patch 'ipsec: fix NAT-T header length' has been queued to stable release 22.11.3

Xueming Li xuemingl at nvidia.com
Thu Aug 10 02:06:50 CEST 2023

Previous message (by thread): patch 'examples/ipsec-secgw: fix TAP default MAC address' has been queued to stable release 22.11.3
Next message (by thread): patch 'examples/l3fwd: fix duplicate expression for default nexthop' has been queued to stable release 22.11.3
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

FYI, your patch has been queued to stable release 22.11.3

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 08/11/23. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://git.dpdk.org/dpdk-stable/log/?h=22.11-staging

This queued commit can be viewed at:
https://git.dpdk.org/dpdk-stable/commit/?h=22.11-staging&id=06ba23cad245de70f98e374ef19a5191e81a2ead

Thanks.

Xueming Li <xuemingl at nvidia.com>

---
>From 06ba23cad245de70f98e374ef19a5191e81a2ead Mon Sep 17 00:00:00 2001
From: Xiao Liang <shaw.leon at gmail.com>
Date: Tue, 11 Jul 2023 10:18:47 +0800
Subject: [PATCH] ipsec: fix NAT-T header length
Cc: Xueming Li <xuemingl at nvidia.com>

[ upstream commit 5d89d22e9e49771059ecc6383aa4313394fc72f7 ]

UDP header and L2 header (if any) length is included in sa->hdr_len.
Take care of that in L3 header and packet length calculation.

Fixes: 01eef5907fc3 ("ipsec: support NAT-T")

Signed-off-by: Xiao Liang <shaw.leon at gmail.com>
Acked-by: Konstantin Ananyev <konstantin.v.ananyev at yandex.ru>
Acked-by: Radu Nicolau <radu.nicolau at intel.com>
---
 lib/ipsec/esp_outb.c | 2 +-
 lib/ipsec/sa.c       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/ipsec/esp_outb.c b/lib/ipsec/esp_outb.c
index 9cbd9202f6..ec87b1dce2 100644
--- a/lib/ipsec/esp_outb.c
+++ b/lib/ipsec/esp_outb.c
@@ -198,7 +198,7 @@ outb_tun_pkt_prepare(struct rte_ipsec_sa *sa, rte_be64_t sqc,
 		struct rte_udp_hdr *udph = (struct rte_udp_hdr *)
 			(ph + sa->hdr_len - sizeof(struct rte_udp_hdr));
 		udph->dgram_len = rte_cpu_to_be_16(mb->pkt_len - sqh_len -
-				sa->hdr_l3_off - sa->hdr_len);
+				sa->hdr_len + sizeof(struct rte_udp_hdr));
 	}
 
 	/* update original and new ip header fields */
diff --git a/lib/ipsec/sa.c b/lib/ipsec/sa.c
index 59a547637d..2297bd6d72 100644
--- a/lib/ipsec/sa.c
+++ b/lib/ipsec/sa.c
@@ -371,7 +371,7 @@ esp_outb_tun_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm)
 
 	/* update l2_len and l3_len fields for outbound mbuf */
 	sa->tx_offload.val = rte_mbuf_tx_offload(sa->hdr_l3_off,
-		sa->hdr_len - sa->hdr_l3_off, 0, 0, 0, 0, 0);
+		prm->tun.hdr_len - sa->hdr_l3_off, 0, 0, 0, 0, 0);
 
 	esp_outb_init(sa, sa->hdr_len, prm->ipsec_xform.esn.value);
 }
-- 
2.25.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2023-08-09 21:51:20.777722800 +0800
+++ 0101-ipsec-fix-NAT-T-header-length.patch	2023-08-09 21:51:18.264352000 +0800
@@ -1 +1 @@
-From 5d89d22e9e49771059ecc6383aa4313394fc72f7 Mon Sep 17 00:00:00 2001
+From 06ba23cad245de70f98e374ef19a5191e81a2ead Mon Sep 17 00:00:00 2001
@@ -4,0 +5,3 @@
+Cc: Xueming Li <xuemingl at nvidia.com>
+
+[ upstream commit 5d89d22e9e49771059ecc6383aa4313394fc72f7 ]
@@ -10 +12,0 @@
-Cc: stable at dpdk.org

Previous message (by thread): patch 'examples/ipsec-secgw: fix TAP default MAC address' has been queued to stable release 22.11.3
Next message (by thread): patch 'examples/l3fwd: fix duplicate expression for default nexthop' has been queued to stable release 22.11.3
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list