[dpdk-dev] [PATCH v5 1/2] lib/ipsec: add support for header construction
Ananyev, Konstantin
konstantin.ananyev at intel.com
Mon Jul 1 12:40:34 CEST 2019
Hi Fan,
> From: Zhang, Roy Fan
> Sent: Friday, June 28, 2019 2:23 PM
> To: dev at dpdk.org
> Cc: akhil.goyal at nxp.com; Ananyev, Konstantin <konstantin.ananyev at intel.com>; Zhang, Roy Fan <roy.fan.zhang at intel.com>; Kovacevic,
> Marko <marko.kovacevic at intel.com>
> Subject: [PATCH v5 1/2] lib/ipsec: add support for header construction
>
> Add support for RFC 4301(5.1.2) to update of
> Type of service field and Traffic class field
> bits inside ipv4/ipv6 packets for outbound cases
> and inbound cases which deals with the update of
> the DSCP/ENC bits inside each of the fields.
Two minor nits below.
Apart from that:
Acked-by: Konstantin Ananyev <konstantin.ananyev at intel.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev at intel.com>
>
> Signed-off-by: Marko Kovacevic <marko.kovacevic at intel.com>
> Signed-off-by: Fan Zhang <roy.fan.zhang at intel.com>
> ---
> diff --git a/lib/librte_ipsec/iph.h b/lib/librte_ipsec/iph.h
> index 62d78b7b1..dcf26df1d 100644
> --- a/lib/librte_ipsec/iph.h
> +++ b/lib/librte_ipsec/iph.h
> @@ -101,23 +101,154 @@ update_trs_l3hdr(const struct rte_ipsec_sa *sa, void *p, uint32_t plen,
> return rc;
> }
>
> +/*
> + * The masks for ipv6 header reconstruction (RFC4301)
> + */
> +#define IPV6_DSCP_MASK (RTE_IP_DSCP_MASK << RTE_IPV6_HDR_TC_SHIFT)
> +#define IPV6_ECN_MASK (RTE_IP_ECN_MASK << RTE_IPV6_HDR_TC_SHIFT)
> +#define IPV6_TOS_MASK (IPV6_ECN_MASK | IPV6_DSCP_MASK)
> +#define IPV6_ECN_CE IPV6_ECN_MASK
> +
> +/*
> + * The macros to get and set traffic class (TC) for ipv6 packets
> + */
> +#define GET_IPV6_TC(vtc_flow) \
> + (uint32_t)((rte_be_to_cpu_32(vtc_flow)) >> RTE_IPV6_HDR_TC_SHIFT)
> +
> +#define SET_IPV6_TC(vtc_flow, tc) \
> + (vtc_flow = rte_cpu_to_be_32(tc << RTE_IPV6_HDR_TC_SHIFT) | \
> + (vtc_flow & (~rte_cpu_to_be_32(IPV6_TOS_MASK))))
> +
For macros we need all its parameter references to be in ().
i.e. (vtc_flow) = rte_cpu_to_be_32((tc) << ...
Though I think inline function would suit better (as you have in previous patch version).
> +/**
> + * Update type-of-service/traffic-class field of inbound/outbound tunnel
> + * packet.
> + *
> + * @param ref_h: reference header, for outbound it is inner header, otherwise
> + * outer header.
> + * @param update_h: header to be updated tos/tc field, for outbound it is outer
> + * header, otherwise inner header.
> + * @param tos_mask: type-of-service mask stored in sa.
> + * @param is_outh_ipv4: 1 if outer header is ipv4, 0 if it is ipv6.
> + * @param is_inner_ipv4: 1 if inner header is ipv4, 0 if it is ipv6.
> + * @param is_inbound: 1 if it is a inbound packet, 0 if it is outbound.
> + */
> +static inline void
> +update_tun_tos(const void *ref_h, void *update_h, uint32_t tos_mask,
> + uint8_t is_outh_ipv4, uint8_t is_inh_ipv4, uint8_t is_inbound)
> +{
> + uint8_t idx = ((is_inbound << 2) | (is_outh_ipv4 << 1) | is_inh_ipv4);
> + struct rte_ipv4_hdr *v4out_h;
> + struct rte_ipv6_hdr *v6out_h;
> + struct rte_ipv4_hdr *v4in_h;
> + struct rte_ipv6_hdr *v6in_h;
> + uint32_t itp, otp;
> + uint8_t ecn_v4out, ecn_v4in;
> + uint32_t ecn_v6out, ecn_v6in;
> +
> + switch (idx) {
> + /* outbound */
> + case 0: /*outh ipv6, inh ipv6 */
> + v6out_h = update_h;
> + otp = GET_IPV6_TC(v6out_h->vtc_flow) & ~tos_mask;
> + itp = GET_IPV6_TC(((const struct rte_ipv6_hdr *)ref_h)->
> + vtc_flow) & tos_mask;
> + SET_IPV6_TC(v6out_h->vtc_flow, (otp | itp));
> + break;
> + case 1: /*outh ipv6, inh ipv4 */
> + v6out_h = update_h;
> + otp = GET_IPV6_TC(v6out_h->vtc_flow) & ~tos_mask;
> + itp = ((const struct rte_ipv4_hdr *)ref_h)->type_of_service &
> + tos_mask;
> + SET_IPV6_TC(v6out_h->vtc_flow, (otp | itp));
> + break;
> + case 2: /*outh ipv4, inh ipv6 */
> + v4out_h = update_h;
> + otp = v4out_h->type_of_service & ~tos_mask;
> + itp = GET_IPV6_TC(((const struct rte_ipv6_hdr *)ref_h)->
> + vtc_flow) & tos_mask;
> + v4out_h->type_of_service = (otp | itp);
> + break;
> + case 3: /* outh ipv4, inh ipv4 */
> + v4out_h = update_h;
> + otp = v4out_h->type_of_service & ~tos_mask;
> + itp = ((const struct rte_ipv4_hdr *)ref_h)->type_of_service &
> + tos_mask;
> + v4out_h->type_of_service = (otp | itp);
> + break;
Looking at the function - it might be better to split it into 2 separate functions:
one for inbound, another for outbound.
Then you'll have identical cases (0-3) for both, and that would probably be easier to follow.
Again in that case you wouldn't need to:
uint8_t idx = ((is_inbound << 2) |...
> + /* inbound */
> + case 4: /* outh ipv6, inh ipv6 */
> + v6in_h = update_h;
> + ecn_v6out = ((const struct rte_ipv6_hdr *)ref_h)->vtc_flow &
> + rte_cpu_to_be_32(IPV6_ECN_MASK);
> + ecn_v6in = v6in_h->vtc_flow & rte_cpu_to_be_32(IPV6_ECN_MASK);
> + if ((ecn_v6out == rte_cpu_to_be_32(IPV6_ECN_CE)) &&
> + (ecn_v6in != 0))
> + v6in_h->vtc_flow |= rte_cpu_to_be_32(IPV6_ECN_CE);
> + break;
> + case 5: /* outh ipv6, inh ipv4 */
> + v4in_h = update_h;
> + ecn_v6out = ((const struct rte_ipv6_hdr *)ref_h)->vtc_flow &
> + rte_cpu_to_be_32(IPV6_ECN_MASK);
> + ecn_v4in = v4in_h->type_of_service & RTE_IP_ECN_MASK;
> + if ((ecn_v6out == rte_cpu_to_be_32(IPV6_ECN_CE)) &&
> + (ecn_v4in != 0))
> + v4in_h->type_of_service |= RTE_IP_ECN_CE;
> + break;
> + case 6: /* outh ipv4, inh ipv6 */
> + v6in_h = update_h;
> + ecn_v4out = ((const struct rte_ipv4_hdr *)ref_h)->
> + type_of_service & RTE_IP_ECN_MASK;
> + ecn_v6in = v6in_h->vtc_flow & rte_cpu_to_be_32(IPV6_ECN_MASK);
> + if (ecn_v4out == RTE_IP_ECN_CE && ecn_v6in != 0)
> + v6in_h->vtc_flow |= rte_cpu_to_be_32(IPV6_ECN_CE);
> + break;
> + case 7: /* outh ipv4, inh ipv4 */
> + v4in_h = update_h;
> + ecn_v4out = ((const struct rte_ipv4_hdr *)ref_h)->
> + type_of_service & RTE_IP_ECN_MASK;
> + ecn_v4in = v4in_h->type_of_service & RTE_IP_ECN_MASK;
> + if (ecn_v4out == RTE_IP_ECN_CE && ecn_v4in != 0)
> + v4in_h->type_of_service |= RTE_IP_ECN_CE;
> + break;
> + }
> +}
> +
More information about the dev
mailing list