104.47.32.43]) by dpdk.org (Postfix) with ESMTP id BB1361B38B for ; Mon, 13 Nov 2017 17:14:53 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=CAVIUMNETWORKS.onmicrosoft.com; s=selector1-cavium-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=AeaEvt3DaP3yV3kPSAHTj3/rPdfkP6yHkuo2JL0P9io=; b=EV2Y6FrfFR9rlqv3DBUYpYx89+orlTDooTf5nAri9GpFu2HJ/hQrfb+tm6MFdx7HqgXbV9a8P65E9M7VnUahwxAEKH4+XikLyCIEMJFJVwOK8eSAPPZvsihd/oU2jxqyGOFU7ZS9ikH4gLsTlgjT0aIK3iGpOuYxOGrxQ2i8mXU= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Anoob.Joseph@cavium.com; Received: from ajoseph83.caveonetworks.com (14.140.2.178) by DM5PR0701MB3637.namprd07.prod.outlook.com (2603:10b6:4:7d::38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.218.12; Mon, 13 Nov 2017 16:14:48 +0000 From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Sergio Gonzalez Monroy , Radu Nicolau Cc: narayanaprasad.athreya@cavium.com, jerin.jacobkollanukkaran@cavium.com, anoob.joseph@cavium.com, dev@dpdk.org Date: Mon, 13 Nov 2017 16:13:55 +0000 Message-Id: <1510589635-8868-1-git-send-email-anoob.joseph@cavium.com> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [14.140.2.178] X-ClientProxiedBy: DM5PR07CA0045.namprd07.prod.outlook.com (2603:10b6:3:16::31) To DM5PR0701MB3637.namprd07.prod.outlook.com (2603:10b6:4:7d::38) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: ade66206-d69a-4647-dd50-08d52ab1ab15 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603258); SRVR:DM5PR0701MB3637; X-Microsoft-Exchange-Diagnostics: 1; DM5PR0701MB3637; 3:0iD05AV/GmKtxwQyCk6fvW/JUWFwlsq/Mc3gL4k9zSrFZj9mV7olWdn8lpHGsujhP2fr/t4nv6FnGdd8l7akhbSp/S2I55OkEix6OW5A8RJSQx9ukywi9Jt7kmXJZiZY4pXgI7cJU5UDEj7yCxiDozB+6raphIL2POv8d4t0+WbewqlhW8qz0qILAB1LSh7+xKZlG4D+D0RzJRg3ELbRsbce0nlRyd9X84ap+L8iYA6l6XR7W/ZFJQ32x5N4btxk; 25:fwCq5xpd4pyRQfbXIsYww0fOO2LPeUeU4pBhx+YSMvLDsfE0umIyC60iqehTJdKo9Hfklv2+8a1eyVl79q4vS2LrxzUjQ6pyNTYAG3rh3gtVuV8V9aF777s6fjrG56Brv0hc7MQVfJMWM5myJKhsyG2MLEw9OInderd8IbqtkWwYdI5XeN9tr3y6KrUxmovomDgq302g3WW+F9QoOkUdXXW7KbNRQTI0XCJrfXPhU8I+8gqLEjhvAaELO9+cE2+NFcMwmjChMessDxMzUCzDQvQdI7nqyMJRhltQS3/sr15f7N69g7S6QuJK6g1drtA1rlHCES6Y4IvEMnYG12KPnA==; 31:W951HwfGr5NGHABjRK+QFyiZioeJzfqB3LzSQfOGDuirGfwbpx3ubx/wd5ChUEXLJHZ7qvx8L34fUUqtcZ1GIsQ2ld1SimYSLi2H/b9eiHBf3CIIaz1n2doV1mVkDsUFIIQSXnKwYMfP/3HzefmYNX1C/fVmH75GA/0yHOrWLGnVbuiMhWOIezHqEyv0xLV1ptDq9d6nsE1Y9evUiBFtd3uh0ya+4AQdYu9/gyJ9eYw= X-MS-TrafficTypeDiagnostic: DM5PR0701MB3637: X-Microsoft-Exchange-Diagnostics: 1; DM5PR0701MB3637; 20:Xlt2jaQkOLVeGmX4ZHfrPFtOQNeSQ0N80aOSTZK7x7L5jfecD5y4GfJe+nW8m/1+QaTa2JKZ41RIIpoopi34hEedJ5pQAMEkdtkGX3wTcv3/YxSGmCywfvGu4ldfg2fRNR8VFauMRnzRla0mW2ecwscjXUwjwDfoVkRypbv5z84hkIYQ/HXPxyREKtbiEjkUVbXC4jfEktdf6xvWnexAakrGhniH0ce5fx7m+JObwwQ9jEvCsSE7gRj3pwQFc7HV4okkx3D1qAMNR85U/+1CWj4Xf2ysCjZiHN0uTPdd7SEV+7PwM5CCE8zclXjCP86oK00e6rO+TT3vxWM5JrTQRsEctl2BSJ039D9sAtkZ19yCCJ5XFFf2F4ahonm+LckYI5xZzIsCmlS6qCTsvlvrxWvUM/2ogh7UqJlUUbDepZmBaTe6eSd1SUeEnHW3gx3iKKBk+YQfVsw4rrsbt0zhteIWbIPlSxEUdVY2GH4AMi8Kp7cFOIB0t+SBG4k3+dsD; 4:TCyhBAyluqzaOlvQ+zBD81n9d/a7GetES/jdiMsu4TEliDWH1JdTNQrsz1uvastvz31+YyQoM2VOY64JtHx3yUeNMsAmghQumcm9RASXDtt6asBwSEjJM91kv0N/QKXVdnZ4kcUgF8jTEQ/biyj/Mi1HEB/xwuEUUxeZ0Vs+erVwyhPLUpGNosY9C5mmRoJSrAuX9zTXzOZSA1y1I4+hgaC1by+9Tu5kZEdtXAYDbhH7GWxQGWciKWfBfOAieE+E026y8yLetYg3CeAInIuvzRMFGQwM/zFqGnGGqmu44aCdZNHdJ/HjbAo7TNn46p5z X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(192374486261705); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3231022)(3002001)(100000703101)(100105400095)(6041248)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123558100)(20161123562025)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DM5PR0701MB3637; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM5PR0701MB3637; X-Forefront-PRVS: 0490BBA1F0 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(376002)(346002)(189002)(199003)(6506006)(8676002)(6486002)(305945005)(16586007)(316002)(189998001)(53936002)(5660300001)(110136005)(69596002)(53416004)(5003940100001)(81166006)(7736002)(47776003)(6666003)(101416001)(16526018)(66066001)(81156014)(48376002)(478600001)(50466002)(86362001)(5009440100003)(6116002)(105586002)(4326008)(25786009)(33646002)(106356001)(72206003)(36756003)(50226002)(68736007)(8936002)(50986999)(6512007)(2906002)(8656006)(97736004)(3846002)(110426004); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR0701MB3637; H:ajoseph83.caveonetworks.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: cavium.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM5PR0701MB3637; 23:7zMMAFiqbipCjLUdZGWdxyFHqALTEFWcG9E75ng?= =?us-ascii?Q?bTszrQjvTFYmu8KhIapI7FIvZdAKJiHFLULo0M7+E96wlOZL+pA8LU7lo6VQ?= =?us-ascii?Q?mPcf+bk5DwFM4N97mykB4hr1sYqPjdUF9IQPLZx6LN8m8shYXP0lHtZaSWWz?= =?us-ascii?Q?I66i6F+fKQStHOGnYHWHSlUGuUJKwmvJd6axpZVMaruSRFcrR5RGXNNeiutp?= =?us-ascii?Q?H/bKWBm7d4v4fGYkhmAKx3OqPi1Itx8Y1E1poX6Oo72de+6zC/Xb2LoFNgxI?= =?us-ascii?Q?z6ipvPJ1UjzWL5OIBgj0UplZh1uqOtCB4+9RqTGcu41Zrw8ciDq06Mlii/7U?= =?us-ascii?Q?/AcVBs9hO4KgoXmK8x3fSksiLBHLd5uuY38LHLdrFuSTuZi6uCxCmYliMy9H?= =?us-ascii?Q?VD4HSj/buWzY2GrWXm52oq3zMY/5ANkd8yk6Now5v8s5Ggpio9RLxinf6uc1?= =?us-ascii?Q?Y2mdnLF04UitHjoet3jmGmNlr+V+sptdGPJmZN8v0j66Skm1UuZWlFkXmWNb?= =?us-ascii?Q?f7Cf9xm3Ui083iQYgbhYhjozMsvWocmxtBLbNAR7ciB0vn/oNSTwNkEBgUyf?= =?us-ascii?Q?HKHE5LmkhJlgoOWbW2C60Q5RXJCeWzpCAT3fSMfJPJamtord7XKNkrHDDNgN?= =?us-ascii?Q?lFU2vcRMHdpoyBDg+1QPL/NI4ysojJ5XYv76mA5lyJfJLCQfgfwavtV/IJJb?= =?us-ascii?Q?2oUSfP2HIuCuNIACU0BP7HvFHpknbgbktyf4dYZoiTxIj8GPHxtHXZ3PCg7u?= =?us-ascii?Q?8sqbGTFMjtafcif57tOWRRM35ABwy3o4DlVbV7zjXMnrsDMlUrH3UrFHNCHL?= =?us-ascii?Q?kmfQrCKBLmJXt2qjojkkTevNLTkm9eDqXc5R/whakrIk66WDOxE9EHQ7Y8HV?= =?us-ascii?Q?z2KMUZCdvLbIFj5ql3dXKKikJoZEipq1YWj3iZMeKQXnDqNEfOmWI/hj1T9S?= =?us-ascii?Q?P21iEzDrLf5C3WGfGCtwPrB0UDwgpOeW5flfaz5CpfRQWoxk4ZSJhTp5bFh6?= =?us-ascii?Q?C+LUkUOXeNuW/rsziF8ijrcpc5eWZi5kCiQWYmPMdvKqVSWZKjsiEyQDoLRk?= =?us-ascii?Q?NsV2LsZpZ7OPQOjMYxgJB8WNwpJvif4NTF16B80iUWf5zlmZ9VvwwFeIkk6L?= =?us-ascii?Q?Epr18HuYutUScOj1zW7dzQ2qwCU1nmc28OVhniQUIH5+btiO81TQ9lQ=3D?= =?us-ascii?Q?=3D?= X-Microsoft-Exchange-Diagnostics: 1; DM5PR0701MB3637; 6:+7BrJCl2Yh4gYMm095sMk07ZLCF4nidTs2L0lwXtXb/S+QtFXChR0MANgidpqMF+KGvSGCAGB4ZIiXGerd25Hm7Qdis07HlDBm3bPY8J1ryp091UOdjXiYEfVRlkVhchhGVqfbF7htLNd+Sk6YLOapWcsHs0Rgn8ULLzFHrVpWwqhTfBtL5wXnJVeXSlokyj6ELGplBnO2rthyNZ7Hd7nSYlbwk9SWuXLzeVUgCA3qZNe0SgypnatKuBNVo3SN1gpjx7AE1+B23IUC5NskVm26WvDQ+zKp6lpgKryaI/kKHvEg+XTVyz9+JT8gVXvZ8S5ulDYxMyWK5MsfZXkSrYPq7Lm6QcpL1u2kuVZBtdp3s=; 5:4cmlIq1TLR6ZWFSXWW4lg4EAFjv3yPuJ7HN6uQgTIki3U+lmVijs5bBX9onlWYZ17iFg9/+Xrr6kmqups9OH3H1ALWPNJ9dCYzrvNpDmXwJiIEmncNI/lsC869PGcbKGwk2h/1AoRYBV+GM2YowzLWP68FFTY1PYhrl9Ducwl0U=; 24:fWS86Jwj3oHITKO+oW9QDjT42ZnQTfHfgVTGxy+ORzGlhXW/7OdRQzhCslCvFjrbjv8yCAkRrSOzm81SDoX42jZTO3/JovXFOu4I3q3PcD4=; 7:a9+mH2WZZbRxUMlbOc/0rgTJFXoPO5WAfLqZ4ts3LQdA6y7dAAyZlZYpVNoozISGwgXaC4pZpC1tFO1FjyeG/IfJTNsIaAHIkYGCXmPZBCU63gBBNR6Fqdk870eCYtXLDTkVQuRiOpVZOh33fli0JjdmEXZ3lCQCY4OTDuaH2LlySLVENBv2MO9DatkNy9r07R0S0sO5PPi8crW5yl/JWjub7K3KG13I7O8bCAgf+41zjVhA5suGcKY+Xw/VwFya SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: cavium.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Nov 2017 16:14:48.4145 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ade66206-d69a-4647-dd50-08d52ab1ab15 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 711e4ccf-2e9b-4bcf-a551-4094005b6194 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR0701MB3637 X-Mailman-Approved-At: Mon, 13 Nov 2017 22:35:58 +0100 Subject: [dpdk-dev] [PATCH] examples/ipsec-secgw: fix usage of incorrect port X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 16:14:54 -0000 When security offload is enabled, the packet should be forwarded on the port configured in the SA. Security session will be configured on that port only, and sending the packet on other ports could result in unencrypted packets being sent out. This would have performance improvements too, as the per packet LPM lookup would be avoided for IPsec packets, in inline mode. Fixes: ec17993a145a ("examples/ipsec-secgw: support security offload") Signed-off-by: Anoob Joseph --- examples/ipsec-secgw/ipsec-secgw.c | 92 ++++++++++++++++++++++++++++++++------ 1 file changed, 78 insertions(+), 14 deletions(-) diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c index c98454a..80cdff3 100644 --- a/examples/ipsec-secgw/ipsec-secgw.c +++ b/examples/ipsec-secgw/ipsec-secgw.c @@ -585,31 +585,72 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx, traffic->ip6.num = nb_pkts_out; } +static inline int32_t +get_hop_for_offload_pkt(struct rte_mbuf *pkt) +{ + struct ipsec_mbuf_metadata *priv; + struct ipsec_sa *sa; + + priv = get_priv(pkt); + + sa = priv->sa; + if (unlikely(sa == NULL)) { + RTE_LOG(ERR, IPSEC, "SA not saved in private data\n"); + return -1; + } + + return sa->portid; +} + static inline void route4_pkts(struct rt_ctx *rt_ctx, struct rte_mbuf *pkts[], uint8_t nb_pkts) { uint32_t hop[MAX_PKT_BURST * 2]; uint32_t dst_ip[MAX_PKT_BURST * 2]; + int32_t pkt_hop = 0; uint16_t i, offset; + uint16_t lpm_pkts = 0; if (nb_pkts == 0) return; + /* Need to do an LPM lookup for non-offload packets. Offload packets + * will have port ID in the SA + */ + for (i = 0; i < nb_pkts; i++) { - offset = offsetof(struct ip, ip_dst); - dst_ip[i] = *rte_pktmbuf_mtod_offset(pkts[i], - uint32_t *, offset); - dst_ip[i] = rte_be_to_cpu_32(dst_ip[i]); + if (!(pkts[i]->ol_flags & PKT_TX_SEC_OFFLOAD)) { + /* Security offload not enabled. So an LPM lookup is + * required to get the hop + */ + offset = offsetof(struct ip, ip_dst); + dst_ip[lpm_pkts] = *rte_pktmbuf_mtod_offset(pkts[i], + uint32_t *, offset); + dst_ip[lpm_pkts] = rte_be_to_cpu_32(dst_ip[lpm_pkts]); + lpm_pkts++; + } } - rte_lpm_lookup_bulk((struct rte_lpm *)rt_ctx, dst_ip, hop, nb_pkts); + rte_lpm_lookup_bulk((struct rte_lpm *)rt_ctx, dst_ip, hop, lpm_pkts); + + lpm_pkts = 0; for (i = 0; i < nb_pkts; i++) { - if ((hop[i] & RTE_LPM_LOOKUP_SUCCESS) == 0) { + if ((pkts[i]->ol_flags & PKT_TX_SEC_OFFLOAD)) { + /* Read hop from the SA */ + pkt_hop = get_hop_for_offload_pkt(pkts[i]); + } else { + /* Need to use hop returned by lookup */ + pkt_hop = hop[lpm_pkts++]; + if ((pkt_hop & RTE_LPM_LOOKUP_SUCCESS) == 0) + pkt_hop = -1; + } + + if (pkt_hop == -1) { rte_pktmbuf_free(pkts[i]); continue; } - send_single_packet(pkts[i], hop[i] & 0xff); + send_single_packet(pkts[i], pkt_hop & 0xff); } } @@ -619,26 +660,49 @@ route6_pkts(struct rt_ctx *rt_ctx, struct rte_mbuf *pkts[], uint8_t nb_pkts) int32_t hop[MAX_PKT_BURST * 2]; uint8_t dst_ip[MAX_PKT_BURST * 2][16]; uint8_t *ip6_dst; + int32_t pkt_hop = 0; uint16_t i, offset; + uint16_t lpm_pkts = 0; if (nb_pkts == 0) return; + /* Need to do an LPM lookup for non-offload packets. Offload packets + * will have port ID in the SA + */ + for (i = 0; i < nb_pkts; i++) { - offset = offsetof(struct ip6_hdr, ip6_dst); - ip6_dst = rte_pktmbuf_mtod_offset(pkts[i], uint8_t *, offset); - memcpy(&dst_ip[i][0], ip6_dst, 16); + if (!(pkts[i]->ol_flags & PKT_TX_SEC_OFFLOAD)) { + /* Security offload not enabled. So an LPM lookup is + * required to get the hop + */ + offset = offsetof(struct ip6_hdr, ip6_dst); + ip6_dst = rte_pktmbuf_mtod_offset(pkts[i], uint8_t *, + offset); + memcpy(&dst_ip[lpm_pkts][0], ip6_dst, 16); + lpm_pkts++; + } } - rte_lpm6_lookup_bulk_func((struct rte_lpm6 *)rt_ctx, dst_ip, - hop, nb_pkts); + rte_lpm6_lookup_bulk_func((struct rte_lpm6 *)rt_ctx, dst_ip, hop, + lpm_pkts); + + lpm_pkts = 0; for (i = 0; i < nb_pkts; i++) { - if (hop[i] == -1) { + if ((pkts[i]->ol_flags & PKT_TX_SEC_OFFLOAD) == 0) { + /* Read hop from the SA */ + pkt_hop = get_hop_for_offload_pkt(pkts[i]); + } else { + /* Need to use hop returned by lookup */ + pkt_hop = hop[lpm_pkts++]; + } + + if (pkt_hop == -1) { rte_pktmbuf_free(pkts[i]); continue; } - send_single_packet(pkts[i], hop[i] & 0xff); + send_single_packet(pkts[i], pkt_hop & 0xff); } } -- 2.7.4