From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.5 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8086FC43613 for ; Thu, 20 Jun 2019 12:07:49 +0000 (UTC) Received: from dpdk.org (dpdk.org [92.243.14.124]) by mail.kernel.org (Postfix) with ESMTP id 0E5312080C for ; Thu, 20 Jun 2019 12:07:48 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=nxp.com header.i=@nxp.com header.b="ZNl1+giM" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 0E5312080C Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=nxp.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=dev-bounces@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 646561D394; Thu, 20 Jun 2019 14:07:47 +0200 (CEST) Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50043.outbound.protection.outlook.com [40.107.5.43]) by dpdk.org (Postfix) with ESMTP id 21DD81D38F for ; Thu, 20 Jun 2019 14:07:46 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yFX0B/XGs9F/WopCzhowLWJjmDp4Sp9o6oMbYfPhNAo=; b=ZNl1+giM5KlYa6UvP9Mh5PXZLmztj69JNZuzLJoRQAP/3+n8CXhtxVCXydNhYpNEeJWxOK5nOzMlF4mPStaDowSUZqgHIogTr07iKuAOxtbvXLlZlkPorEtcdygEHmEm6TvgxlpVvBEN8pse0p6vZadpSBjCKarSmWUxlcmnJAM= Received: from VE1PR04MB6639.eurprd04.prod.outlook.com (20.179.235.82) by VE1PR04MB6768.eurprd04.prod.outlook.com (20.179.235.221) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1987.10; Thu, 20 Jun 2019 12:07:45 +0000 Received: from VE1PR04MB6639.eurprd04.prod.outlook.com ([fe80::a929:3d03:7bb7:d5e0]) by VE1PR04MB6639.eurprd04.prod.outlook.com ([fe80::a929:3d03:7bb7:d5e0%7]) with mapi id 15.20.1987.014; Thu, 20 Jun 2019 12:07:45 +0000 From: Akhil Goyal To: Marcin Smoczynski , "marko.kovacevic@intel.com" , "orika@mellanox.com" , "bruce.richardson@intel.com" , "pablo.de.lara.guarch@intel.com" , "radu.nicolau@intel.com" , "tomasz.kantecki@intel.com" , "konstantin.ananyev@intel.com" , "bernard.iremonger@intel.com" , "olivier.matz@6wind.com" CC: "dev@dpdk.org" Thread-Topic: [PATCH 2/3] ipsec: fix transport mode for ipv6 with extensions Thread-Index: AQHVBYuS3ni/Z03s8kmnCMU7c6JrEaakr7QQ Date: Thu, 20 Jun 2019 12:07:44 +0000 Message-ID: References: <20190508104717.13448-1-marcinx.smoczynski@intel.com> <20190508104717.13448-2-marcinx.smoczynski@intel.com> In-Reply-To: <20190508104717.13448-2-marcinx.smoczynski@intel.com> Accept-Language: en-IN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=akhil.goyal@nxp.com; x-originating-ip: [92.120.1.65] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 2966934d-4bfd-46c0-b079-08d6f577e752 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:VE1PR04MB6768; x-ms-traffictypediagnostic: VE1PR04MB6768: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7219; x-forefront-prvs: 0074BBE012 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(346002)(376002)(136003)(396003)(366004)(199004)(189003)(305945005)(76116006)(66946007)(7416002)(6116002)(14454004)(55016002)(186003)(2201001)(68736007)(486006)(7696005)(74316002)(14444005)(66066001)(71200400001)(26005)(53936002)(6506007)(256004)(102836004)(99286004)(86362001)(52536014)(9686003)(3846002)(66446008)(446003)(71190400001)(11346002)(110136005)(229853002)(476003)(66556008)(6246003)(76176011)(8936002)(73956011)(81166006)(64756008)(6436002)(33656002)(2501003)(478600001)(25786009)(5660300002)(8676002)(4326008)(316002)(81156014)(2906002)(66476007)(44832011)(7736002)(921003)(1121003); DIR:OUT; SFP:1101; SCL:1; SRVR:VE1PR04MB6768; H:VE1PR04MB6639.eurprd04.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: nxp.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: NirUxENuDjt9Zrtnic/ND/cGt4HZlOKPorHAPqbAPwxEyLzGSDt6P1Kefyouen9CW/DwzBA5Jr9+e3KKpiMeEUjYU9XIOqGa/8fTi1Ur6dHTu5WxCobRbX+QBqFW/+ILZnR138LI3xrAiIhVmOAAL2MDENGjbXJXbVtZjLOnwZKq9w5CS9guulp1hWo595PXpyz7ODY9m5YHtbAbRi2Ajh4JUWNBrKjEBmuwcy4YkPoYnXV8+aK7EfL83IVhym1dd8arUvw7vN8kKuJ5Tw2nMETK8lcXFJ0TPNLhcymvuuNHhyctZHMbQSc4XeFTgphvTvKCW5lLdycEc/0JYkCGS6fGednu6LSe7wEeRIEpSocNfsX/oS2aXsYZZ27/sHToxx/5giSvoi4y+6ag5Z4Yz6ORLYADsfnt6jYN9vO8hxs= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2966934d-4bfd-46c0-b079-08d6f577e752 X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jun 2019 12:07:44.8614 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: akhil.goyal@nxp.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR04MB6768 Subject: Re: [dpdk-dev] [PATCH 2/3] ipsec: fix transport mode for ipv6 with extensions X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Marcin, >=20 > Reconstructing IPv6 header after encryption or decryption requires > updating 'next header' value in the preceding protocol header, which > is determined by parsing IPv6 header and iteratively looking for > next IPv6 header extension. >=20 > It is required that 'l3_len' in the mbuf metadata contains a total > length of the IPv6 header with header extensions up to ESP header. >=20 > Signed-off-by: Marcin Smoczynski > --- > lib/Makefile | 3 ++- > lib/librte_ipsec/iph.h | 55 ++++++++++++++++++++++++++++++++++++------ > 2 files changed, 49 insertions(+), 9 deletions(-) >=20 > diff --git a/lib/Makefile b/lib/Makefile > index 791e0d991..3ad579f68 100644 > --- a/lib/Makefile > +++ b/lib/Makefile > @@ -108,7 +108,8 @@ DEPDIRS-librte_gso +=3D librte_mempool > DIRS-$(CONFIG_RTE_LIBRTE_BPF) +=3D librte_bpf > DEPDIRS-librte_bpf :=3D librte_eal librte_mempool librte_mbuf librte_eth= dev > DIRS-$(CONFIG_RTE_LIBRTE_IPSEC) +=3D librte_ipsec > -DEPDIRS-librte_ipsec :=3D librte_eal librte_mbuf librte_cryptodev librte= _security > +DEPDIRS-librte_ipsec :=3D librte_eal librte_mbuf librte_cryptodev librte= _security \ > + librte_net A nit. Please update the comment in lib/meson.build file for the dependencies. Cur= rently it is only for crypto and security. > DIRS-$(CONFIG_RTE_LIBRTE_TELEMETRY) +=3D librte_telemetry > DEPDIRS-librte_telemetry :=3D librte_eal librte_metrics librte_ethdev > DIRS-$(CONFIG_RTE_LIBRTE_RCU) +=3D librte_rcu > diff --git a/lib/librte_ipsec/iph.h b/lib/librte_ipsec/iph.h > index 58930cf18..082e4e73e 100644 > --- a/lib/librte_ipsec/iph.h > +++ b/lib/librte_ipsec/iph.h > @@ -5,6 +5,8 @@ > #ifndef _IPH_H_ > #define _IPH_H_ >=20 > +#include > + > /** > * @file iph.h > * Contains functions/structures/macros to manipulate IPv4/IPv6 headers > @@ -40,24 +42,61 @@ static inline int > update_trs_l3hdr(const struct rte_ipsec_sa *sa, void *p, uint32_t plen, > uint32_t l2len, uint32_t l3len, uint8_t proto) > { > - struct ipv4_hdr *v4h; > - struct ipv6_hdr *v6h; > int32_t rc; >=20 > + /* IPv4 */ > if ((sa->type & RTE_IPSEC_SATP_IPV_MASK) =3D=3D RTE_IPSEC_SATP_IPV4) { > + struct ipv4_hdr *v4h; > + > v4h =3D p; > rc =3D v4h->next_proto_id; > v4h->next_proto_id =3D proto; > v4h->total_length =3D rte_cpu_to_be_16(plen - l2len); > - } else if (l3len =3D=3D sizeof(*v6h)) { > + /* IPv6 */ > + } else { > + struct ipv6_hdr *v6h; > + uint8_t *next_proto_off; > + > v6h =3D p; > - rc =3D v6h->proto; > - v6h->proto =3D proto; > + > + /* basic IPv6 header with no extensions */ > + if (l3len =3D=3D sizeof(struct ipv6_hdr)) > + next_proto_off =3D &v6h->proto; Is this next_proto_off a pointer to an offset or the value of the next_prot= o. So IMO the name should be next_proto or it should be p_nh > + > + /* IPv6 with extensions */ > + else { > + size_t ext_len; > + int nh; > + uint8_t *pd, *plimit; > + > + /* locate last extension within l3len bytes */ > + pd =3D (uint8_t *)p; > + plimit =3D pd + l3len; > + ext_len =3D sizeof(struct ipv6_hdr); > + nh =3D v6h->proto; > + while (pd + ext_len < plimit) { > + pd +=3D ext_len; > + nh =3D rte_ipv6_get_next_ext(pd, nh, &ext_len); > + if (unlikely(nh < 0)) > + return -EINVAL; > + } > + > + /* invalid l3len - extension exceeds header length */ > + if (unlikely(pd + ext_len !=3D plimit)) > + return -EINVAL; > + > + /* save last extension offset */ > + next_proto_off =3D pd; > + } > + > + /* update header type; return original value */ > + rc =3D *next_proto_off; > + *next_proto_off =3D proto; > + > + /* fix packet length */ > v6h->payload_len =3D rte_cpu_to_be_16(plen - l2len - > sizeof(*v6h)); > - /* need to add support for IPv6 with options */ > - } else > - rc =3D -ENOTSUP; > + } >=20 > return rc; > } > -- > 2.21.0.windows.1