From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on0084.outbound.protection.outlook.com [104.47.36.84]) by dpdk.org (Postfix) with ESMTP id C9BF77D34 for ; Tue, 12 Dec 2017 08:34:53 +0100 (CET) Received: from BN6PR03CA0084.namprd03.prod.outlook.com (10.164.122.150) by MWHPR03MB2704.namprd03.prod.outlook.com (10.168.207.138) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.302.9; Tue, 12 Dec 2017 07:34:52 +0000 Received: from BN1AFFO11OLC002.protection.gbl (2a01:111:f400:7c10::169) by BN6PR03CA0084.outlook.office365.com (2603:10b6:405:6f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.302.9 via Frontend Transport; Tue, 12 Dec 2017 07:34:52 +0000 Authentication-Results: spf=fail (sender IP is 192.88.168.50) smtp.mailfrom=nxp.com; caviumnetworks.com; dkim=none (message not signed) header.d=none; caviumnetworks.com; dmarc=fail action=none header.from=nxp.com; Received-SPF: Fail (protection.outlook.com: domain of nxp.com does not designate 192.88.168.50 as permitted sender) receiver=protection.outlook.com; client-ip=192.88.168.50; helo=tx30smr01.am.freescale.net; Received: from tx30smr01.am.freescale.net (192.88.168.50) by BN1AFFO11OLC002.mail.protection.outlook.com (10.58.53.73) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.20.282.5 via Frontend Transport; Tue, 12 Dec 2017 07:34:45 +0000 Received: from [10.232.134.49] ([10.232.134.49]) by tx30smr01.am.freescale.net (8.14.3/8.14.0) with ESMTP id vBC7YlHA020838; Tue, 12 Dec 2017 00:34:48 -0700 To: Anoob Joseph , Declan Doherty , Sergio Gonzalez Monroy , Radu Nicolau CC: Narayana Prasad , Jerin Jacob , References: <1510738915-14712-1-git-send-email-anoob.joseph@caviumnetworks.com> <1513006557-14898-1-git-send-email-anoob.joseph@caviumnetworks.com> From: Akhil Goyal Message-ID: Date: Tue, 12 Dec 2017 13:04:47 +0530 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: <1513006557-14898-1-git-send-email-anoob.joseph@caviumnetworks.com> Content-Type: text/plain; charset="utf-8"; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-EOPAttributedMessage: 0 X-Matching-Connectors: 131575376861214628; (91ab9b29-cfa4-454e-5278-08d120cd25b8); () X-Forefront-Antispam-Report: CIP:192.88.168.50; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(7966004)(336005)(376002)(346002)(39380400002)(39860400002)(2980300002)(1110001)(1109001)(339900001)(24454002)(199004)(189003)(23676004)(2486003)(77096006)(53936002)(106466001)(54906003)(2906002)(36756003)(105606002)(86362001)(50466002)(76176011)(575784001)(31696002)(64126003)(229853002)(83506002)(8936002)(53546010)(67846002)(59450400001)(65826007)(85426001)(305945005)(47776003)(68736007)(5660300001)(81156014)(65806001)(356003)(230700001)(81166006)(65956001)(498600001)(110136005)(104016004)(58126008)(6246003)(8676002)(97736004)(316002)(31686004)(2950100002)(4326008); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR03MB2704; H:tx30smr01.am.freescale.net; FPR:; SPF:Fail; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; BN1AFFO11OLC002; 1:Wu1sDH+k+ydd61admAqV6SXAad9RAQYIaJuA8e7qjEErT+2AmYmt723iUt66E00AZjYxVdE/DNWpZI7la+eHLSpzw3Cd9Xci6HTdyRUgmF9N6IDAquYYybpMe7ggflQV X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 22a6e31f-113f-4f18-37a4-08d54132d177 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4628075)(201703131517081)(5600026)(4604075)(2017052603307); SRVR:MWHPR03MB2704; X-Microsoft-Exchange-Diagnostics: 1; MWHPR03MB2704; 3:pqsrfP2OFUuljD8NyWEZicziHXyYp9LB5SSbeuFpVPwtwXuC8gTUnadAlXa+a9BRjhsXamADojZKNHAoWCM997LYJW7N/F2QVGyA+NPCKbqZsr13RlHcM5q20SxOfAB1Bo+unV0UpLV/BreVR8e0x+HgurX/87/e0KUwTHqhJ497vYVVRpYeyVwainPDzwTrobCh30+6c7MsL54TeyBVprm9S4+HzDzNlQexLmdY10hHiP3kUpM4zUnLihwbMatU65nB/LkykoGOzh8v6hm+ikrIuZQ0mUHWaDwG6vGD6C+MVI2Ei07dgNdgxYr4V8MEJF74j0FvkbsluXw9UHqowXP5V+0bcxs/uzqk52c9kiQ=; 25:UP84vIA7O/y9kynlHzmI1FF2pfiWwM0k3/fXoGe2W836vsFcwk1C9dKxsAjevxIC9r9vldGTXv/x4yJWBd7BdUyK3AkzOEiUXlTfMaFbz6ZwUcn9/mV43W63Y8E7/WtUxYmL1yke8Zk5a1Ve2g+39i+paisaF/Dah2LY5B5iSPtCHW6bCGhsPdDG0BIlYL3dnTrPoxT5weCFSNfwijv9sOOEa5sSfAD7TUxCq7Dm5+qGxMv2V4svY4EQRVR1rH0fNs5XnwPly+Ir+2GGGpTJbEjZcK6qBGQFjNB5IWpTwSLu4obqKiViRBBJMYQf/ALbXwKeTcKZXh3LnX6KtRSvVg== X-MS-TrafficTypeDiagnostic: MWHPR03MB2704: X-Microsoft-Exchange-Diagnostics: 1; MWHPR03MB2704; 31:JBVKZfouMgE2p1IU/gapXGNRRF1UBoxz4L4sYubckXRo1M4JaRGJH+whxfdf8nxuc1UkDy+M4ZnMmWJt+BfQkBO1UuJ4lSeVw9yXeHW159V0mYIvycAneT51z/eX4nsQ7/c+5K7PZ5KbfikYiE1cGRFiIM0QiScz1ieaJ4MKDC89yFLFEyfwg+WHQ+wjS2YJzzQPtZCI4Ggs9RO/K0v/dlwf16k0DH+ZC8HdJSTzz90=; 4:8+0NAXfic+esmibeg3YFGgV4dR9GbWn16UQDdd6Fy5AKM53UPoPIBmX6iGiCnVHTS5CasF7A1cwuA+arx0CjA4DaaQqpYbb8nX/AmV7J4Qt27gHvgx3UMQFN6AKzR4gKL3mdEcLdHf4fIyC4fD+8M63a/NHlRH8J1qPlRHWKMnfpP4XMExsz3ZAW832HVS8hKzZIATJhquiCMRamTWAD9sN2gsI9wv2xS5yf9cGzFwmH1JQmr6KK8/fwwiZ+QTr3XvmGEGK4SWdZsdwEbAF9KvgoSLu/drRMQEg9dx64DwiyqCScWUcUTdTo9hp1cPWcD66bpuFLxqPgstl83LHeHG8ixp8+8MryNRBOYsvhuK0= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(185117386973197); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6095135)(2401047)(8121501046)(5005006)(3002001)(10201501046)(93006095)(93001095)(3231023)(6055026)(6096035)(20161123565025)(201703131430075)(201703131433075)(201703131441075)(201703131448075)(201703161259150)(20161123561025)(20161123559100)(20161123563025)(20161123556025)(201708071742011); SRVR:MWHPR03MB2704; BCL:0; PCL:0; RULEID:(100000803101)(100110400095)(400006); SRVR:MWHPR03MB2704; X-Forefront-PRVS: 051900244E X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtNV0hQUjAzTUIyNzA0OzIzOmcwOXMrbzVpWVUyRCsvKzRKU0ZGbCtxSkwr?= =?utf-8?B?R2VHTTNuRGlMbGlNS2V6M0JZUHVkZ2RPbXNwaVY5TDErTXhKMXg5T0tBeGpG?= =?utf-8?B?eU1PbkNNcUdqSjVrQ09KM1U4V3U1T2Y3SzZFL3lmZXFPeDA0RHZQRHFqUGJm?= =?utf-8?B?M1RGWFpCSEF5S0RlTHVwSElBRzVzSjZMam56Q0FSZzZrREZicXhxQ3FuV1VZ?= =?utf-8?B?dFhVNmVUc3J2YWhnNUVmNUNkaWpFb3R2bnRCSU1LV1ZCOFQ2djJZZFkzYWZP?= =?utf-8?B?V2JhbVhpZ2tRTzl3RksvWVZaUElnNnY2UHh4RU1qWHdIMTR2VVJnMFhpZ1Va?= =?utf-8?B?T3ErV3NMZnVIS3Y2Yy9DTURyUnJBNSs4UTk4RHhFYnFmcEE3YWJ5TUs2Vlly?= =?utf-8?B?N0hmb25oYkJ1RTEvbSt1L0hCRE4xUVZnakY2d2FacThNZ2JGSU1ka3Exd01D?= =?utf-8?B?cXA5eG5UbEwyT2ZRb2ZRajEvY1g3amZ6QjhKZWthZmFrdUNOVmlDSFNoS2Q5?= =?utf-8?B?dHZnL0FjNjJON3JMckxGMjFtWDJSQWNkSHpVWjNsbHcwMUJza3ZIS2ZiN0tl?= =?utf-8?B?U096U3ArTWswV3FwV0wrNHowTStGbEJjdG1iVzNHRG1Nc3M0cThLZ0d3UGla?= =?utf-8?B?MjB5Mk5uTkE3bnJhM3VjTlNwSnNSSFY2a3h5Q1hmUURMWUZDNTNIcXQ5cFNP?= =?utf-8?B?TW5UTGE2TElQQ09XOG92YlBKWklRRTE0emFLOERueTRiUE92RE9TN3JZdzE3?= =?utf-8?B?Zml6M0JFSGtZZ29nbUVXTFdHUktTbGNYMWJ3d25nbDZvNWRXTjkrSEpIZlRC?= =?utf-8?B?aUpid2Z5am5qT2xSNWtjODlDZEVka2p6KzVRby80b042c2NuVjNQYzJVcE9G?= =?utf-8?B?emo0ZExNYXdaY09VMHVVUTVpbHNLVXNCd2hvMDBnRlJhbi9rK2p3cXZhcU9B?= =?utf-8?B?MnJuc3B6T2RESHEySUM0Ky9MbzYySVhlNU8xcDNsMDVsYmRuR1Y5bnpZRnhh?= =?utf-8?B?ZnRRRGxSTVpSalZEYkQvbGNSZlg4eHdZeVNCeWdGenBUYUdYYTB0eUk5K1dN?= =?utf-8?B?Qk03YWtqWkxQQ2hJVVI2eVBuUkJDYThlWit2L0VSSFFPcEptL08yS0pWeXdY?= =?utf-8?B?Z1VVeDJHMXhqNkxNNUowVXdaSUV3OENncEJ3dHBRekMzSnlWVitCZVcxaW50?= =?utf-8?B?QW9MeEhjNWQ1aHhVRU1TMmVkVU5RWGpDVHFwN3kzdWF6VGQ3OGxSeHRXNUNF?= =?utf-8?B?R3MvejNqT0s1YjBraGQ1WHJNRDZGQTFkYWMvQ1E4dTBJZ2FYVFFyWForKy9p?= =?utf-8?B?UWNkYmhnaXdLVWdUSjFQUHFaL1FhWmVNOTVOY2xscUV5UFdyc2JyOG5GM1hY?= =?utf-8?B?bTBmNUtRRVFuRHpueVJOUURxa0xSNWtMVTZmblhjeGhhZDZwUWd4dnlZTnBs?= =?utf-8?B?cVJnSDRpYWpKeXltcDdDYm54eXJiMHY5dEI4cEcycWxuQWFrUW5WU2xmTTJ4?= =?utf-8?B?N2kycWxJSExYbFpOTmhIbmZ6S0pXTjVVTXpXVUV0eEdvMGdKYjl3ZGdmelly?= =?utf-8?B?dGV2R3daR0p4TTBKQVVmY1E5SXBaTmd4QVlGeWFXWFYwdTZaRW1lS2dYS3pV?= =?utf-8?B?SmRtUUdyU0YvZ0VXSTFrSlRoTXEwc1lZbFdJUnh1alMvMnNsSUhYTnV1SEZH?= =?utf-8?B?UVNOOVlOK0ovdUd2VEh4ZkpVVmFWTTR3ckJWUGk2a1d1WklFS1FqUzdZOUNr?= =?utf-8?B?WllFdFE0ekN3SWpIdy9wTng2U0wzdmZIZU1Ha2hQM3ppMXVtc1l6ZXBqRmRm?= =?utf-8?Q?p6oZA49mldsz+?= X-Microsoft-Exchange-Diagnostics: 1; MWHPR03MB2704; 6:a99N8TIov7WAFV0wKy6dhMszDTpr+O4OksVU1Nk0xkNdyHolR8jXQQFZvYIUMbdSXrkRz/E78AaDJlowu/uNiWV+WJDdNnqXcYKtmJZpcJeMb2aKP7+PrurKkf66o7Xin3tDeiszLRfs6kzorguHEvKa/XMIjnmgN11Wyv3i6yQRqzzRb7EyYk4IzFjdKB3GWNtlHZkNE3AhOiK+7AA3lt+RgUMWgGcTZ/rd9r5Ul5AtE6eKkq3IAmx6doP5wgMgdnCZuePgcM4B0D1hyZM6pzDfRJTqBg6Mo6dFlmZ6vwbHHdBEALzyloTPd6dzeolSu1IDlRHlJ+Hj3IpztDb/VMrhzs4S3xTyUbGo+Ez/i9M=; 5:zu1DeMCrD+yygrQhrVsAWjFYuacOkQUoB4EX+Bsh9A2CC3UH0h7I+whlHVr7Di9HbgG6/N7VWPhI6fxc7ku0H1jW0kZD/GTL5EWe+vVfOXC9esH4cnMiCKGxFNR326NrMsZuGF/GykuidRRvI3OIIxbgCOosMxydojZrZOZS3+8=; 24:yehyJUZIcfvKnLw3IaWcSpp4vAgHTKLF0CSItcCcb870PTMNeQUtLLi3tMgTL+vpg9azN4ObXFqPjoXMEkKFFQYeqpzTEuzHnXcW2RBeBkE=; 7:VL190/GEKB/zbkes+e0pGBQhI2DubzHqcS9UyJs30klzwxisGv5G/cAVolefOxL03b1NhW3GRRokEBp9ecqLTq5RGNKMJ0g8BhhE4IB9gIDcv2zS9uddBjMMKRUkQk6rL03iiXQjftEiyjkgyTi68ooB1kEml43+pkmHQx/rZCijS6zUU3+XCaC3E7QQxQArsjDo7dZVSo6reZTxhiIlUE22Lch2cLVJPvWatmJgLKTwq9BYF8Vhptg2bCLDZYWR SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Dec 2017 07:34:45.8718 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 22a6e31f-113f-4f18-37a4-08d54132d177 X-MS-Exchange-CrossTenant-Id: 5afe0b00-7697-4969-b663-5eab37d5f47e X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5afe0b00-7697-4969-b663-5eab37d5f47e; Ip=[192.88.168.50]; Helo=[tx30smr01.am.freescale.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR03MB2704 Subject: Re: [dpdk-dev] [PATCH v4] examples/ipsec-secgw: fix usage of incorrect port X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2017 07:34:54 -0000 Hi Anoob, One minor comment inline. Please correct it. Apart from that, Acked-by: Akhil Goyal Thanks. On 12/11/2017 9:05 PM, Anoob Joseph wrote: > When security offload is enabled, the packet should be forwarded on the > port configured in the SA. Security session will be configured on that > port only, and sending the packet on other ports could result in > unencrypted packets being sent out. > > This would have performance improvements too, as the per packet LPM > lookup would be avoided for IPsec packets, in inline mode. > > Fixes: ec17993a145a ("examples/ipsec-secgw: support security offload") > > Signed-off-by: Anoob Joseph > --- > v4 > * Made get_hop_for_offload_pkt() be aware of the packet type (ipv4/ipv6) and > return success/error values accordingly > > v3 > * Bug fix (fixed a wrong if condition) > * Minor changes in documentation > > v2: > * Updated documentation with the change in behavior for outbound inline > offloaded packets. > > doc/guides/sample_app_ug/ipsec_secgw.rst | 10 ++- > examples/ipsec-secgw/ipsec-secgw.c | 101 ++++++++++++++++++++++++++----- > 2 files changed, 96 insertions(+), 15 deletions(-) > > diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst > index d6cfdbf..ae18acd 100644 > --- a/doc/guides/sample_app_ug/ipsec_secgw.rst > +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst > @@ -61,6 +61,12 @@ In case of complete protocol offload, the processing of headers(ESP and outer > IP header) is done by the hardware and the application does not need to > add/remove them during outbound/inbound processing. > > +For inline offloaded outbound traffic, the application will not do the LPM > +lookup for routing, as the port on which the packet has to be forwarded will be > +part of the SA. Security parameters will be configured on that port only, and > +sending the packet on other ports could result in unencrypted packets being > +sent out. > + > The Path for IPsec Inbound traffic is: > > * Read packets from the port. > @@ -543,7 +549,9 @@ where each options means: > ```` > > * Port/device ID of the ethernet/crypto accelerator for which the SA is > - configured. This option is used when *type* is NOT *no-offload* > + configured. For *inline-crypto-offload* and *inline-protocol-offload*, this > + port will be used for routing. The routing table will not be referred in > + this case. > > * Optional: No, if *type* is not *no-offload* > > diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c > index c98454a..c75dd0d 100644 > --- a/examples/ipsec-secgw/ipsec-secgw.c > +++ b/examples/ipsec-secgw/ipsec-secgw.c > @@ -585,31 +585,81 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx, > traffic->ip6.num = nb_pkts_out; > } > > +static inline int32_t > +get_hop_for_offload_pkt(struct rte_mbuf *pkt, int is_ipv6) > +{ > + struct ipsec_mbuf_metadata *priv; > + struct ipsec_sa *sa; > + > + priv = get_priv(pkt); > + > + sa = priv->sa; > + if (unlikely(sa == NULL)) { > + RTE_LOG(ERR, IPSEC, "SA not saved in private data\n"); > + goto fail; > + } > + > + if (is_ipv6) > + return sa->portid; > + > + /* else */ > + return (sa->portid | RTE_LPM_LOOKUP_SUCCESS); > + > +fail: > + if (is_ipv6) > + return -1; > + > + /* else */ > + return 0; > +} > + > static inline void > route4_pkts(struct rt_ctx *rt_ctx, struct rte_mbuf *pkts[], uint8_t nb_pkts) > { > uint32_t hop[MAX_PKT_BURST * 2]; > uint32_t dst_ip[MAX_PKT_BURST * 2]; > + int32_t pkt_hop = 0; > uint16_t i, offset; > + uint16_t lpm_pkts = 0; > > if (nb_pkts == 0) > return; > > + /* Need to do an LPM lookup for non-offload packets. Offload packets > + * will have port ID in the SA the comment should be "Need to do an LPM lookup for non-inline packets. Inline packets will have port ID in the SA". > + */ > + > for (i = 0; i < nb_pkts; i++) { > - offset = offsetof(struct ip, ip_dst); > - dst_ip[i] = *rte_pktmbuf_mtod_offset(pkts[i], > - uint32_t *, offset); > - dst_ip[i] = rte_be_to_cpu_32(dst_ip[i]); > + if (!(pkts[i]->ol_flags & PKT_TX_SEC_OFFLOAD)) { > + /* Security offload not enabled. So an LPM lookup is > + * required to get the hop > + */ > + offset = offsetof(struct ip, ip_dst); > + dst_ip[lpm_pkts] = *rte_pktmbuf_mtod_offset(pkts[i], > + uint32_t *, offset); > + dst_ip[lpm_pkts] = rte_be_to_cpu_32(dst_ip[lpm_pkts]); > + lpm_pkts++; > + } > } > > - rte_lpm_lookup_bulk((struct rte_lpm *)rt_ctx, dst_ip, hop, nb_pkts); > + rte_lpm_lookup_bulk((struct rte_lpm *)rt_ctx, dst_ip, hop, lpm_pkts); > + > + lpm_pkts = 0; > > for (i = 0; i < nb_pkts; i++) { > - if ((hop[i] & RTE_LPM_LOOKUP_SUCCESS) == 0) { > + if (pkts[i]->ol_flags & PKT_TX_SEC_OFFLOAD) { > + /* Read hop from the SA */ > + pkt_hop = get_hop_for_offload_pkt(pkts[i], 0); > + } else { > + /* Need to use hop returned by lookup */ > + pkt_hop = hop[lpm_pkts++]; > + } > + > + if ((pkt_hop & RTE_LPM_LOOKUP_SUCCESS) == 0) { > rte_pktmbuf_free(pkts[i]); > continue; > } > - send_single_packet(pkts[i], hop[i] & 0xff); > + send_single_packet(pkts[i], pkt_hop & 0xff); > } > } > > @@ -619,26 +669,49 @@ route6_pkts(struct rt_ctx *rt_ctx, struct rte_mbuf *pkts[], uint8_t nb_pkts) > int32_t hop[MAX_PKT_BURST * 2]; > uint8_t dst_ip[MAX_PKT_BURST * 2][16]; > uint8_t *ip6_dst; > + int32_t pkt_hop = 0; > uint16_t i, offset; > + uint16_t lpm_pkts = 0; > > if (nb_pkts == 0) > return; > > + /* Need to do an LPM lookup for non-offload packets. Offload packets > + * will have port ID in the SA Same here. Comments need to be updated. > + */ > + > for (i = 0; i < nb_pkts; i++) { > - offset = offsetof(struct ip6_hdr, ip6_dst); > - ip6_dst = rte_pktmbuf_mtod_offset(pkts[i], uint8_t *, offset); > - memcpy(&dst_ip[i][0], ip6_dst, 16); > + if (!(pkts[i]->ol_flags & PKT_TX_SEC_OFFLOAD)) { > + /* Security offload not enabled. So an LPM lookup is > + * required to get the hop > + */ > + offset = offsetof(struct ip6_hdr, ip6_dst); > + ip6_dst = rte_pktmbuf_mtod_offset(pkts[i], uint8_t *, > + offset); > + memcpy(&dst_ip[lpm_pkts][0], ip6_dst, 16); > + lpm_pkts++; > + } > } > > - rte_lpm6_lookup_bulk_func((struct rte_lpm6 *)rt_ctx, dst_ip, > - hop, nb_pkts); > + rte_lpm6_lookup_bulk_func((struct rte_lpm6 *)rt_ctx, dst_ip, hop, > + lpm_pkts); > + > + lpm_pkts = 0; > > for (i = 0; i < nb_pkts; i++) { > - if (hop[i] == -1) { > + if (pkts[i]->ol_flags & PKT_TX_SEC_OFFLOAD) { > + /* Read hop from the SA */ > + pkt_hop = get_hop_for_offload_pkt(pkts[i], 1); > + } else { > + /* Need to use hop returned by lookup */ > + pkt_hop = hop[lpm_pkts++]; > + } > + > + if (pkt_hop == -1) { > rte_pktmbuf_free(pkts[i]); > continue; > } > - send_single_packet(pkts[i], hop[i] & 0xff); > + send_single_packet(pkts[i], pkt_hop & 0xff); > } > } > >