#include <rte_jhash.h>
#include <rte_cryptodev.h>
#include <rte_security.h>
+#include <rte_ip.h>
#include "ipsec.h"
#include "parser.h"
struct rte_ether_hdr *eth;
eth = rte_pktmbuf_mtod(pkt, struct rte_ether_hdr *);
- if (eth->ether_type == rte_cpu_to_be_16(RTE_ETHER_TYPE_IPv4)) {
+ if (eth->ether_type == rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4)) {
nlp = (uint8_t *)rte_pktmbuf_adj(pkt, RTE_ETHER_HDR_LEN);
nlp = RTE_PTR_ADD(nlp, offsetof(struct ip, ip_p));
if (*nlp == IPPROTO_ESP)
}
pkt->l2_len = 0;
pkt->l3_len = sizeof(struct ip);
- } else if (eth->ether_type == rte_cpu_to_be_16(RTE_ETHER_TYPE_IPv6)) {
- nlp = (uint8_t *)rte_pktmbuf_adj(pkt, RTE_ETHER_HDR_LEN);
- nlp = RTE_PTR_ADD(nlp, offsetof(struct ip6_hdr, ip6_nxt));
- if (*nlp == IPPROTO_ESP)
+ } else if (eth->ether_type == rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6)) {
+ int next_proto;
+ size_t l3len, ext_len;
+ struct rte_ipv6_hdr *v6h;
+ uint8_t *p;
+
+ /* get protocol type */
+ v6h = (struct rte_ipv6_hdr *)rte_pktmbuf_adj(pkt,
+ RTE_ETHER_HDR_LEN);
+ next_proto = v6h->proto;
+
+ /* determine l3 header size up to ESP extension */
+ l3len = sizeof(struct ip6_hdr);
+ p = rte_pktmbuf_mtod(pkt, uint8_t *);
+ while (next_proto != IPPROTO_ESP && l3len < pkt->data_len &&
+ (next_proto = rte_ipv6_get_next_ext(p + l3len,
+ next_proto, &ext_len)) >= 0)
+ l3len += ext_len;
+
+ /* drop packet when IPv6 header exceeds first segment length */
+ if (unlikely(l3len > pkt->data_len)) {
+ rte_pktmbuf_free(pkt);
+ return;
+ }
+
+ if (next_proto == IPPROTO_ESP)
t->ipsec.pkts[(t->ipsec.num)++] = pkt;
else {
- t->ip6.data[t->ip6.num] = nlp;
+ t->ip6.data[t->ip6.num] = rte_pktmbuf_mtod_offset(pkt,
+ uint8_t *,
+ offsetof(struct rte_ipv6_hdr, proto));
t->ip6.pkts[(t->ip6.num)++] = pkt;
}
pkt->l2_len = 0;
- pkt->l3_len = sizeof(struct ip6_hdr);
+ pkt->l3_len = l3len;
} else {
/* Unknown/Unsupported type, drop the packet */
RTE_LOG(ERR, IPSEC, "Unsupported packet type 0x%x\n",
/* calculate IPv4 cksum in SW */
if ((pkt->ol_flags & PKT_TX_IP_CKSUM) == 0)
- ip->ip_sum = rte_ipv4_cksum((struct ipv4_hdr *)ip);
+ ip->ip_sum = rte_ipv4_cksum((struct rte_ipv4_hdr *)ip);
- ethhdr->ether_type = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPv4);
+ ethhdr->ether_type = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4);
} else {
pkt->ol_flags |= qconf->outbound.ipv6_offloads;
pkt->l3_len = sizeof(struct ip6_hdr);
pkt->l2_len = RTE_ETHER_HDR_LEN;
- ethhdr->ether_type = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPv6);
+ ethhdr->ether_type = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6);
}
memcpy(ðhdr->s_addr, ðaddr_tbl[port].src,
dev_conf.socket_id = rte_cryptodev_socket_id(cdev_id);
dev_conf.nb_queue_pairs = qp;
+ dev_conf.ff_disable = RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO;
uint32_t dev_max_sess = cdev_info.sym.max_nb_sessions;
if (dev_max_sess != 0 && dev_max_sess < CDEV_MP_NB_OBJS)