[v3,3/3] examples/ipsec-secgw: support IPv6 tunnel for lookaside proto
Checks
Commit Message
IPv6 tunnels are already supported in case of inline and
lookaside none cases. In case of protocol offload, the details
for IPv6 header need to be added in session configuration
for security session create.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
examples/ipsec-secgw/ipsec.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
Comments
Hi Konstantin,
Could you please review this patch.
Thanks,
Akhil
>
> IPv6 tunnels are already supported in case of inline and
> lookaside none cases. In case of protocol offload, the details
> for IPv6 header need to be added in session configuration
> for security session create.
>
> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> ---
> examples/ipsec-secgw/ipsec.c | 14 +++++++++++++-
> 1 file changed, 13 insertions(+), 1 deletion(-)
>
> diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
> index dc85adfe5..317faed7a 100644
> --- a/examples/ipsec-secgw/ipsec.c
> +++ b/examples/ipsec-secgw/ipsec.c
> @@ -33,8 +33,20 @@ set_ipsec_conf(struct ipsec_sa *sa, struct
> rte_security_ipsec_xform *ipsec)
>
> memcpy((uint8_t *)&tunnel->ipv4.dst_ip,
> (uint8_t *)&sa->dst.ip.ip4, 4);
> + } else if (IS_IP6_TUNNEL(sa->flags)) {
> + tunnel->type =
> + RTE_SECURITY_IPSEC_TUNNEL_IPV6;
> + tunnel->ipv6.hlimit = IPDEFTTL;
> + tunnel->ipv6.dscp = 0;
> + tunnel->ipv6.flabel = 0;
> +
> + memcpy((uint8_t *)&tunnel->ipv6.src_addr,
> + (uint8_t *)&sa->src.ip.ip6.ip6_b, 16);
> +
> + memcpy((uint8_t *)&tunnel->ipv6.dst_addr,
> + (uint8_t *)&sa->dst.ip.ip6.ip6_b, 16);
> }
> - /* TODO support for Transport and IPV6 tunnel */
> + /* TODO support for Transport */
> }
> ipsec->esn_soft_limit = IPSEC_OFFLOAD_ESN_SOFTLIMIT;
> }
> --
> 2.17.1
> -----Original Message-----
> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> Sent: Thursday, September 5, 2019 1:48 PM
> To: dev@dpdk.org
> Cc: hemant.agrawal@nxp.com; Ananyev, Konstantin <konstantin.ananyev@intel.com>; Akhil Goyal <akhil.goyal@nxp.com>
> Subject: [PATCH v3 3/3] examples/ipsec-secgw: support IPv6 tunnel for lookaside proto
>
> IPv6 tunnels are already supported in case of inline and
> lookaside none cases. In case of protocol offload, the details
> for IPv6 header need to be added in session configuration
> for security session create.
>
> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> ---
> examples/ipsec-secgw/ipsec.c | 14 +++++++++++++-
> 1 file changed, 13 insertions(+), 1 deletion(-)
>
> diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
> index dc85adfe5..317faed7a 100644
> --- a/examples/ipsec-secgw/ipsec.c
> +++ b/examples/ipsec-secgw/ipsec.c
> @@ -33,8 +33,20 @@ set_ipsec_conf(struct ipsec_sa *sa, struct rte_security_ipsec_xform *ipsec)
>
> memcpy((uint8_t *)&tunnel->ipv4.dst_ip,
> (uint8_t *)&sa->dst.ip.ip4, 4);
> + } else if (IS_IP6_TUNNEL(sa->flags)) {
> + tunnel->type =
> + RTE_SECURITY_IPSEC_TUNNEL_IPV6;
> + tunnel->ipv6.hlimit = IPDEFTTL;
> + tunnel->ipv6.dscp = 0;
> + tunnel->ipv6.flabel = 0;
> +
> + memcpy((uint8_t *)&tunnel->ipv6.src_addr,
> + (uint8_t *)&sa->src.ip.ip6.ip6_b, 16);
> +
> + memcpy((uint8_t *)&tunnel->ipv6.dst_addr,
> + (uint8_t *)&sa->dst.ip.ip6.ip6_b, 16);
> }
> - /* TODO support for Transport and IPV6 tunnel */
> + /* TODO support for Transport */
> }
> ipsec->esn_soft_limit = IPSEC_OFFLOAD_ESN_SOFTLIMIT;
> }
> --
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> 2.17.1
@@ -33,8 +33,20 @@ set_ipsec_conf(struct ipsec_sa *sa, struct rte_security_ipsec_xform *ipsec)
memcpy((uint8_t *)&tunnel->ipv4.dst_ip,
(uint8_t *)&sa->dst.ip.ip4, 4);
+ } else if (IS_IP6_TUNNEL(sa->flags)) {
+ tunnel->type =
+ RTE_SECURITY_IPSEC_TUNNEL_IPV6;
+ tunnel->ipv6.hlimit = IPDEFTTL;
+ tunnel->ipv6.dscp = 0;
+ tunnel->ipv6.flabel = 0;
+
+ memcpy((uint8_t *)&tunnel->ipv6.src_addr,
+ (uint8_t *)&sa->src.ip.ip6.ip6_b, 16);
+
+ memcpy((uint8_t *)&tunnel->ipv6.dst_addr,
+ (uint8_t *)&sa->dst.ip.ip6.ip6_b, 16);
}
- /* TODO support for Transport and IPV6 tunnel */
+ /* TODO support for Transport */
}
ipsec->esn_soft_limit = IPSEC_OFFLOAD_ESN_SOFTLIMIT;
}