Hi,
In Ipsec-secgw application, while adding the outer IP header, it seems that the
application does not update the checksum value for outbound packets. This
result in incorrect ip->checksum in the encrypted packet.
Please let me know if the checksum value is updated somewhere else or not.
Also In case of inner ip header also the TTL value is decremented by one but
the checksum value is not updated. Is it intentional or it is done somewhere
else?
After addition of following code, the checksum looks good and the encrypted
packets are good.
diff --git a/examples/ipsec-secgw/ipip.h b/examples/ipsec-secgw/ipip.h
index 322076c..0f7b60f 100644
--- a/examples/ipsec-secgw/ipip.h
+++ b/examples/ipsec-secgw/ipip.h
@@ -41,6 +41,24 @@
#include <rte_mbuf.h>
#define IPV6_VERSION (6)
+static inline uint16_t
+ip_sum(const unaligned_uint16_t *hdr, int hdr_len)
+{
+ uint32_t sum = 0;
+
+ while (hdr_len > 1)
+ {
+ sum += *hdr++;
+ if (sum & 0x80000000)
+ sum = (sum & 0xFFFF) + (sum >> 16);
+ hdr_len -= 2;
+ }
+
+ while (sum >> 16)
+ sum = (sum & 0xFFFF) + (sum >> 16);
+
+ return ~sum;
+}
static inline struct ip *
ip4ip_outbound(struct rte_mbuf *m, uint32_t offset, uint32_t src, uint32_t dst)
@@ -71,7 +89,8 @@ ip4ip_outbound(struct rte_mbuf *m, uint32_t offset, uint32_t
src, uint32_t dst)
outip->ip_src.s_addr = src;
outip->ip_dst.s_addr = dst;
-
+ outip->ip_sum = 0;
+ outip->ip_sum = ip_sum((const unaligned_uint16_t *)outip, sizeof(struct
ip));
return outip;
}
Regards,
Akhil
