Message ID | 20160926163300.22990-1-akhil.goyal@nxp.com (mailing list archive) |
---|---|
State | Rejected, archived |
Delegated to: | Pablo de Lara Guarch |
Headers |
Return-Path: <dev-bounces@dpdk.org> X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [IPv6:::1]) by dpdk.org (Postfix) with ESMTP id A2C6137B1; Mon, 26 Sep 2016 13:05:07 +0200 (CEST) Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0058.outbound.protection.outlook.com [104.47.34.58]) by dpdk.org (Postfix) with ESMTP id E6B313238 for <dev@dpdk.org>; Mon, 26 Sep 2016 13:05:04 +0200 (CEST) Received: from BY2PR03CA040.namprd03.prod.outlook.com (10.141.249.13) by BN1PR0301MB0708.namprd03.prod.outlook.com (10.160.78.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.639.5; Mon, 26 Sep 2016 11:05:03 +0000 Received: from BN1BFFO11FD048.protection.gbl (2a01:111:f400:7c10::1:132) by BY2PR03CA040.outlook.office365.com (2a01:111:e400:2c5d::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.639.5 via Frontend Transport; Mon, 26 Sep 2016 11:05:03 +0000 Authentication-Results: spf=fail (sender IP is 192.88.168.50) smtp.mailfrom=nxp.com; nxp.com; dkim=none (message not signed) header.d=none; nxp.com; dmarc=fail action=none header.from=nxp.com; nxp.com; dkim=none (message not signed) header.d=none; Received-SPF: Fail (protection.outlook.com: domain of nxp.com does not designate 192.88.168.50 as permitted sender) receiver=protection.outlook.com; client-ip=192.88.168.50; helo=tx30smr01.am.freescale.net; Received: from tx30smr01.am.freescale.net (192.88.168.50) by BN1BFFO11FD048.mail.protection.outlook.com (10.58.145.3) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.629.5 via Frontend Transport; Mon, 26 Sep 2016 11:05:01 +0000 Received: from netperf2.ap.freescale.net ([10.232.133.164]) by tx30smr01.am.freescale.net (8.14.3/8.14.0) with ESMTP id u8QB4waG005049; Mon, 26 Sep 2016 04:04:59 -0700 From: <akhil.goyal@nxp.com> To: <dev@dpdk.org> CC: Akhil Goyal <akhil.goyal@nxp.com> Date: Mon, 26 Sep 2016 22:02:58 +0530 Message-ID: <20160926163300.22990-1-akhil.goyal@nxp.com> X-Mailer: git-send-email 2.9.3 X-EOPAttributedMessage: 0 X-Matching-Connectors: 131193615023433220; (91ab9b29-cfa4-454e-5278-08d120cd25b8); () X-Forefront-Antispam-Report: CIP:192.88.168.50; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(6009001)(7916002)(2980300002)(1109001)(1110001)(339900001)(199003)(189002)(8936002)(77096005)(19580395003)(19580405001)(36756003)(110136003)(50466002)(47776003)(626004)(48376002)(105606002)(86362001)(2351001)(229853001)(106466001)(15650500001)(50986999)(6916009)(86152002)(81166006)(50226002)(305945005)(68736007)(7846002)(2876002)(104016004)(11100500001)(1076002)(356003)(189998001)(8666005)(2906002)(81156014)(586003)(8676002)(97736004)(87936001)(85426001)(4326007)(5660300001)(5003940100001)(33646002)(92566002)(7059030)(21314002); DIR:OUT; SFP:1101; SCL:1; SRVR:BN1PR0301MB0708; H:tx30smr01.am.freescale.net; FPR:; SPF:Fail; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; BN1BFFO11FD048; 1:W1Bfm6ie0OUY/QIdGBVjtiAuuDVimkznakAvzakt+ggNCxnEieyVzOL65H2mpMVmqtMqCk6mx8xaGiRtPjNPVoRkcL0fc+ProrcWGgv/hJzcL16f5s7B8ZhSgXH7L2JqzdGirUZCRqcbbM1/TV+iNrd2Xnae+M2bxTzgOojG0GfFG9fxNXVfkTrt8Zmtt4WoT46zgz6whOcHfRUavpy6wpHr2yIsKT6OA4TzSkOUriHShPCaakveaea8BWmIx8hluvU+Cczk+Y+eh5fmv6nVJCKQ5sbAAWJPYF15FHo9WzbzkzM3hSr4Mvcw3kj0HgtsMeIKcDUQ+rCFrVnCgDpse8ugZCIBmHYA0wORLtDDfOA5HCN+bAcWek+rEm8YbowWpeBmhr7kBniQswzwi7dWSGXuhPwEaz/EIYQ5zMtU90Wn7S91rR2jXcw1NGsZ4Z/uSZveMp1A4mi0DchQy+Twt0YB/ko/+81Vf5uGgHhxDOGJ/dXCpf8HNYcOd3KT8bpNj3Sbl+tdXM8v6mrHv6/qS8G0tGEbTM8FhOFpQM3hqkODXvI5SlnuGghb3wYTcnjgj3i5JgnzgmEI5gXuqX9oMvWEUUD11wLAxXa2jntsCN47No9CUwz4uvgIyXx9ZnRDAimbR2HorMNLZvqkWJxBiIkQbo8HTOciunVozsZxwr23401EPZNvZV/d3RGFmDzmO+IHAGMox7E8WbtzDkcZzdIQHHkjQUvvK3h+51ZqTrc= MIME-Version: 1.0 Content-Type: text/plain X-MS-Office365-Filtering-Correlation-Id: 97fdfc3d-bf88-48ce-6604-08d3e5fcf6bc X-Microsoft-Exchange-Diagnostics: 1; BN1PR0301MB0708; 2:wK/TX8eo1cESMx7cP16rhsXmQgeZxg2jg0i9Aqdp6iZfLPjomkNhrSbKdD4GksGsiToE5v4tlenT5ZpU44wfc1W50sJeobyBamSKsoYjEGawcV1p4ioPseC9mN4w261qM09dCjwsbbF/48RJsyo1YWfnfYQgpzDuQ8vZoEPagLGtXq/dyRIq6L3NnZ3PSrzg; 3:mYm3B6xEF6i9yIAEvwf0cQD9OVDYjdML55SPnHwoVtl6oZOhb+tuu1jWwHWypyR+3JNQ1cR5Ax4VUjaOEPu3Ch+pgDO77cua2WGOjbCPezhe+fFSbCkMcsfpcpfyKM4mbhflIutRqchypqGxnkhZYXjeFlVoInSbs5HW4exlPkvt9PfId4MkFvJJDdGQnp1ytNqEn0ZBGL0xjgQw2lBeOfJLdPMeLG64i5Xcs3/86RY=; 25:YnjMjLBSQbZeXhOD4gc8DyP5TjF0azVEP+1lKKtGST3B1A8YCwmoPSxWCc4lGVsSeu4AwCmRyVCuFl8Yc7hULGLyvPpcOEMovToRH+hCCKeJ0RETHcFy0aAyzkaDGS7C0nYoMCB+h8R4EnhfJ/xpo2gMVBg03RSJV9OyZOr2TUJStyPEKJBxM8YQeBUV/RA6SeqgVdZ3fqi/XMW8ghfFv5eck3/j32OF3JyEbZj8N1rQvdbBAb4xW32HnQCJRkhFZjKtGQelkSvNO29saBlj4erF3Ly9l6crq4xiED6/hqErvehUbq5CQg5z+pRNR/hoDmHxKsVoQUPOtZARJEkBXpC6z4pdkqIEH4Le6GlW/OJLjH2rCUMmQ4TWbZqH+2YzTAH1DdFzhzTq8zHStlNDWctFrl67ap+dhiOOGktuJLs= X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN1PR0301MB0708; X-Microsoft-Exchange-Diagnostics: 1; BN1PR0301MB0708; 31:fWkxm2l/u6YPO5sPNdqUhYxdam3hWx8ffioytXx/y9jsrY8gK+vAdIB33YXhSDQZUVKLy83Pxtp4ir18ggrmffLs75iaZghRVj05/pbf2c+Z+o1lYFv7lNfo9c1zIDqb+yiujVv4jr4r1mLekVrYfDmPMn6Essa/rkd7rLeBbkbiu9z/fn2VK5wHdTzySoYoRf6Yko35Sfysas0+U1j+HNlxBFusSjW+uk2zm1VVHUw=; 4:pHfArilo9h/qhR11CSLs5CVkrbP2LQWlqE1AFmYe9CTCJXqCNPPdFliyHYHDu86qf5iLYwS/SeRFNTxVBIiR8hPdgZKVYJ4SLqmOEReObDyE1s1HzsgA8ZT/69AqWhH28luJLYhy10GqBgyTTkR5z7sQLrnTlYyMNYnBrL9/o7/le7GVf75/USqYLFMPDvQ+KfHFRGKyR2zlda1OTN1sN41s7AeN2MyeMDQ+brbGyP38dLIwogM5TYob7nUQzuXRuvGH0T2eAgZmXmBISGzBAHPsxPVx0Qmqip9IWMr1TEVuh34zWURxwHW1M7hV7VUTIsPrrVMw3HAgsjS+XVeXcdKb5oK1HMdmtbQxVh/ApcPAaQxuoHfIeWvMtp5BKnalBpF6YBIWvsqlP1sGO5e+37W24L0R2t/Z7MHCBSNzTot5zCocNy38uI/ZxN1zdy/HAe9mFZBBc0NN05yXMCNQGr12+CVj9pyab8UO8XGUnhVA5gWLG3RNmZHGPRSYf5Ln+LS0TFP2dvsn9nT5xt1oi7DGJM4aoA7qjnwX7B4DLrHL+kU75fgB7rXJWnlvI/qXxGMSPEtNBXPPv2TCyqNNsw== X-Microsoft-Antispam-PRVS: <BN1PR0301MB0708E271CA56D5A53AC95926E6CD0@BN1PR0301MB0708.namprd03.prod.outlook.com> X-Exchange-Antispam-Report-Test: UriScan:(278428928389397)(185117386973197); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(13023025)(13018025)(13024025)(13017025)(13015025)(5005006)(8121501046)(10201501046)(3002001)(6055026); SRVR:BN1PR0301MB0708; BCL:0; PCL:0; RULEID:(400006); SRVR:BN1PR0301MB0708; X-Forefront-PRVS: 00770C4423 X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BN1PR0301MB0708; 23:MOMHv0BH+7hWhPT1T5tmU/cKBIoLLmOnp3+Udax?= =?us-ascii?Q?JX2YjNxAjCY2DXYOcgmQ23c9DeHeuBbcm3B7Aq0gENDzXt0eDDOAtrLlIIY3?= =?us-ascii?Q?o2KnYzosiqRKwANKjWJoLdHKPoqGo0AiCJlYeFIPm0Q3CphU/fmfWUhPGNCz?= =?us-ascii?Q?nnrN4wj5Ll4v5gKV7rSkXdqVYJedftVwSBgFTfo2Jaqk2IPDXPxIUkDPn1Q6?= =?us-ascii?Q?sUNTc/M0Pj0BcJtNrsbYljbXYbbWxM2u9f6tekyWU68i3uluXjHMsDVVu2Ge?= =?us-ascii?Q?8sAapXXE0gV5g4IKVHVrV4uEGmAgbRayQYtDKHTjTBMpLyQ1/ByM8tbxEkVZ?= =?us-ascii?Q?gkgyFPKm5Pq3RUhNWeog+I7CFfFJqtV3/HHZArzeBAHRHUm6+hoFCZCCHs00?= =?us-ascii?Q?QaTEs5pni+bGJf5WcPuOP8xW8SDrRfVPhz7i6K09doO2JjJ9ylKyMg9gxs9g?= =?us-ascii?Q?6/WlZ8Wg57xJcK2KSPBk4Aj1CfSEGeVYIWsNdyj7GH3GbDuz58EO29Bn/MpA?= =?us-ascii?Q?82gYQIDKuXaeU6EX+9qr8SAW5tO9N2Ni/zxWEVjGsuodU5TGjMlnv6MPM+Ge?= =?us-ascii?Q?dVaVvA8dsWXeHdk9RkrIBqUASDnYijUQIS+dteHwta5O1KOa2TQNRhr9ep3s?= =?us-ascii?Q?RPtGHMOqNwrwIN4vYelzTQ8SBqLTDM8aPBucFQtFftPo9rfYI/TW8Fh0e02Y?= =?us-ascii?Q?UMPCemPrYpFxkWBzzU/Xnb9grbTLtXzwXx7XRzPb/zwH0hy5AOS/Cz5Lncaa?= =?us-ascii?Q?yxCWidQHW8McMhKgEiSaAYWqX4t/4MAiIkzBO4Kusw/JGyoSlU6scJXo+4Hs?= =?us-ascii?Q?Ljg9Q9v91OYlVBglOyE2auEKtY1UAQvPkWfCMoW5yovSwdZe3gjOcUqg4J8R?= =?us-ascii?Q?EJ4dHu+bBVJ6QWYS0iFw+olLGa2mVlAIN/N7If85ArUoT2MKhPTH9HTJHFVa?= =?us-ascii?Q?GFiUj3N/Nc7BIbrg9M/lR/9G1/TOTtamfnv0yu5d/Jv77rV2URfL4slBfANJ?= =?us-ascii?Q?mqX2IbMBh2RD/xUJfMGqIhWcvOzRswjJdpVB5LgRitXz0kj0yKKrkY7ntlKC?= =?us-ascii?Q?cTJZlp/kVL2iZF24/WA7k+XI155y2DWZpdlGLXW22o8OW4wuKBVm1/j3FVt5?= =?us-ascii?Q?6wbxOZxmQCjuHp8XNw7ASEIdY7Co8ugs9UeOjYNig4w6hmmpm9mhcuM6LjTM?= =?us-ascii?Q?SVdkOj4hEiEUZZ5OI85vw+R/0FlUkR2cpUnovy9Xtd1W5dQajD9OxFW89bUN?= =?us-ascii?Q?e9GGQWKzxQrVPZ/zbV5Y=3D?= X-Microsoft-Exchange-Diagnostics: 1; BN1PR0301MB0708; 6:aw1pS/BI7ACLT4UsWLsPx274m1l8jtMilHNshBrMfP16NXTfPxzjEoHOaMNKvgqvdipBotPyY3KeWmyjNHoeDvq1wZ1jGhDK8eZOWjfInnf34z+uuPYd6MuZC98jsrPHTNxtbxgOZT+84mghSLWydZU00xBYEmVvuT1S9oNvw+rwwSJWdF6C7tmYiITqPZO6P94RvTgWhNSlSRxrMlfBMqm3VYv8TqQ3t/V5ffLS5ES5FathwSjC6Pyv9fB5o2z3mNr0yFESCostuBOLlcAx48yAVMRw83KUNOV2JqfU6J0=; 5:9snrYqvX0WWBCibnT0V/NEpNiEW9gts/9bF/vp7j2Yv32vLBxDl3vlY6ZV1hP5qoaawfd9/AyU5TFHPpqpNTrdyhLe2qNHeGZjTgGd384yMztG+kJXezikLeoi6IC31IyCFpfoa+bVI/OpVesq5pHCodmimSD2U0y3rDbivWKvc=; 24:7vSZDMdjejAVS6lcydTcRZhWD4lOn+Xv8FVdBr49Us9AtsMjmDsx/UIbICIfLSyQ2BFfMZBBWSuocnMFXDVfwL4PXxG3dW79AXGQjmPeqyg=; 7:SKaKFBJlI4uvXbb6LsmZFkONGXxPT7wDT3wZQ/5xhhatuh25fjKjvok1glERL/Ms031JB4LRjdTfL/IBoa01NdSixfKUEeIQ3SVIOdWkSr9Yf720ubedgzHuMIfJz2+VOYzp/v5v8ottvw1b3qItnbcutPSzUysr48vO9nPID5UFFp+02rRciWB4dheI4J7vahE39yuU3zMjhq67tExGV59nQRFXDPr1Z2ow897m/hva+kQpj7LMURBicJ895dPDlEVguXKuN+YdrsmXZpsNs9o5hGzhnrXcyGeeuOW4OLvH62EpQUR4whvIpUjme7ME SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Sep 2016 11:05:01.5009 (UTC) X-MS-Exchange-CrossTenant-Id: 5afe0b00-7697-4969-b663-5eab37d5f47e X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5afe0b00-7697-4969-b663-5eab37d5f47e; Ip=[192.88.168.50]; Helo=[tx30smr01.am.freescale.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1PR0301MB0708 Subject: [dpdk-dev] [PATCH] examples/ipsec-secgw: Update checksum while decrementing ttl X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK <dev.dpdk.org> List-Unsubscribe: <http://dpdk.org/ml/options/dev>, <mailto:dev-request@dpdk.org?subject=unsubscribe> List-Archive: <http://dpdk.org/ml/archives/dev/> List-Post: <mailto:dev@dpdk.org> List-Help: <mailto:dev-request@dpdk.org?subject=help> List-Subscribe: <http://dpdk.org/ml/listinfo/dev>, <mailto:dev-request@dpdk.org?subject=subscribe> Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org> |
Commit Message
Akhil Goyal
Sept. 26, 2016, 4:32 p.m. UTC
From: Akhil Goyal <akhil.goyal@nxp.com> In IPsec-secgw application when TTL is decremented in IP header before forwarding the packet, checksum needs to be updated. In this patch an incremental checksum is added. Other applications(like l3fwd) are also doing so. Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> --- examples/ipsec-secgw/ipip.h | 1 + 1 file changed, 1 insertion(+)
Comments
Hi Akhil, This application relies on checksum offload in both outbound and inbound paths (PKT_TX_IP_CKSUM flag). Because we assume that we always forward the packet in both paths, we decrement the ttl in both inbound and outbound. You seem to only increment (recalculate) the checksum of the inner IP header in the outbound path but not the inbound path. Also, in the inbound path you have to consider a possible ECN value update. Sergio On 26/09/2016 17:32, akhil.goyal@nxp.com wrote: > From: Akhil Goyal <akhil.goyal@nxp.com> > > In IPsec-secgw application when TTL is decremented in IP header > before forwarding the packet, checksum needs to be updated. > > In this patch an incremental checksum is added. > Other applications(like l3fwd) are also doing so. > > Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> > --- > examples/ipsec-secgw/ipip.h | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/examples/ipsec-secgw/ipip.h b/examples/ipsec-secgw/ipip.h > index ff1dccd..ef059a9 100644 > --- a/examples/ipsec-secgw/ipip.h > +++ b/examples/ipsec-secgw/ipip.h > @@ -56,6 +56,7 @@ ipip_outbound(struct rte_mbuf *m, uint32_t offset, uint32_t is_ipv6, > if (inip4->ip_v == IPVERSION) { > /* XXX This should be done by the forwarding engine instead */ > inip4->ip_ttl -= 1; > + inip4->ip_sum += 1; > ds_ecn = inip4->ip_tos; > } else { > inip6 = (struct ip6_hdr *)inip4;
> -----Original Message----- > From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Sergio Gonzalez > Monroy > Sent: Monday, September 26, 2016 6:28 AM > To: akhil.goyal@nxp.com; dev@dpdk.org > Subject: Re: [dpdk-dev] [PATCH] examples/ipsec-secgw: Update checksum > while decrementing ttl > > Hi Akhil, > > This application relies on checksum offload in both outbound and inbound > paths (PKT_TX_IP_CKSUM flag). > > Because we assume that we always forward the packet in both paths, we > decrement the ttl in both inbound and outbound. > You seem to only increment (recalculate) the checksum of the inner IP > header in the outbound path but not the inbound path. > > Also, in the inbound path you have to consider a possible ECN value update. Any further comments here, Akhil? Thanks, Pablo > > Sergio > > > On 26/09/2016 17:32, akhil.goyal@nxp.com wrote: > > From: Akhil Goyal <akhil.goyal@nxp.com> > > > > In IPsec-secgw application when TTL is decremented in IP header > > before forwarding the packet, checksum needs to be updated. > > > > In this patch an incremental checksum is added. > > Other applications(like l3fwd) are also doing so. > > > > Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> > > --- > > examples/ipsec-secgw/ipip.h | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/examples/ipsec-secgw/ipip.h b/examples/ipsec-secgw/ipip.h > > index ff1dccd..ef059a9 100644 > > --- a/examples/ipsec-secgw/ipip.h > > +++ b/examples/ipsec-secgw/ipip.h > > @@ -56,6 +56,7 @@ ipip_outbound(struct rte_mbuf *m, uint32_t offset, > uint32_t is_ipv6, > > if (inip4->ip_v == IPVERSION) { > > /* XXX This should be done by the forwarding engine instead > */ > > inip4->ip_ttl -= 1; > > + inip4->ip_sum += 1; > > ds_ecn = inip4->ip_tos; > > } else { > > inip6 = (struct ip6_hdr *)inip4; > >
On 10/5/2016 6:04 AM, De Lara Guarch, Pablo wrote: > > >> -----Original Message----- >> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Sergio Gonzalez >> Monroy >> Sent: Monday, September 26, 2016 6:28 AM >> To: akhil.goyal@nxp.com; dev@dpdk.org >> Subject: Re: [dpdk-dev] [PATCH] examples/ipsec-secgw: Update checksum >> while decrementing ttl >> >> Hi Akhil, >> >> This application relies on checksum offload in both outbound and inbound >> paths (PKT_TX_IP_CKSUM flag). [Akhil]Agreed that the application relies on checksum offload, but here we are talking about the inner ip header. Inner IP checksum will be updated on the next end point after decryption. This would expect that the next end point must have checksum offload capability. What if we are capturing the encrypted packets on wireshark or say send it to some other machine which does not run DPDK and do not know about checksum offload, then wireshark/other machine will not be able to get the correct the checksum and will show error. >> >> Because we assume that we always forward the packet in both paths, we >> decrement the ttl in both inbound and outbound. >> You seem to only increment (recalculate) the checksum of the inner IP >> header in the outbound path but not the inbound path. [Akhil]Correct I missed out the inbound path. >> >> Also, in the inbound path you have to consider a possible ECN value update. [Akhil]If I take care of the ECN then it would mean I need to calculate the checksum completely, incremental checksum wont give correct results. This would surely impact performance. Any suggestion on how should we take care of ECN update. Should I recalculate the checksum and send the patch for ECN update? Or do we have a better solution. > > Any further comments here, Akhil? > > Thanks, > Pablo > [Akhil] Sorry I missed out the previous reply from Sergio. Thanks, Akhil >> >> Sergio >> >> >> On 26/09/2016 17:32, akhil.goyal@nxp.com wrote: >>> From: Akhil Goyal <akhil.goyal@nxp.com> >>> >>> In IPsec-secgw application when TTL is decremented in IP header >>> before forwarding the packet, checksum needs to be updated. >>> >>> In this patch an incremental checksum is added. >>> Other applications(like l3fwd) are also doing so. >>> >>> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> >>> --- >>> examples/ipsec-secgw/ipip.h | 1 + >>> 1 file changed, 1 insertion(+) >>> >>> diff --git a/examples/ipsec-secgw/ipip.h b/examples/ipsec-secgw/ipip.h >>> index ff1dccd..ef059a9 100644 >>> --- a/examples/ipsec-secgw/ipip.h >>> +++ b/examples/ipsec-secgw/ipip.h >>> @@ -56,6 +56,7 @@ ipip_outbound(struct rte_mbuf *m, uint32_t offset, >> uint32_t is_ipv6, >>> if (inip4->ip_v == IPVERSION) { >>> /* XXX This should be done by the forwarding engine instead >> */ >>> inip4->ip_ttl -= 1; >>> + inip4->ip_sum += 1; >>> ds_ecn = inip4->ip_tos; >>> } else { >>> inip6 = (struct ip6_hdr *)inip4; >> >> > >
ts_params->conf.nb_queue_pairs should not be hard coded with device specific number. It should be retrieved from the device info. Any test which changes it should restore it to orig value. Also related cleanup of test code setting number and size of queue-pairs on a device, e.g. * Removed irrelevant “for” loop – was hardcoded to only loop once. * Removed obsolete comment re inability to free and re-allocate queu memory and obsolete workaround for it which used to create maximum size queues. And added freeing of ring memory on queue-pair release in aesni_mb PMD, else releasing and setting up queue-pair of a different size fails. v3: separate out into 4 patches v2: Fix for broken QAT PMD unit tests exposed by v1 i.e. In test_device_configure_invalid_queue_pair_ids() after running tests for invalid values restore original nb_queue_pairs. Also cleanup of test code setting number and size of queue-pairs on a device Also fix for aesni_mb PMD not freeing ring memory on qp release Fiona Trahe (4): crypto/aesni_mb: free ring memory on qp release in PMD app/test: remove pointless for loop app/test: cleanup unnecessary ring size setup app/test: remove hard-coding of crypto num qps Akhil Goyal (1): app/test: remove hard-coding of crypto num qps app/test/test_cryptodev.c | 53 ++++++++++---------------- app/test/test_cryptodev_perf.c | 19 +-------- drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 10 ++++- 3 files changed, 31 insertions(+), 51 deletions(-)
> -----Original Message----- > From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Fiona Trahe > Sent: Thursday, October 06, 2016 10:34 AM > To: dev@dpdk.org > Cc: De Lara Guarch, Pablo; Trahe, Fiona; akhil.goyal@nxp.com > Subject: [dpdk-dev] [PATCH v3 0/4] remove hard-coding of crypto num qps > and cleanup > > > ts_params->conf.nb_queue_pairs should not be hard coded with device > specific number. It should be retrieved from the device info. > Any test which changes it should restore it to orig value. > > Also related cleanup of test code setting number and size of > queue-pairs on a device, e.g. > * Removed irrelevant “for” loop – was hardcoded to only loop once. > * Removed obsolete comment re inability to free and re-allocate queu > memory > and obsolete workaround for it which used to create maximum size queues. > > And added freeing of ring memory on queue-pair release in aesni_mb PMD, > else releasing and setting up queue-pair of a different size fails. > > v3: > separate out into 4 patches > > v2: > Fix for broken QAT PMD unit tests exposed by v1 > i.e. In test_device_configure_invalid_queue_pair_ids() after running tests > for invalid values restore original nb_queue_pairs. > Also cleanup of test code setting number and size of queue-pairs on a device > Also fix for aesni_mb PMD not freeing ring memory on qp release > > > Fiona Trahe (4): > crypto/aesni_mb: free ring memory on qp release in PMD > app/test: remove pointless for loop > app/test: cleanup unnecessary ring size setup > app/test: remove hard-coding of crypto num qps > Akhil Goyal (1): > app/test: remove hard-coding of crypto num qps > > app/test/test_cryptodev.c | 53 ++++++++++---------------- > app/test/test_cryptodev_perf.c | 19 +-------- > drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 10 ++++- > 3 files changed, 31 insertions(+), 51 deletions(-) > > -- > 2.5.0 Series-acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> -----Original Message----- > From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of De Lara Guarch, > Pablo > Sent: Thursday, October 06, 2016 5:30 PM > To: Trahe, Fiona; dev@dpdk.org > Cc: Trahe, Fiona; akhil.goyal@nxp.com > Subject: Re: [dpdk-dev] [PATCH v3 0/4] remove hard-coding of crypto num > qps and cleanup > > > > > -----Original Message----- > > From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Fiona Trahe > > Sent: Thursday, October 06, 2016 10:34 AM > > To: dev@dpdk.org > > Cc: De Lara Guarch, Pablo; Trahe, Fiona; akhil.goyal@nxp.com > > Subject: [dpdk-dev] [PATCH v3 0/4] remove hard-coding of crypto num qps > > and cleanup > > > > > > ts_params->conf.nb_queue_pairs should not be hard coded with device > > specific number. It should be retrieved from the device info. > > Any test which changes it should restore it to orig value. > > > > Also related cleanup of test code setting number and size of > > queue-pairs on a device, e.g. > > * Removed irrelevant “for” loop – was hardcoded to only loop once. > > * Removed obsolete comment re inability to free and re-allocate queu > > memory > > and obsolete workaround for it which used to create maximum size > queues. > > > > And added freeing of ring memory on queue-pair release in aesni_mb PMD, > > else releasing and setting up queue-pair of a different size fails. > > > > v3: > > separate out into 4 patches > > > > v2: > > Fix for broken QAT PMD unit tests exposed by v1 > > i.e. In test_device_configure_invalid_queue_pair_ids() after running tests > > for invalid values restore original nb_queue_pairs. > > Also cleanup of test code setting number and size of queue-pairs on a > device > > Also fix for aesni_mb PMD not freeing ring memory on qp release > > > > > > Fiona Trahe (4): > > crypto/aesni_mb: free ring memory on qp release in PMD > > app/test: remove pointless for loop > > app/test: cleanup unnecessary ring size setup > > app/test: remove hard-coding of crypto num qps > > Akhil Goyal (1): > > app/test: remove hard-coding of crypto num qps > > > > app/test/test_cryptodev.c | 53 ++++++++++---------------- > > app/test/test_cryptodev_perf.c | 19 +-------- > > drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 10 ++++- > > 3 files changed, 31 insertions(+), 51 deletions(-) > > > > -- > > 2.5.0 > > Series-acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Applied to dpdk-next-crypto. Thanks, Pablo
> -----Original Message----- > From: Akhil Goyal [mailto:akhil.goyal@nxp.com] > Sent: Tuesday, October 04, 2016 11:33 PM > To: De Lara Guarch, Pablo; Gonzalez Monroy, Sergio; dev@dpdk.org > Subject: Re: [PATCH] examples/ipsec-secgw: Update checksum while > decrementing ttl > > On 10/5/2016 6:04 AM, De Lara Guarch, Pablo wrote: > > > > > >> -----Original Message----- > >> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Sergio Gonzalez > >> Monroy > >> Sent: Monday, September 26, 2016 6:28 AM > >> To: akhil.goyal@nxp.com; dev@dpdk.org > >> Subject: Re: [dpdk-dev] [PATCH] examples/ipsec-secgw: Update checksum > >> while decrementing ttl > >> > >> Hi Akhil, > >> > >> This application relies on checksum offload in both outbound and > inbound > >> paths (PKT_TX_IP_CKSUM flag). > [Akhil]Agreed that the application relies on checksum offload, but here > we are talking about the inner ip header. Inner IP checksum will be > updated on the next end point after decryption. This would expect that > the next end point must have checksum offload capability. What if we are > capturing the encrypted packets on wireshark or say send it to some > other machine which does not run DPDK and do not know about checksum > offload, then wireshark/other machine will not be able to get the > correct the checksum and will show error. > >> > >> Because we assume that we always forward the packet in both paths, we > >> decrement the ttl in both inbound and outbound. > >> You seem to only increment (recalculate) the checksum of the inner IP > >> header in the outbound path but not the inbound path. > [Akhil]Correct I missed out the inbound path. > >> > >> Also, in the inbound path you have to consider a possible ECN value > update. > [Akhil]If I take care of the ECN then it would mean I need to calculate > the checksum completely, incremental checksum wont give correct results. > This would surely impact performance. Any suggestion on how should we > take care of ECN update. Should I recalculate the checksum and send the > patch for ECN update? Or do we have a better solution. > > > > Any further comments here, Akhil? > > > > Thanks, > > Pablo > > > [Akhil] Sorry I missed out the previous reply from Sergio. Any more comments, Sergio? Pablo > > Thanks, > Akhil > >>
On 07/10/2016 21:53, De Lara Guarch, Pablo wrote: >> -----Original Message----- >> From: Akhil Goyal [mailto:akhil.goyal@nxp.com] >> Sent: Tuesday, October 04, 2016 11:33 PM >> To: De Lara Guarch, Pablo; Gonzalez Monroy, Sergio; dev@dpdk.org >> Subject: Re: [PATCH] examples/ipsec-secgw: Update checksum while >> decrementing ttl >> >> On 10/5/2016 6:04 AM, De Lara Guarch, Pablo wrote: >>> >>>> -----Original Message----- >>>> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Sergio Gonzalez >>>> Monroy >>>> Sent: Monday, September 26, 2016 6:28 AM >>>> To: akhil.goyal@nxp.com; dev@dpdk.org >>>> Subject: Re: [dpdk-dev] [PATCH] examples/ipsec-secgw: Update checksum >>>> while decrementing ttl >>>> >>>> Hi Akhil, >>>> >>>> This application relies on checksum offload in both outbound and >> inbound >>>> paths (PKT_TX_IP_CKSUM flag). >> [Akhil]Agreed that the application relies on checksum offload, but here >> we are talking about the inner ip header. Inner IP checksum will be >> updated on the next end point after decryption. This would expect that >> the next end point must have checksum offload capability. What if we are >> capturing the encrypted packets on wireshark or say send it to some >> other machine which does not run DPDK and do not know about checksum >> offload, then wireshark/other machine will not be able to get the >> correct the checksum and will show error. Understood, we need to have a valid inner checksum. RFC1624 states that the computation would be incorrect in corner/boundary case. I reckon you are basing your incremental update on RFC1141? Also I think you should take care of endianess and increment the checksum with host_to_be(0x0100) instead of +1. >>>> Because we assume that we always forward the packet in both paths, we >>>> decrement the ttl in both inbound and outbound. >>>> You seem to only increment (recalculate) the checksum of the inner IP >>>> header in the outbound path but not the inbound path. >> [Akhil]Correct I missed out the inbound path. >>>> Also, in the inbound path you have to consider a possible ECN value >> update. >> [Akhil]If I take care of the ECN then it would mean I need to calculate >> the checksum completely, incremental checksum wont give correct results. >> This would surely impact performance. Any suggestion on how should we >> take care of ECN update. Should I recalculate the checksum and send the >> patch for ECN update? Or do we have a better solution. If I am understanding the RFCs mentioned above correctly, you should be able to do incremental checksum update for any 16bit field/value of the IP header. I don't see no reason why you couldn't do something like that, except that you would have to follow the full equation instead of just adding 0x0100, which would be always the case when decrementing TTL. What do you think? Sergio >>> Any further comments here, Akhil? >>> >>> Thanks, >>> Pablo >>> >> [Akhil] Sorry I missed out the previous reply from Sergio. > Any more comments, Sergio? > > Pablo >> Thanks, >> Akhil
> -----Original Message----- > From: Gonzalez Monroy, Sergio > Sent: Monday, October 10, 2016 5:05 AM > To: De Lara Guarch, Pablo; Akhil Goyal; dev@dpdk.org > Subject: Re: [PATCH] examples/ipsec-secgw: Update checksum while > decrementing ttl > > On 07/10/2016 21:53, De Lara Guarch, Pablo wrote: > >> -----Original Message----- > >> From: Akhil Goyal [mailto:akhil.goyal@nxp.com] > >> Sent: Tuesday, October 04, 2016 11:33 PM > >> To: De Lara Guarch, Pablo; Gonzalez Monroy, Sergio; dev@dpdk.org > >> Subject: Re: [PATCH] examples/ipsec-secgw: Update checksum while > >> decrementing ttl > >> > >> On 10/5/2016 6:04 AM, De Lara Guarch, Pablo wrote: > >>> > >>>> -----Original Message----- > >>>> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Sergio > Gonzalez > >>>> Monroy > >>>> Sent: Monday, September 26, 2016 6:28 AM > >>>> To: akhil.goyal@nxp.com; dev@dpdk.org > >>>> Subject: Re: [dpdk-dev] [PATCH] examples/ipsec-secgw: Update > checksum > >>>> while decrementing ttl > >>>> > >>>> Hi Akhil, > >>>> > >>>> This application relies on checksum offload in both outbound and > >> inbound > >>>> paths (PKT_TX_IP_CKSUM flag). > >> [Akhil]Agreed that the application relies on checksum offload, but here > >> we are talking about the inner ip header. Inner IP checksum will be > >> updated on the next end point after decryption. This would expect that > >> the next end point must have checksum offload capability. What if we are > >> capturing the encrypted packets on wireshark or say send it to some > >> other machine which does not run DPDK and do not know about > checksum > >> offload, then wireshark/other machine will not be able to get the > >> correct the checksum and will show error. > > Understood, we need to have a valid inner checksum. > RFC1624 states that the computation would be incorrect in > corner/boundary case. > I reckon you are basing your incremental update on RFC1141? > > Also I think you should take care of endianess and increment the > checksum with > host_to_be(0x0100) instead of +1. > > >>>> Because we assume that we always forward the packet in both paths, > we > >>>> decrement the ttl in both inbound and outbound. > >>>> You seem to only increment (recalculate) the checksum of the inner IP > >>>> header in the outbound path but not the inbound path. > >> [Akhil]Correct I missed out the inbound path. > >>>> Also, in the inbound path you have to consider a possible ECN value > >> update. > >> [Akhil]If I take care of the ECN then it would mean I need to calculate > >> the checksum completely, incremental checksum wont give correct results. > >> This would surely impact performance. Any suggestion on how should we > >> take care of ECN update. Should I recalculate the checksum and send the > >> patch for ECN update? Or do we have a better solution. > > If I am understanding the RFCs mentioned above correctly, you should be > able to do > incremental checksum update for any 16bit field/value of the IP header. > I don't see no reason why you couldn't do something like that, except > that you would > have to follow the full equation instead of just adding 0x0100, which > would be always > the case when decrementing TTL. > > What do you think? Any comments, Akhil?
-----Original Message----- From: De Lara Guarch, Pablo [mailto:pablo.de.lara.guarch@intel.com] Sent: Monday, October 17, 2016 10:35 PM To: Gonzalez Monroy, Sergio <sergio.gonzalez.monroy@intel.com>; Akhil Goyal <akhil.goyal@nxp.com>; dev@dpdk.org Subject: RE: [PATCH] examples/ipsec-secgw: Update checksum while decrementing ttl > -----Original Message----- > From: Gonzalez Monroy, Sergio > Sent: Monday, October 10, 2016 5:05 AM > To: De Lara Guarch, Pablo; Akhil Goyal; dev@dpdk.org > Subject: Re: [PATCH] examples/ipsec-secgw: Update checksum while > decrementing ttl > > On 07/10/2016 21:53, De Lara Guarch, Pablo wrote: > >> -----Original Message----- > >> From: Akhil Goyal [mailto:akhil.goyal@nxp.com] > >> Sent: Tuesday, October 04, 2016 11:33 PM > >> To: De Lara Guarch, Pablo; Gonzalez Monroy, Sergio; dev@dpdk.org > >> Subject: Re: [PATCH] examples/ipsec-secgw: Update checksum while > >> decrementing ttl > >> > >> On 10/5/2016 6:04 AM, De Lara Guarch, Pablo wrote: > >>> > >>>> -----Original Message----- > >>>> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Sergio > Gonzalez > >>>> Monroy > >>>> Sent: Monday, September 26, 2016 6:28 AM > >>>> To: akhil.goyal@nxp.com; dev@dpdk.org > >>>> Subject: Re: [dpdk-dev] [PATCH] examples/ipsec-secgw: Update > checksum > >>>> while decrementing ttl > >>>> > >>>> Hi Akhil, > >>>> > >>>> This application relies on checksum offload in both outbound and > >> inbound > >>>> paths (PKT_TX_IP_CKSUM flag). > >> [Akhil]Agreed that the application relies on checksum offload, but > >> here we are talking about the inner ip header. Inner IP checksum > >> will be updated on the next end point after decryption. This would > >> expect that the next end point must have checksum offload > >> capability. What if we are capturing the encrypted packets on > >> wireshark or say send it to some other machine which does not run > >> DPDK and do not know about > checksum > >> offload, then wireshark/other machine will not be able to get the > >> correct the checksum and will show error. > > Understood, we need to have a valid inner checksum. > RFC1624 states that the computation would be incorrect in > corner/boundary case. > I reckon you are basing your incremental update on RFC1141? > > Also I think you should take care of endianess and increment the > checksum with > host_to_be(0x0100) instead of +1. > > >>>> Because we assume that we always forward the packet in both > >>>> paths, > we > >>>> decrement the ttl in both inbound and outbound. > >>>> You seem to only increment (recalculate) the checksum of the > >>>> inner IP header in the outbound path but not the inbound path. > >> [Akhil]Correct I missed out the inbound path. > >>>> Also, in the inbound path you have to consider a possible ECN > >>>> value > >> update. > >> [Akhil]If I take care of the ECN then it would mean I need to > >> calculate the checksum completely, incremental checksum wont give correct results. > >> This would surely impact performance. Any suggestion on how should > >> we take care of ECN update. Should I recalculate the checksum and > >> send the patch for ECN update? Or do we have a better solution. > > If I am understanding the RFCs mentioned above correctly, you should > be able to do incremental checksum update for any 16bit field/value of > the IP header. > I don't see no reason why you couldn't do something like that, except > that you would have to follow the full equation instead of just adding > 0x0100, which would be always the case when decrementing TTL. > > What do you think? Any comments, Akhil? Ok.. will send next version soon.
> -----Original Message----- > From: Akhil Goyal [mailto:akhil.goyal@nxp.com] > Sent: Wednesday, October 19, 2016 1:38 AM > To: De Lara Guarch, Pablo; Gonzalez Monroy, Sergio; dev@dpdk.org > Subject: RE: [PATCH] examples/ipsec-secgw: Update checksum while > decrementing ttl > > > > -----Original Message----- > From: De Lara Guarch, Pablo [mailto:pablo.de.lara.guarch@intel.com] > Sent: Monday, October 17, 2016 10:35 PM > To: Gonzalez Monroy, Sergio <sergio.gonzalez.monroy@intel.com>; Akhil > Goyal <akhil.goyal@nxp.com>; dev@dpdk.org > Subject: RE: [PATCH] examples/ipsec-secgw: Update checksum while > decrementing ttl > > > > > -----Original Message----- > > From: Gonzalez Monroy, Sergio > > Sent: Monday, October 10, 2016 5:05 AM > > To: De Lara Guarch, Pablo; Akhil Goyal; dev@dpdk.org > > Subject: Re: [PATCH] examples/ipsec-secgw: Update checksum while > > decrementing ttl > > > > On 07/10/2016 21:53, De Lara Guarch, Pablo wrote: > > >> -----Original Message----- > > >> From: Akhil Goyal [mailto:akhil.goyal@nxp.com] > > >> Sent: Tuesday, October 04, 2016 11:33 PM > > >> To: De Lara Guarch, Pablo; Gonzalez Monroy, Sergio; dev@dpdk.org > > >> Subject: Re: [PATCH] examples/ipsec-secgw: Update checksum while > > >> decrementing ttl > > >> > > >> On 10/5/2016 6:04 AM, De Lara Guarch, Pablo wrote: > > >>> > > >>>> -----Original Message----- > > >>>> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Sergio > > Gonzalez > > >>>> Monroy > > >>>> Sent: Monday, September 26, 2016 6:28 AM > > >>>> To: akhil.goyal@nxp.com; dev@dpdk.org > > >>>> Subject: Re: [dpdk-dev] [PATCH] examples/ipsec-secgw: Update > > checksum > > >>>> while decrementing ttl > > >>>> > > >>>> Hi Akhil, > > >>>> > > >>>> This application relies on checksum offload in both outbound and > > >> inbound > > >>>> paths (PKT_TX_IP_CKSUM flag). > > >> [Akhil]Agreed that the application relies on checksum offload, but > > >> here we are talking about the inner ip header. Inner IP checksum > > >> will be updated on the next end point after decryption. This would > > >> expect that the next end point must have checksum offload > > >> capability. What if we are capturing the encrypted packets on > > >> wireshark or say send it to some other machine which does not run > > >> DPDK and do not know about > > checksum > > >> offload, then wireshark/other machine will not be able to get the > > >> correct the checksum and will show error. > > > > Understood, we need to have a valid inner checksum. > > RFC1624 states that the computation would be incorrect in > > corner/boundary case. > > I reckon you are basing your incremental update on RFC1141? > > > > Also I think you should take care of endianess and increment the > > checksum with > > host_to_be(0x0100) instead of +1. > > > > >>>> Because we assume that we always forward the packet in both > > >>>> paths, > > we > > >>>> decrement the ttl in both inbound and outbound. > > >>>> You seem to only increment (recalculate) the checksum of the > > >>>> inner IP header in the outbound path but not the inbound path. > > >> [Akhil]Correct I missed out the inbound path. > > >>>> Also, in the inbound path you have to consider a possible ECN > > >>>> value > > >> update. > > >> [Akhil]If I take care of the ECN then it would mean I need to > > >> calculate the checksum completely, incremental checksum wont give > correct results. > > >> This would surely impact performance. Any suggestion on how should > > >> we take care of ECN update. Should I recalculate the checksum and > > >> send the patch for ECN update? Or do we have a better solution. > > > > If I am understanding the RFCs mentioned above correctly, you should > > be able to do incremental checksum update for any 16bit field/value of > > the IP header. > > I don't see no reason why you couldn't do something like that, except > > that you would have to follow the full equation instead of just adding > > 0x0100, which would be always the case when decrementing TTL. > > > > What do you think? > > Any comments, Akhil? > > Ok.. will send next version soon. Hi Akhil, Are you sending that version soon? It won't make it the RC2, but it may be merged for RC3. Thanks, Pablo
diff --git a/examples/ipsec-secgw/ipip.h b/examples/ipsec-secgw/ipip.h index ff1dccd..ef059a9 100644 --- a/examples/ipsec-secgw/ipip.h +++ b/examples/ipsec-secgw/ipip.h @@ -56,6 +56,7 @@ ipip_outbound(struct rte_mbuf *m, uint32_t offset, uint32_t is_ipv6, if (inip4->ip_v == IPVERSION) { /* XXX This should be done by the forwarding engine instead */ inip4->ip_ttl -= 1; + inip4->ip_sum += 1; ds_ecn = inip4->ip_tos; } else { inip6 = (struct ip6_hdr *)inip4;