On 10/12/2021 11:50 AM, Ananyev, Konstantin wrote:
+ memcpy(sa->hdr, prm->tun.hdr, prm->tun.hdr_len); + + /* insert UDP header if UDP encapsulation is inabled */ + if (sa->type & RTE_IPSEC_SATP_NATT_ENABLE) { + struct rte_udp_hdr *udph = (struct rte_udp_hdr *) + &sa->hdr[prm->tun.hdr_len];I think we need a check somewhere here (probably in rte_ipsec_sa_init() or so) to make sure that new sa->hdr_len wouldn't overrun sizeof(sa->hdr).
Yes, I will add a check.
UDP checksum should be 0 and must not be checked, this is what RFC requires indeed. So from what I can see we don't need to setup the l4 flags.+ sa->hdr_len += sizeof(struct rte_udp_hdr); + udph->src_port = prm->ipsec_xform.udp.sport; + udph->dst_port = prm->ipsec_xform.udp.dport; + udph->dgram_cksum = 0; + } + /* update l2_len and l3_len fields for outbound mbuf */ sa->tx_offload.val = rte_mbuf_tx_offload(sa->hdr_l3_off, sa->hdr_len - sa->hdr_l3_off, 0, 0, 0, 0, 0);So for such packets UDP cksum will always be zero, and we don't need to setup l4_hdr or any TX L4 flags, correct?
