From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 0E2A642DF6; Fri, 7 Jul 2023 10:59:51 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 9661D406B5; Fri, 7 Jul 2023 10:59:50 +0200 (CEST) Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by mails.dpdk.org (Postfix) with ESMTP id 7A56740685 for ; Fri, 7 Jul 2023 10:59:48 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1688720388; x=1720256388; h=message-id:date:subject:to:cc:references:from: in-reply-to:content-transfer-encoding:mime-version; bh=BpdFcQlyzvwVxZVwtCqKcPA9zR9EeHoNJnFoj6PglTk=; b=e/lOETUmMp80gFK1MkfJ/ouV+2GFBUPJzBZvv1I/TPLyKR9Qamld4XrJ I8kKmqMs7ps9WbA71oN6tZdyD1la4VMJoYqUGmwYyBe7CFXxKAH/kvFSS AY/JYw4MZKLoVMIorKXjqYtTap5/pClJ3OmY2kls1KwMBoOYwoaWyVej/ sqrbHFqH7c6j8rIXczYPk8dJ29Ucbxqz4OG1V9vDpWjgeKw3X/Xk46Xp4 pMDdsQB2a4YpjBNoPC+1RLElNjuJlY2OE1USDSlgvjxS5gJHj+KW5qCn4 rIB3lhRYvDAnCHwqhLNcdiZXuF7uxlEwR8k7eiQTbnp61c0mErQKnFaD2 w==; X-IronPort-AV: E=McAfee;i="6600,9927,10763"; a="362710776" X-IronPort-AV: E=Sophos;i="6.01,187,1684825200"; d="scan'208";a="362710776" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Jul 2023 01:59:47 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10763"; a="697163080" X-IronPort-AV: E=Sophos;i="6.01,187,1684825200"; d="scan'208";a="697163080" Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by orsmga006.jf.intel.com with ESMTP; 07 Jul 2023 01:59:42 -0700 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Fri, 7 Jul 2023 01:59:40 -0700 Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27 via Frontend Transport; Fri, 7 Jul 2023 01:59:40 -0700 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.174) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.27; Fri, 7 Jul 2023 01:59:40 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ctdOunA34UMey5T26BoT3vNFWxNujZXylFfQR2m1KH5o7W4E+8LGl2LRFyXy6Iqrk7AKIcYcSOq/TraI75Tt0OVTBgiCx6kKa6tWBavYBpxKJXyphVYdjWfOnCmSM41//6wwqlglI9gMU3qc8RBZ4uhywQ4mXOnD0ZYu9i4ueKaDFBJKtS+2O5o2ZKwYBV2SBv3lhN401PN4a5PLwnK48ethJxfcQwpLXrpDbs56UOI49t8/UB/4MjJiG/0bh1IoFJNZyBrJfxnrakcSr/K1RKfcQrJa/yLSpO08TfNjkaIu/tp4q8aNWaPlQUo0mrVrIE5+5/PTU/7h8cCUmxPDTg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=H4BGlvpywaD6cfnB3t+U7WnNLSgH1UUUY78NBP+yAZU=; b=H9GbhyyDNG9UvhfFZ/cDlFPPXo0P8Ss0MiOP5gRmmXNrAYTH/B9ionNeXfEXFD7JoHhlJWTZlSjZrRCufEA3/uBgh2t6yxGC/c+9FmzEjqElsbaC67agBmhJCtdxUlgCJoWyU/kZpxsqUlL5hopeK+JYyD3ov5f4UzNC1mCYI5FyI/lbCWVQuB978gRfZFFrtgpstPXYCUVGwgQ6MibFdjKUJueoMAVVL2hAqAuPmHKBQyvDf5lNq+DAQwF1B0wRQ7/Ya3LtFN5CFSIRNupX9/8ho5ALJzqW2yIb94R+WthSDckzPIEwdt4RW/bt6c3PK2wKJ4nViiq3cJ/XeMsefw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; Received: from DM8PR11MB5653.namprd11.prod.outlook.com (2603:10b6:8:25::8) by IA1PR11MB6394.namprd11.prod.outlook.com (2603:10b6:208:3ad::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6565.17; Fri, 7 Jul 2023 08:59:38 +0000 Received: from DM8PR11MB5653.namprd11.prod.outlook.com ([fe80::9d26:3f6:8afa:4543]) by DM8PR11MB5653.namprd11.prod.outlook.com ([fe80::9d26:3f6:8afa:4543%6]) with mapi id 15.20.6565.025; Fri, 7 Jul 2023 08:59:37 +0000 Message-ID: Date: Fri, 7 Jul 2023 09:59:32 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.12.0 Subject: Re: [EXT] [PATCH] ipsec: fix NAT-T length calculation Content-Language: en-US To: Xiao Liang CC: Konstantin Ananyev , Akhil Goyal , Konstantin Ananyev , Vladimir Medvedkin , "dev@dpdk.org" References: <20230418084613.52740-1-shaw.leon@gmail.com> <05b87294-0b96-804c-f4e7-0fc3b3ccbbf4@intel.com> From: Radu Nicolau In-Reply-To: Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 8bit X-ClientProxiedBy: DB9PR05CA0026.eurprd05.prod.outlook.com (2603:10a6:10:1da::31) To DM8PR11MB5653.namprd11.prod.outlook.com (2603:10b6:8:25::8) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM8PR11MB5653:EE_|IA1PR11MB6394:EE_ X-MS-Office365-Filtering-Correlation-Id: 57b9f216-0540-4243-0404-08db7ec87e13 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: c+T5j8qGAJi3mPAUSg9F3INAYPUkDbpEUsQHXj1ruCdl/EgNpkXTaO4fAVRvQh5g4xOiwNvWklBAWuckcQcBJpCDGXh4ny4o4vn5IUecjclIReRG7hV6QiLNtJuSAvfCauUgd9G3gT/5cgAu1qYtL7OJEfXm+PKZynWOxzW2ffvDm2rfoaQJCRUEghz2kb34ySU3FxOh4mLLOC1pZBRfiRI33aB+Km8IdiKcct4Dc2CiRcCndf6PXvSBVKCG7IhdQpTaD/aVFEpD2y0ts+bwvJMAfxju+RAr/du2uTvrwbfaABn0MvMExSdUDS9yd2Lx+D/5qKDy4hXajAcJSvDbs4wTh4Dlu0YqMYcjWDJxAyiUpM1qbA8r6G2pEZst/rjEpPuMORZMKbqpYvQq5Fl95iVM1yckOV5E5Ti0+Ul+gY8BoNHQ1Gyt7ueW0dy7dVngh6HCSK84m+Nc8GV45Lw367vU3pOruGQRkO4cBrqOFaLij/stMsXX64wK9gMIbEunclc7ojlpmD+A3qgcpBs2SM40oThR3iguYnxfJly4E7S2wyffQPSvip/KbVsqTnMKnovvt4V1+UziQF7+VIyn1SBetbpnHnYPSvoVJEqBdrYRVRRJeJpS9VeKadfn9hUeLJqVeo9O/yq1Kq0e0UmRKA== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM8PR11MB5653.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(39860400002)(376002)(136003)(366004)(346002)(396003)(451199021)(31686004)(478600001)(6666004)(6486002)(54906003)(38100700002)(2616005)(83380400001)(31696002)(86362001)(36756003)(66946007)(2906002)(55236004)(26005)(53546011)(6506007)(186003)(6512007)(316002)(82960400001)(4326008)(66476007)(66556008)(6916009)(41300700001)(5660300002)(8676002)(8936002)(44832011)(43740500002)(45980500001); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?TGp0T1NCNHNVZ1hRMHNMTXAwZmFUcS9sdkZScTc1aS9pUUtyL2prWG9URXlK?= =?utf-8?B?djVMQlRNb0FXc1ZIVlNmSENrU1dEcXFBcHlQTURJMVRzWUZnRUZKcVpPRCtX?= =?utf-8?B?em5WamZOSlRUc3MweWl6aytjYzliK0JVRGxEOEo0cHhYK3RteXZzcUwxMTFt?= =?utf-8?B?dThWMWlSTEI2QkdlY3BkZUlHUzlIeUR2WEtwVmVmeDFkZkQ4MjFuKy91bStK?= =?utf-8?B?WFhIQkJNcFZCTUxXS0I2VmN0bjJ2TWhlS2JIRzdWZGJHbVN3bHlBN0ROVFZv?= =?utf-8?B?SEUxMEpQb2xnQURBNC9qaFkxaW5JWGxrWWx2dmNJNVdQTTJFaVNMclZRZCtJ?= =?utf-8?B?VXF1U3czL3grWDNya093QlRTTHNWR0JFK2IwM3hQckRKVUpRT0NXSGxLSFk3?= =?utf-8?B?Z1NJd1ZYUDM4MXN4RDdOZVA2NXdXVW9HdzRCRWk4bGM0VmUxbzNMT3hGQWIr?= =?utf-8?B?UmwyU3M5aGI0UkZBbk9XeDRJaGN5UW1JS3MyLzdQSHFNL3pUbGh5bU42MGY4?= =?utf-8?B?TnM0bmVmUEZBODU0TDB4bG5VRFI5NW0zWHhyYmEydVNGV3o5QXNrcTNWUk1l?= =?utf-8?B?ckhvcURDZVVVSE01dXdRanFPbzQyUEttRmdFOThlVlBzMUtPZ1gvdWZTMHBH?= =?utf-8?B?c3dETld2T0NKZlJ2bGRwUDd2aHlxU3NmdUlvSXYxWFd6MTFRcFdOelh6ZHZZ?= =?utf-8?B?WXUwM0ZPT2t4b1hTMDM4RU9zL2FLZHJCTXFyNUJqcUFRN1F1bzB6MzdGQVpV?= =?utf-8?B?bVlIZStVeHE2N1l3MWMvUUZublJXS3duRW9LL2FWN3FIY21CaGxGL3I4aXpj?= =?utf-8?B?WXBhdDJYRmluZUJvUXh6TTZtTUV0VTc4SU1FRHkxU3pzRWNiNURlOFFLNVFZ?= =?utf-8?B?NStrSGdwa0pXR0NrTExqV01uYm5WR3hBcjRhMmZxQ2w1WCt0bUJ4d2JlZklw?= =?utf-8?B?ajV6alFaajFNbnpDR1JrMGI1NjRzaXl4VkRxdmRYWlBCZEFKcUlaNkdjN0xM?= =?utf-8?B?blM5aHNRSFpMZEFXOUoralp4UnFjblUzaUpXQnlJMDRPQUs1K24rb0Ficzhj?= =?utf-8?B?aFdTKy9ERmtDNWhBdTgzTDQyckFteUF4N3J5MC9JNGNmOHBCanNsSmx3cjB3?= =?utf-8?B?V3ZtZkRMZWhjN2NIOWVWK0tkN2RJUXZCRnU0UXZyRHVFVnVoVUNUd2pDUHFw?= =?utf-8?B?T3dSaGlVTkxlSVJvWnpMa21tcHp2WVNVM0Jxc1RSc3ltRTI1M2tWelErWkUy?= =?utf-8?B?OXpzL1NyNXNDQktacUt3dk9yNkdMOE1DWmZGNVRoY2w3cFRvRFlid25EaFZu?= =?utf-8?B?eW9VTVFnZlQ3RkQ4eFR0TlJwSFY1aEZrR1NieXc1UlNJUGhzcXZZRTdBWDRk?= =?utf-8?B?c0x6aHc1Z3ZCSDhoeFhlRXpFVDV6YkZCSXE2aStpanovNlgrT0FnR2Nab25S?= =?utf-8?B?T25kbTIyK29ZYkhNTmlSVlhEMkF2dnZPTVBlUWtBaWhsOHd2TldDenl2WHlM?= =?utf-8?B?VWlXdXBiSnpPNHprZ0pHditFVkFlc3EvRkN6Tm5DRUtWR0dNRzd3N1hUbGJH?= =?utf-8?B?MktWV3p5V1U3MzVzWXlDYVRyQjdrQ3F5MTM3ckNUL2hUYWdRQUQ0UVdoWFRo?= =?utf-8?B?SHBlbGxHUFAzemRKcHR1OFdQVEhRN0VoSHhYRXE3SnhKdUp1V0FtSDB5T3JS?= =?utf-8?B?RTAzM1prc05PUWVjSDZTTFlmNWw5ZXVqM2h4RHJKcm1JVitJMWV5SGdPaDk3?= =?utf-8?B?QzhUNThNa1BIdU5JK0F6SjBWeEpnc3NZVXdMR3pYS3ZyMWREWjRoUmF5SCt6?= =?utf-8?B?WjRCRGZqUU9Ma0NFQUxEWllPd1FZclZNN0Urb3Ywb0NLQ1pCNFJDVVRMR1BX?= =?utf-8?B?SmEvS0NrdzlhRGZmZWU3NFhQSFVGSE5JU2dKY2dMVXlic2Y5QVZHTlovY0pN?= =?utf-8?B?YWxPanhYMVhzbjF6STkzMnA5SDZQdGgrd1hUL3o2SWYyR0NBY25KTWNGOTdj?= =?utf-8?B?dTRaTUN4V0hkbzlFR2NHNHovMks0NGdZS0FGYklQcUpndDJlNlV2aUJlNFVx?= =?utf-8?B?Tit2QVRmZGFZaXJaK09MQmJTNm1odE9IaHV2L0VDR3pTZDBlM1ZIM3VrZHNa?= =?utf-8?B?YVNjL3R1VjZ4bGMvb1R5WFhlNXNHNWlGU3BCMUxKZWdlbDQ4WUpQQnBiZC8y?= =?utf-8?B?TFE9PQ==?= X-MS-Exchange-CrossTenant-Network-Message-Id: 57b9f216-0540-4243-0404-08db7ec87e13 X-MS-Exchange-CrossTenant-AuthSource: DM8PR11MB5653.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Jul 2023 08:59:37.9028 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: MAq5UefK+pZ0kopuEf++/IwyaGDpHa29hxJbZvlFOFcbl/4a72Ncwl5aSY9q+W+TA1Ob5PiZe7XZO1dCkfVTlg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR11MB6394 X-OriginatorOrg: intel.com X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org On 07-Jul-23 4:12 AM, Xiao Liang wrote: > |<- mb->pkt_len - sqh_len ->| > |<- sa->hdr_len ->| > |<- sa->hdr_l3_off ->| |<- udph->dgram_len ->| > > +--------------------+------------+-----+-----+---------+-----+ > | ETH | IP | UDP | ESP | payload | sqh | > +--------------------+------------+-----+-----+---------+-----+ > > |<- sa->hdr_l3_off ->|<- l3_len ->| > |<- prm->tun.hdr_len ->| > |<- sa->hdr_len ->| sa->hdr_len and prm->tun.hdr_len don't include L2 length so both should start in the diagram at the end of the ETH header. So the right way to compute datagram length is dgram_len = mb->pkt_len - sqh_len - sa->hdr_l3_off - sa->hdr_len + sizeof(struct rte_udp_hdr) > > The figure above shows how > udph->dgram_len = mb->pkt_len - sqh_len - sa->hdr_len + > sizeof(struct rte_udp_hdr); > and > l3_len = prm->tun.hdr_len - sa->hdr_l3_off; > > Correct me if anything wrong. > > Thanks, > Xiao Liang > > > > > On Thu, Jul 6, 2023 at 6:20 PM Radu Nicolau wrote: >> >> On 06-Jul-23 10:08 AM, Konstantin Ananyev wrote: >>> Hi Akhil, >>> >>>> Hi Konstantin, >>>> Can you review this patch? >>>> >>>>> UDP header length is included in sa->hdr_len. Take care of that in >>>>> L3 header and pakcet length calculation. >>>>> >>>>> Fixes: 01eef5907fc3 ("ipsec: support NAT-T") >>>>> >>>>> Signed-off-by: Xiao Liang >>>>> --- >>>>> lib/ipsec/esp_outb.c | 2 +- >>>>> lib/ipsec/sa.c | 2 +- >>>>> 2 files changed, 2 insertions(+), 2 deletions(-) >>>>> >>>>> diff --git a/lib/ipsec/esp_outb.c b/lib/ipsec/esp_outb.c >>>>> index 9cbd9202f6..ec87b1dce2 100644 >>>>> --- a/lib/ipsec/esp_outb.c >>>>> +++ b/lib/ipsec/esp_outb.c >>>>> @@ -198,7 +198,7 @@ outb_tun_pkt_prepare(struct rte_ipsec_sa *sa, >>>>> rte_be64_t sqc, >>>>> struct rte_udp_hdr *udph = (struct rte_udp_hdr *) >>>>> (ph + sa->hdr_len - sizeof(struct rte_udp_hdr)); >>>>> udph->dgram_len = rte_cpu_to_be_16(mb->pkt_len - sqh_len - >>>>> - sa->hdr_l3_off - sa->hdr_len); >>>>> + sa->hdr_len + sizeof(struct rte_udp_hdr)); >>> To be honest, it is not clear to me why we shouldn't take into account sa->hdr_l3_off >>> any more. >>> Probably the author can explain. >>> Also would like author of NAT-T support to chime in. >>> Radu, any comments on that patch? >> I agree, hdr_l3_off should not be ignored. Also sa->hdr_len already >> includes the size of UDP header, see line 366 in esp_outb_tun_init in >> sa.c (or the line above this change, where the udph pointer is computed >> assuming this) >>> Thanks >>> Konstantin >>> >>>>> } >>>>> >>>>> /* update original and new ip header fields */ >>>>> diff --git a/lib/ipsec/sa.c b/lib/ipsec/sa.c >>>>> index 59a547637d..2297bd6d72 100644 >>>>> --- a/lib/ipsec/sa.c >>>>> +++ b/lib/ipsec/sa.c >>>>> @@ -371,7 +371,7 @@ esp_outb_tun_init(struct rte_ipsec_sa *sa, const struct >>>>> rte_ipsec_sa_prm *prm) >>>>> >>>>> /* update l2_len and l3_len fields for outbound mbuf */ >>>>> sa->tx_offload.val = rte_mbuf_tx_offload(sa->hdr_l3_off, >>>>> - sa->hdr_len - sa->hdr_l3_off, 0, 0, 0, 0, 0); >>>>> + prm->tun.hdr_len - sa->hdr_l3_off, 0, 0, 0, 0, 0); >>>>> >>>>> esp_outb_init(sa, sa->hdr_len, prm->ipsec_xform.esn.value); >>>>> } >>>>> -- >>>>> 2.40.0