From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sergio.gonzalez.monroy@intel.com>
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24])
 by dpdk.org (Postfix) with ESMTP id 38B131B5E0
 for <dev@dpdk.org>; Mon, 16 Oct 2017 11:36:08 +0200 (CEST)
Received: from orsmga003.jf.intel.com ([10.7.209.27])
 by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 16 Oct 2017 02:36:07 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.43,386,1503385200"; d="scan'208";a="1025601454"
Received: from smonroyx-mobl.ger.corp.intel.com (HELO [10.252.25.241])
 ([10.252.25.241])
 by orsmga003.jf.intel.com with ESMTP; 16 Oct 2017 02:36:04 -0700
To: aviadye@dev.mellanox.co.il, dev@dpdk.org, pablo.de.lara.guarch@intel.com, 
 aviadye@mellanox.com
References: <1507987683-12315-1-git-send-email-aviadye@dev.mellanox.co.il>
 <1507987683-12315-6-git-send-email-aviadye@dev.mellanox.co.il>
Cc: borisp@mellanox.com, akhil.goyal@nxp.com, hemant.agrawal@nxp.com,
 radu.nicolau@intel.com, declan.doherty@intel.com, liranl@mellanox.com,
 nelio.laranjeiro@6wind.com, thomas@monjalon.net
From: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Message-ID: <f8e312cc-9ea5-0f12-1653-0f0cba038f96@intel.com>
Date: Mon, 16 Oct 2017 10:36:04 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.1.1
MIME-Version: 1.0
In-Reply-To: <1507987683-12315-6-git-send-email-aviadye@dev.mellanox.co.il>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [dpdk-dev] [PATCH 06/11] examples/ipsec-secgw: Added correct
 padding to tunnel mode
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Oct 2017 09:36:09 -0000

Could you provide the cases where the padding is wrong in tunnel mode?

Thanks,
Sergio

On 14/10/2017 14:27, aviadye@dev.mellanox.co.il wrote:
> From: Aviad Yehezkel <aviadye@mellanox.com>
>
> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
> ---
>   examples/ipsec-secgw/esp.c | 51 ++++++++++++++++++++++++++--------------------
>   1 file changed, 29 insertions(+), 22 deletions(-)
>
> diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
> index 56ad7a0..689e917 100644
> --- a/examples/ipsec-secgw/esp.c
> +++ b/examples/ipsec-secgw/esp.c
> @@ -229,25 +229,26 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
>   	uint8_t *padding, *new_ip, nlp;
>   	struct rte_crypto_sym_op *sym_cop;
>   	int32_t i;
> -	uint16_t pad_payload_len, pad_len, ip_hdr_len;
> +	uint16_t pad_payload_len, pad_len = 0;
> +	uint16_t inner_ip_hdr_len = 0, ip_hdr_len = 0;
>   
>   	RTE_ASSERT(m != NULL);
>   	RTE_ASSERT(sa != NULL);
> +	RTE_ASSERT(sa->flags == IP4_TUNNEL || sa->flags == IP6_TUNNEL ||
> +		   sa->flags == TRANSPORT);
>   	RTE_ASSERT(cop != NULL);
>   
> -	ip_hdr_len = 0;
> -
>   	ip4 = rte_pktmbuf_mtod(m, struct ip *);
>   	if (likely(ip4->ip_v == IPVERSION)) {
> -		if (unlikely(sa->flags == TRANSPORT)) {
> -			ip_hdr_len = ip4->ip_hl * 4;
> +		ip_hdr_len = ip4->ip_hl * 4;
> +		if (unlikely(sa->flags == TRANSPORT))
>   			nlp = ip4->ip_p;
> -		} else
> +		else
>   			nlp = IPPROTO_IPIP;
>   	} else if (ip4->ip_v == IP6_VERSION) {
> +		/* XXX No option headers supported */
> +		ip_hdr_len = sizeof(struct ip6_hdr);
>   		if (unlikely(sa->flags == TRANSPORT)) {
> -			/* XXX No option headers supported */
> -			ip_hdr_len = sizeof(struct ip6_hdr);
>   			ip6 = (struct ip6_hdr *)ip4;
>   			nlp = ip6->ip6_nxt;
>   		} else
> @@ -259,22 +260,28 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
>   	}
>   
>   	/* Padded payload length */
> -	pad_payload_len = RTE_ALIGN_CEIL(rte_pktmbuf_pkt_len(m) -
> -			ip_hdr_len + 2, sa->block_size);
> -	pad_len = pad_payload_len + ip_hdr_len - rte_pktmbuf_pkt_len(m);
> -
> -	RTE_ASSERT(sa->flags == IP4_TUNNEL || sa->flags == IP6_TUNNEL ||
> -			sa->flags == TRANSPORT);
> -
> -	if (likely(sa->flags == IP4_TUNNEL))
> +	if (unlikely(sa->flags == TRANSPORT)) {
> +		pad_payload_len = RTE_ALIGN_CEIL(rte_pktmbuf_pkt_len(m) +
> +						 sizeof(nlp) + 1 - ip_hdr_len,
> +						 sa->block_size);
> +		pad_len = pad_payload_len + ip_hdr_len - rte_pktmbuf_pkt_len(m);
> +	} else {
> +		inner_ip_hdr_len = ip_hdr_len;
>   		ip_hdr_len = sizeof(struct ip);
> -	else if (sa->flags == IP6_TUNNEL)
> -		ip_hdr_len = sizeof(struct ip6_hdr);
> -	else if (sa->flags != TRANSPORT) {
> -		RTE_LOG(ERR, IPSEC_ESP, "Unsupported SA flags: 0x%x\n",
> -				sa->flags);
> -		return -EINVAL;
> +		if (sa->flags == IP6_TUNNEL)
> +			ip_hdr_len = sizeof(struct ip6_hdr);
> +
> +		pad_payload_len = RTE_ALIGN_CEIL(rte_pktmbuf_pkt_len(m) +
> +						 sizeof(nlp) + 1,
> +						 sa->block_size);
> +		pad_len = pad_payload_len - rte_pktmbuf_pkt_len(m);
>   	}
> +	RTE_LOG(DEBUG, IPSEC_ESP, "rte_pktmbuf_pkt_len=%u "
> +		"inner_ip_hdr_len=%u ip_hdr_len=%u "
> +		"pad_payload_len=%u pad_len=%u\n",
> +		rte_pktmbuf_pkt_len(m),
> +		inner_ip_hdr_len, ip_hdr_len,
> +		pad_payload_len, pad_len);
>   
>   	/* Check maximum packet size */
>   	if (unlikely(ip_hdr_len + sizeof(struct esp_hdr) + sa->iv_len +