* [dpdk-stable] [PATCH 1/3] examples/ipsec-secgw: fix invalid packet length [not found] <20190527184448.21264-1-konstantin.ananyev@intel.com> @ 2019-05-27 18:44 ` Konstantin Ananyev [not found] ` <20190606115151.27805-1-konstantin.ananyev@intel.com> 1 sibling, 0 replies; 5+ messages in thread From: Konstantin Ananyev @ 2019-05-27 18:44 UTC (permalink / raw) To: dev; +Cc: akhil.goyal, Konstantin Ananyev, stable for packets smaller then 64B some NICs reports pkt_len=64B. As ipsec-secgw (and librte_ipsec) relies on pkt_len value to determine payload length, that causes problems for small packets. To fix the issue, check that pkt_len matches values in IPv4/IPv6 header and re-adjust pkt_len if necessary. Fixes: 906257e965b7 ("examples/ipsec-secgw: support IPv6") Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application") Cc: stable@dpdk.org Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com> --- examples/ipsec-secgw/ipsec-secgw.c | 59 +++++++++++++++++++++++------- 1 file changed, 46 insertions(+), 13 deletions(-) diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c index 478dd80c2..1d1855f50 100644 --- a/examples/ipsec-secgw/ipsec-secgw.c +++ b/examples/ipsec-secgw/ipsec-secgw.c @@ -229,35 +229,68 @@ static struct rte_eth_conf port_conf = { static struct socket_ctx socket_ctx[NB_SOCKETS]; +static inline void +adjust_ipv4_pktlen(struct rte_mbuf *m, const struct ipv4_hdr *iph, + uint32_t l2_len) +{ + uint32_t plen, trim; + + plen = rte_be_to_cpu_16(iph->total_length) + l2_len; + if (plen < m->pkt_len) { + trim = m->pkt_len - plen; + rte_pktmbuf_trim(m, trim); + } +} + +static inline void +adjust_ipv6_pktlen(struct rte_mbuf *m, const struct ipv6_hdr *iph, + uint32_t l2_len) +{ + uint32_t plen, trim; + + plen = rte_be_to_cpu_16(iph->payload_len) + sizeof(*iph) + l2_len; + if (plen < m->pkt_len) { + trim = m->pkt_len - plen; + rte_pktmbuf_trim(m, trim); + } +} + static inline void prepare_one_packet(struct rte_mbuf *pkt, struct ipsec_traffic *t) { - uint8_t *nlp; - struct ether_hdr *eth; + const struct ether_hdr *eth; + const struct ipv4_hdr *iph4; + const struct ipv6_hdr *iph6; - eth = rte_pktmbuf_mtod(pkt, struct ether_hdr *); + eth = rte_pktmbuf_mtod(pkt, const struct ether_hdr *); if (eth->ether_type == rte_cpu_to_be_16(ETHER_TYPE_IPv4)) { - nlp = (uint8_t *)rte_pktmbuf_adj(pkt, ETHER_HDR_LEN); - nlp = RTE_PTR_ADD(nlp, offsetof(struct ip, ip_p)); - if (*nlp == IPPROTO_ESP) + + iph4 = (const struct ipv4_hdr *)rte_pktmbuf_adj(pkt, + ETHER_HDR_LEN); + adjust_ipv4_pktlen(pkt, iph4, 0); + + if (iph4->next_proto_id == IPPROTO_ESP) t->ipsec.pkts[(t->ipsec.num)++] = pkt; else { - t->ip4.data[t->ip4.num] = nlp; + t->ip4.data[t->ip4.num] = &iph4->next_proto_id; t->ip4.pkts[(t->ip4.num)++] = pkt; } pkt->l2_len = 0; - pkt->l3_len = sizeof(struct ip); + pkt->l3_len = sizeof(*iph4); } else if (eth->ether_type == rte_cpu_to_be_16(ETHER_TYPE_IPv6)) { - nlp = (uint8_t *)rte_pktmbuf_adj(pkt, ETHER_HDR_LEN); - nlp = RTE_PTR_ADD(nlp, offsetof(struct ip6_hdr, ip6_nxt)); - if (*nlp == IPPROTO_ESP) + + iph6 = (const struct ipv6_hdr *)rte_pktmbuf_adj(pkt, + ETHER_HDR_LEN); + adjust_ipv6_pktlen(pkt, iph6, 0); + + if (iph6->proto == IPPROTO_ESP) t->ipsec.pkts[(t->ipsec.num)++] = pkt; else { - t->ip6.data[t->ip6.num] = nlp; + t->ip6.data[t->ip6.num] = &iph6->proto; t->ip6.pkts[(t->ip6.num)++] = pkt; } pkt->l2_len = 0; - pkt->l3_len = sizeof(struct ip6_hdr); + pkt->l3_len = sizeof(*iph6); } else { /* Unknown/Unsupported type, drop the packet */ RTE_LOG(ERR, IPSEC, "Unsupported packet type 0x%x\n", -- 2.17.1 ^ permalink raw reply [flat|nested] 5+ messages in thread
[parent not found: <20190606115151.27805-1-konstantin.ananyev@intel.com>]
* [dpdk-stable] [PATCH v2 1/5] examples/ipsec-secgw: fix invalid packet length [not found] ` <20190606115151.27805-1-konstantin.ananyev@intel.com> @ 2019-06-06 11:51 ` Konstantin Ananyev 2019-06-25 13:04 ` Akhil Goyal [not found] ` <20190625231649.22560-1-konstantin.ananyev@intel.com> 1 sibling, 1 reply; 5+ messages in thread From: Konstantin Ananyev @ 2019-06-06 11:51 UTC (permalink / raw) To: dev; +Cc: akhil.goyal, Konstantin Ananyev, stable for packets smaller then 64B some NICs reports pkt_len=64B. As ipsec-secgw (and librte_ipsec) relies on pkt_len value to determine payload length, that causes problems for small packets. To fix the issue, check that pkt_len matches values in IPv4/IPv6 header and re-adjust pkt_len if necessary. Fixes: 906257e965b7 ("examples/ipsec-secgw: support IPv6") Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application") Cc: stable@dpdk.org Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com> --- examples/ipsec-secgw/ipsec-secgw.c | 59 +++++++++++++++++++++++------- 1 file changed, 46 insertions(+), 13 deletions(-) diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c index 6c626fa5f..4004f2bc2 100644 --- a/examples/ipsec-secgw/ipsec-secgw.c +++ b/examples/ipsec-secgw/ipsec-secgw.c @@ -229,35 +229,68 @@ static struct rte_eth_conf port_conf = { static struct socket_ctx socket_ctx[NB_SOCKETS]; +static inline void +adjust_ipv4_pktlen(struct rte_mbuf *m, const struct rte_ipv4_hdr *iph, + uint32_t l2_len) +{ + uint32_t plen, trim; + + plen = rte_be_to_cpu_16(iph->total_length) + l2_len; + if (plen < m->pkt_len) { + trim = m->pkt_len - plen; + rte_pktmbuf_trim(m, trim); + } +} + +static inline void +adjust_ipv6_pktlen(struct rte_mbuf *m, const struct rte_ipv6_hdr *iph, + uint32_t l2_len) +{ + uint32_t plen, trim; + + plen = rte_be_to_cpu_16(iph->payload_len) + sizeof(*iph) + l2_len; + if (plen < m->pkt_len) { + trim = m->pkt_len - plen; + rte_pktmbuf_trim(m, trim); + } +} + static inline void prepare_one_packet(struct rte_mbuf *pkt, struct ipsec_traffic *t) { - uint8_t *nlp; - struct rte_ether_hdr *eth; + const struct rte_ether_hdr *eth; + const struct rte_ipv4_hdr *iph4; + const struct rte_ipv6_hdr *iph6; - eth = rte_pktmbuf_mtod(pkt, struct rte_ether_hdr *); + eth = rte_pktmbuf_mtod(pkt, const struct rte_ether_hdr *); if (eth->ether_type == rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4)) { - nlp = (uint8_t *)rte_pktmbuf_adj(pkt, RTE_ETHER_HDR_LEN); - nlp = RTE_PTR_ADD(nlp, offsetof(struct ip, ip_p)); - if (*nlp == IPPROTO_ESP) + + iph4 = (const struct rte_ipv4_hdr *)rte_pktmbuf_adj(pkt, + RTE_ETHER_HDR_LEN); + adjust_ipv4_pktlen(pkt, iph4, 0); + + if (iph4->next_proto_id == IPPROTO_ESP) t->ipsec.pkts[(t->ipsec.num)++] = pkt; else { - t->ip4.data[t->ip4.num] = nlp; + t->ip4.data[t->ip4.num] = &iph4->next_proto_id; t->ip4.pkts[(t->ip4.num)++] = pkt; } pkt->l2_len = 0; - pkt->l3_len = sizeof(struct ip); + pkt->l3_len = sizeof(*iph4); } else if (eth->ether_type == rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6)) { - nlp = (uint8_t *)rte_pktmbuf_adj(pkt, RTE_ETHER_HDR_LEN); - nlp = RTE_PTR_ADD(nlp, offsetof(struct ip6_hdr, ip6_nxt)); - if (*nlp == IPPROTO_ESP) + + iph6 = (const struct rte_ipv6_hdr *)rte_pktmbuf_adj(pkt, + RTE_ETHER_HDR_LEN); + adjust_ipv6_pktlen(pkt, iph6, 0); + + if (iph6->proto == IPPROTO_ESP) t->ipsec.pkts[(t->ipsec.num)++] = pkt; else { - t->ip6.data[t->ip6.num] = nlp; + t->ip6.data[t->ip6.num] = &iph6->proto; t->ip6.pkts[(t->ip6.num)++] = pkt; } pkt->l2_len = 0; - pkt->l3_len = sizeof(struct ip6_hdr); + pkt->l3_len = sizeof(*iph6); } else { /* Unknown/Unsupported type, drop the packet */ RTE_LOG(ERR, IPSEC, "Unsupported packet type 0x%x\n", -- 2.17.1 ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [dpdk-stable] [PATCH v2 1/5] examples/ipsec-secgw: fix invalid packet length 2019-06-06 11:51 ` [dpdk-stable] [PATCH v2 1/5] " Konstantin Ananyev @ 2019-06-25 13:04 ` Akhil Goyal 2019-06-25 13:07 ` Ananyev, Konstantin 0 siblings, 1 reply; 5+ messages in thread From: Akhil Goyal @ 2019-06-25 13:04 UTC (permalink / raw) To: Konstantin Ananyev, dev; +Cc: stable Hi Konstantin, Could you please rebase this patchset. There are some conflicting changes because of Marcin's patches. Also could you please squash your doc patch with " examples/ipsec-secgw: support packet fragmentation and reassembly " As per convention followed, there should not be separate doc patches. Thanks, Akhil > > for packets smaller then 64B some NICs reports pkt_len=64B. > As ipsec-secgw (and librte_ipsec) relies on pkt_len value to determine > payload length, that causes problems for small packets. > To fix the issue, check that pkt_len matches values in IPv4/IPv6 header > and re-adjust pkt_len if necessary. > > Fixes: 906257e965b7 ("examples/ipsec-secgw: support IPv6") > Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application") > Cc: stable@dpdk.org > > Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com> > --- > examples/ipsec-secgw/ipsec-secgw.c | 59 +++++++++++++++++++++++------- > 1 file changed, 46 insertions(+), 13 deletions(-) > > diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec- > secgw/ipsec-secgw.c > index 6c626fa5f..4004f2bc2 100644 > --- a/examples/ipsec-secgw/ipsec-secgw.c > +++ b/examples/ipsec-secgw/ipsec-secgw.c > @@ -229,35 +229,68 @@ static struct rte_eth_conf port_conf = { > > static struct socket_ctx socket_ctx[NB_SOCKETS]; > > +static inline void > +adjust_ipv4_pktlen(struct rte_mbuf *m, const struct rte_ipv4_hdr *iph, > + uint32_t l2_len) > +{ > + uint32_t plen, trim; > + > + plen = rte_be_to_cpu_16(iph->total_length) + l2_len; > + if (plen < m->pkt_len) { > + trim = m->pkt_len - plen; > + rte_pktmbuf_trim(m, trim); > + } > +} > + > +static inline void > +adjust_ipv6_pktlen(struct rte_mbuf *m, const struct rte_ipv6_hdr *iph, > + uint32_t l2_len) > +{ > + uint32_t plen, trim; > + > + plen = rte_be_to_cpu_16(iph->payload_len) + sizeof(*iph) + l2_len; > + if (plen < m->pkt_len) { > + trim = m->pkt_len - plen; > + rte_pktmbuf_trim(m, trim); > + } > +} > + > static inline void > prepare_one_packet(struct rte_mbuf *pkt, struct ipsec_traffic *t) > { > - uint8_t *nlp; > - struct rte_ether_hdr *eth; > + const struct rte_ether_hdr *eth; > + const struct rte_ipv4_hdr *iph4; > + const struct rte_ipv6_hdr *iph6; > > - eth = rte_pktmbuf_mtod(pkt, struct rte_ether_hdr *); > + eth = rte_pktmbuf_mtod(pkt, const struct rte_ether_hdr *); > if (eth->ether_type == rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4)) { > - nlp = (uint8_t *)rte_pktmbuf_adj(pkt, RTE_ETHER_HDR_LEN); > - nlp = RTE_PTR_ADD(nlp, offsetof(struct ip, ip_p)); > - if (*nlp == IPPROTO_ESP) > + > + iph4 = (const struct rte_ipv4_hdr *)rte_pktmbuf_adj(pkt, > + RTE_ETHER_HDR_LEN); > + adjust_ipv4_pktlen(pkt, iph4, 0); > + > + if (iph4->next_proto_id == IPPROTO_ESP) > t->ipsec.pkts[(t->ipsec.num)++] = pkt; > else { > - t->ip4.data[t->ip4.num] = nlp; > + t->ip4.data[t->ip4.num] = &iph4->next_proto_id; > t->ip4.pkts[(t->ip4.num)++] = pkt; > } > pkt->l2_len = 0; > - pkt->l3_len = sizeof(struct ip); > + pkt->l3_len = sizeof(*iph4); > } else if (eth->ether_type == rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6)) > { > - nlp = (uint8_t *)rte_pktmbuf_adj(pkt, RTE_ETHER_HDR_LEN); > - nlp = RTE_PTR_ADD(nlp, offsetof(struct ip6_hdr, ip6_nxt)); > - if (*nlp == IPPROTO_ESP) > + > + iph6 = (const struct rte_ipv6_hdr *)rte_pktmbuf_adj(pkt, > + RTE_ETHER_HDR_LEN); > + adjust_ipv6_pktlen(pkt, iph6, 0); > + > + if (iph6->proto == IPPROTO_ESP) > t->ipsec.pkts[(t->ipsec.num)++] = pkt; > else { > - t->ip6.data[t->ip6.num] = nlp; > + t->ip6.data[t->ip6.num] = &iph6->proto; > t->ip6.pkts[(t->ip6.num)++] = pkt; > } > pkt->l2_len = 0; > - pkt->l3_len = sizeof(struct ip6_hdr); > + pkt->l3_len = sizeof(*iph6); > } else { > /* Unknown/Unsupported type, drop the packet */ > RTE_LOG(ERR, IPSEC, "Unsupported packet type 0x%x\n", > -- > 2.17.1 ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [dpdk-stable] [PATCH v2 1/5] examples/ipsec-secgw: fix invalid packet length 2019-06-25 13:04 ` Akhil Goyal @ 2019-06-25 13:07 ` Ananyev, Konstantin 0 siblings, 0 replies; 5+ messages in thread From: Ananyev, Konstantin @ 2019-06-25 13:07 UTC (permalink / raw) To: Akhil Goyal, dev; +Cc: stable Hi Akhil, > > Hi Konstantin, > > Could you please rebase this patchset. There are some conflicting changes because of Marcin's patches. > Also could you please squash your doc patch with " examples/ipsec-secgw: support packet fragmentation and reassembly " > As per convention followed, there should not be separate doc patches. Sure, will do. Konstantin ^ permalink raw reply [flat|nested] 5+ messages in thread
[parent not found: <20190625231649.22560-1-konstantin.ananyev@intel.com>]
* [dpdk-stable] [PATCH v3 1/4] examples/ipsec-secgw: fix invalid packet length [not found] ` <20190625231649.22560-1-konstantin.ananyev@intel.com> @ 2019-06-25 23:16 ` Konstantin Ananyev 0 siblings, 0 replies; 5+ messages in thread From: Konstantin Ananyev @ 2019-06-25 23:16 UTC (permalink / raw) To: dev; +Cc: akhil.goyal, Konstantin Ananyev, stable for packets smaller then 64B some NICs reports pkt_len=64B. As ipsec-secgw (and librte_ipsec) relies on pkt_len value to determine payload length, that causes problems for small packets. To fix the issue, check that pkt_len matches values in IPv4/IPv6 header and re-adjust pkt_len if necessary. Fixes: 906257e965b7 ("examples/ipsec-secgw: support IPv6") Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application") Cc: stable@dpdk.org Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com> --- examples/ipsec-secgw/ipsec-secgw.c | 57 ++++++++++++++++++++++-------- 1 file changed, 43 insertions(+), 14 deletions(-) diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c index 3911e6a60..33c438964 100644 --- a/examples/ipsec-secgw/ipsec-secgw.c +++ b/examples/ipsec-secgw/ipsec-secgw.c @@ -230,34 +230,65 @@ static struct rte_eth_conf port_conf = { static struct socket_ctx socket_ctx[NB_SOCKETS]; +static inline void +adjust_ipv4_pktlen(struct rte_mbuf *m, const struct rte_ipv4_hdr *iph, + uint32_t l2_len) +{ + uint32_t plen, trim; + + plen = rte_be_to_cpu_16(iph->total_length) + l2_len; + if (plen < m->pkt_len) { + trim = m->pkt_len - plen; + rte_pktmbuf_trim(m, trim); + } +} + +static inline void +adjust_ipv6_pktlen(struct rte_mbuf *m, const struct rte_ipv6_hdr *iph, + uint32_t l2_len) +{ + uint32_t plen, trim; + + plen = rte_be_to_cpu_16(iph->payload_len) + sizeof(*iph) + l2_len; + if (plen < m->pkt_len) { + trim = m->pkt_len - plen; + rte_pktmbuf_trim(m, trim); + } +} + static inline void prepare_one_packet(struct rte_mbuf *pkt, struct ipsec_traffic *t) { - uint8_t *nlp; - struct rte_ether_hdr *eth; + const struct rte_ether_hdr *eth; + const struct rte_ipv4_hdr *iph4; + const struct rte_ipv6_hdr *iph6; - eth = rte_pktmbuf_mtod(pkt, struct rte_ether_hdr *); + eth = rte_pktmbuf_mtod(pkt, const struct rte_ether_hdr *); if (eth->ether_type == rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4)) { - nlp = (uint8_t *)rte_pktmbuf_adj(pkt, RTE_ETHER_HDR_LEN); - nlp = RTE_PTR_ADD(nlp, offsetof(struct ip, ip_p)); - if (*nlp == IPPROTO_ESP) + + iph4 = (const struct rte_ipv4_hdr *)rte_pktmbuf_adj(pkt, + RTE_ETHER_HDR_LEN); + adjust_ipv4_pktlen(pkt, iph4, 0); + + if (iph4->next_proto_id == IPPROTO_ESP) t->ipsec.pkts[(t->ipsec.num)++] = pkt; else { - t->ip4.data[t->ip4.num] = nlp; + t->ip4.data[t->ip4.num] = &iph4->next_proto_id; t->ip4.pkts[(t->ip4.num)++] = pkt; } pkt->l2_len = 0; - pkt->l3_len = sizeof(struct ip); + pkt->l3_len = sizeof(*iph4); } else if (eth->ether_type == rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6)) { int next_proto; size_t l3len, ext_len; - struct rte_ipv6_hdr *v6h; uint8_t *p; /* get protocol type */ - v6h = (struct rte_ipv6_hdr *)rte_pktmbuf_adj(pkt, + iph6 = (const struct rte_ipv6_hdr *)rte_pktmbuf_adj(pkt, RTE_ETHER_HDR_LEN); - next_proto = v6h->proto; + adjust_ipv6_pktlen(pkt, iph6, 0); + + next_proto = iph6->proto; /* determine l3 header size up to ESP extension */ l3len = sizeof(struct ip6_hdr); @@ -276,9 +307,7 @@ prepare_one_packet(struct rte_mbuf *pkt, struct ipsec_traffic *t) if (next_proto == IPPROTO_ESP) t->ipsec.pkts[(t->ipsec.num)++] = pkt; else { - t->ip6.data[t->ip6.num] = rte_pktmbuf_mtod_offset(pkt, - uint8_t *, - offsetof(struct rte_ipv6_hdr, proto)); + t->ip6.data[t->ip6.num] = &iph6->proto; t->ip6.pkts[(t->ip6.num)++] = pkt; } pkt->l2_len = 0; -- 2.17.1 ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-06-25 23:17 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- [not found] <20190527184448.21264-1-konstantin.ananyev@intel.com> 2019-05-27 18:44 ` [dpdk-stable] [PATCH 1/3] examples/ipsec-secgw: fix invalid packet length Konstantin Ananyev [not found] ` <20190606115151.27805-1-konstantin.ananyev@intel.com> 2019-06-06 11:51 ` [dpdk-stable] [PATCH v2 1/5] " Konstantin Ananyev 2019-06-25 13:04 ` Akhil Goyal 2019-06-25 13:07 ` Ananyev, Konstantin [not found] ` <20190625231649.22560-1-konstantin.ananyev@intel.com> 2019-06-25 23:16 ` [dpdk-stable] [PATCH v3 1/4] " Konstantin Ananyev
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).