[dpdk-dev] examples/ipsec-secgw: set ip6_plen to the proper value
Checks
Commit Message
ipv6 payload length header field should contain only the number of bytes
following the ipv6 header and not the entire packet size.
Fixes: f159e70b0922 ("examples/ipsec-secgw: support transport mode")
Fixes: 906257e965b7 ("examples/ipsec-secgw: support IPv6")
Signed-off-by: Tomasz Duszynski <tdu@semihalf.com>
---
examples/ipsec-secgw/esp.c | 6 ++++--
examples/ipsec-secgw/ipip.h | 3 ++-
2 files changed, 6 insertions(+), 3 deletions(-)
Comments
On 13/10/2017 09:04, Tomasz Duszynski wrote:
> ipv6 payload length header field should contain only the number of bytes
> following the ipv6 header and not the entire packet size.
>
> Fixes: f159e70b0922 ("examples/ipsec-secgw: support transport mode")
> Fixes: 906257e965b7 ("examples/ipsec-secgw: support IPv6")
>
> Signed-off-by: Tomasz Duszynski <tdu@semihalf.com>
> ---
> examples/ipsec-secgw/esp.c | 6 ++++--
> examples/ipsec-secgw/ipip.h | 3 ++-
> 2 files changed, 6 insertions(+), 3 deletions(-)
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Sergio Gonzalez
> Monroy
> Sent: Wednesday, October 18, 2017 5:18 PM
> To: Tomasz Duszynski <tdu@semihalf.com>; dev@dpdk.org
> Subject: Re: [dpdk-dev] [PATCH] examples/ipsec-secgw: set ip6_plen to the
> proper value
>
> On 13/10/2017 09:04, Tomasz Duszynski wrote:
> > ipv6 payload length header field should contain only the number of
> > bytes following the ipv6 header and not the entire packet size.
> >
> > Fixes: f159e70b0922 ("examples/ipsec-secgw: support transport mode")
> > Fixes: 906257e965b7 ("examples/ipsec-secgw: support IPv6")
> >
> > Signed-off-by: Tomasz Duszynski <tdu@semihalf.com>
> > ---
> > examples/ipsec-secgw/esp.c | 6 ++++--
> > examples/ipsec-secgw/ipip.h | 3 ++-
> > 2 files changed, 6 insertions(+), 3 deletions(-)
>
> Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
CC'ing stable ML.
Applied to dpdk-next-crypto.
Thanks,
Pablo
@@ -211,7 +211,8 @@ esp_inbound_post(struct rte_mbuf *m, struct ipsec_sa *sa,
/* XXX No option headers supported */
memmove(ip6, ip, sizeof(struct ip6_hdr));
ip6->ip6_nxt = *nexthdr;
- ip6->ip6_plen = htons(rte_pktmbuf_data_len(m));
+ ip6->ip6_plen = htons(rte_pktmbuf_data_len(m) -
+ sizeof(struct ip6_hdr));
}
} else
ipip_inbound(m, sizeof(struct esp_hdr) + sa->iv_len);
@@ -313,7 +314,8 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
} else {
ip6 = (struct ip6_hdr *)new_ip;
ip6->ip6_nxt = IPPROTO_ESP;
- ip6->ip6_plen = htons(rte_pktmbuf_data_len(m));
+ ip6->ip6_plen = htons(rte_pktmbuf_data_len(m) -
+ sizeof(struct ip6_hdr));
}
}
@@ -72,7 +72,8 @@ ipip_outbound(struct rte_mbuf *m, uint32_t offset, uint32_t is_ipv6,
/* Per RFC4301 5.1.2.1 */
outip6->ip6_flow = htonl(IP6_VERSION << 28 | ds_ecn << 20);
- outip6->ip6_plen = htons(rte_pktmbuf_data_len(m));
+ outip6->ip6_plen = htons(rte_pktmbuf_data_len(m) -
+ sizeof(struct ip6_hdr));
outip6->ip6_nxt = IPPROTO_ESP;
outip6->ip6_hops = IPDEFTTL;