X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=examples%2Fipsec-secgw%2Fipip.h;h=13b8455c3ec6091923e0d3fa50e5646fc1bd3331;hb=e92058d604e6fd8d4fee4a3ad2b2a5a7e79ef258;hp=322076cefc22414d4e25222875395b5ce8ec6751;hpb=d299106e8e31a622b3a1c1653f7795fa8a55860e;p=dpdk.git diff --git a/examples/ipsec-secgw/ipip.h b/examples/ipsec-secgw/ipip.h index 322076cefc..13b8455c3e 100644 --- a/examples/ipsec-secgw/ipip.h +++ b/examples/ipsec-secgw/ipip.h @@ -1,34 +1,5 @@ -/*- - * BSD LICENSE - * - * Copyright(c) 2016 Intel Corporation. All rights reserved. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * * Neither the name of Intel Corporation nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2016 Intel Corporation */ #ifndef __IPIP_H__ @@ -37,67 +8,167 @@ #include #include #include +#include #include -#define IPV6_VERSION (6) - -static inline struct ip * -ip4ip_outbound(struct rte_mbuf *m, uint32_t offset, uint32_t src, uint32_t dst) +static inline void * +ipip_outbound(struct rte_mbuf *m, uint32_t offset, uint32_t is_ipv6, + struct ip_addr *src, struct ip_addr *dst) { - struct ip *inip, *outip; + struct ip *inip4, *outip4; + struct ip6_hdr *inip6, *outip6; + uint8_t ds_ecn; - inip = rte_pktmbuf_mtod(m, struct ip*); + inip4 = rte_pktmbuf_mtod(m, struct ip *); - IPSEC_ASSERT(inip->ip_v == IPVERSION || inip->ip_v == IPV6_VERSION); + RTE_ASSERT(inip4->ip_v == IPVERSION || inip4->ip_v == IP6_VERSION); - offset += sizeof(struct ip); + if (inip4->ip_v == IPVERSION) { + /* XXX This should be done by the forwarding engine instead */ + inip4->ip_ttl -= 1; + if (inip4->ip_sum >= rte_cpu_to_be_16(0xffff - 0x100)) + inip4->ip_sum += rte_cpu_to_be_16(0x100) + 1; + else + inip4->ip_sum += rte_cpu_to_be_16(0x100); + ds_ecn = inip4->ip_tos; + } else { + inip6 = (struct ip6_hdr *)inip4; + /* XXX This should be done by the forwarding engine instead */ + inip6->ip6_hops -= 1; + ds_ecn = ntohl(inip6->ip6_flow) >> 20; + } + + if (is_ipv6) { + offset += sizeof(struct ip6_hdr); + outip6 = (struct ip6_hdr *)rte_pktmbuf_prepend(m, offset); + + RTE_ASSERT(outip6 != NULL); + + /* Per RFC4301 5.1.2.1 */ + outip6->ip6_flow = htonl(IP6_VERSION << 28 | ds_ecn << 20); + outip6->ip6_plen = htons(rte_pktmbuf_data_len(m) - + sizeof(struct ip6_hdr)); + + outip6->ip6_nxt = IPPROTO_ESP; + outip6->ip6_hops = IPDEFTTL; - outip = (struct ip *)rte_pktmbuf_prepend(m, offset); + memcpy(&outip6->ip6_src.s6_addr, src, 16); + memcpy(&outip6->ip6_dst.s6_addr, dst, 16); - IPSEC_ASSERT(outip != NULL); + return outip6; + } + + offset += sizeof(struct ip); + outip4 = (struct ip *)rte_pktmbuf_prepend(m, offset); + + RTE_ASSERT(outip4 != NULL); /* Per RFC4301 5.1.2.1 */ - outip->ip_v = IPVERSION; - outip->ip_hl = 5; - outip->ip_tos = inip->ip_tos; - outip->ip_len = htons(rte_pktmbuf_data_len(m)); + outip4->ip_v = IPVERSION; + outip4->ip_hl = 5; + outip4->ip_tos = ds_ecn; + outip4->ip_len = htons(rte_pktmbuf_data_len(m)); - outip->ip_id = 0; - outip->ip_off = 0; + outip4->ip_id = 0; + outip4->ip_off = 0; - outip->ip_ttl = IPDEFTTL; - outip->ip_p = IPPROTO_ESP; + outip4->ip_ttl = IPDEFTTL; + outip4->ip_p = IPPROTO_ESP; - outip->ip_src.s_addr = src; - outip->ip_dst.s_addr = dst; + outip4->ip_src.s_addr = src->ip.ip4; + outip4->ip_dst.s_addr = dst->ip.ip4; + m->packet_type &= ~RTE_PTYPE_L4_MASK; + return outip4; +} - return outip; +static inline struct ip * +ip4ip_outbound(struct rte_mbuf *m, uint32_t offset, + struct ip_addr *src, struct ip_addr *dst) +{ + return ipip_outbound(m, offset, 0, src, dst); } -static inline int -ip4ip_inbound(struct rte_mbuf *m, uint32_t offset) +static inline struct ip6_hdr * +ip6ip_outbound(struct rte_mbuf *m, uint32_t offset, + struct ip_addr *src, struct ip_addr *dst) { - struct ip *inip; - struct ip *outip; + return ipip_outbound(m, offset, 1, src, dst); +} - outip = rte_pktmbuf_mtod(m, struct ip*); +static inline void +ip4_ecn_setup(struct ip *ip4) +{ + if (ip4->ip_tos & IPTOS_ECN_MASK) { + unsigned long sum; + uint8_t old; + + old = ip4->ip_tos; + ip4->ip_tos |= IPTOS_ECN_CE; + sum = old + (~(*(uint8_t *)&ip4->ip_tos) & 0xff); + sum += rte_be_to_cpu_16(ip4->ip_sum); + sum = (sum & 0xffff) + (sum >> 16); + ip4->ip_sum = rte_cpu_to_be_16(sum + (sum >> 16)); + } +} - IPSEC_ASSERT(outip->ip_v == IPVERSION); +static inline void +ip6_ecn_setup(struct ip6_hdr *ip6) +{ + if ((ntohl(ip6->ip6_flow) >> 20) & IPTOS_ECN_MASK) + ip6->ip6_flow = htonl(ntohl(ip6->ip6_flow) | + (IPTOS_ECN_CE << 20)); +} - offset += sizeof(struct ip); - inip = (struct ip *)rte_pktmbuf_adj(m, offset); - IPSEC_ASSERT(inip->ip_v == IPVERSION || inip->ip_v == IPV6_VERSION); +static inline void +ipip_inbound(struct rte_mbuf *m, uint32_t offset) +{ + struct ip *inip4, *outip4; + struct ip6_hdr *inip6, *outip6; + uint32_t ip_len, set_ecn; + + outip4 = rte_pktmbuf_mtod(m, struct ip*); + + RTE_ASSERT(outip4->ip_v == IPVERSION || outip4->ip_v == IP6_VERSION); + + if (outip4->ip_v == IPVERSION) { + ip_len = sizeof(struct ip); + set_ecn = ((outip4->ip_tos & IPTOS_ECN_CE) == IPTOS_ECN_CE); + } else { + outip6 = (struct ip6_hdr *)outip4; + ip_len = sizeof(struct ip6_hdr); + set_ecn = ntohl(outip6->ip6_flow) >> 20; + set_ecn = ((set_ecn & IPTOS_ECN_CE) == IPTOS_ECN_CE); + } + + inip4 = (struct ip *)rte_pktmbuf_adj(m, offset + ip_len); + RTE_ASSERT(inip4->ip_v == IPVERSION || inip4->ip_v == IP6_VERSION); /* Check packet is still bigger than IP header (inner) */ - IPSEC_ASSERT(rte_pktmbuf_pkt_len(m) > sizeof(struct ip)); + RTE_ASSERT(rte_pktmbuf_pkt_len(m) > ip_len); /* RFC4301 5.1.2.1 Note 6 */ - if ((inip->ip_tos & htons(IPTOS_ECN_ECT0 | IPTOS_ECN_ECT1)) && - ((outip->ip_tos & htons(IPTOS_ECN_CE)) == IPTOS_ECN_CE)) - inip->ip_tos |= htons(IPTOS_ECN_CE); - - return 0; + if (inip4->ip_v == IPVERSION) { + if (set_ecn) + ip4_ecn_setup(inip4); + /* XXX This should be done by the forwarding engine instead */ + inip4->ip_ttl -= 1; + if (inip4->ip_sum >= rte_cpu_to_be_16(0xffff - 0x100)) + inip4->ip_sum += rte_cpu_to_be_16(0x100) + 1; + else + inip4->ip_sum += rte_cpu_to_be_16(0x100); + m->packet_type &= ~RTE_PTYPE_L4_MASK; + if (inip4->ip_p == IPPROTO_UDP) + m->packet_type |= RTE_PTYPE_L4_UDP; + else if (inip4->ip_p == IPPROTO_TCP) + m->packet_type |= RTE_PTYPE_L4_TCP; + } else { + inip6 = (struct ip6_hdr *)inip4; + if (set_ecn) + ip6_ecn_setup(inip6); + /* XXX This should be done by the forwarding engine instead */ + inip6->ip6_hops -= 1; + } } #endif /* __IPIP_H__ */