[PATCH dpdk v4 12/17] security: use IPv6 address structure
Robin Jarry
rjarry at redhat.com
Fri Oct 18 11:17:29 CEST 2024
For consistency with the rest of the code base, update
rte_security_ipsec_tunnel_param to use rte_ipv6_addr structures instead
of in6_addr.
Signed-off-by: Robin Jarry <rjarry at redhat.com>
---
doc/guides/rel_notes/release_24_11.rst | 2 ++
drivers/common/cnxk/cnxk_security.c | 14 ++++++--------
drivers/net/iavf/iavf_ipsec_crypto.c | 3 +--
drivers/net/nfp/nfp_ipsec.c | 4 ++--
examples/ipsec-secgw/ipsec.c | 12 ++++++------
lib/pipeline/rte_swx_ipsec.c | 8 ++------
lib/security/rte_security.h | 5 +++--
7 files changed, 22 insertions(+), 26 deletions(-)
diff --git a/doc/guides/rel_notes/release_24_11.rst b/doc/guides/rel_notes/release_24_11.rst
index ca8b9441d430..05212a4cc2b3 100644
--- a/doc/guides/rel_notes/release_24_11.rst
+++ b/doc/guides/rel_notes/release_24_11.rst
@@ -312,6 +312,8 @@ API Changes
- ``struct rte_swx_ipsec_sa_encap_params``
- ``struct rte_table_action_ipv6_header``
- ``struct rte_table_action_nat_params``
+ security
+ - ``struct rte_security_ipsec_tunnel_param``
table
- ``struct rte_table_lpm_ipv6_key``
rib
diff --git a/drivers/common/cnxk/cnxk_security.c b/drivers/common/cnxk/cnxk_security.c
index e67c3f233187..c2871ad2bda5 100644
--- a/drivers/common/cnxk/cnxk_security.c
+++ b/drivers/common/cnxk/cnxk_security.c
@@ -271,9 +271,9 @@ ot_ipsec_inb_tunnel_hdr_fill(struct roc_ot_ipsec_inb_sa *sa,
case RTE_SECURITY_IPSEC_TUNNEL_IPV6:
sa->w2.s.outer_ip_ver = ROC_IE_SA_IP_VERSION_6;
memcpy(&sa->outer_hdr.ipv6.src_addr, &tunnel->ipv6.src_addr,
- sizeof(struct in6_addr));
+ sizeof(sa->outer_hdr.ipv6.src_addr));
memcpy(&sa->outer_hdr.ipv6.dst_addr, &tunnel->ipv6.dst_addr,
- sizeof(struct in6_addr));
+ sizeof(sa->outer_hdr.ipv6.dst_addr));
/* IP Source and Dest are in LE/CPU endian */
ot_ipsec_update_ipv6_addr_endianness((uint64_t *)&sa->outer_hdr.ipv6.src_addr);
@@ -472,9 +472,9 @@ cnxk_ot_ipsec_outb_sa_fill(struct roc_ot_ipsec_outb_sa *sa,
case RTE_SECURITY_IPSEC_TUNNEL_IPV6:
sa->w2.s.outer_ip_ver = ROC_IE_SA_IP_VERSION_6;
memcpy(&sa->outer_hdr.ipv6.src_addr, &tunnel->ipv6.src_addr,
- sizeof(struct in6_addr));
+ sizeof(sa->outer_hdr.ipv6.src_addr));
memcpy(&sa->outer_hdr.ipv6.dst_addr, &tunnel->ipv6.dst_addr,
- sizeof(struct in6_addr));
+ sizeof(sa->outer_hdr.ipv6.dst_addr));
/* IP Source and Dest are in LE/CPU endian */
ot_ipsec_update_ipv6_addr_endianness((uint64_t *)&sa->outer_hdr.ipv6.src_addr);
@@ -1087,10 +1087,8 @@ cnxk_on_ipsec_outb_sa_create(struct rte_security_ipsec_xform *ipsec,
ip6->hop_limits = ipsec->tunnel.ipv6.hlimit ?
ipsec->tunnel.ipv6.hlimit :
0x40;
- memcpy(&ip6->src_addr, &ipsec->tunnel.ipv6.src_addr,
- sizeof(struct in6_addr));
- memcpy(&ip6->dst_addr, &ipsec->tunnel.ipv6.dst_addr,
- sizeof(struct in6_addr));
+ ip6->src_addr = ipsec->tunnel.ipv6.src_addr;
+ ip6->dst_addr = ipsec->tunnel.ipv6.dst_addr;
}
} else
ctx_len += sizeof(template->ip4);
diff --git a/drivers/net/iavf/iavf_ipsec_crypto.c b/drivers/net/iavf/iavf_ipsec_crypto.c
index 89dd5af5500f..90421a66c309 100644
--- a/drivers/net/iavf/iavf_ipsec_crypto.c
+++ b/drivers/net/iavf/iavf_ipsec_crypto.c
@@ -510,8 +510,7 @@ iavf_ipsec_crypto_security_association_add(struct iavf_adapter *adapter,
*((uint32_t *)sa_cfg->dst_addr) =
htonl(conf->ipsec.tunnel.ipv4.dst_ip.s_addr);
} else {
- uint32_t *v6_dst_addr =
- (uint32_t *)conf->ipsec.tunnel.ipv6.dst_addr.s6_addr;
+ uint32_t *v6_dst_addr = (uint32_t *)&conf->ipsec.tunnel.ipv6.dst_addr;
sa_cfg->virtchnl_ip_type = VIRTCHNL_IPV6;
diff --git a/drivers/net/nfp/nfp_ipsec.c b/drivers/net/nfp/nfp_ipsec.c
index 89116af1b22f..13f2b850e59d 100644
--- a/drivers/net/nfp/nfp_ipsec.c
+++ b/drivers/net/nfp/nfp_ipsec.c
@@ -1042,8 +1042,8 @@ nfp_ipsec_msg_build(struct rte_eth_dev *eth_dev,
cfg->dst_ip[0] = rte_be_to_cpu_32(dst_ip[0]);
cfg->ipv6 = 0;
} else if (type == RTE_SECURITY_IPSEC_TUNNEL_IPV6) {
- src_ip = (rte_be32_t *)conf->ipsec.tunnel.ipv6.src_addr.s6_addr;
- dst_ip = (rte_be32_t *)conf->ipsec.tunnel.ipv6.dst_addr.s6_addr;
+ src_ip = (rte_be32_t *)&conf->ipsec.tunnel.ipv6.src_addr;
+ dst_ip = (rte_be32_t *)&conf->ipsec.tunnel.ipv6.dst_addr;
for (i = 0; i < 4; i++) {
cfg->src_ip[i] = rte_be_to_cpu_32(src_ip[i]);
cfg->dst_ip[i] = rte_be_to_cpu_32(dst_ip[i]);
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 3b1e2a710971..c65efd1c166a 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -41,8 +41,8 @@ set_ipsec_conf(struct ipsec_sa *sa, struct rte_security_ipsec_xform *ipsec)
tunnel->ipv6.hlimit = IPDEFTTL;
tunnel->ipv6.dscp = 0;
tunnel->ipv6.flabel = 0;
- memcpy(&tunnel->ipv6.src_addr, &sa->src.ip.ip6, 16);
- memcpy(&tunnel->ipv6.dst_addr, &sa->dst.ip.ip6, 16);
+ tunnel->ipv6.src_addr = sa->src.ip.ip6;
+ tunnel->ipv6.dst_addr = sa->dst.ip.ip6;
}
/* TODO support for Transport */
}
@@ -446,8 +446,8 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
sess_conf.ipsec.tunnel.type =
RTE_SECURITY_IPSEC_TUNNEL_IPV6;
- memcpy(&sess_conf.ipsec.tunnel.ipv6.src_addr, &sa->src.ip.ip6, 16);
- memcpy(&sess_conf.ipsec.tunnel.ipv6.dst_addr, &sa->dst.ip.ip6, 16);
+ sess_conf.ipsec.tunnel.ipv6.src_addr = sa->src.ip.ip6;
+ sess_conf.ipsec.tunnel.ipv6.dst_addr = sa->dst.ip.ip6;
}
} else if (IS_TUNNEL(sa->flags)) {
sess_conf.ipsec.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
@@ -464,8 +464,8 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
sess_conf.ipsec.tunnel.type =
RTE_SECURITY_IPSEC_TUNNEL_IPV6;
- memcpy(&sess_conf.ipsec.tunnel.ipv6.src_addr, &sa->src.ip.ip6, 16);
- memcpy(&sess_conf.ipsec.tunnel.ipv6.dst_addr, &sa->dst.ip.ip6, 16);
+ sess_conf.ipsec.tunnel.ipv6.src_addr = sa->src.ip.ip6;
+ sess_conf.ipsec.tunnel.ipv6.dst_addr = sa->dst.ip.ip6;
} else {
RTE_LOG(ERR, IPSEC, "invalid tunnel type\n");
return -1;
diff --git a/lib/pipeline/rte_swx_ipsec.c b/lib/pipeline/rte_swx_ipsec.c
index 6bc81145409b..17a9d2b98bc0 100644
--- a/lib/pipeline/rte_swx_ipsec.c
+++ b/lib/pipeline/rte_swx_ipsec.c
@@ -1579,12 +1579,8 @@ ipsec_xform_get(struct rte_swx_ipsec_sa_params *p,
ipsec_xform->tunnel.ipv4.df = 0;
ipsec_xform->tunnel.ipv4.ttl = 64;
} else {
- memcpy(&ipsec_xform->tunnel.ipv6.src_addr,
- &p->encap.tunnel.ipv6.src_addr,
- sizeof(ipsec_xform->tunnel.ipv6.src_addr));
- memcpy(&ipsec_xform->tunnel.ipv6.dst_addr,
- &p->encap.tunnel.ipv6.dst_addr,
- sizeof(ipsec_xform->tunnel.ipv6.dst_addr));
+ ipsec_xform->tunnel.ipv6.src_addr = p->encap.tunnel.ipv6.src_addr;
+ ipsec_xform->tunnel.ipv6.dst_addr = p->encap.tunnel.ipv6.dst_addr;
ipsec_xform->tunnel.ipv6.dscp = 0;
ipsec_xform->tunnel.ipv6.flabel = 0;
ipsec_xform->tunnel.ipv6.hlimit = 64;
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 7a9bafa0fa72..032bf9c5fbfa 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -18,6 +18,7 @@
#include <rte_common.h>
#include <rte_crypto.h>
#include <rte_ip.h>
+#include <rte_ip6.h>
#include <rte_mbuf_dyn.h>
#ifdef __cplusplus
@@ -85,9 +86,9 @@ struct rte_security_ipsec_tunnel_param {
} ipv4;
/**< IPv4 header parameters */
struct {
- struct in6_addr src_addr;
+ struct rte_ipv6_addr src_addr;
/**< IPv6 source address */
- struct in6_addr dst_addr;
+ struct rte_ipv6_addr dst_addr;
/**< IPv6 destination address */
uint8_t dscp;
/**< IPv6 Differentiated Services Code Point */
--
2.47.0
More information about the dev
mailing list