From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
by inbox.dpdk.org (Postfix) with ESMTP id BFCBF45B69;
Fri, 18 Oct 2024 16:07:49 +0200 (CEST)
Received: from mails.dpdk.org (localhost [127.0.0.1])
by mails.dpdk.org (Postfix) with ESMTP id 6BDBF40B91;
Fri, 18 Oct 2024 16:06:52 +0200 (CEST)
Received: from us-smtp-delivery-124.mimecast.com
(us-smtp-delivery-124.mimecast.com [170.10.129.124])
by mails.dpdk.org (Postfix) with ESMTP id DEAB940A6F
for <dev@dpdk.org>; Fri, 18 Oct 2024 16:06:47 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
s=mimecast20190719; t=1729260407;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:mime-version:mime-version:content-type:content-type:
content-transfer-encoding:content-transfer-encoding:
in-reply-to:in-reply-to:references:references;
bh=ZkNGh29m75/wFK/Lz8DfDq7KWN7b6z4rbkq+6+g84CE=;
b=FFVbiWawa3HwZtvUTtDZF0Kh9CR1ne7Rs8OxGs2g5UevsVckHkHRpzESymLG10ZBba/zLx
f1KG5MQJsnXfo8EODxVTvb/LtqvxN3nm9eQbsEsRkx3PycU3SzNktbCE6x6qj/zAXgTlEv
IRUaDvWObmqqa73ivHXtiZzwUomHUr4=
Received: from mx-prod-mc-02.mail-002.prod.us-west-2.aws.redhat.com
(ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by
relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
cipher=TLS_AES_256_GCM_SHA384) id us-mta-661-i9Id5q_lNhK7dPVLT3HitQ-1; Fri,
18 Oct 2024 10:06:45 -0400
X-MC-Unique: i9Id5q_lNhK7dPVLT3HitQ-1
Received: from mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com
(mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.12])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
(No client certificate requested)
by mx-prod-mc-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
id 1876B1944DDE; Fri, 18 Oct 2024 14:06:43 +0000 (UTC)
Received: from ringo.redhat.com (unknown [10.39.208.23])
by mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP
id 2844919560A2; Fri, 18 Oct 2024 14:06:40 +0000 (UTC)
From: Robin Jarry <rjarry@redhat.com>
To: dev@dpdk.org, Konstantin Ananyev <konstantin.v.ananyev@yandex.ru>,
Vladimir Medvedkin <vladimir.medvedkin@intel.com>,
Radu Nicolau <radu.nicolau@intel.com>, Akhil Goyal <gakhil@marvell.com>
Subject: [PATCH dpdk v5 11/17] ipsec: use IPv6 address structure
Date: Fri, 18 Oct 2024 16:05:47 +0200
Message-ID: <20241018140553.79789-12-rjarry@redhat.com>
In-Reply-To: <20241018140553.79789-1-rjarry@redhat.com>
References: <20240821162516.610624-17-rjarry@redhat.com>
<20241018140553.79789-1-rjarry@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.0 on 10.30.177.12
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"; x-default=true
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
<mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
<mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Update rte_ipsec_sadv6_key to use rte_ipv6_addr structures instead of
uint8_t[16] arrays.
Signed-off-by: Robin Jarry <rjarry@redhat.com>
---
app/test-sad/main.c | 24 ++--
app/test/test_ipsec_sad.c | 46 ++++----
doc/guides/prog_guide/ipsec_lib.rst | 4 +-
doc/guides/rel_notes/deprecation.rst | 2 -
doc/guides/rel_notes/release_24_11.rst | 2 +
examples/ipsec-secgw/flow.c | 20 ++--
examples/ipsec-secgw/ipsec.c | 33 ++----
examples/ipsec-secgw/ipsec.h | 5 +-
examples/ipsec-secgw/parser.c | 2 +-
examples/ipsec-secgw/parser.h | 4 +-
examples/ipsec-secgw/rt.c | 4 +-
examples/ipsec-secgw/sa.c | 37 +++---
examples/ipsec-secgw/sad.h | 12 +-
examples/ipsec-secgw/sp6.c | 154 ++++++++++++++-----------
lib/ipsec/rte_ipsec_sad.h | 5 +-
15 files changed, 171 insertions(+), 183 deletions(-)
diff --git a/app/test-sad/main.c b/app/test-sad/main.c
index addfc0714521..54e3fa0c91e6 100644
--- a/app/test-sad/main.c
+++ b/app/test-sad/main.c
@@ -248,8 +248,8 @@ get_random_rules(struct rule *tbl, uint32_t nb_rules, int rule_tbl)
(uint64_t)(edge + step));
if (config.ipv6) {
for (j = 0; j < 16; j++) {
- tbl[i].tuple.v6.dip[j] = rte_rand();
- tbl[i].tuple.v6.sip[j] = rte_rand();
+ tbl[i].tuple.v6.dip.a[j] = rte_rand();
+ tbl[i].tuple.v6.sip.a[j] = rte_rand();
}
} else {
tbl[i].tuple.v4.dip = rte_rand();
@@ -274,9 +274,9 @@ get_random_rules(struct rule *tbl, uint32_t nb_rules, int rule_tbl)
(uint64_t)(edge + step));
if (config.ipv6) {
for (j = 0; j < 16; j++) {
- tbl[i].tuple.v6.dip[j] =
+ tbl[i].tuple.v6.dip.a[j] =
rte_rand();
- tbl[i].tuple.v6.sip[j] =
+ tbl[i].tuple.v6.sip.a[j] =
rte_rand();
}
} else {
@@ -289,12 +289,8 @@ get_random_rules(struct rule *tbl, uint32_t nb_rules, int rule_tbl)
config.nb_rules].tuple.v4.spi;
if (config.ipv6) {
int r_idx = i % config.nb_rules;
- memcpy(tbl[i].tuple.v6.dip,
- rules_tbl[r_idx].tuple.v6.dip,
- sizeof(tbl[i].tuple.v6.dip));
- memcpy(tbl[i].tuple.v6.sip,
- rules_tbl[r_idx].tuple.v6.sip,
- sizeof(tbl[i].tuple.v6.sip));
+ tbl[i].tuple.v6.dip = rules_tbl[r_idx].tuple.v6.dip;
+ tbl[i].tuple.v6.sip = rules_tbl[r_idx].tuple.v6.sip;
} else {
tbl[i].tuple.v4.dip = rules_tbl[i %
config.nb_rules].tuple.v4.dip;
@@ -472,8 +468,8 @@ print_result(const union rte_ipsec_sad_key *key, void *res)
v4 = &key->v4;
v6 = &key->v6;
spi = (config.ipv6 == 0) ? v4->spi : v6->spi;
- dip = (config.ipv6 == 0) ? &v4->dip : (const void *)v6->dip;
- sip = (config.ipv6 == 0) ? &v4->sip : (const void *)v6->sip;
+ dip = (config.ipv6 == 0) ? &v4->dip : (const void *)&v6->dip;
+ sip = (config.ipv6 == 0) ? &v4->sip : (const void *)&v6->sip;
if (res == NULL) {
printf("TUPLE: ");
@@ -500,8 +496,8 @@ print_result(const union rte_ipsec_sad_key *key, void *res)
v4 = &rule->tuple.v4;
v6 = &rule->tuple.v6;
spi = (config.ipv6 == 0) ? v4->spi : v6->spi;
- dip = (config.ipv6 == 0) ? &v4->dip : (const void *)v6->dip;
- sip = (config.ipv6 == 0) ? &v4->sip : (const void *)v6->sip;
+ dip = (config.ipv6 == 0) ? &v4->dip : (const void *)&v6->dip;
+ sip = (config.ipv6 == 0) ? &v4->sip : (const void *)&v6->sip;
printf("\n\tpoints to RULE ID %zu ",
RTE_PTR_DIFF(res, rules_tbl)/sizeof(struct rule));
print_tuple(af, spi, dip, sip);
diff --git a/app/test/test_ipsec_sad.c b/app/test/test_ipsec_sad.c
index 7534f16f89d0..642643eb639e 100644
--- a/app/test/test_ipsec_sad.c
+++ b/app/test/test_ipsec_sad.c
@@ -212,7 +212,8 @@ test_add_invalid(void)
{
int status;
struct rte_ipsec_sadv4_key tuple_v4 = {10, 20, 30};
- struct rte_ipsec_sadv6_key tuple_v6 = {10, {20, }, {30, } };
+ struct rte_ipsec_sadv6_key tuple_v6 = {10,
+ RTE_IPV6(0x1400, 0, 0, 0, 0, 0, 0, 0), RTE_IPV6(0x1e00, 0, 0, 0, 0, 0, 0, 0)};
status = __test_add_invalid(0, (union rte_ipsec_sad_key *)&tuple_v4);
if (status != TEST_SUCCESS)
@@ -271,8 +272,8 @@ test_delete_invalid(void)
{
int status;
struct rte_ipsec_sadv4_key tuple_v4 = {SPI, DIP, SIP};
- struct rte_ipsec_sadv6_key tuple_v6 = {SPI, {0xbe, 0xef, },
- {0xf0, 0x0d, } };
+ struct rte_ipsec_sadv6_key tuple_v6 = {SPI,
+ RTE_IPV6(0xbeef, 0, 0, 0, 0, 0, 0, 0), RTE_IPV6(0xf00d, 0, 0, 0, 0, 0, 0, 0)};
status = __test_delete_invalid(0, (union rte_ipsec_sad_key *)&tuple_v4);
if (status != TEST_SUCCESS)
@@ -329,7 +330,8 @@ test_lookup_invalid(void)
{
int status;
struct rte_ipsec_sadv4_key tuple_v4 = {10, 20, 30};
- struct rte_ipsec_sadv6_key tuple_v6 = {10, {20, }, {30, } };
+ struct rte_ipsec_sadv6_key tuple_v6 = {10,
+ RTE_IPV6(0x1400, 0, 0, 0, 0, 0, 0, 0), RTE_IPV6(0x1e00, 0, 0, 0, 0, 0, 0, 0)};
status = __test_lookup_invalid(0,
(union rte_ipsec_sad_key *)&tuple_v4);
@@ -405,10 +407,10 @@ test_lookup_basic(void)
int status;
struct rte_ipsec_sadv4_key tuple_v4 = {SPI, DIP, SIP};
struct rte_ipsec_sadv4_key tuple_v4_1 = {SPI, BAD, BAD};
- struct rte_ipsec_sadv6_key tuple_v6 = {SPI, {0xbe, 0xef, },
- {0xf0, 0x0d, } };
- struct rte_ipsec_sadv6_key tuple_v6_1 = {SPI, {0x0b, 0xad, },
- {0x0b, 0xad, } };
+ struct rte_ipsec_sadv6_key tuple_v6 = {SPI,
+ RTE_IPV6(0xbeef, 0, 0, 0, 0, 0, 0, 0), RTE_IPV6(0xf00d, 0, 0, 0, 0, 0, 0, 0)};
+ struct rte_ipsec_sadv6_key tuple_v6_1 = {SPI,
+ RTE_IPV6(0x0bad, 0, 0, 0, 0, 0, 0, 0), RTE_IPV6(0x0bad, 0, 0, 0, 0, 0, 0, 0)};
status = __test_lookup_basic(0, (union rte_ipsec_sad_key *)&tuple_v4,
(union rte_ipsec_sad_key *)&tuple_v4_1);
@@ -654,14 +656,14 @@ test_lookup_adv(void)
struct rte_ipsec_sadv4_key tuple_v4_3 = {BAD, DIP, SIP};
/* key to install*/
- struct rte_ipsec_sadv6_key tuple_v6 = {SPI, {0xbe, 0xef, },
- {0xf0, 0x0d, } };
- struct rte_ipsec_sadv6_key tuple_v6_1 = {SPI, {0xbe, 0xef, },
- {0x0b, 0xad, } };
- struct rte_ipsec_sadv6_key tuple_v6_2 = {SPI, {0x0b, 0xad, },
- {0xf0, 0x0d, } };
- struct rte_ipsec_sadv6_key tuple_v6_3 = {BAD, {0xbe, 0xef, },
- {0xf0, 0x0d, } };
+ struct rte_ipsec_sadv6_key tuple_v6 = {SPI,
+ RTE_IPV6(0xbeef, 0, 0, 0, 0, 0, 0, 0), RTE_IPV6(0xf00d, 0, 0, 0, 0, 0, 0, 0)};
+ struct rte_ipsec_sadv6_key tuple_v6_1 = {SPI,
+ RTE_IPV6(0xbeef, 0, 0, 0, 0, 0, 0, 0), RTE_IPV6(0x0bad, 0, 0, 0, 0, 0, 0, 0)};
+ struct rte_ipsec_sadv6_key tuple_v6_2 = {SPI,
+ RTE_IPV6(0x0bad, 0, 0, 0, 0, 0, 0, 0), RTE_IPV6(0xf00d, 0, 0, 0, 0, 0, 0, 0)};
+ struct rte_ipsec_sadv6_key tuple_v6_3 = {BAD,
+ RTE_IPV6(0xbeef, 0, 0, 0, 0, 0, 0, 0), RTE_IPV6(0xf00d, 0, 0, 0, 0, 0, 0, 0)};
const union rte_ipsec_sad_key *key_arr[] = {
(union rte_ipsec_sad_key *)&tuple_v4,
@@ -852,12 +854,12 @@ test_lookup_order(void)
struct rte_ipsec_sadv4_key tuple_v4_1 = {SPI, DIP, BAD};
struct rte_ipsec_sadv4_key tuple_v4_2 = {SPI, BAD, SIP};
/* key to install*/
- struct rte_ipsec_sadv6_key tuple_v6 = {SPI, {0xbe, 0xef, },
- {0xf0, 0x0d, } };
- struct rte_ipsec_sadv6_key tuple_v6_1 = {SPI, {0xbe, 0xef, },
- {0x0b, 0xad, } };
- struct rte_ipsec_sadv6_key tuple_v6_2 = {SPI, {0x0b, 0xad, },
- {0xf0, 0x0d, } };
+ struct rte_ipsec_sadv6_key tuple_v6 = {SPI,
+ RTE_IPV6(0xbeef, 0, 0, 0, 0, 0, 0, 0), RTE_IPV6(0xf00d, 0, 0, 0, 0, 0, 0, 0)};
+ struct rte_ipsec_sadv6_key tuple_v6_1 = {SPI,
+ RTE_IPV6(0xbeef, 0, 0, 0, 0, 0, 0, 0), RTE_IPV6(0x0bad, 0, 0, 0, 0, 0, 0, 0)};
+ struct rte_ipsec_sadv6_key tuple_v6_2 = {SPI,
+ RTE_IPV6(0x0bad, 0, 0, 0, 0, 0, 0, 0), RTE_IPV6(0xf00d, 0, 0, 0, 0, 0, 0, 0)};
status = __test_lookup_order(0, (union rte_ipsec_sad_key *)&tuple_v4,
(union rte_ipsec_sad_key *)&tuple_v4_1,
diff --git a/doc/guides/prog_guide/ipsec_lib.rst b/doc/guides/prog_guide/ipsec_lib.rst
index 3fa0a70d1325..458a82828ce8 100644
--- a/doc/guides/prog_guide/ipsec_lib.rst
+++ b/doc/guides/prog_guide/ipsec_lib.rst
@@ -275,8 +275,8 @@ and v6 is a tuple for IPv6:
struct rte_ipsec_sadv6_key {
uint32_t spi;
- uint8_t dip[16];
- uint8_t sip[16];
+ struct rte_ipv6_addr dip;
+ struct rte_ipv6_addr sip;
};
As an example, lookup related code could look like that:
diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst
index c41124ee6e4a..d67d63d37275 100644
--- a/doc/guides/rel_notes/deprecation.rst
+++ b/doc/guides/rel_notes/deprecation.rst
@@ -74,8 +74,6 @@ Deprecation Notices
- ``struct tcp6_flow_key``
hash
- ``struct rte_ipv6_tuple``
- ipsec
- - ``struct rte_ipsec_sadv6_key``
* net, ethdev: The flow item ``RTE_FLOW_ITEM_TYPE_VXLAN_GPE``
is replaced with ``RTE_FLOW_ITEM_TYPE_VXLAN``.
diff --git a/doc/guides/rel_notes/release_24_11.rst b/doc/guides/rel_notes/release_24_11.rst
index 3e88a59861ab..77459dbbff33 100644
--- a/doc/guides/rel_notes/release_24_11.rst
+++ b/doc/guides/rel_notes/release_24_11.rst
@@ -297,6 +297,8 @@ API Changes
- ``rte_fib6_lookup_bulk()``
- ``RTE_FIB6_IPV6_ADDR_SIZE`` (deprecated, replaced with ``RTE_IPV6_ADDR_SIZE``)
- ``RTE_FIB6_MAXDEPTH`` (deprecated, replaced with ``RTE_IPV6_MAX_DEPTH``)
+ ipsec
+ - ``struct rte_ipsec_sadv6_key``
lpm
- ``rte_lpm6_add()``
- ``rte_lpm6_delete()``
diff --git a/examples/ipsec-secgw/flow.c b/examples/ipsec-secgw/flow.c
index 3f7630f5fd53..70742387c6be 100644
--- a/examples/ipsec-secgw/flow.c
+++ b/examples/ipsec-secgw/flow.c
@@ -88,10 +88,10 @@ ipv6_hdr_print(struct rte_ipv6_hdr *hdr)
}
static int
-ipv6_addr_cpy(uint8_t *spec, uint8_t *mask, char *token,
+ipv6_addr_cpy(struct rte_ipv6_addr *spec, struct rte_ipv6_addr *mask, char *token,
struct parse_status *status)
{
- struct in6_addr ip;
+ struct rte_ipv6_addr ip;
uint32_t depth, i;
APP_CHECK(parse_ipv6_addr(token, &ip, &depth) == 0, status,
@@ -99,11 +99,11 @@ ipv6_addr_cpy(uint8_t *spec, uint8_t *mask, char *token,
if (status->status < 0)
return -1;
- memcpy(mask, &rte_flow_item_ipv6_mask.hdr.src_addr, sizeof(ip));
- memcpy(spec, ip.s6_addr, sizeof(struct in6_addr));
+ *mask = rte_flow_item_ipv6_mask.hdr.src_addr;
+ *spec = ip;
- for (i = 0; i < depth && (i%8 <= sizeof(struct in6_addr)); i++)
- mask[i/8] &= ~(1 << (7-i%8));
+ for (i = 0; i < depth && (i%8 <= sizeof(*mask)); i++)
+ mask->a[i/8] &= ~(1 << (7-i%8));
return 0;
}
@@ -175,8 +175,8 @@ parse_flow_tokens(char **tokens, uint32_t n_tokens,
INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
if (status->status < 0)
return;
- if (ipv6_addr_cpy(rule->ipv6.spec.hdr.src_addr.a,
- rule->ipv6.mask.hdr.src_addr.a,
+ if (ipv6_addr_cpy(&rule->ipv6.spec.hdr.src_addr,
+ &rule->ipv6.mask.hdr.src_addr,
tokens[ti], status))
return;
}
@@ -184,8 +184,8 @@ parse_flow_tokens(char **tokens, uint32_t n_tokens,
INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
if (status->status < 0)
return;
- if (ipv6_addr_cpy(rule->ipv6.spec.hdr.dst_addr.a,
- rule->ipv6.mask.hdr.dst_addr.a,
+ if (ipv6_addr_cpy(&rule->ipv6.spec.hdr.dst_addr,
+ &rule->ipv6.mask.hdr.dst_addr,
tokens[ti], status))
return;
}
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index ebde28639c12..3b1e2a710971 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -41,12 +41,8 @@ set_ipsec_conf(struct ipsec_sa *sa, struct rte_security_ipsec_xform *ipsec)
tunnel->ipv6.hlimit = IPDEFTTL;
tunnel->ipv6.dscp = 0;
tunnel->ipv6.flabel = 0;
-
- memcpy((uint8_t *)&tunnel->ipv6.src_addr,
- (uint8_t *)&sa->src.ip.ip6.ip6_b, 16);
-
- memcpy((uint8_t *)&tunnel->ipv6.dst_addr,
- (uint8_t *)&sa->dst.ip.ip6.ip6_b, 16);
+ memcpy(&tunnel->ipv6.src_addr, &sa->src.ip.ip6, 16);
+ memcpy(&tunnel->ipv6.dst_addr, &sa->dst.ip.ip6, 16);
}
/* TODO support for Transport */
}
@@ -450,10 +446,8 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
sess_conf.ipsec.tunnel.type =
RTE_SECURITY_IPSEC_TUNNEL_IPV6;
- memcpy(sess_conf.ipsec.tunnel.ipv6.src_addr.s6_addr,
- sa->src.ip.ip6.ip6_b, 16);
- memcpy(sess_conf.ipsec.tunnel.ipv6.dst_addr.s6_addr,
- sa->dst.ip.ip6.ip6_b, 16);
+ memcpy(&sess_conf.ipsec.tunnel.ipv6.src_addr, &sa->src.ip.ip6, 16);
+ memcpy(&sess_conf.ipsec.tunnel.ipv6.dst_addr, &sa->dst.ip.ip6, 16);
}
} else if (IS_TUNNEL(sa->flags)) {
sess_conf.ipsec.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
@@ -470,10 +464,8 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
sess_conf.ipsec.tunnel.type =
RTE_SECURITY_IPSEC_TUNNEL_IPV6;
- memcpy(sess_conf.ipsec.tunnel.ipv6.src_addr.s6_addr,
- sa->src.ip.ip6.ip6_b, 16);
- memcpy(sess_conf.ipsec.tunnel.ipv6.dst_addr.s6_addr,
- sa->dst.ip.ip6.ip6_b, 16);
+ memcpy(&sess_conf.ipsec.tunnel.ipv6.src_addr, &sa->src.ip.ip6, 16);
+ memcpy(&sess_conf.ipsec.tunnel.ipv6.dst_addr, &sa->dst.ip.ip6, 16);
} else {
RTE_LOG(ERR, IPSEC, "invalid tunnel type\n");
return -1;
@@ -528,11 +520,8 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
sa->pattern[1].mask = &rte_flow_item_ipv6_mask;
sa->pattern[1].type = RTE_FLOW_ITEM_TYPE_IPV6;
sa->pattern[1].spec = &sa->ipv6_spec;
-
- memcpy(&sa->ipv6_spec.hdr.dst_addr,
- sa->dst.ip.ip6.ip6_b, 16);
- memcpy(&sa->ipv6_spec.hdr.src_addr,
- sa->src.ip.ip6.ip6_b, 16);
+ sa->ipv6_spec.hdr.dst_addr = sa->dst.ip.ip6;
+ sa->ipv6_spec.hdr.src_addr = sa->src.ip.ip6;
} else if (IS_IP4(sa->flags)) {
sa->pattern[1].mask = &rte_flow_item_ipv4_mask;
sa->pattern[1].type = RTE_FLOW_ITEM_TYPE_IPV4;
@@ -735,10 +724,8 @@ create_ipsec_esp_flow(struct ipsec_sa *sa)
sa->pattern[1].mask = &rte_flow_item_ipv6_mask;
sa->pattern[1].type = RTE_FLOW_ITEM_TYPE_IPV6;
sa->pattern[1].spec = &sa->ipv6_spec;
- memcpy(&sa->ipv6_spec.hdr.dst_addr,
- sa->dst.ip.ip6.ip6_b, sizeof(sa->dst.ip.ip6.ip6_b));
- memcpy(&sa->ipv6_spec.hdr.src_addr,
- sa->src.ip.ip6.ip6_b, sizeof(sa->src.ip.ip6.ip6_b));
+ sa->ipv6_spec.hdr.dst_addr = sa->dst.ip.ip6;
+ sa->ipv6_spec.hdr.src_addr = sa->src.ip.ip6;
sa->pattern[2].type = RTE_FLOW_ITEM_TYPE_ESP;
sa->pattern[2].spec = &sa->esp_spec;
sa->pattern[2].mask = &rte_flow_item_esp_mask;
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 1fe6b97168db..f12f57e2d5c7 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -65,10 +65,7 @@ typedef int32_t (*ipsec_xform_fn)(struct rte_mbuf *m, struct ipsec_sa *sa,
struct ip_addr {
union {
uint32_t ip4;
- union {
- uint64_t ip6[2];
- uint8_t ip6_b[16];
- } ip6;
+ struct rte_ipv6_addr ip6;
} ip;
};
diff --git a/examples/ipsec-secgw/parser.c b/examples/ipsec-secgw/parser.c
index 2bd6df335b47..cb463c704f97 100644
--- a/examples/ipsec-secgw/parser.c
+++ b/examples/ipsec-secgw/parser.c
@@ -75,7 +75,7 @@ parse_ipv4_addr(const char *token, struct in_addr *ipv4, uint32_t *mask)
}
int
-parse_ipv6_addr(const char *token, struct in6_addr *ipv6, uint32_t *mask)
+parse_ipv6_addr(const char *token, struct rte_ipv6_addr *ipv6, uint32_t *mask)
{
char ip_str[256] = {0};
char *pch;
diff --git a/examples/ipsec-secgw/parser.h b/examples/ipsec-secgw/parser.h
index b5c5d0210f04..63f7844ed89f 100644
--- a/examples/ipsec-secgw/parser.h
+++ b/examples/ipsec-secgw/parser.h
@@ -11,6 +11,8 @@
#include <netinet/ip.h>
#include <string.h>
+#include <rte_ip6.h>
+
struct parse_status {
int status;
char parse_msg[256];
@@ -63,7 +65,7 @@ int
parse_ipv4_addr(const char *token, struct in_addr *ipv4, uint32_t *mask);
int
-parse_ipv6_addr(const char *token, struct in6_addr *ipv6, uint32_t *mask);
+parse_ipv6_addr(const char *token, struct rte_ipv6_addr *ipv6, uint32_t *mask);
int
parse_range(const char *token, uint16_t *low, uint16_t *high);
diff --git a/examples/ipsec-secgw/rt.c b/examples/ipsec-secgw/rt.c
index 059fc0c8f28c..132e200adb2a 100644
--- a/examples/ipsec-secgw/rt.c
+++ b/examples/ipsec-secgw/rt.c
@@ -89,7 +89,7 @@ parse_rt_tokens(char **tokens, uint32_t n_tokens,
(uint32_t)ip.s_addr);
route_ipv4->depth = (uint8_t)depth;
} else {
- struct in6_addr ip;
+ struct rte_ipv6_addr ip;
uint32_t depth;
APP_CHECK(parse_ipv6_addr(tokens[ti],
@@ -99,7 +99,7 @@ parse_rt_tokens(char **tokens, uint32_t n_tokens,
tokens[ti]);
if (status->status < 0)
return;
- memcpy(&route_ipv6->ip, ip.s6_addr, 16);
+ route_ipv6->ip = ip;
route_ipv6->depth = (uint8_t)depth;
}
}
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 1a0afd2ed2e8..425bfbf590fc 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -32,7 +32,7 @@
#define IP4_FULL_MASK (sizeof(((struct ip_addr *)NULL)->ip.ip4) * CHAR_BIT)
-#define IP6_FULL_MASK (sizeof(((struct ip_addr *)NULL)->ip.ip6.ip6) * CHAR_BIT)
+#define IP6_FULL_MASK RTE_IPV6_MAX_DEPTH
#define MBUF_NO_SEC_OFFLOAD(m) ((m->ol_flags & RTE_MBUF_F_RX_SEC_OFFLOAD) == 0)
@@ -661,7 +661,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
rule->src.ip.ip4 = rte_bswap32(
(uint32_t)ip.s_addr);
} else if (IS_IP6_TUNNEL(rule->flags)) {
- struct in6_addr ip;
+ struct rte_ipv6_addr ip;
APP_CHECK(parse_ipv6_addr(tokens[ti], &ip,
NULL) == 0, status,
@@ -670,8 +670,8 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
tokens[ti]);
if (status->status < 0)
return;
- memcpy(rule->src.ip.ip6.ip6_b,
- ip.s6_addr, 16);
+
+ rule->src.ip.ip6 = ip;
} else if (IS_TRANSPORT(rule->flags)) {
APP_CHECK(0, status, "unrecognized input "
"\"%s\"", tokens[ti]);
@@ -704,7 +704,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
rule->dst.ip.ip4 = rte_bswap32(
(uint32_t)ip.s_addr);
} else if (IS_IP6_TUNNEL(rule->flags)) {
- struct in6_addr ip;
+ struct rte_ipv6_addr ip;
APP_CHECK(parse_ipv6_addr(tokens[ti], &ip,
NULL) == 0, status,
@@ -713,7 +713,8 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
tokens[ti]);
if (status->status < 0)
return;
- memcpy(rule->dst.ip.ip6.ip6_b, ip.s6_addr, 16);
+
+ rule->dst.ip.ip6 = ip;
} else if (IS_TRANSPORT(rule->flags)) {
APP_CHECK(0, status, "unrecognized "
"input \"%s\"", tokens[ti]);
@@ -1010,19 +1011,9 @@ print_one_sa_rule(const struct ipsec_sa *sa, int inbound)
break;
case IP6_TUNNEL:
printf("IP6Tunnel ");
- for (i = 0; i < 16; i++) {
- if (i % 2 && i != 15)
- printf("%.2x:", sa->src.ip.ip6.ip6_b[i]);
- else
- printf("%.2x", sa->src.ip.ip6.ip6_b[i]);
- }
+ printf(RTE_IPV6_ADDR_FMT, RTE_IPV6_ADDR_SPLIT(&sa->src.ip.ip6));
printf(" ");
- for (i = 0; i < 16; i++) {
- if (i % 2 && i != 15)
- printf("%.2x:", sa->dst.ip.ip6.ip6_b[i]);
- else
- printf("%.2x", sa->dst.ip.ip6.ip6_b[i]);
- }
+ printf(RTE_IPV6_ADDR_FMT, RTE_IPV6_ADDR_SPLIT(&sa->dst.ip.ip6));
break;
case TRANSPORT:
printf("Transport ");
@@ -1220,10 +1211,8 @@ sa_add_address_inline_crypto(struct ipsec_sa *sa)
sa->flags |= IP6_TRANSPORT;
if (mask[0] == IP6_FULL_MASK &&
mask[1] == IP6_FULL_MASK &&
- (ip_addr[0].ip.ip6.ip6[0] != 0 ||
- ip_addr[0].ip.ip6.ip6[1] != 0) &&
- (ip_addr[1].ip.ip6.ip6[0] != 0 ||
- ip_addr[1].ip.ip6.ip6[1] != 0)) {
+ !rte_ipv6_addr_is_unspec(&ip_addr[0].ip.ip6) &&
+ !rte_ipv6_addr_is_unspec(&ip_addr[1].ip.ip6)) {
sa->src.ip.ip6 = ip_addr[0].ip.ip6;
sa->dst.ip.ip6 = ip_addr[1].ip.ip6;
@@ -1571,8 +1560,8 @@ ipsec_sa_init(struct ipsec_sa *lsa, struct rte_ipsec_sa *sa, uint32_t sa_size,
};
if (IS_IP6_TUNNEL(lsa->flags)) {
- memcpy(&v6.src_addr, lsa->src.ip.ip6.ip6_b, sizeof(v6.src_addr));
- memcpy(&v6.dst_addr, lsa->dst.ip.ip6.ip6_b, sizeof(v6.dst_addr));
+ v6.src_addr = lsa->src.ip.ip6;
+ v6.dst_addr = lsa->dst.ip.ip6;
}
rc = fill_ipsec_sa_prm(&prm, lsa, &v4, &v6);
diff --git a/examples/ipsec-secgw/sad.h b/examples/ipsec-secgw/sad.h
index fdb1d2ef1790..d8f3a91e7aa8 100644
--- a/examples/ipsec-secgw/sad.h
+++ b/examples/ipsec-secgw/sad.h
@@ -9,6 +9,8 @@
#include <rte_ip6.h>
#include <rte_ipsec_sad.h>
+#include "ipsec.h"
+
#define SA_CACHE_SZ 128
#define SPI2IDX(spi, mask) ((spi) & (mask))
@@ -39,8 +41,8 @@ cmp_sa_key(struct ipsec_sa *sa, int is_v4, struct rte_ipv4_hdr *ipv4,
(sa->dst.ip.ip4 == ipv4->dst_addr)) ||
/* IPv6 check */
(!is_v4 && (sa_type == IP6_TUNNEL) &&
- (!memcmp(sa->src.ip.ip6.ip6, &ipv6->src_addr, 16)) &&
- (!memcmp(sa->dst.ip.ip6.ip6, &ipv6->dst_addr, 16))))
+ (rte_ipv6_addr_eq(&sa->src.ip.ip6, &ipv6->src_addr)) &&
+ (rte_ipv6_addr_eq(&sa->dst.ip.ip6, &ipv6->dst_addr))))
return 1;
return 0;
@@ -130,10 +132,8 @@ sad_lookup(struct ipsec_sad *sad, struct rte_mbuf *pkts[],
}
}
v6[nb_v6].spi = esp->spi;
- memcpy(v6[nb_v6].dip, &ipv6->dst_addr,
- sizeof(ipv6->dst_addr));
- memcpy(v6[nb_v6].sip, &ipv6->src_addr,
- sizeof(ipv6->src_addr));
+ v6[nb_v6].dip = ipv6->dst_addr;
+ v6[nb_v6].sip = ipv6->src_addr;
keys_v6[nb_v6] = (const union rte_ipsec_sad_key *)
&v6[nb_v6];
v6_idxes[nb_v6++] = i;
diff --git a/examples/ipsec-secgw/sp6.c b/examples/ipsec-secgw/sp6.c
index cce4da78622e..ebc47dfe493c 100644
--- a/examples/ipsec-secgw/sp6.c
+++ b/examples/ipsec-secgw/sp6.c
@@ -17,36 +17,6 @@
#define INIT_ACL_RULE_NUM 128
-#define IPV6_FROM_SP(acr, fidx_low, fidx_high) \
- (((uint64_t)(acr).field[(fidx_high)].value.u32 << 32) | \
- (acr).field[(fidx_low)].value.u32)
-
-#define IPV6_DST_FROM_SP(addr, acr) do {\
- (addr).ip.ip6.ip6[0] = rte_cpu_to_be_64(IPV6_FROM_SP((acr), \
- IP6_DST1, IP6_DST0));\
- (addr).ip.ip6.ip6[1] = rte_cpu_to_be_64(IPV6_FROM_SP((acr), \
- IP6_DST3, IP6_DST2));\
- } while (0)
-
-#define IPV6_SRC_FROM_SP(addr, acr) do {\
- (addr).ip.ip6.ip6[0] = rte_cpu_to_be_64(IPV6_FROM_SP((acr), \
- IP6_SRC1, IP6_SRC0));\
- (addr).ip.ip6.ip6[1] = rte_cpu_to_be_64(IPV6_FROM_SP((acr), \
- IP6_SRC3, IP6_SRC2));\
- } while (0)
-
-#define IPV6_DST_MASK_FROM_SP(mask, acr) \
- ((mask) = (acr).field[IP6_DST0].mask_range.u32 + \
- (acr).field[IP6_DST1].mask_range.u32 + \
- (acr).field[IP6_DST2].mask_range.u32 + \
- (acr).field[IP6_DST3].mask_range.u32)
-
-#define IPV6_SRC_MASK_FROM_SP(mask, acr) \
- ((mask) = (acr).field[IP6_SRC0].mask_range.u32 + \
- (acr).field[IP6_SRC1].mask_range.u32 + \
- (acr).field[IP6_SRC2].mask_range.u32 + \
- (acr).field[IP6_SRC3].mask_range.u32)
-
enum {
IP6_PROTO,
IP6_SRC0,
@@ -62,8 +32,6 @@ enum {
IP6_NUM
};
-#define IP6_ADDR_SIZE 16
-
static struct rte_acl_field_def ip6_defs[IP6_NUM] = {
{
.type = RTE_ACL_FIELD_TYPE_BITMASK,
@@ -154,6 +122,52 @@ static struct acl6_rules *acl6_rules_in;
static uint32_t nb_acl6_rules_in;
static uint32_t sp_in_sz;
+static struct rte_ipv6_addr
+ipv6_src_from_sp(const struct acl6_rules *rule)
+{
+ struct rte_ipv6_addr alignas(alignof(rte_be64_t)) addr = RTE_IPV6_ADDR_UNSPEC;
+ rte_be64_t *values = (rte_be64_t *)&addr;
+
+ values[0] = rte_cpu_to_be_64((uint64_t)rule->field[IP6_SRC0].value.u32 << 32 |
+ rule->field[IP6_SRC1].value.u32);
+ values[1] = rte_cpu_to_be_64((uint64_t)rule->field[IP6_SRC2].value.u32 << 32 |
+ rule->field[IP6_SRC3].value.u32);
+
+ return addr;
+}
+
+static struct rte_ipv6_addr
+ipv6_dst_from_sp(const struct acl6_rules *rule)
+{
+ struct rte_ipv6_addr alignas(alignof(rte_be64_t)) addr = RTE_IPV6_ADDR_UNSPEC;
+ rte_be64_t *values = (rte_be64_t *)&addr;
+
+ values[0] = rte_cpu_to_be_64((uint64_t)rule->field[IP6_DST0].value.u32 << 32 |
+ rule->field[IP6_DST1].value.u32);
+ values[1] = rte_cpu_to_be_64((uint64_t)rule->field[IP6_DST2].value.u32 << 32 |
+ rule->field[IP6_DST3].value.u32);
+
+ return addr;
+}
+
+static uint32_t
+ipv6_src_mask_from_sp(const struct acl6_rules *rule)
+{
+ return rule->field[IP6_SRC0].mask_range.u32 +
+ rule->field[IP6_SRC1].mask_range.u32 +
+ rule->field[IP6_SRC2].mask_range.u32 +
+ rule->field[IP6_SRC3].mask_range.u32;
+}
+
+static uint32_t
+ipv6_dst_mask_from_sp(const struct acl6_rules *rule)
+{
+ return rule->field[IP6_DST0].mask_range.u32 +
+ rule->field[IP6_DST1].mask_range.u32 +
+ rule->field[IP6_DST2].mask_range.u32 +
+ rule->field[IP6_DST3].mask_range.u32;
+}
+
static int
extend_sp_arr(struct acl6_rules **sp_tbl, uint32_t cur_cnt, uint32_t *cur_sz)
{
@@ -329,7 +343,7 @@ parse_sp6_tokens(char **tokens, uint32_t n_tokens,
}
if (strcmp(tokens[ti], "src") == 0) {
- struct in6_addr ip;
+ struct rte_ipv6_addr ip;
uint32_t depth;
APP_CHECK_PRESENCE(src_p, tokens[ti], status);
@@ -347,34 +361,34 @@ parse_sp6_tokens(char **tokens, uint32_t n_tokens,
return;
rule_ipv6->field[1].value.u32 =
- (uint32_t)ip.s6_addr[0] << 24 |
- (uint32_t)ip.s6_addr[1] << 16 |
- (uint32_t)ip.s6_addr[2] << 8 |
- (uint32_t)ip.s6_addr[3];
+ (uint32_t)ip.a[0] << 24 |
+ (uint32_t)ip.a[1] << 16 |
+ (uint32_t)ip.a[2] << 8 |
+ (uint32_t)ip.a[3];
rule_ipv6->field[1].mask_range.u32 =
(depth > 32) ? 32 : depth;
depth = (depth > 32) ? (depth - 32) : 0;
rule_ipv6->field[2].value.u32 =
- (uint32_t)ip.s6_addr[4] << 24 |
- (uint32_t)ip.s6_addr[5] << 16 |
- (uint32_t)ip.s6_addr[6] << 8 |
- (uint32_t)ip.s6_addr[7];
+ (uint32_t)ip.a[4] << 24 |
+ (uint32_t)ip.a[5] << 16 |
+ (uint32_t)ip.a[6] << 8 |
+ (uint32_t)ip.a[7];
rule_ipv6->field[2].mask_range.u32 =
(depth > 32) ? 32 : depth;
depth = (depth > 32) ? (depth - 32) : 0;
rule_ipv6->field[3].value.u32 =
- (uint32_t)ip.s6_addr[8] << 24 |
- (uint32_t)ip.s6_addr[9] << 16 |
- (uint32_t)ip.s6_addr[10] << 8 |
- (uint32_t)ip.s6_addr[11];
+ (uint32_t)ip.a[8] << 24 |
+ (uint32_t)ip.a[9] << 16 |
+ (uint32_t)ip.a[10] << 8 |
+ (uint32_t)ip.a[11];
rule_ipv6->field[3].mask_range.u32 =
(depth > 32) ? 32 : depth;
depth = (depth > 32) ? (depth - 32) : 0;
rule_ipv6->field[4].value.u32 =
- (uint32_t)ip.s6_addr[12] << 24 |
- (uint32_t)ip.s6_addr[13] << 16 |
- (uint32_t)ip.s6_addr[14] << 8 |
- (uint32_t)ip.s6_addr[15];
+ (uint32_t)ip.a[12] << 24 |
+ (uint32_t)ip.a[13] << 16 |
+ (uint32_t)ip.a[14] << 8 |
+ (uint32_t)ip.a[15];
rule_ipv6->field[4].mask_range.u32 =
(depth > 32) ? 32 : depth;
@@ -383,7 +397,7 @@ parse_sp6_tokens(char **tokens, uint32_t n_tokens,
}
if (strcmp(tokens[ti], "dst") == 0) {
- struct in6_addr ip;
+ struct rte_ipv6_addr ip;
uint32_t depth;
APP_CHECK_PRESENCE(dst_p, tokens[ti], status);
@@ -401,34 +415,34 @@ parse_sp6_tokens(char **tokens, uint32_t n_tokens,
return;
rule_ipv6->field[5].value.u32 =
- (uint32_t)ip.s6_addr[0] << 24 |
- (uint32_t)ip.s6_addr[1] << 16 |
- (uint32_t)ip.s6_addr[2] << 8 |
- (uint32_t)ip.s6_addr[3];
+ (uint32_t)ip.a[0] << 24 |
+ (uint32_t)ip.a[1] << 16 |
+ (uint32_t)ip.a[2] << 8 |
+ (uint32_t)ip.a[3];
rule_ipv6->field[5].mask_range.u32 =
(depth > 32) ? 32 : depth;
depth = (depth > 32) ? (depth - 32) : 0;
rule_ipv6->field[6].value.u32 =
- (uint32_t)ip.s6_addr[4] << 24 |
- (uint32_t)ip.s6_addr[5] << 16 |
- (uint32_t)ip.s6_addr[6] << 8 |
- (uint32_t)ip.s6_addr[7];
+ (uint32_t)ip.a[4] << 24 |
+ (uint32_t)ip.a[5] << 16 |
+ (uint32_t)ip.a[6] << 8 |
+ (uint32_t)ip.a[7];
rule_ipv6->field[6].mask_range.u32 =
(depth > 32) ? 32 : depth;
depth = (depth > 32) ? (depth - 32) : 0;
rule_ipv6->field[7].value.u32 =
- (uint32_t)ip.s6_addr[8] << 24 |
- (uint32_t)ip.s6_addr[9] << 16 |
- (uint32_t)ip.s6_addr[10] << 8 |
- (uint32_t)ip.s6_addr[11];
+ (uint32_t)ip.a[8] << 24 |
+ (uint32_t)ip.a[9] << 16 |
+ (uint32_t)ip.a[10] << 8 |
+ (uint32_t)ip.a[11];
rule_ipv6->field[7].mask_range.u32 =
(depth > 32) ? 32 : depth;
depth = (depth > 32) ? (depth - 32) : 0;
rule_ipv6->field[8].value.u32 =
- (uint32_t)ip.s6_addr[12] << 24 |
- (uint32_t)ip.s6_addr[13] << 16 |
- (uint32_t)ip.s6_addr[14] << 8 |
- (uint32_t)ip.s6_addr[15];
+ (uint32_t)ip.a[12] << 24 |
+ (uint32_t)ip.a[13] << 16 |
+ (uint32_t)ip.a[14] << 8 |
+ (uint32_t)ip.a[15];
rule_ipv6->field[8].mask_range.u32 =
(depth > 32) ? 32 : depth;
@@ -757,10 +771,10 @@ sp6_spi_present(uint32_t spi, int inbound, struct ip_addr ip_addr[2],
rule = bsearch(&tmpl, acr, num, sizeof(struct acl6_rules), sp_cmp);
if (rule != NULL) {
if (NULL != ip_addr && NULL != mask) {
- IPV6_SRC_FROM_SP(ip_addr[0], *rule);
- IPV6_DST_FROM_SP(ip_addr[1], *rule);
- IPV6_SRC_MASK_FROM_SP(mask[0], *rule);
- IPV6_DST_MASK_FROM_SP(mask[1], *rule);
+ ip_addr[0].ip.ip6 = ipv6_src_from_sp(rule);
+ ip_addr[1].ip.ip6 = ipv6_dst_from_sp(rule);
+ mask[0] = ipv6_src_mask_from_sp(rule);
+ mask[1] = ipv6_dst_mask_from_sp(rule);
}
return RTE_PTR_DIFF(rule, acr) / sizeof(struct acl6_rules);
}
diff --git a/lib/ipsec/rte_ipsec_sad.h b/lib/ipsec/rte_ipsec_sad.h
index 0adf89d9310c..c7fb4744304e 100644
--- a/lib/ipsec/rte_ipsec_sad.h
+++ b/lib/ipsec/rte_ipsec_sad.h
@@ -8,6 +8,7 @@
#include <stdint.h>
+#include <rte_ip6.h>
/**
* @file rte_ipsec_sad.h
@@ -38,8 +39,8 @@ struct rte_ipsec_sadv4_key {
struct rte_ipsec_sadv6_key {
uint32_t spi;
- uint8_t dip[16];
- uint8_t sip[16];
+ struct rte_ipv6_addr dip;
+ struct rte_ipv6_addr sip;
};
union rte_ipsec_sad_key {
--
2.47.0