patch 'ipsec: fix NAT-T header length' has been queued to stable release 21.11.5

Kevin Traynor ktraynor at redhat.com
Thu Jul 20 17:19:31 CEST 2023 

Hi,

FYI, your patch has been queued to stable release 21.11.5

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 07/25/23. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable

This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable/commit/aabb9693644d0e25ff6dabb3ae656bd53ddf1fcf

Thanks.

Kevin

---
>From aabb9693644d0e25ff6dabb3ae656bd53ddf1fcf Mon Sep 17 00:00:00 2001
From: Xiao Liang <shaw.leon at gmail.com>
Date: Tue, 11 Jul 2023 10:18:47 +0800
Subject: [PATCH] ipsec: fix NAT-T header length

[ upstream commit 5d89d22e9e49771059ecc6383aa4313394fc72f7 ]

UDP header and L2 header (if any) length is included in sa->hdr_len.
Take care of that in L3 header and packet length calculation.

Fixes: 01eef5907fc3 ("ipsec: support NAT-T")

Signed-off-by: Xiao Liang <shaw.leon at gmail.com>
Acked-by: Konstantin Ananyev <konstantin.v.ananyev at yandex.ru>
Acked-by: Radu Nicolau <radu.nicolau at intel.com>
---
 lib/ipsec/esp_outb.c | 2 +-
 lib/ipsec/sa.c       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/ipsec/esp_outb.c b/lib/ipsec/esp_outb.c
index 1b0eeed07f..969eff5a6b 100644
--- a/lib/ipsec/esp_outb.c
+++ b/lib/ipsec/esp_outb.c
@@ -200,5 +200,5 @@ outb_tun_pkt_prepare(struct rte_ipsec_sa *sa, rte_be64_t sqc,
 			(ph + sa->hdr_len - sizeof(struct rte_udp_hdr));
 		udph->dgram_len = rte_cpu_to_be_16(mb->pkt_len - sqh_len -
-				sa->hdr_l3_off - sa->hdr_len);
+				sa->hdr_len + sizeof(struct rte_udp_hdr));
 	}
 
diff --git a/lib/ipsec/sa.c b/lib/ipsec/sa.c
index c921699390..ccf40f0371 100644
--- a/lib/ipsec/sa.c
+++ b/lib/ipsec/sa.c
@@ -375,5 +375,5 @@ esp_outb_tun_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm)
 	/* update l2_len and l3_len fields for outbound mbuf */
 	sa->tx_offload.val = rte_mbuf_tx_offload(sa->hdr_l3_off,
-		sa->hdr_len - sa->hdr_l3_off, 0, 0, 0, 0, 0);
+		prm->tun.hdr_len - sa->hdr_l3_off, 0, 0, 0, 0, 0);
 
 	esp_outb_init(sa, sa->hdr_len, prm->ipsec_xform.esn.value);
-- 
2.41.0

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2023-07-20 16:18:11.451583888 +0100
+++ 0140-ipsec-fix-NAT-T-header-length.patch	2023-07-20 16:17:55.226752815 +0100
@@ -1 +1 @@
-From 5d89d22e9e49771059ecc6383aa4313394fc72f7 Mon Sep 17 00:00:00 2001
+From aabb9693644d0e25ff6dabb3ae656bd53ddf1fcf Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 5d89d22e9e49771059ecc6383aa4313394fc72f7 ]
+
@@ -10 +11,0 @@
-Cc: stable at dpdk.org
@@ -21 +22 @@
-index 9cbd9202f6..ec87b1dce2 100644
+index 1b0eeed07f..969eff5a6b 100644
@@ -24 +25 @@
-@@ -199,5 +199,5 @@ outb_tun_pkt_prepare(struct rte_ipsec_sa *sa, rte_be64_t sqc,
+@@ -200,5 +200,5 @@ outb_tun_pkt_prepare(struct rte_ipsec_sa *sa, rte_be64_t sqc,
@@ -32 +33 @@
-index 59a547637d..2297bd6d72 100644
+index c921699390..ccf40f0371 100644
@@ -35 +36 @@
-@@ -372,5 +372,5 @@ esp_outb_tun_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm)
+@@ -375,5 +375,5 @@ esp_outb_tun_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm)

More information about the stable mailing list