From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 54480A0548;
	Mon, 27 Sep 2021 15:27:26 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 3B58A410DD;
	Mon, 27 Sep 2021 15:27:26 +0200 (CEST)
Received: from mga02.intel.com (mga02.intel.com [134.134.136.20])
 by mails.dpdk.org (Postfix) with ESMTP id 207B6410DC
 for <dev@dpdk.org>; Mon, 27 Sep 2021 15:27:23 +0200 (CEST)
X-IronPort-AV: E=McAfee;i="6200,9189,10119"; a="211722957"
X-IronPort-AV: E=Sophos;i="5.85,326,1624345200"; d="scan'208";a="211722957"
Received: from orsmga008.jf.intel.com ([10.7.209.65])
 by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 27 Sep 2021 06:27:21 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.85,326,1624345200"; d="scan'208";a="486150390"
Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15])
 by orsmga008.jf.intel.com with ESMTP; 27 Sep 2021 06:27:20 -0700
Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by
 ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2242.12; Mon, 27 Sep 2021 06:27:20 -0700
Received: from orsmsx606.amr.corp.intel.com (10.22.229.19) by
 ORSMSX611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2242.12; Mon, 27 Sep 2021 06:27:20 -0700
Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by
 orsmsx606.amr.corp.intel.com (10.22.229.19) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2242.12 via Frontend Transport; Mon, 27 Sep 2021 06:27:20 -0700
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.169)
 by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2242.12; Mon, 27 Sep 2021 06:27:19 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=ZQIMB4K2U6ND10HvWicG+u0jKdFxoFu78HWw/jZHjWhWgtmcVrHZtfKgzOD57cAIo6IdULkPCxffVZdkCNWUhMR8IEvSSf57cFPEbGFFaggALzLGG+PyZj2BUDnT+ta0VS9mxQROW0ahH1oMBNddaOD/IjYVEnObwPhRbllGhgjmldFwhkSsNGPh1jAGwALEB3mouDGU50VwOSCeDRWJDzb5f/J/JN0WQS1GtOX4MUqRHgYITfKxuucne6UDEnrjR1UIWF1OXZPw9c+YqpW/prsijtR0dEC1WA3fkgtO+xWxeEo7HNQ3gIjH1GX9g209Ktyaz4yekoHosErXhizJog==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; 
 bh=6N+aZ2Om0vNBwiD+0DIvyqK85CME8ISiG0pvj/lFLeg=;
 b=MD/lShzIa6bbHJLoC4dwYRqXCWzrKTbvriUSW31xUeC2jPKda4waceVaNT6ugqn4GxfVMXJXNAu1oPQZ1wrQAtbc7P/eVJsUwhK3gI4B1YhO5i53C0g+uPIEsTb0tEeFG9dUQFmMoWf5MssDXLEGHeVBkvflFpkg6tx6cCBDHBxdRawt+LVXtT5Y1c6HDhxpd/lo9lmvyqHNY1mCB7leslD6TrYG/ntgANHAn0yIqMqRCPZmOCsiUrpbxkectnPWtWXty3HSsaYgjxuI7loOqejyBUxZ//EJUBGGMrHDUgTIWxmBWC6s116uXjsQWmUZJkslxPm59/X+Pjl9jCK7Fw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; 
 s=selector2-intel-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=6N+aZ2Om0vNBwiD+0DIvyqK85CME8ISiG0pvj/lFLeg=;
 b=p/05I06kG6YlVeIjO+HjIVz17SzOFeU2aV4lixwG3NMgJ+xHeP7ZwS6SSb2JfoglTsioOMGOlfz1psHezDDRQZspcvvZvS7HiczWmnKzGQHpGxyT2L4xP56VtmB59NuuNsxKei80icwr9wkeidt9WAAuyfRLkP4l1veXcWm4OuU=
Authentication-Results: nvidia.com; dkim=none (message not signed)
 header.d=none;nvidia.com; dmarc=none action=none header.from=intel.com;
Received: from CO1PR11MB4868.namprd11.prod.outlook.com (2603:10b6:303:90::19)
 by CO1PR11MB4819.namprd11.prod.outlook.com (2603:10b6:303:91::22)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.15; Mon, 27 Sep
 2021 13:27:18 +0000
Received: from CO1PR11MB4868.namprd11.prod.outlook.com
 ([fe80::4dcc:489e:1d86:47cb]) by CO1PR11MB4868.namprd11.prod.outlook.com
 ([fe80::4dcc:489e:1d86:47cb%9]) with mapi id 15.20.4544.022; Mon, 27 Sep 2021
 13:27:18 +0000
To: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>, "Iremonger, Bernard"
 <bernard.iremonger@intel.com>, "Medvedkin, Vladimir"
 <vladimir.medvedkin@intel.com>
CC: "dev@dpdk.org" <dev@dpdk.org>, "mdr@ashroe.eu" <mdr@ashroe.eu>,
 "Richardson, Bruce" <bruce.richardson@intel.com>, "Zhang, Roy Fan"
 <roy.fan.zhang@intel.com>, "hemant.agrawal@nxp.com" <hemant.agrawal@nxp.com>, 
 "gakhil@marvell.com" <gakhil@marvell.com>, "anoobj@marvell.com"
 <anoobj@marvell.com>, "Doherty, Declan" <declan.doherty@intel.com>, "Sinha,
 Abhijit" <abhijit.sinha@intel.com>, "Buckley, Daniel M"
 <daniel.m.buckley@intel.com>, "marchana@marvell.com" <marchana@marvell.com>,
 "ktejasree@marvell.com" <ktejasree@marvell.com>, "matan@nvidia.com"
 <matan@nvidia.com>
References: <20210713133542.3550525-1-radu.nicolau@intel.com>
 <20210917091747.1528262-1-radu.nicolau@intel.com>
 <20210917091747.1528262-8-radu.nicolau@intel.com>
 <DM6PR11MB4491C3F5EF8EF4B6B8728CEE9AA39@DM6PR11MB4491.namprd11.prod.outlook.com>
From: "Nicolau, Radu" <radu.nicolau@intel.com>
Message-ID: <4be5cbe4-316c-84a0-df0c-8b57282a2484@intel.com>
Date: Mon, 27 Sep 2021 14:27:09 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Firefox/78.0 Thunderbird/78.14.0
In-Reply-To: <DM6PR11MB4491C3F5EF8EF4B6B8728CEE9AA39@DM6PR11MB4491.namprd11.prod.outlook.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-GB
X-ClientProxiedBy: DU2PR04CA0326.eurprd04.prod.outlook.com
 (2603:10a6:10:2b5::31) To CO1PR11MB4868.namprd11.prod.outlook.com
 (2603:10b6:303:90::19)
MIME-Version: 1.0
Received: from [192.168.1.12] (109.255.186.106) by
 DU2PR04CA0326.eurprd04.prod.outlook.com (2603:10a6:10:2b5::31) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.4544.13 via Frontend Transport; Mon, 27 Sep 2021 13:27:14 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: f3e94ce6-3d80-4830-d6ad-08d981ba86f2
X-MS-TrafficTypeDiagnostic: CO1PR11MB4819:
X-LD-Processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: <CO1PR11MB48194BBB59D6B95E9BF42F6090A79@CO1PR11MB4819.namprd11.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: Ntj3PENbQ/DvRIfksI8wkeh3mQlTiyY4G4GGk6u8daiFQbOh0soSbhL6Z0ObVf5cSlNIRnqMi+3Al8l6N7ghDzsFKKOb91XwYh5m2unAXlhQvyWHwUyRdKu3SAfQjPp0GvC9+yzDC+S+HNItrBsn+hoN/RgM/BNCEomBZg4lkv7D6heeokachNYh7/NZJqDu0u5rlrNAjB5rgh4gduH1X7nO77kIWzg4CdPmP9B8fA5Km5QJZt4TwhR/9kpiy7G9nT23vqKPCYUgUDQemxG1Dh9vv4wPjOUOTQPVB8Hxl56cnV04zOdmfrpi9vR6vMFvxTmmlW+OLUuFzUR0z018e2737mhxYqnFmiSDHkGwjKyEUZ6IrqXHpL1mOvrXXC+2klCa+TM515auIUFf3f4PJy+1FVhvquMdTsKy9zgcNPMuSabDrBtQZJRnBYZRxhTR6qmwW2rdSl5enB/Cy8bUX/FPnogyExfQyy2SF8oGSym1dhrmKiOlB9Zry2Webtj60a+yAvSndj+pNORtY7kAyIMHgoDDpq59ZZWVH46PFg2iim7Tq77K8ljD+wUh66R5lO8532EhwJ0DOaxjmgqTWpE2Lgkflpt2NP0644DcU+KIcvphCgO2Cma2hwHqr2obBqUCOCddVaYN99P45ULKOZ0/bKpwSTyQaJ2OUrEyUD4oMfqjmdrSJKENgdDxg7aI/c4TU4KWvphEmTQhZUCgYuZIelkWegqBj2FOQ3EDc1rESksxD4GAttJYD0L7+wAw
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:CO1PR11MB4868.namprd11.prod.outlook.com; PTR:; CAT:NONE;
 SFS:(4636009)(366004)(83380400001)(8676002)(53546011)(6666004)(5660300002)(38100700002)(55236004)(8936002)(26005)(2906002)(508600001)(36756003)(66556008)(66946007)(86362001)(66476007)(31686004)(6486002)(31696002)(6636002)(54906003)(4326008)(316002)(110136005)(186003)(956004)(2616005)(16576012)(45980500001)(43740500002);
 DIR:OUT; SFP:1102; 
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?NElRZUFIeWF0RVdKbnZzMFh1VnVVRGMrdGlWRkxLQXE0cFpBSTBVNCt6cnN1?=
 =?utf-8?B?akM5NzlTMWpLMU1yTlBVUGhaeXFBeWNYNFAxbkhDaUpWVm5BZG5aendmMGFu?=
 =?utf-8?B?NGlxc3RrbCs0NzVadktjdWoyL05BZkQ3NVYvaUx3cW16cWxJWE9HOEZPdVkx?=
 =?utf-8?B?aE85enBlSm5zYWNxeDkwUTV2UGJSSFJZUnd2dVBuTjlBKzB0Y3VpOWpFOW1U?=
 =?utf-8?B?b1FVQjBTdkNNVlIrR0NaT1kvRlJ0ZndOMTRuNldTTHlmNy9SaHkwTHMvN2R6?=
 =?utf-8?B?NDBGSTFveDZJVS9TSGUwYzc5dGdPL3h4NExTQXVIazA3UHIxdUNYaU14c0Rq?=
 =?utf-8?B?ZVRHOVVUK1NXVW10d3NOUXNZdWQrNWw1RHZPSS9qM3F0c251OHNUTkJkUU9w?=
 =?utf-8?B?cG1aRzg4TVJGUndwd2pDMHVGaXFMVjl1K0VjYnM1eDhtcDZLaVZzKzdKZmdZ?=
 =?utf-8?B?WFhVM3JQSFpDZks0WTh6Z3BKWTYvQUZ6VzI4dVIxdHFVai9FYjh1YUphb3NF?=
 =?utf-8?B?WFlBL0tEOWY2aUJTazV4ZFlCWm5pb0JibzlDSmZoYmUrbFVxNHRqUlVSK20x?=
 =?utf-8?B?WXYySmoxM0tpZUd4eDFZcVlpdHNma1Y0Vmh3U21nUlgwdDAxalB5Y1h4UFRX?=
 =?utf-8?B?NVJKMVh4S1l1Zkh1ZGdEOUI4VDZmZEVkOHQzSTg3empvSGRoMVJ3eWEvcHdj?=
 =?utf-8?B?UEZZMEZiNTFUL0swRUxxeHl6TENldHBjOE5oS1lrWXFTdXMyQ1hiR0ZrQjBE?=
 =?utf-8?B?K3VQUzRVYXg3RnlWYzVIZXQrUlNHOUxqQ0UxRjNBVkxkaEl3MWlSc1hKQXBl?=
 =?utf-8?B?UWhFc3IvVjhqM3o4T3p6RXZaQ1ZmNW9hNkVzUTBTRnlCVlJIdG1OaTBWcmVl?=
 =?utf-8?B?c051QlA1ME9KMElmOTFhQXR3WTBCSHpEckhQRVZiN1Q1Z3c2aVhvZjBCZkR6?=
 =?utf-8?B?VDJWODQ1OGFCem5FVkt6WWlCbEg4K0s2V09MNGJtUkZvd25wL3hURUttbmt2?=
 =?utf-8?B?WGhQUWZ6QW1qUXRSMlBjVnprcTYzUnh3Wlc4VFh0TVBETTBOclRmM0dMUThQ?=
 =?utf-8?B?dFo3YkoyZnlodHlJYnc2dFdGV2dNSWJaMkRIOTQxUG84RmZmQVJBcDlWWXVa?=
 =?utf-8?B?WjdBMXgzeG5YSlRFZDFYaW94dWhneXRoWmtYWjc3NXp6T3hPZno1czArcWNJ?=
 =?utf-8?B?STI4VnZESUpKRTFMeXdpd3lpclZDUHVnOTlqWkNFRWpIM2FKcnJCeEFrK3Vq?=
 =?utf-8?B?VEIxSkJETUl4b3IyOWQxZWtORE5SQ2xFQzR1NXJOdDgyMTY0dSs0TWJheWg3?=
 =?utf-8?B?ZHF4T0RWa2Iwd255NDZDcmdMNFpWOFRFTEx3ZmFiUlNodDJ2MjVMbStpOWJU?=
 =?utf-8?B?eXVwenYrWnNidEhlOGljMkU5V3FWZnhISS9sL2wwRVFsdFMyS0pmYmhjM2lT?=
 =?utf-8?B?Skw1Z0hMakVpOUpWaDJjczY2SWZOSzNuQktweEU1SldYL2FJWkhnZXlDMm5D?=
 =?utf-8?B?TVNKYWlPVkowQ2EydGQyM05EN2NUSWxpbTR0eWR0bFEzZHFtOUdYY0ZNR0pI?=
 =?utf-8?B?enppbk1DWnFsRkZUeHpTNHRvQWVoVmVXdks5OU5wZ3cxWm9nNGMyOXUrOE9n?=
 =?utf-8?B?a2oxSlhaSEVnbUwyYWxQSXQ4TGN1ZlpkdXpYMjZaZG9zZTBiL2Q0VFhMSEZK?=
 =?utf-8?B?Zm04QUswTVJidWQ0a1c5WDFaVHMwY2ZpUzN1bjBtUzZOQ2RTSEp3YThSdUhn?=
 =?utf-8?Q?5NnkDCVE8SWtnE3AIZhJm9+FrUd6J9Tmdm1OBDP?=
X-MS-Exchange-CrossTenant-Network-Message-Id: f3e94ce6-3d80-4830-d6ad-08d981ba86f2
X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB4868.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Sep 2021 13:27:17.8951 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: oOzxIVOo11WoRrh+6xjnh8tuE0vhwh4H9fLSDdJWvjigVfIiaWP1ZjdtpE6fNl6ybMPRJwbRcIThVP3tDA73ew==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR11MB4819
X-OriginatorOrg: intel.com
Subject: Re: [dpdk-dev] [PATCH v6 07/10] ipsec: add support for NAT-T
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>


On 9/23/2021 5:43 PM, Ananyev, Konstantin wrote:
>
>> Add support for the IPsec NAT-Traversal use case for Tunnel mode
>> packets.
>>
>> Signed-off-by: Declan Doherty <declan.doherty@intel.com>
>> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
>> Signed-off-by: Abhijit Sinha <abhijit.sinha@intel.com>
>> Signed-off-by: Daniel Martin Buckley <daniel.m.buckley@intel.com>
>> Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
>> ---
>>   lib/ipsec/iph.h          | 17 +++++++++++++++++
>>   lib/ipsec/rte_ipsec_sa.h |  8 +++++++-
>>   lib/ipsec/sa.c           | 13 ++++++++++++-
>>   lib/ipsec/sa.h           |  4 ++++
>>   4 files changed, 40 insertions(+), 2 deletions(-)
>>
>> diff --git a/lib/ipsec/iph.h b/lib/ipsec/iph.h
>> index 2d223199ac..c5c213a2b4 100644
>> --- a/lib/ipsec/iph.h
>> +++ b/lib/ipsec/iph.h
>> @@ -251,6 +251,7 @@ update_tun_outb_l3hdr(const struct rte_ipsec_sa *sa, void *outh,
>>   {
>>   	struct rte_ipv4_hdr *v4h;
>>   	struct rte_ipv6_hdr *v6h;
>> +	struct rte_udp_hdr *udph;
>>   	uint8_t is_outh_ipv4;
>>
>>   	if (sa->type & RTE_IPSEC_SATP_MODE_TUNLV4) {
>> @@ -258,11 +259,27 @@ update_tun_outb_l3hdr(const struct rte_ipsec_sa *sa, void *outh,
>>   		v4h = outh;
>>   		v4h->packet_id = pid;
>>   		v4h->total_length = rte_cpu_to_be_16(plen - l2len);
>> +
>> +		if (sa->type & RTE_IPSEC_SATP_NATT_ENABLE) {
>> +			udph = (struct rte_udp_hdr *)(v4h + 1);
>> +			udph->dst_port = sa->natt.dport;
>> +			udph->src_port = sa->natt.sport;
>> +			udph->dgram_len = rte_cpu_to_be_16(plen - l2len -
>> +				(sizeof(*v4h) + sizeof(*udph)));
>> +		}
>>   	} else {
>>   		is_outh_ipv4 = 0;
>>   		v6h = outh;
>>   		v6h->payload_len = rte_cpu_to_be_16(plen - l2len -
>>   				sizeof(*v6h));
>> +
>> +		if (sa->type & RTE_IPSEC_SATP_NATT_ENABLE) {
>> +			udph = (struct rte_udp_hdr *)(v6h + 1);
> Why you presume there would be always ipv6 with no options?
> Shouldn't we use hdr_l3_len provided by user?

Yes, I will use hdr_l3_len.

> Another thing - I am not sure we need 'natt' field in rte_ipsec_sa at all.
> UDP header (sport, dport) is consitant and could be part of header template
> provided by user at sa initialization time.

The rte_security_ipsec_sa_options::udp_encap flag assumes that the UDP 
encapsulation i.e. adding the header is not the responsibility of the 
user, so we can append it (transparently to the user) to the header 
template but the user should not do it. Will this work?


>
>> +			udph->dst_port = sa->natt.dport;
>> +			udph->src_port = sa->natt.sport;
>> +			udph->dgram_len = rte_cpu_to_be_16(plen - l2len -
>> +				(sizeof(*v6h) + sizeof(*udph)));
> Whose responsibility will be to update cksum field?
According to the RFC it should be zero and the rx side must not 
check/use it. I will set it as zero