From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by dpdk.org (Postfix) with ESMTP id 38B131B5E0 for ; Mon, 16 Oct 2017 11:36:08 +0200 (CEST) Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Oct 2017 02:36:07 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.43,386,1503385200"; d="scan'208";a="1025601454" Received: from smonroyx-mobl.ger.corp.intel.com (HELO [10.252.25.241]) ([10.252.25.241]) by orsmga003.jf.intel.com with ESMTP; 16 Oct 2017 02:36:04 -0700 To: aviadye@dev.mellanox.co.il, dev@dpdk.org, pablo.de.lara.guarch@intel.com, aviadye@mellanox.com References: <1507987683-12315-1-git-send-email-aviadye@dev.mellanox.co.il> <1507987683-12315-6-git-send-email-aviadye@dev.mellanox.co.il> Cc: borisp@mellanox.com, akhil.goyal@nxp.com, hemant.agrawal@nxp.com, radu.nicolau@intel.com, declan.doherty@intel.com, liranl@mellanox.com, nelio.laranjeiro@6wind.com, thomas@monjalon.net From: Sergio Gonzalez Monroy Message-ID: Date: Mon, 16 Oct 2017 10:36:04 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1 MIME-Version: 1.0 In-Reply-To: <1507987683-12315-6-git-send-email-aviadye@dev.mellanox.co.il> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [dpdk-dev] [PATCH 06/11] examples/ipsec-secgw: Added correct padding to tunnel mode X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Oct 2017 09:36:09 -0000 Could you provide the cases where the padding is wrong in tunnel mode? Thanks, Sergio On 14/10/2017 14:27, aviadye@dev.mellanox.co.il wrote: > From: Aviad Yehezkel > > Signed-off-by: Aviad Yehezkel > --- > examples/ipsec-secgw/esp.c | 51 ++++++++++++++++++++++++++-------------------- > 1 file changed, 29 insertions(+), 22 deletions(-) > > diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c > index 56ad7a0..689e917 100644 > --- a/examples/ipsec-secgw/esp.c > +++ b/examples/ipsec-secgw/esp.c > @@ -229,25 +229,26 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa, > uint8_t *padding, *new_ip, nlp; > struct rte_crypto_sym_op *sym_cop; > int32_t i; > - uint16_t pad_payload_len, pad_len, ip_hdr_len; > + uint16_t pad_payload_len, pad_len = 0; > + uint16_t inner_ip_hdr_len = 0, ip_hdr_len = 0; > > RTE_ASSERT(m != NULL); > RTE_ASSERT(sa != NULL); > + RTE_ASSERT(sa->flags == IP4_TUNNEL || sa->flags == IP6_TUNNEL || > + sa->flags == TRANSPORT); > RTE_ASSERT(cop != NULL); > > - ip_hdr_len = 0; > - > ip4 = rte_pktmbuf_mtod(m, struct ip *); > if (likely(ip4->ip_v == IPVERSION)) { > - if (unlikely(sa->flags == TRANSPORT)) { > - ip_hdr_len = ip4->ip_hl * 4; > + ip_hdr_len = ip4->ip_hl * 4; > + if (unlikely(sa->flags == TRANSPORT)) > nlp = ip4->ip_p; > - } else > + else > nlp = IPPROTO_IPIP; > } else if (ip4->ip_v == IP6_VERSION) { > + /* XXX No option headers supported */ > + ip_hdr_len = sizeof(struct ip6_hdr); > if (unlikely(sa->flags == TRANSPORT)) { > - /* XXX No option headers supported */ > - ip_hdr_len = sizeof(struct ip6_hdr); > ip6 = (struct ip6_hdr *)ip4; > nlp = ip6->ip6_nxt; > } else > @@ -259,22 +260,28 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa, > } > > /* Padded payload length */ > - pad_payload_len = RTE_ALIGN_CEIL(rte_pktmbuf_pkt_len(m) - > - ip_hdr_len + 2, sa->block_size); > - pad_len = pad_payload_len + ip_hdr_len - rte_pktmbuf_pkt_len(m); > - > - RTE_ASSERT(sa->flags == IP4_TUNNEL || sa->flags == IP6_TUNNEL || > - sa->flags == TRANSPORT); > - > - if (likely(sa->flags == IP4_TUNNEL)) > + if (unlikely(sa->flags == TRANSPORT)) { > + pad_payload_len = RTE_ALIGN_CEIL(rte_pktmbuf_pkt_len(m) + > + sizeof(nlp) + 1 - ip_hdr_len, > + sa->block_size); > + pad_len = pad_payload_len + ip_hdr_len - rte_pktmbuf_pkt_len(m); > + } else { > + inner_ip_hdr_len = ip_hdr_len; > ip_hdr_len = sizeof(struct ip); > - else if (sa->flags == IP6_TUNNEL) > - ip_hdr_len = sizeof(struct ip6_hdr); > - else if (sa->flags != TRANSPORT) { > - RTE_LOG(ERR, IPSEC_ESP, "Unsupported SA flags: 0x%x\n", > - sa->flags); > - return -EINVAL; > + if (sa->flags == IP6_TUNNEL) > + ip_hdr_len = sizeof(struct ip6_hdr); > + > + pad_payload_len = RTE_ALIGN_CEIL(rte_pktmbuf_pkt_len(m) + > + sizeof(nlp) + 1, > + sa->block_size); > + pad_len = pad_payload_len - rte_pktmbuf_pkt_len(m); > } > + RTE_LOG(DEBUG, IPSEC_ESP, "rte_pktmbuf_pkt_len=%u " > + "inner_ip_hdr_len=%u ip_hdr_len=%u " > + "pad_payload_len=%u pad_len=%u\n", > + rte_pktmbuf_pkt_len(m), > + inner_ip_hdr_len, ip_hdr_len, > + pad_payload_len, pad_len); > > /* Check maximum packet size */ > if (unlikely(ip_hdr_len + sizeof(struct esp_hdr) + sa->iv_len +