From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 406C5A0C46; Mon, 27 Sep 2021 17:07:21 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 215D7410DA; Mon, 27 Sep 2021 17:07:21 +0200 (CEST) Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mails.dpdk.org (Postfix) with ESMTP id 3D19140E3C for ; Mon, 27 Sep 2021 17:07:20 +0200 (CEST) X-IronPort-AV: E=McAfee;i="6200,9189,10120"; a="310043857" X-IronPort-AV: E=Sophos;i="5.85,326,1624345200"; d="scan'208";a="310043857" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Sep 2021 08:07:07 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.85,326,1624345200"; d="scan'208";a="707148198" Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by fmsmga005.fm.intel.com with ESMTP; 27 Sep 2021 08:07:06 -0700 Received: from fmsmsx604.amr.corp.intel.com (10.18.126.84) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Mon, 27 Sep 2021 08:07:06 -0700 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx604.amr.corp.intel.com (10.18.126.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12 via Frontend Transport; Mon, 27 Sep 2021 08:07:06 -0700 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.101) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.12; Mon, 27 Sep 2021 08:07:05 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WAvpV4w4NymwIjrlUrMpyU6ugJ6L2ksgbXeZs+ZshFwY3wVijV19ki0tHKlbZhchiD0T8c3rdLSGgj9v/McBSrVyWyqkx+0TpGLJP4z6Nlkyy/sdqe77CFuMSSEwOpi+vGSWPqqgFnfnOuBNbfdnBxVPveRPLTv8+KHfgl0RPJe9UQrQ9mJ0bYMK0q6LrCrEXC3SVQlni+BgiDezzuhmTkz0gifvorWuXPlMWS1l2fQxbB/ppuFFrNCE74rqvcyIzTR9TIBH9XWMSydWN8CJDzTTjKzGF/B8oHqNRiYV/HfqCyz2YulgZhvMOoF9pTZfwpyt3jrThvHvea3acY2P3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=b79uwexPGgcIk6sjjs5fZLgb3oBF84NkdeSbGlIv9lU=; b=lozIWIbpzEx7vkAokwgTXoFpN0sH4++Us5S3f/R0w/1Ny/hIEbzkWTE+np6Q3ssTE5+mPPv8N9lo3SzH/wXjhTYGTJY3WAxSyUaORXX2CCAZE3ceQlzZdbgrBYAjmHuO9KG7SqKiyLXNe6BD8jooHV8eL83g2dv+HqebRvaw/z3+el2bz0ONOS+lmnrdue6mIgsxIl+C0T7e99pl/k+/Hbqk7X61UHQhDTNQZxCanpghp7tAsy7bvKN2JMDw5IGLoIiXfDdqZ49JrAF+xfg7TpxMG6+RGVVt0h0zI5I0vWmay5JIO3vJjEYjFJtOpHk8GJ49toYPGAr6DWGS5JRoZw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=b79uwexPGgcIk6sjjs5fZLgb3oBF84NkdeSbGlIv9lU=; b=r9VhM/vLwEEDQZHJxN3UC1u1FID0uZvsFxZFQZH/RGQBkxycN/ZPgPay1qanotZ75jQhPZduL78l1P6DSlWUaYlktoUJ2umcQaoNaznvIBnkzAA1xZHkezgQ+Csl8G/cVdBlkazhev/GuvGa9qH4Qr5F3ISjGgaO0saEIXcW+yo= Authentication-Results: nvidia.com; dkim=none (message not signed) header.d=none;nvidia.com; dmarc=none action=none header.from=intel.com; Received: from CO1PR11MB4868.namprd11.prod.outlook.com (2603:10b6:303:90::19) by MWHPR1101MB2207.namprd11.prod.outlook.com (2603:10b6:301:58::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.13; Mon, 27 Sep 2021 15:07:02 +0000 Received: from CO1PR11MB4868.namprd11.prod.outlook.com ([fe80::4dcc:489e:1d86:47cb]) by CO1PR11MB4868.namprd11.prod.outlook.com ([fe80::4dcc:489e:1d86:47cb%9]) with mapi id 15.20.4544.022; Mon, 27 Sep 2021 15:07:02 +0000 To: "Ananyev, Konstantin" , "Iremonger, Bernard" , "Medvedkin, Vladimir" CC: "dev@dpdk.org" , "mdr@ashroe.eu" , "Richardson, Bruce" , "Zhang, Roy Fan" , "hemant.agrawal@nxp.com" , "gakhil@marvell.com" , "anoobj@marvell.com" , "Doherty, Declan" , "Sinha, Abhijit" , "Buckley, Daniel M" , "marchana@marvell.com" , "ktejasree@marvell.com" , "matan@nvidia.com" References: <20210713133542.3550525-1-radu.nicolau@intel.com> <20210917091747.1528262-1-radu.nicolau@intel.com> <20210917091747.1528262-8-radu.nicolau@intel.com> <4be5cbe4-316c-84a0-df0c-8b57282a2484@intel.com> From: "Nicolau, Radu" Message-ID: <3764cab4-4b79-fd6f-1518-00ca0ef8d52e@intel.com> Date: Mon, 27 Sep 2021 16:06:53 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0 Thunderbird/78.14.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-GB X-ClientProxiedBy: DB6PR07CA0193.eurprd07.prod.outlook.com (2603:10a6:6:42::23) To CO1PR11MB4868.namprd11.prod.outlook.com (2603:10b6:303:90::19) MIME-Version: 1.0 Received: from [192.168.1.12] (109.255.186.106) by DB6PR07CA0193.eurprd07.prod.outlook.com (2603:10a6:6:42::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4566.7 via Frontend Transport; Mon, 27 Sep 2021 15:06:59 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: d010fef2-4040-4e58-12c4-08d981c875d3 X-MS-TrafficTypeDiagnostic: MWHPR1101MB2207: X-LD-Processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: tVksRUF6yyUAGv3gBrJ6eawoo0+oK6s+dQibp7Op+MDl11IhEMyM1l706X7pZlGurB0Yi3bqc6lLGO/RTumRBcNEuqsc8mC0mhyck6KFFY21tgDVI4qf8HPfV1PCyUVXC5UUQF7H7UJ/Jvo9Oa0dFP0WLCMC3i6cP8kTAqSyc9Tko/5j+ZS0kqV7eO2KLm86lxQlZjqesxf16dP+y2mVze8mYDAgNxRArb2nQ11iQItbta0mhL49l3fOhlZ1tCkX8Tb3VLBf2cK9ymD64rlvCWGqKv2gw69OAcfByd2wBlS/LE8lspzas70MK90/qfVKe4RZrYgNL1R7TsH6Y1M3oUG4iyKPKHYNmaoPPD4I7JjAzHBH1x/cXGy307TCP4Zlj6z+4xDTRNk/rxjYcRaR9qkSyVGYi5RlLOsgk2rRaMpevYWyz63UcVENkIgGryHQt5s+4W/o1MQ8HKuvPGen1qSUx8wz8V/SXTwX0OHU5cmF8FaWB+KR4RORrj/uDuUFlKeIGwOUvzASxOKsA6i2UEnzm4VLhE2kRbZ8h2N5pQFQ0Psh6UF3GFoPa9zbrN2XUGIk9Icc0pQUbCh8C63UUjmOe8x4Wp6W0wa8QwOC74aHcnRJa1wOHGkcBDe4Kn4W7ck9uRZm/VI0UmxOwq5mVj8M+XvBm5vhFkxC3UalxOh+VcLJ/+/1SWx2KgYNxmfjSGt2mWhpub6+KLuoKHtMFJpOCgJu/637gdzs0y50VIpO2PkmVKhFA+xKY2jHlXnW X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR11MB4868.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(6486002)(6666004)(26005)(36756003)(83380400001)(186003)(2616005)(956004)(6636002)(110136005)(54906003)(8676002)(5660300002)(53546011)(55236004)(4326008)(16576012)(316002)(8936002)(2906002)(66556008)(66476007)(508600001)(31696002)(66946007)(38100700002)(31686004)(86362001)(45980500001)(43740500002); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?THJKdlhhOExkZHJFdnEvMHJreVd3TDZsMFFwZjRqb2QyTk4zMGN6LzlzUkgw?= =?utf-8?B?dHBDcXZtbWUwK2lIcFVDNSthbDhTc2k2dWFXRmhUU3NZUy9GcGVWZkVJQTM0?= =?utf-8?B?Ym5yZHZsa0NWcFdpb0ZxQU5CSW9YaVg5SnJqZnVEN3lNQVgwdVdQVWNlQ0wy?= =?utf-8?B?MWFxT2VKTk44Rk5pRzhSRFF6N0JscElEeXd0WlVtNmtlbmxXaHZSTDgwenlH?= =?utf-8?B?dG1LUGF5VkVFOXhaOU9nVWgxam9nWTluNVdNM2wrcXJNUHdEZEwwQXRJUnhx?= =?utf-8?B?WEc2M1crSXJMK0tILyszSXdCZkdRVkJvTVZiMHIvM1BGeFFJVjhmT3BqS0h2?= =?utf-8?B?dzBBNVozdHNNcGxKbm8yMDhNcktBWDFQYkhlVE9kYWxEQVJydkl1N0hob0Nh?= =?utf-8?B?VFF4dHREUTgrRlVJclJnM2Z4aG1ndkgxVmpOaUg3MUt3cmgxaG8rbm9CZ1Uz?= =?utf-8?B?TjBvMDRTZkNGeEltWXEyYWt6OXNieVhRTEV2Y1daTFZJMVA4SzJ5SUN2UnFM?= =?utf-8?B?K0ZOSjZ5amdFbHMwdmEvV0JJa1ZXMUNFSGFnc3ZLNXVmSU02RS9wM1EyS0RQ?= =?utf-8?B?bHh3TklaOWJXZG1VZlJmdDJDYnpTZUE4d0lSMVVsR2pnQXJRSlNQZkZjK3cz?= =?utf-8?B?b2p6OG9vL09sUHdPa0hoNkxPbGc5ZjlpdnJWRWtTSSsreEN4OGQyN3VEY3pv?= =?utf-8?B?Qzc1bWgrQmxGYi9KS1o1ZDg5QThjYWJzTG5CTHhMZGVMYitORHJ6WnlyMlEy?= =?utf-8?B?cy9xVU5Cd3ZvNmk1dmpOaTBnNkFqQy96bTVaeXZyNDNhV3VKdkh3OUd1Yk8v?= =?utf-8?B?ZWNiaUZKYVo0bU4wc1EybkRYQUU3Z0tMaTdScXI5TzdNSHRDcXlUdk5keFN0?= =?utf-8?B?SWdXeXhXYUU5a2xrbHdGTmtrRm1QZ2NScFBTVkFCaWVJTUU0SnJJOS9oazRK?= =?utf-8?B?WGhwODdGNXo2ZUNhVTRmVkFlZmdyV21OYjNIMEEyTEY3YVdWSHppRzVCK05E?= =?utf-8?B?QW1XTUozN3NjSWFUV1JZRXd2dDNrWVhnOFpvUndiUjBrdlBONnVjdlpSS3B6?= =?utf-8?B?cTlRbkZPc0FmK0txTkNMeC9uTURRVGJ4cjVxSWxQSzBpUzFrOWZxZ2ZGaHJr?= =?utf-8?B?c3V1OHY1VmQyMXR5QncweXVFeFIxRHRDK2dUTjJuZElOSTRNNWVTRGY3U1NX?= =?utf-8?B?ajlaZlNTazJEMkQxN1plSkVGNGZpaGE0a3pHWnYvWlN1UWhNM2dXcnZNK2pI?= =?utf-8?B?c3hFK1BkVzZ4MkEreG5qQTNpQ2tkUTRTSHZOLzhKdXY1K01qTUdiWDZCbnV0?= =?utf-8?B?ekhiaHd3NWZKN3ZFd3RRekJpc0RQV1BEOWtlOHBMRExuQ2Q5ZEZXT3lSSGF0?= =?utf-8?B?cFQxZldMK2piSEo1WXMzNkRsQzV5SnF1cmdYVVVBTGhPSzRTNE4zdVFESEgv?= =?utf-8?B?OGlyZGNwdWVBMGdPU04vRldLNmJrK2RiWlNzZXgvZDVSUHhENEtNbFYwNGI1?= =?utf-8?B?V0Y1Tlg0TlExd1k3S3NzYnlJTHFuTHc0dGp0RnZMeEJ2MEllMi9XRU01dk1s?= =?utf-8?B?d21CUVdzL1F4VFFiaW4xVkZYZzNkdUJTUlVFWWxORndyTlFZTkdtRHM0QWEw?= =?utf-8?B?cmRkeHlBRFdNUDZzaW5wUUhuVTAwR3ZYbmhIa0I1NllTaWZFYjg3Qkg5cGN3?= =?utf-8?B?NFZQNERLbmIvR3o5M0dhK1F3eldNYjcvcStJK0xPb2EyWlJlVjRuUTV3NVdO?= =?utf-8?Q?Uo122KE9jGqmjKfo4SeiJ26aqUBr49PzBmgPqg+?= X-MS-Exchange-CrossTenant-Network-Message-Id: d010fef2-4040-4e58-12c4-08d981c875d3 X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB4868.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Sep 2021 15:07:02.1418 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: KkBKO1igQ8522K3TQpBgkbamEnmvvdp2SqWjcFa5+PPfrjMYT/bNOv9Zh0qEW8+YWr7xEbgmk8MfOhftsC1VAA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR1101MB2207 X-OriginatorOrg: intel.com Subject: Re: [dpdk-dev] [PATCH v6 07/10] ipsec: add support for NAT-T X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On 9/27/2021 3:55 PM, Ananyev, Konstantin wrote: > >> On 9/23/2021 5:43 PM, Ananyev, Konstantin wrote: >>>> Add support for the IPsec NAT-Traversal use case for Tunnel mode >>>> packets. >>>> >>>> Signed-off-by: Declan Doherty >>>> Signed-off-by: Radu Nicolau >>>> Signed-off-by: Abhijit Sinha >>>> Signed-off-by: Daniel Martin Buckley >>>> Acked-by: Fan Zhang >>>> --- >>>> lib/ipsec/iph.h | 17 +++++++++++++++++ >>>> lib/ipsec/rte_ipsec_sa.h | 8 +++++++- >>>> lib/ipsec/sa.c | 13 ++++++++++++- >>>> lib/ipsec/sa.h | 4 ++++ >>>> 4 files changed, 40 insertions(+), 2 deletions(-) >>>> >>>> diff --git a/lib/ipsec/iph.h b/lib/ipsec/iph.h >>>> index 2d223199ac..c5c213a2b4 100644 >>>> --- a/lib/ipsec/iph.h >>>> +++ b/lib/ipsec/iph.h >>>> @@ -251,6 +251,7 @@ update_tun_outb_l3hdr(const struct rte_ipsec_sa *sa, void *outh, >>>> { >>>> struct rte_ipv4_hdr *v4h; >>>> struct rte_ipv6_hdr *v6h; >>>> + struct rte_udp_hdr *udph; >>>> uint8_t is_outh_ipv4; >>>> >>>> if (sa->type & RTE_IPSEC_SATP_MODE_TUNLV4) { >>>> @@ -258,11 +259,27 @@ update_tun_outb_l3hdr(const struct rte_ipsec_sa *sa, void *outh, >>>> v4h = outh; >>>> v4h->packet_id = pid; >>>> v4h->total_length = rte_cpu_to_be_16(plen - l2len); >>>> + >>>> + if (sa->type & RTE_IPSEC_SATP_NATT_ENABLE) { >>>> + udph = (struct rte_udp_hdr *)(v4h + 1); >>>> + udph->dst_port = sa->natt.dport; >>>> + udph->src_port = sa->natt.sport; >>>> + udph->dgram_len = rte_cpu_to_be_16(plen - l2len - >>>> + (sizeof(*v4h) + sizeof(*udph))); >>>> + } >>>> } else { >>>> is_outh_ipv4 = 0; >>>> v6h = outh; >>>> v6h->payload_len = rte_cpu_to_be_16(plen - l2len - >>>> sizeof(*v6h)); >>>> + >>>> + if (sa->type & RTE_IPSEC_SATP_NATT_ENABLE) { >>>> + udph = (struct rte_udp_hdr *)(v6h + 1); >>> Why you presume there would be always ipv6 with no options? >>> Shouldn't we use hdr_l3_len provided by user? >> Yes, I will use hdr_l3_len. >> >>> Another thing - I am not sure we need 'natt' field in rte_ipsec_sa at all. >>> UDP header (sport, dport) is consitant and could be part of header template >>> provided by user at sa initialization time. >> The rte_security_ipsec_sa_options::udp_encap flag assumes that the UDP >> encapsulation i.e. adding the header is not the responsibility of the >> user, so we can append it (transparently to the user) to the header >> template but the user should not do it. Will this work? > Interesting idea, I suppose that should work... > Do I get it right, this udp header will always be appended to the end of > user provided tun.hdr? Yes. So normally after whatever user puts in we insert the ESP header. When the UDP encapsulation is enabled we should insert the UDP header before the ESP header, so this arrangement should work. > >> >>>> + udph->dst_port = sa->natt.dport; >>>> + udph->src_port = sa->natt.sport; >>>> + udph->dgram_len = rte_cpu_to_be_16(plen - l2len - >>>> + (sizeof(*v6h) + sizeof(*udph))); >>> Whose responsibility will be to update cksum field? >> According to the RFC it should be zero and the rx side must not >> check/use it. I will set it as zero