From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 05E55A0487
	for <public@inbox.dpdk.org>; Mon,  1 Jul 2019 13:38:36 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id E0D2E3195;
	Mon,  1 Jul 2019 13:38:35 +0200 (CEST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com
 (mail-eopbgr150044.outbound.protection.outlook.com [40.107.15.44])
 by dpdk.org (Postfix) with ESMTP id 25BA42C60
 for <dev@dpdk.org>; Mon,  1 Jul 2019 13:38:35 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; 
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=TgIfqbQcZlCwqXGW2ZqbLxdJQVeuTBuqV1fkdtssh8o=;
 b=hEmV3cJGu4CYvB1VJtZ9D3yxOtTD0HT0sSmU85psvtEq9Vf6LuDSBBLppT+E/ptQIO9ury70Gc5pV+fcYKxZo5NVuY71tX8gzs6wgqkRmyQBfky/KhJM+vFIQUIi7aJ50qHBcXiuJxUa5kFU6kEtO4n9tlOskHuc7BugHU0KxSw=
Received: from VE1PR04MB6639.eurprd04.prod.outlook.com (20.179.235.82) by
 VE1PR04MB6606.eurprd04.prod.outlook.com (20.179.235.10) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2032.20; Mon, 1 Jul 2019 11:38:34 +0000
Received: from VE1PR04MB6639.eurprd04.prod.outlook.com
 ([fe80::a929:3d03:7bb7:d5e0]) by VE1PR04MB6639.eurprd04.prod.outlook.com
 ([fe80::a929:3d03:7bb7:d5e0%7]) with mapi id 15.20.2032.019; Mon, 1 Jul 2019
 11:38:34 +0000
From: Akhil Goyal <akhil.goyal@nxp.com>
To: Mariusz Drost <mariuszx.drost@intel.com>, "dev@dpdk.org" <dev@dpdk.org>
CC: Konstantin Ananyev <konstantin.ananyev@intel.com>
Thread-Topic: [PATCH v2 2/2] examples/ipsec-secgw: fix not working inline
 ipsec modes
Thread-Index: AQHVLCMp6iL4X7n7dk+qWsOb0uKenaa1qpZw
Date: Mon, 1 Jul 2019 11:38:33 +0000
Message-ID: <VE1PR04MB66393C45BE6090CFDCA8A69AE6F90@VE1PR04MB6639.eurprd04.prod.outlook.com>
In-Reply-To: <20190626132617.10576-3-mariuszx.drost@intel.com>
Accept-Language: en-IN, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=akhil.goyal@nxp.com; 
x-originating-ip: [92.120.1.65]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e1e66767-3332-43e1-d96a-08d6fe18a635
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0;
 RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020);
 SRVR:VE1PR04MB6606; 
x-ms-traffictypediagnostic: VE1PR04MB6606:
x-microsoft-antispam-prvs: <VE1PR04MB6606CCD182CBC1A9D380A7D5E6F90@VE1PR04MB6606.eurprd04.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6790;
x-forefront-prvs: 00851CA28B
x-forefront-antispam-report: SFV:NSPM;
 SFS:(10009020)(4636009)(346002)(376002)(396003)(366004)(136003)(39860400002)(199004)(189003)(2501003)(74316002)(14444005)(11346002)(478600001)(256004)(66066001)(476003)(76116006)(486006)(7736002)(68736007)(66556008)(2906002)(52536014)(33656002)(86362001)(64756008)(66946007)(73956011)(66446008)(44832011)(99286004)(55016002)(5660300002)(9686003)(3846002)(8676002)(102836004)(53936002)(6506007)(14454004)(316002)(71200400001)(6436002)(110136005)(25786009)(7696005)(4326008)(26005)(71190400001)(6246003)(305945005)(66476007)(6116002)(229853002)(8936002)(81156014)(186003)(81166006);
 DIR:OUT; SFP:1101; SCL:1; SRVR:VE1PR04MB6606;
 H:VE1PR04MB6639.eurprd04.prod.outlook.com; FPR:; SPF:None; LANG:en;
 PTR:InfoNoRecords; A:1; MX:1; 
received-spf: None (protection.outlook.com: nxp.com does not designate
 permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 3bfquMmswuh6bVOm0Cx9iWSEcaSYyo4ByzKhqwq4uVGk/Qyk0v3q4DLO5nQnJZ/sPzBwiNrU/TBzKi8pIVX3Jbv/EWLaaEQQ+07EOi01GnGewhHDxjsxMSQ1mZqWV9tDS6p9o0/9GfNV/G7qMiXVD6d7orLJQzGh5iMWSdG6y5TIYTxGsLUZs3UsH267KrOCyV2xp02Z7Rr0Z72JnW4Tm2QIRoDqrBo/VFWSOgovIFygqS7plcYzRltamjZ0iHKPZ7deB+LJK4LGEa1ZwXZ2FKX316kr33Q19HrhyPsTDepQ9lytQdlfvSRDHyJpEwqM/P4Nj+m2D2mprZGqRjvJdq5fCSVuyTsggyHacoix0PEolTpC4uZnce8nMHNq2B7/lI8WJn2itbdHdy6jmAriJlpNeVd9vc+JElt6GEsrcGE=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nxp.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e1e66767-3332-43e1-d96a-08d6fe18a635
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Jul 2019 11:38:33.7572 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: akhil.goyal@nxp.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR04MB6606
Subject: Re: [dpdk-dev] [PATCH v2 2/2] examples/ipsec-secgw: fix not working
 inline ipsec modes
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>


>=20
> Application ipsec-secgw is not working for IPv4 transport mode and for
> IPv6 both transport and tunnel mode.
>=20
> IPv6 tunnel mode is not working due to wrongly assigned fields of
> security association patterns, as it was IPv4, during creation of
> inline crypto session.
>=20
> IPv6 and IPv4 transport mode is iterating through security capabilities
> until it reaches tunnel, which causes session to be created as tunnel,
> instead of transport. Another issue, is that config file does not
> provide source and destination ip addresses for transport mode, which
> are required by NIC to perform inline crypto. It uses default addresses
> stored in security association (all zeroes), which causes dropped
> packages.
>=20
> To fix that, reorganization of code in create_session() is needed,
> to behave appropriately to given protocol (IPv6/IPv4). Change in
> iteration through security capabilities is also required, to check
> for expected mode (not only tunnel).
>=20
> For lack of addresses issue, some resolving mechanism is needed.
> Approach is to store addresses in security association, as it is
> for tunnel mode. Difference is that they are obtained from sp rules,
> instead of config file. To do that, sp[4/6]_spi_present() function
> is used to find addresses based on spi value, and then stored in
> corresponding sa rule. This approach assumes, that every sp rule
> for inline crypto have valid addresses, as well as range of addresses
> is not supported.
>=20
> New flags for ipsec_sa structure are required to distinguish between
> IPv4 and IPv6 transport modes. Because of that, there is need to
> change all checks done on these flags, so they work as expected.
>=20
> Fixes: ec17993a145a ("examples/ipsec-secgw: support security offload")
> Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
>=20
> Signed-off-by: Mariusz Drost <mariuszx.drost@intel.com>
> Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> ---
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>