patch 'ipsec: fix NAT-T ports and length' has been queued to stable release 21.11.2

Kevin Traynor ktraynor at redhat.com
Fri Jun 24 17:01:15 CEST 2022 

Hi,

FYI, your patch has been queued to stable release 21.11.2

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 06/27/22. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable

This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable/commit/d6a5fb4092c3f59726f76e777879d94a9477f3c9

Thanks.

Kevin

---
>From d6a5fb4092c3f59726f76e777879d94a9477f3c9 Mon Sep 17 00:00:00 2001
From: Radu Nicolau <radu.nicolau at intel.com>
Date: Wed, 25 May 2022 14:59:10 +0100
Subject: [PATCH] ipsec: fix NAT-T ports and length

[ upstream commit 778bbc089177f2e4cd9b3e66ec1a7940ffcab1e1 ]

Fix the UDP header fields, wrong byte order used for src and dst port
and wrong offset used when updating UDP datagram length.

Fixes: 01eef5907fc3 ("ipsec: support NAT-T")

Signed-off-by: Radu Nicolau <radu.nicolau at intel.com>
Acked-by: Fan Zhang <roy.fan.zhang at intel.com>
---
 lib/ipsec/esp_outb.c | 2 +-
 lib/ipsec/sa.c       | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/ipsec/esp_outb.c b/lib/ipsec/esp_outb.c
index 672e56aba0..28bd58e3c7 100644
--- a/lib/ipsec/esp_outb.c
+++ b/lib/ipsec/esp_outb.c
@@ -198,5 +198,5 @@ outb_tun_pkt_prepare(struct rte_ipsec_sa *sa, rte_be64_t sqc,
 	if (sa->type & RTE_IPSEC_SATP_NATT_ENABLE) {
 		struct rte_udp_hdr *udph = (struct rte_udp_hdr *)
-				(ph - sizeof(struct rte_udp_hdr));
+			(ph + sa->hdr_len - sizeof(struct rte_udp_hdr));
 		udph->dgram_len = rte_cpu_to_be_16(mb->pkt_len - sqh_len -
 				sa->hdr_l3_off - sa->hdr_len);
diff --git a/lib/ipsec/sa.c b/lib/ipsec/sa.c
index cdb70af0cb..c921699390 100644
--- a/lib/ipsec/sa.c
+++ b/lib/ipsec/sa.c
@@ -368,6 +368,6 @@ esp_outb_tun_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm)
 				&sa->hdr[prm->tun.hdr_len];
 		sa->hdr_len += sizeof(struct rte_udp_hdr);
-		udph->src_port = prm->ipsec_xform.udp.sport;
-		udph->dst_port = prm->ipsec_xform.udp.dport;
+		udph->src_port = rte_cpu_to_be_16(prm->ipsec_xform.udp.sport);
+		udph->dst_port = rte_cpu_to_be_16(prm->ipsec_xform.udp.dport);
 		udph->dgram_cksum = 0;
 	}
-- 
2.34.3

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2022-06-24 15:51:09.210417380 +0100
+++ 0007-ipsec-fix-NAT-T-ports-and-length.patch	2022-06-24 15:51:08.846984014 +0100
@@ -1 +1 @@
-From 778bbc089177f2e4cd9b3e66ec1a7940ffcab1e1 Mon Sep 17 00:00:00 2001
+From d6a5fb4092c3f59726f76e777879d94a9477f3c9 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 778bbc089177f2e4cd9b3e66ec1a7940ffcab1e1 ]
+
@@ -10 +11,0 @@
-Cc: stable at dpdk.org
@@ -20 +21 @@
-index 6925bb9945..5a5429a12b 100644
+index 672e56aba0..28bd58e3c7 100644
@@ -23 +24 @@
-@@ -197,5 +197,5 @@ outb_tun_pkt_prepare(struct rte_ipsec_sa *sa, rte_be64_t sqc,
+@@ -198,5 +198,5 @@ outb_tun_pkt_prepare(struct rte_ipsec_sa *sa, rte_be64_t sqc,
@@ -31 +32 @@
-index 1b673b6a18..59a547637d 100644
+index cdb70af0cb..c921699390 100644
@@ -34 +35 @@
-@@ -365,6 +365,6 @@ esp_outb_tun_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm)
+@@ -368,6 +368,6 @@ esp_outb_tun_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm)

More information about the stable mailing list