From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 02970A0546;
	Tue,  6 Apr 2021 15:38:30 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 6A712140F74;
	Tue,  6 Apr 2021 15:38:30 +0200 (CEST)
Received: from mga18.intel.com (mga18.intel.com [134.134.136.126])
 by mails.dpdk.org (Postfix) with ESMTP id EE813140EF3
 for <dev@dpdk.org>; Tue,  6 Apr 2021 15:38:28 +0200 (CEST)
IronPort-SDR: 7F2J9xDArEXLCJjFWkVabx3g32/+pMaMD9EOPgd/F65vCmz7t/wDtMKTmi4BxZwYULAnDlWHmh
 QFBS3R4vpz1A==
X-IronPort-AV: E=McAfee;i="6000,8403,9946"; a="180606483"
X-IronPort-AV: E=Sophos;i="5.81,309,1610438400"; d="scan'208";a="180606483"
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
 by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 06 Apr 2021 06:38:26 -0700
IronPort-SDR: +lTwl/uVNX3QmfGdU3ztsVhXCpJHjOaflBTqaPw6l6eDOledFfdfcKjHZTVQB7xviMf7Fp1021
 MX4Gr5eFb6jQ==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.81,309,1610438400"; d="scan'208";a="448572510"
Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16])
 by fmsmga002.fm.intel.com with ESMTP; 06 Apr 2021 06:38:26 -0700
Received: from orsmsx604.amr.corp.intel.com (10.22.229.17) by
 ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2106.2; Tue, 6 Apr 2021 06:38:25 -0700
Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by
 orsmsx604.amr.corp.intel.com (10.22.229.17) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2
 via Frontend Transport; Tue, 6 Apr 2021 06:38:25 -0700
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.177)
 by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2106.2; Tue, 6 Apr 2021 06:38:25 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=aP2nz9SPjNAoSRTkmc6/8SWRbHFjz+NouavGOKslE6i/646/Ap7D597flXmtVG4AEx/dsb0lTwe2+ldWKkHWVrKYlZ+RsfhkNjljXrxZ5dr+49hVlS26+QJQAnKwOeWnUA5iLHcJaf0LNJrg/TOkzFyQ8lIfzubR+IaQ6uobSaRmhCw8XIm7E8Euo6VH5UeILeNPjawYjDBtQZTtWpEcYb3tISW61WVf2/H9hDgdoP0/uV4f2tHpuAsLmo5X6KPXAGg8UIJuQL0H5VfO7YhIWFV28NSjbKKSVpUzzvZwM4w2l+hMdy8h5rS0u9R79Bi4kGQPNgf5ZjRtXBadyYt6Sg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=uX9W95ba67KPvd4XFpOe2a4h6W6dxu6VfmI2qFs1d3M=;
 b=RRO8P6f+NiRNF68aN03mAVnNNvwl4KituSBO5XAQk1x4580bry8AwPeYPnMog1wiqNdzyFcmwO8eaK0TmO5X12thF8kYe/TS628ONSW6wxo3hLCrzjR/iiO7CzsAvI8UzjWtlpuzh4FhhddcjWTMIKBqAqentRDzuemrCjv4IzblioZN4a5XJJAma2jAZ2RYj6rxRQefEANSZBGE71cBDCSqsZDcIhmhxWPYIf+E6YxGOVfWEej6XPqV+DYamXHTRXST1FiIEgMeCLa78zwHjx4mSUjWF5o4nNyVeGexG87DQt7JYo/Y0+URFkSpPfxQ1C10gVuQKNWhC3LXMk+Hug==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; 
 s=selector2-intel-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=uX9W95ba67KPvd4XFpOe2a4h6W6dxu6VfmI2qFs1d3M=;
 b=yZGF7XAjDrTVFlYZE38v0jja34OhDWSEZFTbOZADmlqaU5T3/ROQW2+RfevCy4f+p6uAokk+i3XhbeIPAylguE+Plr04ODeFhpRJiMrBtJlzK4XgscjWTxDu7ZGlWQgWf2KU+c042qrnu2NVJGVCA7kyWA8UHSfYs/upW6YSyos=
Received: from DM6PR11MB4491.namprd11.prod.outlook.com (2603:10b6:5:204::19)
 by DM6PR11MB4547.namprd11.prod.outlook.com (2603:10b6:5:2a1::19) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3999.29; Tue, 6 Apr
 2021 13:38:22 +0000
Received: from DM6PR11MB4491.namprd11.prod.outlook.com
 ([fe80::3182:6da2:8c64:f07a]) by DM6PR11MB4491.namprd11.prod.outlook.com
 ([fe80::3182:6da2:8c64:f07a%3]) with mapi id 15.20.3999.032; Tue, 6 Apr 2021
 13:38:22 +0000
From: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>
To: Tejasree Kondoj <ktejasree@marvell.com>, Akhil Goyal <gakhil@marvell.com>, 
 "Nicolau, Radu" <radu.nicolau@intel.com>
CC: Anoob Joseph <anoobj@marvell.com>, Ankur Dwivedi <adwivedi@marvell.com>,
 Jerin Jacob <jerinj@marvell.com>, "dev@dpdk.org" <dev@dpdk.org>
Thread-Topic: [PATCH v2 3/4] examples/ipsec-secgw: add UDP encapsulation
 support
Thread-Index: AQHXJuINLT90NtidBkG6ka8LOM31VqqnhSCQ
Date: Tue, 6 Apr 2021 13:38:22 +0000
Message-ID: <DM6PR11MB4491ED9299D06FF795AE47889A769@DM6PR11MB4491.namprd11.prod.outlook.com>
References: <20210401112623.20951-1-ktejasree@marvell.com>
 <20210401112623.20951-4-ktejasree@marvell.com>
In-Reply-To: <20210401112623.20951-4-ktejasree@marvell.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-product: dlpe-windows
dlp-reaction: no-action
dlp-version: 11.5.1.3
authentication-results: marvell.com; dkim=none (message not signed)
 header.d=none;marvell.com; dmarc=none action=none header.from=intel.com;
x-originating-ip: [109.255.184.192]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6fa72351-7196-47b6-5499-08d8f9013f56
x-ms-traffictypediagnostic: DM6PR11MB4547:
x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <DM6PR11MB45471E0C4A049746F76CD3059A769@DM6PR11MB4547.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 8ORKJ/D6DGIALKBl3Eyh2q8GA6gRauSTxIbats4A4XZlaQxXpDY8zL32XpL2Kl1USLqH1Z6n6iO5nOWi1zwc+a2lwWalPDo5PO+5YUfrorwy8IfToLYqJctjS1siQS1PR39NhOPGhBrrsvBEOzxUiAs6I/cYCkCKL0tmYRrdCW2hZADzaCdEB3jBjUFLQHKO29ICUH89bQEZe7+VIRNyrCspHnnXpz/E6ZJeW18LUIeAGtQ+0sHDTVk5nK0fNFPFOKxzRNFyn+U15CnNiRvtPLFVGdebZttfYtVqnZbeI4UJb1vWh2St5VwjU8f7DI7AUkS+evwfmsp5ZUcVVaIJPg0D/x/JdLn7gbcwonostVEIumIxk0ZggFXcRt6S0humsH3gdunleyupCWai2NiWr8vu6xpuYtUghs3aDiDdsN401v0Cc/acE7plc/IiPiZLOaPawY/P2voeG+vUoq378zXwSlybWCPfPBoISHp+RkwyFcnL2asSQFHEdQclx0eY1DQjACN9YWgxXZ1Bpy3xXbBb7LkXWrAZ/i/WTVYTlYHyh3vMCji64AVJuk66j+X6fHhnLGTbPozuUqdKPF5LjHWVaAl93u0/6V0sQAXdSJKhw5Yh9JumTHUw9gOVVCDLAB4dDw64CQH5rVnjOhTQCo9far0umb0slmM5ghOnu4w=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:DM6PR11MB4491.namprd11.prod.outlook.com; PTR:; CAT:NONE;
 SFS:(396003)(39860400002)(376002)(346002)(366004)(136003)(66446008)(64756008)(54906003)(8936002)(66476007)(478600001)(9686003)(83380400001)(66946007)(7696005)(5660300002)(186003)(76116006)(66556008)(6636002)(86362001)(26005)(52536014)(2906002)(71200400001)(38100700001)(55236004)(316002)(33656002)(110136005)(4326008)(6506007)(55016002)(8676002);
 DIR:OUT; SFP:1102; 
x-ms-exchange-antispam-messagedata: =?us-ascii?Q?NvgPjM6FogqcgdYMRuQ1oXdMruRvqcgUMioouhmtrJkktUXsV7whwZCHrdHQ?=
 =?us-ascii?Q?ZjGhUMvbjUNea/amxOJeGxuPLYp6Kh2swnSNM83icr+1NzpQdd/grQTjIcvN?=
 =?us-ascii?Q?lLqVkEzbww9Q/UYZ43Yho9Y8A8zhMgNaW3vzCLG6O1GFVLP1hpR+VHLMGUOn?=
 =?us-ascii?Q?koj4lAf9uJGOmCk2z4CAOAG/rJQAB88cc4CQ7oxXEq5FwikFYbXQDVsVWF6c?=
 =?us-ascii?Q?wKQwCEIHCa13bJ/GLS0bRp/pnA2hxd/ZkiMX2RGMuu2m3tW4UU6Pp9UpiOu6?=
 =?us-ascii?Q?sWIGVIAsSlWf1XlJmOYAHd145JPpHfGZw4A/0QdNo/Eew2CpHdKr021px70d?=
 =?us-ascii?Q?UxvO5Ng4+wcGFAXT9q1AQOLEhJlxQgr3p3IktrvsGhw5qDWVHKa9nESiOPMq?=
 =?us-ascii?Q?ydTfGeNIjvus0q7T5+yc3uFZqHFlbUjWosiumGEt+Jtk364vnO49p57+Ggau?=
 =?us-ascii?Q?EVSCZBH3T7hOfDkZXJObt7c7O/QJQDBTa83Rt08Aq2+eqbyaiW7Z8OeVuEy0?=
 =?us-ascii?Q?f3FYpZpLJYBGXBD2CzlrfDF72LQY8A6w9Nfjp7Y3sFi5YEHifDCNwy59WnfA?=
 =?us-ascii?Q?d7VZ/ZT3oaZTnleuA7g92E36W7ndLBvxAzDur1Yhe1iB/YOgC274IauhNGS7?=
 =?us-ascii?Q?ldjSE/xy5FU21+ElyaAaQS3q2cWZGy4pWPk6hGXfYAMREpK1l9R/uLRvVO1e?=
 =?us-ascii?Q?mNTZu5vjN6KJ9zgHKEiW+C/qYDazOGceP24N0RJgWrgi4K4kRvzPwkDK9buI?=
 =?us-ascii?Q?x63HAsKRbztZljnPOrNR5ItiH5Xnj9IdtvdKy0h4gpPfNimlfSKAKPH5aHWA?=
 =?us-ascii?Q?/HYVeTakjH5toWi7sIU88hmjFp6v+XTNdj1c3y40c2cwPbDWHT6/DNhtzLBe?=
 =?us-ascii?Q?rwm6p500oCdxLstLak+bpupE7pmUMltu6N9F5BiAuUX3tFPHPe7+jSVSPmwR?=
 =?us-ascii?Q?hW4z7/ty04ShT6TkTIANa5FjiUnVTVWOHgKBBYDN7t2I2Ov+T7gMFAePZr5k?=
 =?us-ascii?Q?O5q90v/HF7N0ve0Oe7HkYDwUtaL9sxKi+YT6oVN+REzMz0TzYHbExYUCLitq?=
 =?us-ascii?Q?Rg77ycVq3sAKyMEYo3LltQVsnOrutuJMVT5LkfRpA4hfo0zFOTmGxqBTumvl?=
 =?us-ascii?Q?tlFmbPja/9TUOQCRuuea7bbRHVkHR1jRN8g2LA1qGVXN+x8h/nzphvGyPV+d?=
 =?us-ascii?Q?GmBT7VJahIBtQpaK1LuyPtXSdajNP6OYekSjt+bFNlTiu6CUMBQz7Xh50Syd?=
 =?us-ascii?Q?/s8yk+MrCd2AqmHRtOdqTM39h8DEb8kk4PHmBWVK5HmwqTY22IWZmEA2/PmL?=
 =?us-ascii?Q?3aMz7hQggFYBMn9TT/QLUJJ3?=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB4491.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6fa72351-7196-47b6-5499-08d8f9013f56
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Apr 2021 13:38:22.4891 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: LS9aSkcBCx0OtsRN1aRwRajUBVi05/YTAuCCkaAiBfmqXjDff+NJJEK3CMIEFTWwTSf6f95ndHXHjeGHmpHECWQCrvHeG9Eraft0TsjijVY=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB4547
X-OriginatorOrg: intel.com
Subject: Re: [dpdk-dev] [PATCH v2 3/4] examples/ipsec-secgw: add UDP
 encapsulation support
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>


>=20
> Adding lookaside IPsec UDP encapsulation support
> for NAT traversal.
> Application has to add udp-encap option to sa config file
> to enable UDP encapsulation on the SA.
>=20
> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> ---
>  doc/guides/rel_notes/release_21_05.rst   |  5 ++++
>  doc/guides/sample_app_ug/ipsec_secgw.rst | 15 ++++++++++--
>  examples/ipsec-secgw/ipsec-secgw.c       | 29 +++++++++++++++++++++---
>  examples/ipsec-secgw/ipsec-secgw.h       |  2 ++
>  examples/ipsec-secgw/ipsec.c             |  9 ++++++++
>  examples/ipsec-secgw/ipsec.h             |  2 ++
>  examples/ipsec-secgw/sa.c                | 18 +++++++++++++++
>  examples/ipsec-secgw/sad.h               |  7 +++++-
>  8 files changed, 81 insertions(+), 6 deletions(-)
>=20
> diff --git a/doc/guides/rel_notes/release_21_05.rst b/doc/guides/rel_note=
s/release_21_05.rst
> index 4ab2d7500f..9ef2537b1a 100644
> --- a/doc/guides/rel_notes/release_21_05.rst
> +++ b/doc/guides/rel_notes/release_21_05.rst
> @@ -111,6 +111,11 @@ New Features
>    * Added command to display Rx queue used descriptor count.
>      ``show port (port_id) rxq (queue_id) desc used count``
>=20
> +* **Updated ipsec-secgw sample application.**
> +
> +  * Updated the ``ipsec-secgw`` sample application with UDP encapsulatio=
n
> +    support for NAT Traversal.
> +
>=20
>  Removed Items
>  -------------
> diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample=
_app_ug/ipsec_secgw.rst
> index 176e292d3f..07bbbb5916 100644
> --- a/doc/guides/sample_app_ug/ipsec_secgw.rst
> +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
> @@ -500,7 +500,7 @@ The SA rule syntax is shown as follows:
>=20
>      sa <dir> <spi> <cipher_algo> <cipher_key> <auth_algo> <auth_key>
>      <mode> <src_ip> <dst_ip> <action_type> <port_id> <fallback>
> -    <flow-direction> <port_id> <queue_id>
> +    <flow-direction> <port_id> <queue_id> <udp-encap>
>=20
>  where each options means:
>=20
> @@ -709,6 +709,17 @@ where each options means:
>     * *port_id*: Port ID of the NIC for which the SA is configured.
>     * *queue_id*: Queue ID to which traffic should be redirected.
>=20
> + ``<udp-encap>``
> +
> + * Option to enable IPsec UDP encapsulation for NAT Traversal.
> +   Only lookaside-protocol-offload mode is supported at the moment.
> +
> + * Optional: Yes, it is disabled by default
> +
> + * Syntax:
> +
> +   * *udp-encap*
> +
>  Example SA rules:
>=20
>  .. code-block:: console
> @@ -1023,4 +1034,4 @@ Available options:
>  *   ``-h`` Show usage.
>=20
>  If <ipsec_mode> is specified, only tests for that mode will be invoked. =
For the
> -list of available modes please refer to run_test.sh.
> \ No newline at end of file
> +list of available modes please refer to run_test.sh.
> diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ip=
sec-secgw.c
> index 20d69ba813..6f6f2aa796 100644
> --- a/examples/ipsec-secgw/ipsec-secgw.c
> +++ b/examples/ipsec-secgw/ipsec-secgw.c
> @@ -184,7 +184,8 @@ static uint64_t frag_ttl_ns =3D MAX_FRAG_TTL_NS;
>  /* application wide librte_ipsec/SA parameters */
>  struct app_sa_prm app_sa_prm =3D {
>  			.enable =3D 0,
> -			.cache_sz =3D SA_CACHE_SZ
> +			.cache_sz =3D SA_CACHE_SZ,
> +			.udp_encap =3D 0
>  		};
>  static const char *cfgfile;
>=20
> @@ -360,6 +361,9 @@ prepare_one_packet(struct rte_mbuf *pkt, struct ipsec=
_traffic *t)
>  	const struct rte_ether_hdr *eth;
>  	const struct rte_ipv4_hdr *iph4;
>  	const struct rte_ipv6_hdr *iph6;
> +	const struct rte_udp_hdr *udp;
> +	uint16_t ip4_hdr_len;
> +	uint16_t nat_port;
>=20
>  	eth =3D rte_pktmbuf_mtod(pkt, const struct rte_ether_hdr *);
>  	if (eth->ether_type =3D=3D rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4)) {
> @@ -368,9 +372,28 @@ prepare_one_packet(struct rte_mbuf *pkt, struct ipse=
c_traffic *t)
>  			RTE_ETHER_HDR_LEN);
>  		adjust_ipv4_pktlen(pkt, iph4, 0);
>=20
> -		if (iph4->next_proto_id =3D=3D IPPROTO_ESP)
> +		switch (iph4->next_proto_id) {
> +		case IPPROTO_ESP:
>  			t->ipsec.pkts[(t->ipsec.num)++] =3D pkt;
> -		else {
> +			break;
> +		case IPPROTO_UDP:
> +			if (app_sa_prm.udp_encap =3D=3D 1) {
> +				ip4_hdr_len =3D ((iph4->version_ihl &
> +					RTE_IPV4_HDR_IHL_MASK) *
> +					RTE_IPV4_IHL_MULTIPLIER);
> +				udp =3D rte_pktmbuf_mtod_offset(pkt,
> +					struct rte_udp_hdr *, ip4_hdr_len);
> +				nat_port =3D rte_cpu_to_be_16(IPSEC_NAT_T_PORT);
> +				if (udp->src_port =3D=3D nat_port ||
> +					udp->dst_port =3D=3D nat_port){
> +					t->ipsec.pkts[(t->ipsec.num)++] =3D pkt;
> +					pkt->packet_type |=3D
> +						RTE_PTYPE_TUNNEL_ESP_IN_UDP;
> +					break;
> +				}
> +			}
> +		/* Fall through */
> +		default:
>  			t->ip4.data[t->ip4.num] =3D &iph4->next_proto_id;
>  			t->ip4.pkts[(t->ip4.num)++] =3D pkt;
>  		}

As I understand you don't support UDP tunneling for ipv6 packets for now.
If so, then it probably worth to notice that in the doc, and in parse_sa_to=
kens()
add a check for ipv4.
Apart from that all seems ok to me.
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>=20