From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 263F5A0524; Fri, 19 Mar 2021 17:47:06 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 07C3C140FF7; Fri, 19 Mar 2021 17:47:06 +0100 (CET) Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by mails.dpdk.org (Postfix) with ESMTP id 68DC540143 for ; Fri, 19 Mar 2021 17:47:04 +0100 (CET) IronPort-SDR: 9onsRiH8AorO81LB6ODr10MD+4y/ycQQxEJgtQAkmAieclp918djAqFqYhcijVZI2OVXFRtBhQ RmeO9sYBtM4Q== X-IronPort-AV: E=McAfee;i="6000,8403,9928"; a="189963695" X-IronPort-AV: E=Sophos;i="5.81,262,1610438400"; d="scan'208";a="189963695" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Mar 2021 09:47:01 -0700 IronPort-SDR: vfThSXUpMXsYFBfDono7Nzljg+3nwLgOz0Y9BvGj+T5j1RVqUIH2VvSmm4Ko0q2s+O+ZqxEE6C EFLjsm6WnUrQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.81,262,1610438400"; d="scan'208";a="380230181" Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15]) by fmsmga007.fm.intel.com with ESMTP; 19 Mar 2021 09:47:00 -0700 Received: from orsmsx608.amr.corp.intel.com (10.22.229.21) by ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Fri, 19 Mar 2021 09:47:00 -0700 Received: from orsmsx608.amr.corp.intel.com (10.22.229.21) by ORSMSX608.amr.corp.intel.com (10.22.229.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Fri, 19 Mar 2021 09:46:59 -0700 Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx608.amr.corp.intel.com (10.22.229.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2 via Frontend Transport; Fri, 19 Mar 2021 09:46:59 -0700 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.169) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2106.2; Fri, 19 Mar 2021 09:46:59 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=M0fi+34SYV68FJaCwN1q2sY4WrF21Tg87JanWiwpdU18tsjuwo1MresylumyzQXhxx8JfkiVseCBjX7WU/4oFosWi2ZBjr7v7JMEfEq+h57NkeSitcoaSjGKcab0hthrCuIBzIJHjxUcvuH2VL1y/zShTHZS1V/+JQ23MIK9x+hj3fwz6DeWphb659LXP6jaxMhg8Ab9SvYQcfI/lZhxX7IplS58j6PAnWYT29ReeP4ml+rp0wnEOoNBM+ORoHA7J74EIrBHaHzDKPWKVrinUk4aKkiSA8HZlVVOg9fiMQpim5OviEzUX3uAiey+FpRuFgExJ5phPl6wAcE22f1o4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+Sa8OgWUpz1gUAz+QkK8B0FINzSw5PyXC0CdoqXeKFY=; b=UEiIesOpdTVSyWKJ4vH9RKzGpfU62mypndfYXLi6THWYYykCCihwtKQbJaH5iYyXCPjwq9jO2NJmA07ERb1dpncIGLZ6gcBMJt1Q/sIDlZwOZGJmQjPVgEBX+j6EFmH1PDVJWg4AjH/8DBPyVjprbjkE997jujGu9V3ByTd0UcU/sB9U7TgOK1F/abqjDBQ21hiONBe8y/9OFkkNfiMsUy6Hwziw/QMG0+qlLhEIanGiHCb0PySVfERCY9HCRfDrcCpclb9Bwu0+ZF/hjNF4hrqsTZOHeq1qBbFRPm9Fm74M5PzxF1yKSOm3rhbYlW9dFvzICQtYLuiGkOJrrNPHeA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+Sa8OgWUpz1gUAz+QkK8B0FINzSw5PyXC0CdoqXeKFY=; b=Hfg6Bn4qPXbrtDQKH8jHL/b0J2BkYliq4P8zTscKxa+1fIzsm4xIhhWST2ru3ikhwhOpLwPymH34bcvq0lXXDcxqFN8qOwgNbVXOKgyck9pMyARtNhO0itRoZvsW/hKcM6NZjU99XDqMglnKR8COzkilSdnPTYb8FBBHrZ2wu/Y= Received: from DM6PR11MB4491.namprd11.prod.outlook.com (2603:10b6:5:204::19) by DM6PR11MB2763.namprd11.prod.outlook.com (2603:10b6:5:c6::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3955.18; Fri, 19 Mar 2021 16:46:57 +0000 Received: from DM6PR11MB4491.namprd11.prod.outlook.com ([fe80::3182:6da2:8c64:f07a]) by DM6PR11MB4491.namprd11.prod.outlook.com ([fe80::3182:6da2:8c64:f07a%3]) with mapi id 15.20.3933.032; Fri, 19 Mar 2021 16:46:56 +0000 From: "Ananyev, Konstantin" To: Tejasree Kondoj , Akhil Goyal , "Nicolau, Radu" CC: Anoob Joseph , Ankur Dwivedi , Jerin Jacob , "dev@dpdk.org" Thread-Topic: [dpdk-dev] [PATCH 2/3] examples/ipsec-secgw: add UDP encapsulation support Thread-Index: AQHXGX88kpfR1IrPZ0aUAC3IvRtRz6qLijxg Date: Fri, 19 Mar 2021 16:46:56 +0000 Message-ID: References: <20210315103616.31364-1-ktejasree@marvell.com> <20210315103616.31364-3-ktejasree@marvell.com> In-Reply-To: <20210315103616.31364-3-ktejasree@marvell.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.5.1.3 authentication-results: marvell.com; dkim=none (message not signed) header.d=none;marvell.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [46.7.39.127] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: fad63f3f-9221-4d8c-7d93-08d8eaf69bcf x-ms-traffictypediagnostic: DM6PR11MB2763: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2043; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 3IiqKZFMoAF1v9X3nsVwNW9PK5NsGlpto+VzFDyB1z6ZCGQPf8RPn4vihCHEirsTAlL0/D1O1OUuYxrFisa8bb1oaRoUDU0Mg26FBGxFPPCFx7IjpbJlRbeAJ+ztoUucNF3T2Szit8i1AeowRp+nA+WcURfHu/wMLCsmy1iKlr3mBYKp9XlzMjoq6EoKYbmPGZDk0XOFzpr2QwtUH47ILGzAnnLEhaVnWqQORHeB568NpL8Vbvjtf/F3xAqXX/CG2d0Q/I7grKHfAY0MbHrKaUCppYATHGLmj/CBTHlMNjh+V5XU+D7bPv/PSmByl1gIMhkNT1yPb+72iUXFT1Rb5QpvdO6jaluoAMwZNoLtnwm0wCac2KK9crMBiwl2p0jwmiS4ieepQQXPmEPP8XWrKNgJCh9b1Y0pOCxr53NITcfALk+3ptXP4CUpr9P+yU6KGZCkWZBNaYCvLW/SDDkZxyeDeWT7OP6NkXn7edojk1wRCq962MCbyaggIujcIFvgSe/8kLI9WN6eyw+emwWPKphycRiGi4WVxyADV9sZc3tq/J/o/ZTGvxrP6ERqD4eJ1Mq+1QRx5j3y9N4DDXaF2IcIaKTWl473vl7mUUbJ3iCEYRmDVuyTyKiw8G/Vj/jP2HbTlNDtvzyufyCDQTSfJLWg0y/nywk7PdUVQQFOS2s= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR11MB4491.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(396003)(366004)(136003)(376002)(39860400002)(346002)(54906003)(66946007)(6506007)(66556008)(66446008)(55016002)(9686003)(52536014)(33656002)(7696005)(2906002)(186003)(83380400001)(71200400001)(8676002)(8936002)(316002)(64756008)(110136005)(5660300002)(26005)(6636002)(86362001)(4326008)(38100700001)(478600001)(76116006)(66476007); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?+13Fv8PCmhf5SD8L3ny3OOq5s7r6U7+sO4L15n2qQqvBj4/JQCopilf7RHXA?= =?us-ascii?Q?8gl2KdnPJdve2sZg8CGBCZihQLo2ZYnyNRJY6TRc9jwtdPH+NrUnEUDU8eMd?= =?us-ascii?Q?aevUlhc+s2Vid/pVOfeqUxM8TN41ew/I4sBQHu7Jld6H9QPYQdrjEDPUfOra?= =?us-ascii?Q?RRSsRBetyDQE4qbtnCYOun2cjdAcBxa84+cUz7x0yb2QCsMarzTTgzjagjHr?= =?us-ascii?Q?vOzTKRGLMINHBGwShjqaCn3oSctjvkKpMPYVmcoDmY+vfNWtc2OALK+sOXJh?= =?us-ascii?Q?qfENl3thbxu8AtFMbvzK+p4xo7W9wl2R1XsMZL4dEQDVRGQ7p9VAURvFT2Mz?= =?us-ascii?Q?J+sjF2M4EcAryjMDnVmOSzjOUG1MnmLq7xlRwN3DihDlf5zK0CCP8k4DZgym?= =?us-ascii?Q?hJLFnTToYLDPEZd7Uatd4SaB2xDdHc7MOciumopEg7cl6qig/ebIbmrMoohV?= =?us-ascii?Q?qDg78LkxzUC6tqzsh0tJFxNSUp9bYb3OAHT7zMUvYMRqjRMZrBzLV/N7JN3l?= =?us-ascii?Q?g/N5VuP3FTNBQrgIYxywoJQSXw+JRSTH12yc5dfji9px3V3RXmNSZ+RiVIJl?= =?us-ascii?Q?/D1tXLOps+BpWi8C9l8mAXUk3dJTYCY7Xq596UR/1Jv353RR4ggyvh6Yfs3O?= =?us-ascii?Q?3b5XyuS+8iwQSi/w8awUWDjRY+M2ZX6ArWMc6Z2vFOrZSUl3PjLdK7fU+hR8?= =?us-ascii?Q?XdJXDVbzYiy8yLva0lhA+MQr1TlXJMEaIBSctAsRKjIj1eJwXEUOBkPOw0za?= =?us-ascii?Q?+etis+pvL1LtJLpWVJnWJ16A5WKoooFAgRlb7Soc3nh9WVjiH0V5lpo33vIe?= =?us-ascii?Q?jK2dFoyFOHCHvBcIdnFl3GD9rdUISJwvamYvT5oE4yfHZVMl9SLqrHplBZdx?= =?us-ascii?Q?TdvWXT42FS3Uk6N2e16wT+XH8GiVU+YOKX11rVOjzGUwknPgs5k6q+ZJNA0k?= =?us-ascii?Q?Fg1h+XaUehaOdlAX4pyLJ37a7RPxyd318uzGhyO+Htk1WiYkGwKaWnaFf/tY?= =?us-ascii?Q?vvA7Z+j48Ofsys1lWrZQj6d1wSzKJ9iKa21GBfRPiEfwjCBLqOH6fRNVYk7p?= =?us-ascii?Q?AYqBwjaswfCM+9c7+HUPMEE26s7ZSezQdoqyNVvEKomYdrPqMYb9q56vfqyt?= =?us-ascii?Q?BElYxTevpp/9FwAqM989gVRqg/foN1FtocKjVOtaf6Ku3BHuwQC4+UKd0DoP?= =?us-ascii?Q?GNM/kaGxCanPxIOaLz/725OFIlCcFz0qDl8js1VQSaQ9p1vmey7amt+DOSj8?= =?us-ascii?Q?ie1M/recb4EO1oluA4ethwkX/KIXR4jg6UkNSuMeGTjn2ViF5W/H3qUo3qIc?= =?us-ascii?Q?0Xs=3D?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB4491.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: fad63f3f-9221-4d8c-7d93-08d8eaf69bcf X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Mar 2021 16:46:56.8396 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: ZXZJzDhHGf8k623/Y2dlvYiYM+sakljO4PMO5BV+GrHtW4r0oh/voEhH1n0uGeSd0WM6Bgovw863OZ+50+V/g4NyW54+0yDDPFMnPzs0lDA= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB2763 X-OriginatorOrg: intel.com Subject: Re: [dpdk-dev] [PATCH 2/3] examples/ipsec-secgw: add UDP encapsulation support X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi,=20 > Adding lookaside IPsec UDP encapsulation support > for NAT traversal. > Added --udp-encap option for application to specify > if UDP encapsulation need to be enabled. > Example secgw command with UDP encapsultation enabled: > -c 0x1 -- -P -p 0x1 --config "(0,0,0)" -f ep0.cfg --udp-encap Can we have it not as global, but a per SA option? Add new keyword for SA/SP into ipsec-secgw config file, etc. Konstantin =20 >=20 > Signed-off-by: Tejasree Kondoj > --- > doc/guides/rel_notes/release_21_05.rst | 5 ++++ > doc/guides/sample_app_ug/ipsec_secgw.rst | 5 +++- > examples/ipsec-secgw/ipsec-secgw.c | 33 ++++++++++++++++++++++-- > examples/ipsec-secgw/ipsec-secgw.h | 2 ++ > examples/ipsec-secgw/ipsec.c | 1 + > examples/ipsec-secgw/ipsec.h | 1 + > examples/ipsec-secgw/sad.h | 5 +++- > 7 files changed, 48 insertions(+), 4 deletions(-) >=20 > diff --git a/doc/guides/rel_notes/release_21_05.rst b/doc/guides/rel_note= s/release_21_05.rst > index 66e28e21be..2e67038bfe 100644 > --- a/doc/guides/rel_notes/release_21_05.rst > +++ b/doc/guides/rel_notes/release_21_05.rst > @@ -75,6 +75,11 @@ New Features > * Added command to display Rx queue used descriptor count. > ``show port (port_id) rxq (queue_id) desc used count`` >=20 > +* **Updated ipsec-secgw sample application.** > + > + * Updated the ``ipsec-secgw`` sample application with UDP encapsulatio= n > + support for NAT Traversal. > + >=20 > Removed Items > ------------- > diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample= _app_ug/ipsec_secgw.rst > index 176e292d3f..099f499c18 100644 > --- a/doc/guides/sample_app_ug/ipsec_secgw.rst > +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst > @@ -139,6 +139,7 @@ The application has a number of command line options:= : > --reassemble NUM > --mtu MTU > --frag-ttl FRAG_TTL_NS > + --udp-encap >=20 > Where: >=20 > @@ -234,6 +235,8 @@ Where: > Should be lower for low number of reassembly buckets. > Valid values: from 1 ns to 10 s. Default value: 10000000 (10 s). >=20 > +* ``--udp-encap``: enables IPsec UDP Encapsulation for NAT Traversal. > + >=20 > The mapping of lcores to port/queues is similar to other l3fwd applicati= ons. >=20 > @@ -1023,4 +1026,4 @@ Available options: > * ``-h`` Show usage. >=20 > If is specified, only tests for that mode will be invoked. = For the > -list of available modes please refer to run_test.sh. > \ No newline at end of file > +list of available modes please refer to run_test.sh. > diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ip= sec-secgw.c > index 20d69ba813..57c8973e9d 100644 > --- a/examples/ipsec-secgw/ipsec-secgw.c > +++ b/examples/ipsec-secgw/ipsec-secgw.c > @@ -115,6 +115,7 @@ struct flow_info flow_info_tbl[RTE_MAX_ETHPORTS]; > #define CMD_LINE_OPT_REASSEMBLE "reassemble" > #define CMD_LINE_OPT_MTU "mtu" > #define CMD_LINE_OPT_FRAG_TTL "frag-ttl" > +#define CMD_LINE_OPT_UDP_ENCAP "udp-encap" >=20 > #define CMD_LINE_ARG_EVENT "event" > #define CMD_LINE_ARG_POLL "poll" > @@ -139,6 +140,7 @@ enum { > CMD_LINE_OPT_REASSEMBLE_NUM, > CMD_LINE_OPT_MTU_NUM, > CMD_LINE_OPT_FRAG_TTL_NUM, > + CMD_LINE_OPT_UDP_ENCAP_NUM, > }; >=20 > static const struct option lgopts[] =3D { > @@ -152,6 +154,7 @@ static const struct option lgopts[] =3D { > {CMD_LINE_OPT_REASSEMBLE, 1, 0, CMD_LINE_OPT_REASSEMBLE_NUM}, > {CMD_LINE_OPT_MTU, 1, 0, CMD_LINE_OPT_MTU_NUM}, > {CMD_LINE_OPT_FRAG_TTL, 1, 0, CMD_LINE_OPT_FRAG_TTL_NUM}, > + {CMD_LINE_OPT_UDP_ENCAP, 0, 0, CMD_LINE_OPT_UDP_ENCAP_NUM}, > {NULL, 0, 0, 0} > }; >=20 > @@ -360,6 +363,9 @@ prepare_one_packet(struct rte_mbuf *pkt, struct ipsec= _traffic *t) > const struct rte_ether_hdr *eth; > const struct rte_ipv4_hdr *iph4; > const struct rte_ipv6_hdr *iph6; > + const struct rte_udp_hdr *udp; > + uint16_t nat_port; > + uint16_t ip4_hdr_len; >=20 > eth =3D rte_pktmbuf_mtod(pkt, const struct rte_ether_hdr *); > if (eth->ether_type =3D=3D rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4)) { > @@ -368,9 +374,26 @@ prepare_one_packet(struct rte_mbuf *pkt, struct ipse= c_traffic *t) > RTE_ETHER_HDR_LEN); > adjust_ipv4_pktlen(pkt, iph4, 0); >=20 > - if (iph4->next_proto_id =3D=3D IPPROTO_ESP) > + switch (iph4->next_proto_id) { > + case IPPROTO_ESP: > t->ipsec.pkts[(t->ipsec.num)++] =3D pkt; > - else { > + break; > + case IPPROTO_UDP: > + if (app_sa_prm.udp_encap =3D=3D 1) { > + ip4_hdr_len =3D ((iph4->version_ihl & > + RTE_IPV4_HDR_IHL_MASK) * > + RTE_IPV4_IHL_MULTIPLIER); > + udp =3D rte_pktmbuf_mtod_offset(pkt, > + struct rte_udp_hdr *, ip4_hdr_len); > + nat_port =3D rte_cpu_to_be_16(IPSEC_NAT_T_PORT); > + if (udp->src_port =3D=3D nat_port || > + udp->dst_port =3D=3D nat_port){ > + t->ipsec.pkts[(t->ipsec.num)++] =3D pkt; > + break; > + } > + } > + /* Fall through */ > + default: > t->ip4.data[t->ip4.num] =3D &iph4->next_proto_id; > t->ip4.pkts[(t->ip4.num)++] =3D pkt; > } > @@ -1378,6 +1401,7 @@ print_usage(const char *prgname) > " [--" CMD_LINE_OPT_TX_OFFLOAD " TX_OFFLOAD_MASK]" > " [--" CMD_LINE_OPT_REASSEMBLE " REASSEMBLE_TABLE_SIZE]" > " [--" CMD_LINE_OPT_MTU " MTU]" > + " [--" CMD_LINE_OPT_UDP_ENCAP "]" > "\n\n" > " -p PORTMASK: Hexadecimal bitmask of ports to configure\n" > " -P : Enable promiscuous mode\n" > @@ -1431,6 +1455,8 @@ print_usage(const char *prgname) > " --" CMD_LINE_OPT_FRAG_TTL " FRAG_TTL_NS" > ": fragments lifetime in nanoseconds, default\n" > " and maximum value is 10.000.000.000 ns (10 s)\n" > + " --" CMD_LINE_OPT_UDP_ENCAP > + ": enables UDP Encapsulation for NAT Traversal\n" > "\n", > prgname); > } > @@ -1780,6 +1806,9 @@ parse_args(int32_t argc, char **argv, struct eh_con= f *eh_conf) > } > frag_ttl_ns =3D ret; > break; > + case CMD_LINE_OPT_UDP_ENCAP_NUM: > + app_sa_prm.udp_encap =3D 1; > + break; > default: > print_usage(prgname); > return -1; > diff --git a/examples/ipsec-secgw/ipsec-secgw.h b/examples/ipsec-secgw/ip= sec-secgw.h > index f2281e73cf..6887d752ab 100644 > --- a/examples/ipsec-secgw/ipsec-secgw.h > +++ b/examples/ipsec-secgw/ipsec-secgw.h > @@ -47,6 +47,8 @@ >=20 > #define ETHADDR(a, b, c, d, e, f) (__BYTES_TO_UINT64(a, b, c, d, e, f, 0= , 0)) >=20 > +#define IPSEC_NAT_T_PORT 4500 > + > struct traffic_type { > const uint8_t *data[MAX_PKT_BURST * 2]; > struct rte_mbuf *pkts[MAX_PKT_BURST * 2]; > diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c > index 6baeeb342f..6e0caa198d 100644 > --- a/examples/ipsec-secgw/ipsec.c > +++ b/examples/ipsec-secgw/ipsec.c > @@ -52,6 +52,7 @@ set_ipsec_conf(struct ipsec_sa *sa, struct rte_security= _ipsec_xform *ipsec) > ipsec->esn_soft_limit =3D IPSEC_OFFLOAD_ESN_SOFTLIMIT; > ipsec->replay_win_sz =3D app_sa_prm.window_size; > ipsec->options.esn =3D app_sa_prm.enable_esn; > + ipsec->options.udp_encap =3D app_sa_prm.udp_encap; > } >=20 > int > diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h > index 7031e28c46..430afea688 100644 > --- a/examples/ipsec-secgw/ipsec.h > +++ b/examples/ipsec-secgw/ipsec.h > @@ -75,6 +75,7 @@ struct app_sa_prm { > uint32_t window_size; /* replay window size */ > uint32_t enable_esn; /* enable/disable ESN support */ > uint32_t cache_sz; /* per lcore SA cache size */ > + uint32_t udp_encap; /* enable/disable UDP Encapsulation */ > uint64_t flags; /* rte_ipsec_sa_prm.flags */ > }; >=20 > diff --git a/examples/ipsec-secgw/sad.h b/examples/ipsec-secgw/sad.h > index 473aaa938e..89b50488ec 100644 > --- a/examples/ipsec-secgw/sad.h > +++ b/examples/ipsec-secgw/sad.h > @@ -77,6 +77,7 @@ sad_lookup(struct ipsec_sad *sad, struct rte_mbuf *pkts= [], > uint32_t spi, cache_idx; > struct ipsec_sad_cache *cache; > struct ipsec_sa *cached_sa; > + uint16_t udp_hdr_len =3D 0; > int is_ipv4; >=20 > cache =3D &RTE_PER_LCORE(sad_cache); > @@ -85,8 +86,10 @@ sad_lookup(struct ipsec_sad *sad, struct rte_mbuf *pkt= s[], > for (i =3D 0; i < nb_pkts; i++) { > ipv4 =3D rte_pktmbuf_mtod(pkts[i], struct rte_ipv4_hdr *); > ipv6 =3D rte_pktmbuf_mtod(pkts[i], struct rte_ipv6_hdr *); > + if (app_sa_prm.udp_encap =3D=3D 1) > + udp_hdr_len =3D sizeof(struct rte_udp_hdr); > esp =3D rte_pktmbuf_mtod_offset(pkts[i], struct rte_esp_hdr *, > - pkts[i]->l3_len); > + pkts[i]->l3_len + udp_hdr_len); >=20 > is_ipv4 =3D pkts[i]->packet_type & RTE_PTYPE_L3_IPV4; > spi =3D rte_be_to_cpu_32(esp->spi); > -- > 2.27.0