From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 9155EA0579;
	Thu,  8 Apr 2021 10:17:05 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 1949840698;
	Thu,  8 Apr 2021 10:17:05 +0200 (CEST)
Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com
 [67.231.148.174])
 by mails.dpdk.org (Postfix) with ESMTP id 2427740138
 for <dev@dpdk.org>; Thu,  8 Apr 2021 10:17:02 +0200 (CEST)
Received: from pps.filterd (m0045849.ppops.net [127.0.0.1])
 by mx0a-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id
 1388Gi5D020138; Thu, 8 Apr 2021 01:17:02 -0700
Received: from nam12-bn8-obe.outbound.protection.outlook.com
 (mail-bn8nam12lp2172.outbound.protection.outlook.com [104.47.55.172])
 by mx0a-0016f401.pphosted.com with ESMTP id 37shqxja0h-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Thu, 08 Apr 2021 01:17:02 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=lTj9s8iuMkOq6ofJEhtElMeR9tQ/+/WPbZV9+NHAWopbZAbC60joVAvLWly9mD/0nhSPD1vhUHZB23QEI/V5R7m1/b2CCuXSEVe+2kmksuhfAPZ0ClWgNQY/79EysiVHE9UClE1eupoio2Iryn4d/xg40QoWqjxZgg1rkx1TcagcfJGmg3JKpyIxaAGaxckiwoyDQAt7IXZAPTBXD1E4nFv473mCquxoZ6KysGZ1VulDrgoE/WstJte2OnmkPAek2NkEJI2qQll740m8F+kM/vSnNZqKCd9CK4px7skntMHe+Ma0zW8Tden8LBFVAOA9Hi1IdMYdV16N/d6IHtAXsA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=1LOB4EmFvH2XsLnqEwy3XfSJoFcs21x6WnapzTUw7os=;
 b=G7QuoGlMWf9148b5g6fHX20c+2YRMVH7zs/2TQ6xnZ/6a5wbXAcNyzV1+3++Mui/ka4grU7htcUQ7m6QUTBHpjMzwiN8ie8vAFBvOSiyu0/mDiZrlXvnNqs+nzRv5d3oeCq6vjbRkba+IAu1853yYspFao/tVDRrPGwLIxgVohLqBBWn13vyStz+low7YjCp/oJ+IvqmwT7r5EjY5gtwTouApmerPQTlgye0PzDUvFYMdEkXMfpv1R0ut94vvfA2nZBfKGHUOB0I+tPwZi9G9L7MUfQC74+fG7Ye4tEMttUryxaP7F+dIH8jx2rN8CnfIG6St1MEPM2ltJqCfz2vig==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com;
 dkim=pass header.d=marvell.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=marvell.onmicrosoft.com; s=selector1-marvell-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=1LOB4EmFvH2XsLnqEwy3XfSJoFcs21x6WnapzTUw7os=;
 b=axSwHnQs68E3+bCXSx3rFdaaHbpGutlFCkhK2LyIKUfTSavFtzKEINaBcTOUYDUZ8NUOd6JJkAPzxig8ehV1Jqw9gpoC391rQmzkW6hgfDcBvKC6BAfMfmMkFVgu3BJ9QHSj6zSmkL9JJrpTgN9a1jWFPhmgzWtEuk0ZJMP72Us=
Received: from PH0PR18MB3864.namprd18.prod.outlook.com (2603:10b6:510:26::6)
 by PH0PR18MB3815.namprd18.prod.outlook.com (2603:10b6:510:22::14) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3999.29; Thu, 8 Apr
 2021 08:17:00 +0000
Received: from PH0PR18MB3864.namprd18.prod.outlook.com
 ([fe80::8d27:2cb2:30d6:ff99]) by PH0PR18MB3864.namprd18.prod.outlook.com
 ([fe80::8d27:2cb2:30d6:ff99%6]) with mapi id 15.20.4020.018; Thu, 8 Apr 2021
 08:17:00 +0000
From: Tejasree Kondoj <ktejasree@marvell.com>
To: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>, Akhil Goyal
 <gakhil@marvell.com>, "Nicolau, Radu" <radu.nicolau@intel.com>
CC: Anoob Joseph <anoobj@marvell.com>, Ankur Dwivedi <adwivedi@marvell.com>,
 Jerin Jacob Kollanukkaran <jerinj@marvell.com>,
 "dev@dpdk.org" <dev@dpdk.org>
Thread-Topic: [PATCH v2 3/4] examples/ipsec-secgw: add UDP encapsulation
 support
Thread-Index: AQHXJuIEmGfj4v6urUmcBYI9v5M4maqnhnUAgALKOPA=
Date: Thu, 8 Apr 2021 08:16:59 +0000
Message-ID: <PH0PR18MB3864C62B6AFC649476BBB3FAA8749@PH0PR18MB3864.namprd18.prod.outlook.com>
References: <20210401112623.20951-1-ktejasree@marvell.com>
 <20210401112623.20951-4-ktejasree@marvell.com>
 <DM6PR11MB4491ED9299D06FF795AE47889A769@DM6PR11MB4491.namprd11.prod.outlook.com>
In-Reply-To: <DM6PR11MB4491ED9299D06FF795AE47889A769@DM6PR11MB4491.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: intel.com; dkim=none (message not signed)
 header.d=none;intel.com; dmarc=none action=none header.from=marvell.com;
x-originating-ip: [49.206.51.243]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a8540f76-146b-4d97-997c-08d8fa66aeda
x-ms-traffictypediagnostic: PH0PR18MB3815:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <PH0PR18MB38159E7F0C2635267D6BD908A8749@PH0PR18MB3815.namprd18.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: dkkbQA9GwkVezqau52OZZ1tNXp++Ngw6Z2hz46b2c/eUruweXeEUqLFIipqkjnGDNvhJ/I9R8WLKhzv4DxjYFUCJUqqviMGhm8RuD1j+tS9AOWwApqeKknsApw1Jjy3boP1mhVkF7gh8DwaQQ4s7v7QBTW7/1mOBKDI5vDT+4Tac/sYg91LaMNhpg2Wzd8UsMqY4R0rJpG2xh3eFxvAGJ022OBTjwM68PY43+EWT5zDJqR1FjmQvZNF/mRD9wcH57UwkxaTagSrocd5C6IhvCzcIBxQjo7sKU5XX7oildZasz35Ga6ixxENPxBGulKwwyEY7xrS2EVlHttG+rrnG26cmWa2ot5Q9skLgKtOTmp+Kl90RLdwN+Oy7C4YBhT06KFsrd7KaNM9Z5+0xAiLhxzyVt2mfyvGSSt2vDR34GuOHo8rFuZKeMTgr8T3KMKsCFuQz5sSHoRNaNLXjR3lbsBQKRtVw3kECWD8K5Q8O2TzHo38GvUlYksBqzEveE0QFFwcpX56H26qRWhjXq/DieRyao1UVgXwurkIALthQtwuz7A/gkA+A26sckJmPhE3qsqHMcHeB4gwT1dshURiRHnxho6cWsPrenZYxl+iqR2ov3zmVuxFJIJdFT5FZEQyIIyYqD/2sOknnYvtLiCc0Xw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:PH0PR18MB3864.namprd18.prod.outlook.com; PTR:; CAT:NONE;
 SFS:(4636009)(396003)(366004)(376002)(136003)(39860400002)(346002)(38100700001)(33656002)(6506007)(5660300002)(55016002)(76116006)(7696005)(9686003)(53546011)(66946007)(66556008)(55236004)(2906002)(71200400001)(478600001)(54906003)(52536014)(186003)(316002)(8676002)(66476007)(8936002)(4326008)(26005)(110136005)(83380400001)(86362001)(66446008)(64756008);
 DIR:OUT; SFP:1101; 
x-ms-exchange-antispam-messagedata: =?us-ascii?Q?2zs37XWquxFxBLdnTPdyL1Wt+8DYRUIAg66J+P7pG97r0trDSKt1/DNMM4CR?=
 =?us-ascii?Q?/ah4l2uHAdVPTa3CROiw4JXS3TNMxSYwQHSedSNjm6sG2wEObiNPAgXIGA/V?=
 =?us-ascii?Q?LEPtmi12+SPg+WsyICJ9+KPcs2T2nDaNGsuP2yfN7/fDiszIh9aqCTRIZYLm?=
 =?us-ascii?Q?xVg+y+OqbtclUwRcvOLbUHm+CvFJzLPxRcU5XfjJW+J3j5nRCNtpKhgRI/XX?=
 =?us-ascii?Q?Dgh3pxmZI1AFwi1JhzKE6n3xBh9ChbyTkk2HeFUOaMFz5taG4l2Y8Gd8cQ9q?=
 =?us-ascii?Q?p7l7abghPgYeG/g8Ej1A4ih5xJFdnNzDMqnN/3pyk7+3xYId7gmD2h7XvPRQ?=
 =?us-ascii?Q?k+ezEinmIRfPuMlR7oHLU2NRh4be+nEPMErUjQ2eg5Sx5zsPcufpj6ksdF/o?=
 =?us-ascii?Q?R7EXynjIgF3kcDQfiObSG7b8ebiEQWiAz1tScv0yYeQPSPyXLJpLO9HibZ0Z?=
 =?us-ascii?Q?PArpr2oW0CfSfo3rs2/N3mdqSImKKjBaVCIJ/FQ2jjPiOzWeWVdKWQFKHssS?=
 =?us-ascii?Q?20+gJbAmrluWI3xqxS1YejsugQS7S990lofTc0lqjlXRh/tQeCDQy6ZjPa0o?=
 =?us-ascii?Q?IMguvp9e+8gpan9by4OAdcoWFCgRD6bp1yHzlwZDz/1tEWVeO2MZskU5rAN7?=
 =?us-ascii?Q?L2c57cN2HmoVHxVYAM6nWz1BIuNES3xehOhZqAofk+jm6khddbOQ55a8KGxU?=
 =?us-ascii?Q?tmgvBQFeFWyjwSEW3AwJ1kRgAVOLsTljYyOXxpVU8XW4OLmpArr8jk/5HZzj?=
 =?us-ascii?Q?lqZY0GUcOBqEfGwymOOllhqbgsVXo+SAUex0s6IK2WhyVK/Z1EIZG52GAMtO?=
 =?us-ascii?Q?NEaT6XdoS4av09YGwL37YrMvLqTOXz/DiJeghM/2KREJo2dlwW6W07ldsqMH?=
 =?us-ascii?Q?v9Bmtj0DBXALo4PtR23CuD2yxKUtUsdpra2hMB1AGxtpXszk1zpZKcPLtiOp?=
 =?us-ascii?Q?GmWvpwUNqfALBZ/wU133NhixNUgH+73etFqwKEx82hWELdTWyvoL4eLeT9YA?=
 =?us-ascii?Q?dhcYWNVQDysZ87bVdT2pBR5ULu16f61z6TZu1hVoLKpdamh9/WRCd4hDOFpC?=
 =?us-ascii?Q?cxhTApeXo/ZJjYKgu29+U5unH+yhoe3sKaU/eu++QKFqhjFx9rNEZtKoYr09?=
 =?us-ascii?Q?NhBT1/EGq49Ybso3TtPab62SkbTe5dJBpqPc88mnWzg7G46UWjmLLwUPECXY?=
 =?us-ascii?Q?Oq8Vj4Y4KWlDltW1DguPoNSdQ54I4As8WLf8JAuiKtLhWeWhlnX5IcU3dGbm?=
 =?us-ascii?Q?MRYqLYCLAJNAyFXHAu4IFqYZjqnt6jgUS9eDqv3n5mtulO/5Rf90nBk/Oym2?=
 =?us-ascii?Q?lKo=3D?=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: marvell.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR18MB3864.namprd18.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a8540f76-146b-4d97-997c-08d8fa66aeda
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Apr 2021 08:16:59.7675 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 49qUvC8o+xNdwdow339l++MX10yOdK7K6/Z2/v8bHLn0sayOFBhdSNXH3Cla0EtseX278BPgdg10SMAZPn5cow==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR18MB3815
X-Proofpoint-ORIG-GUID: q5YqdY6eGEH5SjojgJifw9gIMSJOWFlE
X-Proofpoint-GUID: q5YqdY6eGEH5SjojgJifw9gIMSJOWFlE
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.761
 definitions=2021-04-08_02:2021-04-08,
 2021-04-08 signatures=0
Subject: Re: [dpdk-dev] [PATCH v2 3/4] examples/ipsec-secgw: add UDP
 encapsulation support
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Hi Konstantin,

Please see inline.

Thanks
Tejasree

> -----Original Message-----
> From: Ananyev, Konstantin <konstantin.ananyev@intel.com>
> Sent: Tuesday, April 6, 2021 7:08 PM
> To: Tejasree Kondoj <ktejasree@marvell.com>; Akhil Goyal
> <gakhil@marvell.com>; Nicolau, Radu <radu.nicolau@intel.com>
> Cc: Anoob Joseph <anoobj@marvell.com>; Ankur Dwivedi
> <adwivedi@marvell.com>; Jerin Jacob Kollanukkaran <jerinj@marvell.com>;
> dev@dpdk.org
> Subject: [EXT] RE: [PATCH v2 3/4] examples/ipsec-secgw: add UDP
> encapsulation support
>=20
> External Email
>=20
> ----------------------------------------------------------------------
>=20
> >
> > Adding lookaside IPsec UDP encapsulation support for NAT traversal.
> > Application has to add udp-encap option to sa config file to enable
> > UDP encapsulation on the SA.
> >
> > Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> > ---
> >  doc/guides/rel_notes/release_21_05.rst   |  5 ++++
> >  doc/guides/sample_app_ug/ipsec_secgw.rst | 15 ++++++++++--
> >  examples/ipsec-secgw/ipsec-secgw.c       | 29 +++++++++++++++++++++---
> >  examples/ipsec-secgw/ipsec-secgw.h       |  2 ++
> >  examples/ipsec-secgw/ipsec.c             |  9 ++++++++
> >  examples/ipsec-secgw/ipsec.h             |  2 ++
> >  examples/ipsec-secgw/sa.c                | 18 +++++++++++++++
> >  examples/ipsec-secgw/sad.h               |  7 +++++-
> >  8 files changed, 81 insertions(+), 6 deletions(-)
> >
> > diff --git a/doc/guides/rel_notes/release_21_05.rst
> > b/doc/guides/rel_notes/release_21_05.rst
> > index 4ab2d7500f..9ef2537b1a 100644
> > --- a/doc/guides/rel_notes/release_21_05.rst
> > +++ b/doc/guides/rel_notes/release_21_05.rst
> > @@ -111,6 +111,11 @@ New Features
> >    * Added command to display Rx queue used descriptor count.
> >      ``show port (port_id) rxq (queue_id) desc used count``
> >
> > +* **Updated ipsec-secgw sample application.**
> > +
> > +  * Updated the ``ipsec-secgw`` sample application with UDP encapsulat=
ion
> > +    support for NAT Traversal.
> > +
> >
> >  Removed Items
> >  -------------
> > diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst
> > b/doc/guides/sample_app_ug/ipsec_secgw.rst
> > index 176e292d3f..07bbbb5916 100644
> > --- a/doc/guides/sample_app_ug/ipsec_secgw.rst
> > +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
> > @@ -500,7 +500,7 @@ The SA rule syntax is shown as follows:
> >
> >      sa <dir> <spi> <cipher_algo> <cipher_key> <auth_algo> <auth_key>
> >      <mode> <src_ip> <dst_ip> <action_type> <port_id> <fallback>
> > -    <flow-direction> <port_id> <queue_id>
> > +    <flow-direction> <port_id> <queue_id> <udp-encap>
> >
> >  where each options means:
> >
> > @@ -709,6 +709,17 @@ where each options means:
> >     * *port_id*: Port ID of the NIC for which the SA is configured.
> >     * *queue_id*: Queue ID to which traffic should be redirected.
> >
> > + ``<udp-encap>``
> > +
> > + * Option to enable IPsec UDP encapsulation for NAT Traversal.
> > +   Only lookaside-protocol-offload mode is supported at the moment.
> > +
> > + * Optional: Yes, it is disabled by default
> > +
> > + * Syntax:
> > +
> > +   * *udp-encap*
> > +
> >  Example SA rules:
> >
> >  .. code-block:: console
> > @@ -1023,4 +1034,4 @@ Available options:
> >  *   ``-h`` Show usage.
> >
> >  If <ipsec_mode> is specified, only tests for that mode will be
> > invoked. For the -list of available modes please refer to run_test.sh.
> > \ No newline at end of file
> > +list of available modes please refer to run_test.sh.
> > diff --git a/examples/ipsec-secgw/ipsec-secgw.c
> > b/examples/ipsec-secgw/ipsec-secgw.c
> > index 20d69ba813..6f6f2aa796 100644
> > --- a/examples/ipsec-secgw/ipsec-secgw.c
> > +++ b/examples/ipsec-secgw/ipsec-secgw.c
> > @@ -184,7 +184,8 @@ static uint64_t frag_ttl_ns =3D MAX_FRAG_TTL_NS;
> >  /* application wide librte_ipsec/SA parameters */  struct app_sa_prm
> > app_sa_prm =3D {
> >  			.enable =3D 0,
> > -			.cache_sz =3D SA_CACHE_SZ
> > +			.cache_sz =3D SA_CACHE_SZ,
> > +			.udp_encap =3D 0
> >  		};
> >  static const char *cfgfile;
> >
> > @@ -360,6 +361,9 @@ prepare_one_packet(struct rte_mbuf *pkt, struct
> ipsec_traffic *t)
> >  	const struct rte_ether_hdr *eth;
> >  	const struct rte_ipv4_hdr *iph4;
> >  	const struct rte_ipv6_hdr *iph6;
> > +	const struct rte_udp_hdr *udp;
> > +	uint16_t ip4_hdr_len;
> > +	uint16_t nat_port;
> >
> >  	eth =3D rte_pktmbuf_mtod(pkt, const struct rte_ether_hdr *);
> >  	if (eth->ether_type =3D=3D rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4)) {
> @@
> > -368,9 +372,28 @@ prepare_one_packet(struct rte_mbuf *pkt, struct
> ipsec_traffic *t)
> >  			RTE_ETHER_HDR_LEN);
> >  		adjust_ipv4_pktlen(pkt, iph4, 0);
> >
> > -		if (iph4->next_proto_id =3D=3D IPPROTO_ESP)
> > +		switch (iph4->next_proto_id) {
> > +		case IPPROTO_ESP:
> >  			t->ipsec.pkts[(t->ipsec.num)++] =3D pkt;
> > -		else {
> > +			break;
> > +		case IPPROTO_UDP:
> > +			if (app_sa_prm.udp_encap =3D=3D 1) {
> > +				ip4_hdr_len =3D ((iph4->version_ihl &
> > +					RTE_IPV4_HDR_IHL_MASK) *
> > +					RTE_IPV4_IHL_MULTIPLIER);
> > +				udp =3D rte_pktmbuf_mtod_offset(pkt,
> > +					struct rte_udp_hdr *, ip4_hdr_len);
> > +				nat_port =3D
> rte_cpu_to_be_16(IPSEC_NAT_T_PORT);
> > +				if (udp->src_port =3D=3D nat_port ||
> > +					udp->dst_port =3D=3D nat_port){
> > +					t->ipsec.pkts[(t->ipsec.num)++] =3D pkt;
> > +					pkt->packet_type |=3D
> > +
> 	RTE_PTYPE_TUNNEL_ESP_IN_UDP;
> > +					break;
> > +				}
> > +			}
> > +		/* Fall through */
> > +		default:
> >  			t->ip4.data[t->ip4.num] =3D &iph4->next_proto_id;
> >  			t->ip4.pkts[(t->ip4.num)++] =3D pkt;
> >  		}
>=20
> As I understand you don't support UDP tunneling for ipv6 packets for now.
> If so, then it probably worth to notice that in the doc, and in
> parse_sa_tokens() add a check for ipv4.
> Apart from that all seems ok to me.
> Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>

[Tejasree] Added support for IPv6 packets in v3. Could you please review?