From: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
To: aviadye@dev.mellanox.co.il, dev@dpdk.org,
pablo.de.lara.guarch@intel.com, aviadye@mellanox.com
Cc: borisp@mellanox.com, akhil.goyal@nxp.com, hemant.agrawal@nxp.com,
radu.nicolau@intel.com, declan.doherty@intel.com,
liranl@mellanox.com, nelio.laranjeiro@6wind.com,
thomas@monjalon.net
Subject: Re: [dpdk-dev] [PATCH 06/11] examples/ipsec-secgw: Added correct padding to tunnel mode
Date: Mon, 16 Oct 2017 10:36:04 +0100 [thread overview]
Message-ID: <f8e312cc-9ea5-0f12-1653-0f0cba038f96@intel.com> (raw)
In-Reply-To: <1507987683-12315-6-git-send-email-aviadye@dev.mellanox.co.il>
Could you provide the cases where the padding is wrong in tunnel mode?
Thanks,
Sergio
On 14/10/2017 14:27, aviadye@dev.mellanox.co.il wrote:
> From: Aviad Yehezkel <aviadye@mellanox.com>
>
> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
> ---
> examples/ipsec-secgw/esp.c | 51 ++++++++++++++++++++++++++--------------------
> 1 file changed, 29 insertions(+), 22 deletions(-)
>
> diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
> index 56ad7a0..689e917 100644
> --- a/examples/ipsec-secgw/esp.c
> +++ b/examples/ipsec-secgw/esp.c
> @@ -229,25 +229,26 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
> uint8_t *padding, *new_ip, nlp;
> struct rte_crypto_sym_op *sym_cop;
> int32_t i;
> - uint16_t pad_payload_len, pad_len, ip_hdr_len;
> + uint16_t pad_payload_len, pad_len = 0;
> + uint16_t inner_ip_hdr_len = 0, ip_hdr_len = 0;
>
> RTE_ASSERT(m != NULL);
> RTE_ASSERT(sa != NULL);
> + RTE_ASSERT(sa->flags == IP4_TUNNEL || sa->flags == IP6_TUNNEL ||
> + sa->flags == TRANSPORT);
> RTE_ASSERT(cop != NULL);
>
> - ip_hdr_len = 0;
> -
> ip4 = rte_pktmbuf_mtod(m, struct ip *);
> if (likely(ip4->ip_v == IPVERSION)) {
> - if (unlikely(sa->flags == TRANSPORT)) {
> - ip_hdr_len = ip4->ip_hl * 4;
> + ip_hdr_len = ip4->ip_hl * 4;
> + if (unlikely(sa->flags == TRANSPORT))
> nlp = ip4->ip_p;
> - } else
> + else
> nlp = IPPROTO_IPIP;
> } else if (ip4->ip_v == IP6_VERSION) {
> + /* XXX No option headers supported */
> + ip_hdr_len = sizeof(struct ip6_hdr);
> if (unlikely(sa->flags == TRANSPORT)) {
> - /* XXX No option headers supported */
> - ip_hdr_len = sizeof(struct ip6_hdr);
> ip6 = (struct ip6_hdr *)ip4;
> nlp = ip6->ip6_nxt;
> } else
> @@ -259,22 +260,28 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
> }
>
> /* Padded payload length */
> - pad_payload_len = RTE_ALIGN_CEIL(rte_pktmbuf_pkt_len(m) -
> - ip_hdr_len + 2, sa->block_size);
> - pad_len = pad_payload_len + ip_hdr_len - rte_pktmbuf_pkt_len(m);
> -
> - RTE_ASSERT(sa->flags == IP4_TUNNEL || sa->flags == IP6_TUNNEL ||
> - sa->flags == TRANSPORT);
> -
> - if (likely(sa->flags == IP4_TUNNEL))
> + if (unlikely(sa->flags == TRANSPORT)) {
> + pad_payload_len = RTE_ALIGN_CEIL(rte_pktmbuf_pkt_len(m) +
> + sizeof(nlp) + 1 - ip_hdr_len,
> + sa->block_size);
> + pad_len = pad_payload_len + ip_hdr_len - rte_pktmbuf_pkt_len(m);
> + } else {
> + inner_ip_hdr_len = ip_hdr_len;
> ip_hdr_len = sizeof(struct ip);
> - else if (sa->flags == IP6_TUNNEL)
> - ip_hdr_len = sizeof(struct ip6_hdr);
> - else if (sa->flags != TRANSPORT) {
> - RTE_LOG(ERR, IPSEC_ESP, "Unsupported SA flags: 0x%x\n",
> - sa->flags);
> - return -EINVAL;
> + if (sa->flags == IP6_TUNNEL)
> + ip_hdr_len = sizeof(struct ip6_hdr);
> +
> + pad_payload_len = RTE_ALIGN_CEIL(rte_pktmbuf_pkt_len(m) +
> + sizeof(nlp) + 1,
> + sa->block_size);
> + pad_len = pad_payload_len - rte_pktmbuf_pkt_len(m);
> }
> + RTE_LOG(DEBUG, IPSEC_ESP, "rte_pktmbuf_pkt_len=%u "
> + "inner_ip_hdr_len=%u ip_hdr_len=%u "
> + "pad_payload_len=%u pad_len=%u\n",
> + rte_pktmbuf_pkt_len(m),
> + inner_ip_hdr_len, ip_hdr_len,
> + pad_payload_len, pad_len);
>
> /* Check maximum packet size */
> if (unlikely(ip_hdr_len + sizeof(struct esp_hdr) + sa->iv_len +
next prev parent reply other threads:[~2017-10-16 9:36 UTC|newest]
Thread overview: 71+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-14 13:27 [dpdk-dev] [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS file aviadye
2017-10-14 13:27 ` [dpdk-dev] [PATCH 02/11] examples/ipsec-secgw: Fixed init of aead crypto devices aviadye
2017-10-15 12:54 ` Aviad Yehezkel
2017-10-16 15:23 ` De Lara Guarch, Pablo
2017-10-14 13:27 ` [dpdk-dev] [PATCH 03/11] examples/ipsec-secgw: Fixed create session also for aead aviadye
2017-10-15 12:54 ` Aviad Yehezkel
2017-10-16 15:33 ` De Lara Guarch, Pablo
2017-10-14 13:27 ` [dpdk-dev] [PATCH 04/11] examples/ipsec-secgw: Fix aad_len for for aes-gcm support aviadye
2017-10-15 12:54 ` Aviad Yehezkel
2017-10-14 13:27 ` [dpdk-dev] [PATCH 05/11] examples/ipsec-secgw: Fixed transport aviadye
2017-10-15 12:55 ` Aviad Yehezkel
2017-10-16 9:30 ` Sergio Gonzalez Monroy
2017-10-16 10:42 ` Aviad Yehezkel
2017-10-19 18:16 ` De Lara Guarch, Pablo
2017-10-19 18:29 ` Aviad Yehezkel
2017-10-14 13:27 ` [dpdk-dev] [PATCH 06/11] examples/ipsec-secgw: Added correct padding to tunnel mode aviadye
2017-10-15 12:55 ` Aviad Yehezkel
2017-10-16 9:36 ` Sergio Gonzalez Monroy [this message]
2017-10-14 13:27 ` [dpdk-dev] [PATCH 07/11] examples/ipsec-secgw: Fixed phyiscal address of aad aviadye
2017-10-15 12:55 ` Aviad Yehezkel
2017-10-16 9:39 ` Sergio Gonzalez Monroy
2017-10-14 13:28 ` [dpdk-dev] [PATCH 08/11] examples/ipsec-secgw: iv should be be64 aviadye
2017-10-15 12:55 ` Aviad Yehezkel
2017-10-16 9:42 ` Sergio Gonzalez Monroy
2017-10-16 10:35 ` Aviad Yehezkel
2017-10-16 11:59 ` Sergio Gonzalez Monroy
2017-10-14 13:28 ` [dpdk-dev] [PATCH 09/11] examples/ipsec-secgw: Fixed ip length in case of transport aviadye
2017-10-15 12:56 ` Aviad Yehezkel
2017-10-16 9:43 ` Sergio Gonzalez Monroy
2017-10-16 11:44 ` Aviad Yehezkel
2017-10-16 12:03 ` Sergio Gonzalez Monroy
2017-10-19 18:44 ` Aviad Yehezkel
2017-10-14 13:28 ` [dpdk-dev] [PATCH 10/11] app/testpmd: compile even if ixgbe anf bnxt pmds are not compiling aviadye
2017-10-15 12:56 ` Aviad Yehezkel
2017-10-16 9:44 ` Sergio Gonzalez Monroy
2017-10-16 10:38 ` Aviad Yehezkel
2017-10-14 13:28 ` [dpdk-dev] [PATCH 11/11] examples/ipsec-secgw: Ethernet MAC configuration is now dynamic throw conf file aviadye
2017-10-15 12:56 ` Aviad Yehezkel
2017-10-15 12:53 ` [dpdk-dev] [PATCH 01/11] examples/ipsec-secgw: updated MAINTAINERS file Aviad Yehezkel
2017-10-16 7:33 ` De Lara Guarch, Pablo
2017-10-16 9:27 ` Sergio Gonzalez Monroy
2017-10-16 10:43 ` Aviad Yehezkel
2017-10-16 13:39 ` De Lara Guarch, Pablo
2017-10-17 12:36 ` Hemant Agrawal
2017-10-17 13:17 ` De Lara Guarch, Pablo
2017-10-21 17:12 ` Akhil Goyal
2017-10-23 8:32 ` Sergio Gonzalez Monroy
2017-10-19 18:52 ` [dpdk-dev] [PATCH v2 1/6] examples/ipsec-secgw: fix initialization of aead crypto devices aviadye
2017-10-19 18:53 ` [dpdk-dev] [PATCH v2 2/6] examples/ipsec-secgw: fix create session also for aead aviadye
2017-10-19 18:53 ` [dpdk-dev] [PATCH v2 3/6] examples/ipsec-secgw: fix aad_len for for aes-gcm aviadye
2017-10-20 9:52 ` De Lara Guarch, Pablo
2017-10-20 10:52 ` Thomas Monjalon
2017-10-19 18:53 ` [dpdk-dev] [PATCH v2 4/6] examples/ipsec-secgw: add correct padding to tunnel mode aviadye
2017-10-20 5:55 ` Sergio Gonzalez Monroy
2017-10-23 10:54 ` De Lara Guarch, Pablo
2017-10-23 11:40 ` Aviad Yehezkel
2017-10-19 18:53 ` [dpdk-dev] [PATCH v2 5/6] examples/ipsec-secgw: iv should be be64 aviadye
2017-10-20 15:28 ` Radu Nicolau
2017-10-19 18:53 ` [dpdk-dev] [PATCH v2 6/6] examples/ipsec-secgw: config ethernet MACs dynamically aviadye
2017-10-20 16:34 ` Nicolau, Radu
2019-03-28 19:11 ` Ferruh Yigit
2019-03-28 19:11 ` Ferruh Yigit
2017-10-20 9:50 ` [dpdk-dev] [PATCH v2 1/6] examples/ipsec-secgw: fix initialization of aead crypto devices De Lara Guarch, Pablo
2017-10-22 7:21 ` Aviad Yehezkel
2017-10-22 11:00 ` Thomas Monjalon
2017-10-24 12:48 ` [dpdk-dev] [PATCH v3 1/4] " aviadye
2017-10-24 12:48 ` [dpdk-dev] [PATCH v3 2/4] examples/ipsec-secgw: fix create session also for aead aviadye
2017-10-24 12:48 ` [dpdk-dev] [PATCH v3 3/4] examples/ipsec-secgw: fix AAD length for aes-gcm aviadye
2017-10-24 12:49 ` [dpdk-dev] [PATCH v3 4/4] examples/ipsec-secgw: iv should be be64 aviadye
2017-10-24 14:06 ` [dpdk-dev] [PATCH v3 1/4] examples/ipsec-secgw: fix initialization of aead crypto devices Radu Nicolau
2017-10-24 14:20 ` De Lara Guarch, Pablo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f8e312cc-9ea5-0f12-1653-0f0cba038f96@intel.com \
--to=sergio.gonzalez.monroy@intel.com \
--cc=akhil.goyal@nxp.com \
--cc=aviadye@dev.mellanox.co.il \
--cc=aviadye@mellanox.com \
--cc=borisp@mellanox.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=hemant.agrawal@nxp.com \
--cc=liranl@mellanox.com \
--cc=nelio.laranjeiro@6wind.com \
--cc=pablo.de.lara.guarch@intel.com \
--cc=radu.nicolau@intel.com \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).