X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=examples%2Fipsec-secgw%2Fipsec-secgw.c;h=3911e6a60b385b89a8ecf868d56d0e6d02fe6e57;hb=5908e7e837a62fe62c48094d8c2e947242f8fac3;hp=d47cdd55cb1913a37465f8844b1094379fad0b61;hpb=35b2d13fd6fdcbd191f2a30d74648faeb1186c65;p=dpdk.git diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c index d47cdd55cb..3911e6a60b 100644 --- a/examples/ipsec-secgw/ipsec-secgw.c +++ b/examples/ipsec-secgw/ipsec-secgw.c @@ -41,6 +41,7 @@ #include #include #include +#include #include "ipsec.h" #include "parser.h" @@ -236,7 +237,7 @@ prepare_one_packet(struct rte_mbuf *pkt, struct ipsec_traffic *t) struct rte_ether_hdr *eth; eth = rte_pktmbuf_mtod(pkt, struct rte_ether_hdr *); - if (eth->ether_type == rte_cpu_to_be_16(RTE_ETHER_TYPE_IPv4)) { + if (eth->ether_type == rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4)) { nlp = (uint8_t *)rte_pktmbuf_adj(pkt, RTE_ETHER_HDR_LEN); nlp = RTE_PTR_ADD(nlp, offsetof(struct ip, ip_p)); if (*nlp == IPPROTO_ESP) @@ -247,17 +248,41 @@ prepare_one_packet(struct rte_mbuf *pkt, struct ipsec_traffic *t) } pkt->l2_len = 0; pkt->l3_len = sizeof(struct ip); - } else if (eth->ether_type == rte_cpu_to_be_16(RTE_ETHER_TYPE_IPv6)) { - nlp = (uint8_t *)rte_pktmbuf_adj(pkt, RTE_ETHER_HDR_LEN); - nlp = RTE_PTR_ADD(nlp, offsetof(struct ip6_hdr, ip6_nxt)); - if (*nlp == IPPROTO_ESP) + } else if (eth->ether_type == rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6)) { + int next_proto; + size_t l3len, ext_len; + struct rte_ipv6_hdr *v6h; + uint8_t *p; + + /* get protocol type */ + v6h = (struct rte_ipv6_hdr *)rte_pktmbuf_adj(pkt, + RTE_ETHER_HDR_LEN); + next_proto = v6h->proto; + + /* determine l3 header size up to ESP extension */ + l3len = sizeof(struct ip6_hdr); + p = rte_pktmbuf_mtod(pkt, uint8_t *); + while (next_proto != IPPROTO_ESP && l3len < pkt->data_len && + (next_proto = rte_ipv6_get_next_ext(p + l3len, + next_proto, &ext_len)) >= 0) + l3len += ext_len; + + /* drop packet when IPv6 header exceeds first segment length */ + if (unlikely(l3len > pkt->data_len)) { + rte_pktmbuf_free(pkt); + return; + } + + if (next_proto == IPPROTO_ESP) t->ipsec.pkts[(t->ipsec.num)++] = pkt; else { - t->ip6.data[t->ip6.num] = nlp; + t->ip6.data[t->ip6.num] = rte_pktmbuf_mtod_offset(pkt, + uint8_t *, + offsetof(struct rte_ipv6_hdr, proto)); t->ip6.pkts[(t->ip6.num)++] = pkt; } pkt->l2_len = 0; - pkt->l3_len = sizeof(struct ip6_hdr); + pkt->l3_len = l3len; } else { /* Unknown/Unsupported type, drop the packet */ RTE_LOG(ERR, IPSEC, "Unsupported packet type 0x%x\n", @@ -341,15 +366,15 @@ prepare_tx_pkt(struct rte_mbuf *pkt, uint16_t port, /* calculate IPv4 cksum in SW */ if ((pkt->ol_flags & PKT_TX_IP_CKSUM) == 0) - ip->ip_sum = rte_ipv4_cksum((struct ipv4_hdr *)ip); + ip->ip_sum = rte_ipv4_cksum((struct rte_ipv4_hdr *)ip); - ethhdr->ether_type = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPv4); + ethhdr->ether_type = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4); } else { pkt->ol_flags |= qconf->outbound.ipv6_offloads; pkt->l3_len = sizeof(struct ip6_hdr); pkt->l2_len = RTE_ETHER_HDR_LEN; - ethhdr->ether_type = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPv6); + ethhdr->ether_type = rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6); } memcpy(ðhdr->s_addr, ðaddr_tbl[port].src, @@ -1720,6 +1745,7 @@ cryptodevs_init(void) dev_conf.socket_id = rte_cryptodev_socket_id(cdev_id); dev_conf.nb_queue_pairs = qp; + dev_conf.ff_disable = RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO; uint32_t dev_max_sess = cdev_info.sym.max_nb_sessions; if (dev_max_sess != 0 && dev_max_sess < CDEV_MP_NB_OBJS)