[dpdk-dev] [PATCH v8 04/10] ipsec: add support for NAT-T

Nicolau, Radu radu.nicolau at intel.com
Tue Oct 12 13:05:16 CEST 2021

Previous message (by thread): [dpdk-dev] [PATCH v8 04/10] ipsec: add support for NAT-T
Next message (by thread): [dpdk-dev] [PATCH v8 05/10] mbuf: add IPsec ESP tunnel type
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/12/2021 11:50 AM, Ananyev, Konstantin wrote:
>
>>
>>
>> +	memcpy(sa->hdr, prm->tun.hdr, prm->tun.hdr_len);
>> +
>> +	/* insert UDP header if UDP encapsulation is inabled */
>> +	if (sa->type & RTE_IPSEC_SATP_NATT_ENABLE) {
>> +		struct rte_udp_hdr *udph = (struct rte_udp_hdr *)
>> +				&sa->hdr[prm->tun.hdr_len];
> I think we need a check somewhere here (probably in rte_ipsec_sa_init() or so)
> to make sure that new sa->hdr_len wouldn't overrun sizeof(sa->hdr).
Yes, I will add a check.
>
>
>> +		sa->hdr_len += sizeof(struct rte_udp_hdr);
>> +		udph->src_port = prm->ipsec_xform.udp.sport;
>> +		udph->dst_port = prm->ipsec_xform.udp.dport;
>> +		udph->dgram_cksum = 0;
>> +	}
>> +
>>   	/* update l2_len and l3_len fields for outbound mbuf */
>>   	sa->tx_offload.val = rte_mbuf_tx_offload(sa->hdr_l3_off,
>>   		sa->hdr_len - sa->hdr_l3_off, 0, 0, 0, 0, 0);
>
> So for such packets UDP cksum will always be zero, and we don't need to
> setup l4_hdr or any TX L4 flags, correct?
UDP checksum should be 0 and must not be checked, this is what RFC 
requires indeed. So from what I can see we don't need to setup the l4 flags.
>

Previous message (by thread): [dpdk-dev] [PATCH v8 04/10] ipsec: add support for NAT-T
Next message (by thread): [dpdk-dev] [PATCH v8 05/10] mbuf: add IPsec ESP tunnel type
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list