From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0083.outbound.protection.outlook.com [104.47.42.83]) by dpdk.org (Postfix) with ESMTP id A3F7A7D04 for ; Tue, 12 Dec 2017 07:54:59 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=CAVIUMNETWORKS.onmicrosoft.com; s=selector1-cavium-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=YUJu+FdCVMkxVEB82nF/7+JZl1yP5seiOW/GnysYQxw=; b=Hv3IjW9herv0axMvTGBFW2qMl2fnmzxLnv2pBMuBpt4PX/G5r9PsGaYdJOy8PP6PdR5S9bGL3FC/1ohACvzEHpX1dm64rbplwZBHhH2X+ka1zF1wRIRAO4Z8vZlyqBg2fT7/1YG+c81J6J5QcoIuliQyAeptiqvtGdGZx/wY+Ak= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Anoob.Joseph@cavium.com; Received: from hyd1ajoseph-dt.caveonetworks.com (115.113.156.2) by SN4PR0701MB3646.namprd07.prod.outlook.com (2603:10b6:803:4d::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.302.9; Tue, 12 Dec 2017 06:54:54 +0000 Cc: anoob.joseph@caviumnetworks.com, Narayana Prasad , Jerin Jacob , dev@dpdk.org To: Akhil Goyal , Declan Doherty , Sergio Gonzalez Monroy , Radu Nicolau References: <1510738915-14712-1-git-send-email-anoob.joseph@caviumnetworks.com> <1513006557-14898-1-git-send-email-anoob.joseph@caviumnetworks.com> From: Anoob Joseph Message-ID: <7594392f-98ff-8368-06d6-56f9c7050274@caviumnetworks.com> Date: Tue, 12 Dec 2017 12:24:49 +0530 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: <1513006557-14898-1-git-send-email-anoob.joseph@caviumnetworks.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-Originating-IP: [115.113.156.2] X-ClientProxiedBy: DM5PR21CA0014.namprd21.prod.outlook.com (2603:10b6:3:ac::24) To SN4PR0701MB3646.namprd07.prod.outlook.com (2603:10b6:803:4d::12) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 12d3477e-ec1d-43e9-c44d-08d5412d41a5 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(5600026)(4604075)(4534020)(4602075)(7168020)(4627115)(201703031133081)(201702281549075)(2017052603307); SRVR:SN4PR0701MB3646; X-Microsoft-Exchange-Diagnostics: 1; SN4PR0701MB3646; 3:JcbfnC2xXfOdoGKIANF0ecsW4HCzRXpi0UJxIbSYoxVKci1jAqwEEViR69v7V/Cg1k+VK8KkIVWgt9er236Amn+9kSRhUaiV+tACbj4K/f0yZpSg+LkyYL7QKPaR8PbGnJ+BAdSCcIkVH5umNnXMLi+FQluZRyNXnMGNQLGteAHys28ZsnREYu3ycgcfFBqkTZMrcurDA+afbylVZmfZIP4QeHhCgCJFdAaANJAx0YGuvndrSLbhzBieBwDcJc8P; 25:XnPjWRD5y0paRNGv5LmhA0GfOXXwHikLWUPmYwQSiBdyNZ0CygnG+S8NdnfjH851T6qSu39IOA6dQfLZP0SCM+3V6f+zqpingdQAHApkJIjGtp/HpnWSg3/J4h06FMikq5jn1l5T1R07mrjsR2njJv4808d1QWlGvx+MDMCvBsSX5aBepiQvYWo4XtWnyoNDRngkM0HeKaXNB8HdvXSlF1prsoZv03xyqY7fK9CCTujCXKyzhIjUBkpsV2+pV8lqwj8M/66alGYEqoUvXDpdHKdJPDHo51zWdsv2bVHlOQmSscBOW8OVnhTxYZQ9CspaIQTMcB19DmoOyuAzukWWyg==; 31:kIXuQzt/E7fCXJ4Gds9PLUmGbX3NkECPF7NgK0daMR+L4bNBtpI0PdhqbiOmUZf1gYIcU/S64UE3YqiX3hRQtmurAh5wKX3Pil+9xP+qiwG8GIfYLrx1MQwdOEadlB7ItvWGims0WCiBAGDMnOpWZtQlDgU88CCtn8CW/LlTDrfVbdXMGZ05Rn7oNiAMCBPsZCI/IldwgOs7zf/3Zs75kBY4iNHBvUWSo7BB9m9TeOE= X-MS-TrafficTypeDiagnostic: SN4PR0701MB3646: X-Microsoft-Exchange-Diagnostics: 1; SN4PR0701MB3646; 20:sX8vtbwR9ClQhjVJ3j/iZyOrgyFIxkPyTRbtvgWupXWH8Qz+DKk83eTsbvGqelRFsxDFdHBWT8s5HpSEM1kgZhX1yskKlh9a9T3vNgA8hzgeZBiO69Y+ZUBn7P/y+7mO2h9J4ZVlwcVTN3mfbPRt6FQWcEbQxIBVLMo1U+x29JccY70GIc+cKFx4FDSdkxlgptAtW2aP3LI8Cva2dahn8/0RPOflVGD/WvmsJVuMK/gH1IBXwhd8q3SBp6eplqqAjvElsfkR6HkuMQfy/vnhTHG7dSK+/EL+noLJyuJsF33T8Anz+Z7IPUYAtccONB/d4Sr1vUERPRBYdzIl3X4/yyGoa2c66kmoc7ZfHsnwqa6NY1mh41b+3cfqCftEPhXm4GAB1Qhh9uy6FltLSB3Ul7/hTN+ijPJ4X70kJDd0zRo6vzi/wPEqOKbT51E85JmxV23kigY5pegf5FIekq6o1YHLHH+swcSpeJPzu7H29BsfyPN5ZQ27qFod12UNry1ri+g3mNztjUZe9HoBLhh7G9HuT9PzwJKBpKj7q0FGb2DqQJhuSTDFVRlOOwgAKJiliRC9HoS1mv4jtriYvqW7/ybibLPKzhGDvCg8OvvuVaI=; 4:CejvgLkcrcgI7qDbJLQzvFU+ndQmRLCZRa2yvt2Ikm68+KbDd/fikolNtncvj7lYs17+/X8osWjXhPWc8AliBljUjnJBqdoamMTEHUpO8pixj/IDfi43Lbg9VnOslp8bZA/qWzoBQfyrCbFLNo8bUIvFnwHPeX9nXvll/NJn73OQPcd6ANQ6Z1VU/Q3nqmulwqcWaOWBMnJl19jYpaTYcYbrtnIltZHKjPtFCXNlhcMe7J7ms0e+s0X1oR5mrWfDdRrxzV270qBTll7hjiE2h/BW4zj4kHLef80PUbBpGjMbGGY6DRAGd87/AB5QiurE X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(192374486261705); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(8121501046)(5005006)(93006095)(10201501046)(3002001)(3231023)(6041248)(20161123564025)(20161123558100)(20161123562025)(20161123560025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:SN4PR0701MB3646; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:SN4PR0701MB3646; X-Forefront-PRVS: 051900244E X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(376002)(346002)(366004)(24454002)(189003)(199004)(5660300001)(53546010)(31686004)(59450400001)(23676004)(83506002)(53936002)(2486003)(52146003)(67846002)(8656006)(6246003)(42882006)(65826007)(50466002)(31696002)(2906002)(6512007)(575784001)(72206003)(6666003)(64126003)(69596002)(305945005)(68736007)(2950100002)(3846002)(54906003)(229853002)(106356001)(36756003)(110136005)(230700001)(6506006)(58126008)(7736002)(76176011)(52116002)(6486002)(6116002)(16526018)(8936002)(478600001)(55236003)(66066001)(65956001)(47776003)(105586002)(316002)(53416004)(97736004)(81166006)(8676002)(81156014)(4326008)(25786009)(65806001); DIR:OUT; SFP:1101; SCL:1; SRVR:SN4PR0701MB3646; H:hyd1ajoseph-dt.caveonetworks.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: cavium.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtTTjRQUjA3MDFNQjM2NDY7MjM6RHVZOXpnQjA0cWhTR2JmTkdzZFJ5Q21v?= =?utf-8?B?QXF4dlVKckNSWWFrbThTSy9VdUVYWnJ2Vm5MSEtUUzRHZmhOaHhZZmFlTUcw?= =?utf-8?B?RU1oZlR4cU5TQ3lmRWtJVlBxNGR1bEZnRG95RUJyZkRpbk9OaXU5UU5vaGhk?= =?utf-8?B?UGF2aVR1N2VDdS9aRis4TXZxc0thTlpxNnEwRU03L1VtUzRSRDZ5dnZiWjRD?= =?utf-8?B?UzhheXFub2o3WjlEK2pLdWxEc2lHOCsxSmhoNGEzaHBSQ2xZOHk4RUZXbHVj?= =?utf-8?B?b09seHUrNExBSU95N2NHVGRRZDBCVWtlWnF6WUtHTFBGcTJxWWFBNWdlWWxX?= =?utf-8?B?YmpOSStRZ2UyTTd4cnVMMDV0SnA0YVJSSVE2ZEpKWC9PNHkzeFdOUk9RUFdq?= =?utf-8?B?M3pRSXo0ZUhoTjJsOGtIVzVSTmkwaE55ZUJ1YlJzRDU1dWtMaGdjTlBrVzZP?= =?utf-8?B?dXRKcWovZFVXQ2xZY1p0Y3ozaFhydnQ1TWhYYU1ydThpZlU5TncwQ05SekhY?= =?utf-8?B?ZHl5S0hMeVovdEUvMHhqajE2UkRRSGVmb2hIajhCUnpTVWE5eGdqNHdabWd3?= =?utf-8?B?dUtxR3lOdmtkcThldXE2a2JIaEVzTFFBTllwNHpNS00rckpZKzRaNmlFQmFL?= =?utf-8?B?d0p4VlRLMURWZUM3bHUzRXlpWWFvNUtjY2VEVTd0a1lkWWFxTlNOTHV0UGZI?= =?utf-8?B?NUtCZTRPS1ZEZk9FVHdOQVJWUGFhbHV3N3V3RlVzd2w2enJrKzEzSFU0NDFw?= =?utf-8?B?eWIyVTRKSnJOc0t2a3orbkZSWWhDQkFyRHlIMyt6ckZpcEEvdDVPUlowc0Fa?= =?utf-8?B?bjdBOWJnRkFpU09wSXB0akViNlUySFIrR0krUkhRVTdyeUZpeExXOHp3V0JG?= =?utf-8?B?SjdRc3NNTkdDajhFSC9DRFR2RkZVcE5zMEZYTUpaakFWaTRiYUxBZk4rYzFh?= =?utf-8?B?QWEySUNVUnZjeVk4WWpKNUh0N3VCdFVhWGdrUCthd3NUUHBJMTBkSitTMy9Q?= =?utf-8?B?czBPdG54WU9hUENhdUJJTFBIOE9Vb0svU01tazlTUmF5cEhpZkN1SUQwcWZK?= =?utf-8?B?SjhFaHFOYzdCK1d3YmM2RnBjaVZKd3lsSzEyenZCclc4RVkrVVZ3ZW5wWmwz?= =?utf-8?B?aFhFZVMrMVppWXJxdEFYVi80YmFOK3U3c0xKV0lHcTR6MVBBL0RmQkViaGFh?= =?utf-8?B?aGIyT2ZnYnE2WTdsMEROOTBhUlQvU2pyQmZnVjkwakdFNUdadDk3b1Uxb0hk?= =?utf-8?B?L1hOMmN0WWVRdzBoekZ3N1VraXBzSjl1UUxCVzNIelhXeTd5Y1hTdVd4UFJL?= =?utf-8?B?YVJENVpua0Z0R2FMZGZicXF2MDJpbnFxVkNwTEFQQ3NWN0lRb0pFanIxREtl?= =?utf-8?B?R0htcGg2SDA0b1ZRWjJjV2l0cEhWamxVZEtYcXdEY2hneTlTNnRUQTNoZnpw?= =?utf-8?B?VDcvcjhNS3d5ZytlbkQ5QkllSGhXUWJiL1IzM0VPUEZzS3NmaDhNUHN0b0la?= =?utf-8?B?WG9jQTMvei9hb0dpQi9wRDVxRUhpakxGaHMvcWFPank0L0UrdWs0c1hiYUNi?= =?utf-8?B?SVpCUlEzV1llVGcySWliMEE1UFFjMkxMSmFURjRaRURlV1RoWVMzQjhQbS8z?= =?utf-8?B?YUdtSTU4aVB3WjJ6QU4wS2toTFJBbVBqUTRMWUFaZGhVaVhFYk0xek1OR3NB?= =?utf-8?B?d3JlSnNQYUhTYnVHSFdCSlA4c2NhS0hBeEhPRVdGWi9qM29qZ2VUc1FJOHha?= =?utf-8?B?N2gvejYvMnUzcWw1Nkc1OW9acGREMzhjaGw3aTZEVUUva1dEQk1qUHJKbEcy?= =?utf-8?B?RXp4c201OElMUE5HbmtwdUxCRVJia0hERTl1b0ZyK2tCaSthanNQWUtleWFQ?= =?utf-8?B?TzErWHAzc3U2Z0RINUNGMnZnS2MraW5RaU1nYUd4UEdtcUJVQ2Q3NS82cG0r?= =?utf-8?Q?K0XGcn44L4kk9EcV4GsFjwbTE3fMXjDc=3D?= X-Microsoft-Exchange-Diagnostics: 1; SN4PR0701MB3646; 6:kX0R4HYweGYpgbtwjXUSEaYedEEtu8/j4zkhTDsIHBUWbkr3/2O6c8QdxBmfj/DAKkn/PykR/kUpJp8r7G4Hdi/cv7ViGHfG6XSMoMg0aJVWEHBi4gd2dIrrih7xrbHm2/UAsHDrYKb1TPp2QlVREmcbmoyW0OgYXb1KjxkL66fYIs/rxxqTCfssyxnTi/nX5j9T9REB8BPZotLKsI0R/doOHwp/ImJfc3OQVYnaayL0SZE+VmxG896vFV3f9yYEXsbMdk2CPKDAcozWUwvzAvBQvNhRbQvcJv09zRHCTDUzN8RNDVGy0pjzpaVbY1gFOdyT/TTkeu16SmynaVHU6B5pARS7HU8LvWwfg1v16ks=; 5:VjaR3n2HDbca4EIukxkuyFQBgAdJGHBilEsbDoRiq5y8WVFT8FFl8PGLc1k+O2mligDBHWyqsTr4sX0y96bPujSj54ywCepqcx1Y+R7hdLi0R6MwuowzloNxt+6gm0DGubQKg8+yp//BNV8dgvc2lBkJfLDJEz/hDtIiuWO29JE=; 24:D7Y4VNZf9z88XiIAcZchTiDt9c+/XztMMsftL/G5yRN2PUY/SBRNEzny5mSfQQkGAzF+PXzIVV7ywfLr+gi9FNU6LR7Fnn8LloiCFbb6FVU=; 7:L8AfOejXU0t5KC6wvnDKIru6x23bkv8Bw3Nt22L+UCBUuPvHbdF1zwaZRDATRC88flCOYnBQrZXns7HSOGApkheKuPFGdQcZbGpjU5Cz52+WmRwpawRYcMRHBi9JH5gTsBp5AF+FezIgJMTFHcsaZ7RD/UBb+g7nVJ1ChB/Pf5m2DGy3Ec9IjmIpN7/ZDxKFk1Ech1Y6U0xwi70tE2nzk2jjzgHUMRc8JG360SNCyCNlBJmSj5tI7HHvpgQ4MaGL SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: caviumnetworks.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Dec 2017 06:54:54.7259 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 12d3477e-ec1d-43e9-c44d-08d5412d41a5 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 711e4ccf-2e9b-4bcf-a551-4094005b6194 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN4PR0701MB3646 Subject: Re: [dpdk-dev] [PATCH v4] examples/ipsec-secgw: fix usage of incorrect port X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2017 06:55:00 -0000 Hi Akhil, Radu, I've updated the patch with the suggestions. But I think it will be better if we have two separate get_hop_for_offload_pkt() functions(for ipv4 & ipv6), since the return type etc is different. It might be cleaner that way. Thanks, Anoob On 12/11/2017 09:05 PM, Anoob Joseph wrote: > When security offload is enabled, the packet should be forwarded on the > port configured in the SA. Security session will be configured on that > port only, and sending the packet on other ports could result in > unencrypted packets being sent out. > > This would have performance improvements too, as the per packet LPM > lookup would be avoided for IPsec packets, in inline mode. > > Fixes: ec17993a145a ("examples/ipsec-secgw: support security offload") > > Signed-off-by: Anoob Joseph > --- > v4 > * Made get_hop_for_offload_pkt() be aware of the packet type (ipv4/ipv6) and > return success/error values accordingly > > v3 > * Bug fix (fixed a wrong if condition) > * Minor changes in documentation > > v2: > * Updated documentation with the change in behavior for outbound inline > offloaded packets. > > doc/guides/sample_app_ug/ipsec_secgw.rst | 10 ++- > examples/ipsec-secgw/ipsec-secgw.c | 101 ++++++++++++++++++++++++++----- > 2 files changed, 96 insertions(+), 15 deletions(-) > > diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst > index d6cfdbf..ae18acd 100644 > --- a/doc/guides/sample_app_ug/ipsec_secgw.rst > +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst > @@ -61,6 +61,12 @@ In case of complete protocol offload, the processing of headers(ESP and outer > IP header) is done by the hardware and the application does not need to > add/remove them during outbound/inbound processing. > > +For inline offloaded outbound traffic, the application will not do the LPM > +lookup for routing, as the port on which the packet has to be forwarded will be > +part of the SA. Security parameters will be configured on that port only, and > +sending the packet on other ports could result in unencrypted packets being > +sent out. > + > The Path for IPsec Inbound traffic is: > > * Read packets from the port. > @@ -543,7 +549,9 @@ where each options means: > ```` > > * Port/device ID of the ethernet/crypto accelerator for which the SA is > - configured. This option is used when *type* is NOT *no-offload* > + configured. For *inline-crypto-offload* and *inline-protocol-offload*, this > + port will be used for routing. The routing table will not be referred in > + this case. > > * Optional: No, if *type* is not *no-offload* > > diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c > index c98454a..c75dd0d 100644 > --- a/examples/ipsec-secgw/ipsec-secgw.c > +++ b/examples/ipsec-secgw/ipsec-secgw.c > @@ -585,31 +585,81 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx, > traffic->ip6.num = nb_pkts_out; > } > > +static inline int32_t > +get_hop_for_offload_pkt(struct rte_mbuf *pkt, int is_ipv6) > +{ > + struct ipsec_mbuf_metadata *priv; > + struct ipsec_sa *sa; > + > + priv = get_priv(pkt); > + > + sa = priv->sa; > + if (unlikely(sa == NULL)) { > + RTE_LOG(ERR, IPSEC, "SA not saved in private data\n"); > + goto fail; > + } > + > + if (is_ipv6) > + return sa->portid; > + > + /* else */ > + return (sa->portid | RTE_LPM_LOOKUP_SUCCESS); > + > +fail: > + if (is_ipv6) > + return -1; > + > + /* else */ > + return 0; > +} > + > static inline void > route4_pkts(struct rt_ctx *rt_ctx, struct rte_mbuf *pkts[], uint8_t nb_pkts) > { > uint32_t hop[MAX_PKT_BURST * 2]; > uint32_t dst_ip[MAX_PKT_BURST * 2]; > + int32_t pkt_hop = 0; > uint16_t i, offset; > + uint16_t lpm_pkts = 0; > > if (nb_pkts == 0) > return; > > + /* Need to do an LPM lookup for non-offload packets. Offload packets > + * will have port ID in the SA > + */ > + > for (i = 0; i < nb_pkts; i++) { > - offset = offsetof(struct ip, ip_dst); > - dst_ip[i] = *rte_pktmbuf_mtod_offset(pkts[i], > - uint32_t *, offset); > - dst_ip[i] = rte_be_to_cpu_32(dst_ip[i]); > + if (!(pkts[i]->ol_flags & PKT_TX_SEC_OFFLOAD)) { > + /* Security offload not enabled. So an LPM lookup is > + * required to get the hop > + */ > + offset = offsetof(struct ip, ip_dst); > + dst_ip[lpm_pkts] = *rte_pktmbuf_mtod_offset(pkts[i], > + uint32_t *, offset); > + dst_ip[lpm_pkts] = rte_be_to_cpu_32(dst_ip[lpm_pkts]); > + lpm_pkts++; > + } > } > > - rte_lpm_lookup_bulk((struct rte_lpm *)rt_ctx, dst_ip, hop, nb_pkts); > + rte_lpm_lookup_bulk((struct rte_lpm *)rt_ctx, dst_ip, hop, lpm_pkts); > + > + lpm_pkts = 0; > > for (i = 0; i < nb_pkts; i++) { > - if ((hop[i] & RTE_LPM_LOOKUP_SUCCESS) == 0) { > + if (pkts[i]->ol_flags & PKT_TX_SEC_OFFLOAD) { > + /* Read hop from the SA */ > + pkt_hop = get_hop_for_offload_pkt(pkts[i], 0); > + } else { > + /* Need to use hop returned by lookup */ > + pkt_hop = hop[lpm_pkts++]; > + } > + > + if ((pkt_hop & RTE_LPM_LOOKUP_SUCCESS) == 0) { > rte_pktmbuf_free(pkts[i]); > continue; > } > - send_single_packet(pkts[i], hop[i] & 0xff); > + send_single_packet(pkts[i], pkt_hop & 0xff); > } > } > > @@ -619,26 +669,49 @@ route6_pkts(struct rt_ctx *rt_ctx, struct rte_mbuf *pkts[], uint8_t nb_pkts) > int32_t hop[MAX_PKT_BURST * 2]; > uint8_t dst_ip[MAX_PKT_BURST * 2][16]; > uint8_t *ip6_dst; > + int32_t pkt_hop = 0; > uint16_t i, offset; > + uint16_t lpm_pkts = 0; > > if (nb_pkts == 0) > return; > > + /* Need to do an LPM lookup for non-offload packets. Offload packets > + * will have port ID in the SA > + */ > + > for (i = 0; i < nb_pkts; i++) { > - offset = offsetof(struct ip6_hdr, ip6_dst); > - ip6_dst = rte_pktmbuf_mtod_offset(pkts[i], uint8_t *, offset); > - memcpy(&dst_ip[i][0], ip6_dst, 16); > + if (!(pkts[i]->ol_flags & PKT_TX_SEC_OFFLOAD)) { > + /* Security offload not enabled. So an LPM lookup is > + * required to get the hop > + */ > + offset = offsetof(struct ip6_hdr, ip6_dst); > + ip6_dst = rte_pktmbuf_mtod_offset(pkts[i], uint8_t *, > + offset); > + memcpy(&dst_ip[lpm_pkts][0], ip6_dst, 16); > + lpm_pkts++; > + } > } > > - rte_lpm6_lookup_bulk_func((struct rte_lpm6 *)rt_ctx, dst_ip, > - hop, nb_pkts); > + rte_lpm6_lookup_bulk_func((struct rte_lpm6 *)rt_ctx, dst_ip, hop, > + lpm_pkts); > + > + lpm_pkts = 0; > > for (i = 0; i < nb_pkts; i++) { > - if (hop[i] == -1) { > + if (pkts[i]->ol_flags & PKT_TX_SEC_OFFLOAD) { > + /* Read hop from the SA */ > + pkt_hop = get_hop_for_offload_pkt(pkts[i], 1); > + } else { > + /* Need to use hop returned by lookup */ > + pkt_hop = hop[lpm_pkts++]; > + } > + > + if (pkt_hop == -1) { > rte_pktmbuf_free(pkts[i]); > continue; > } > - send_single_packet(pkts[i], hop[i] & 0xff); > + send_single_packet(pkts[i], pkt_hop & 0xff); > } > } >