Hi,
On 18/07/2016 13:41, Akhil Goyal wrote:
> Hi,
>
> In Ipsec-secgw application, while adding the outer IP header, it seems that
> the application does not update the checksum value for outbound packets. This
> result in incorrect ip->checksum in the encrypted packet.
>
> Please let me know if the checksum value is updated somewhere else or not.
>
> Also In case of inner ip header also the TTL value is decremented by one but
> the checksum value is not updated. Is it intentional or it is done somewhere
> else?
It is intentional. The application is using IP checksum offload but just
looking now at the code there is a bug for IPv6 packets where the flag
does not get setup.
Is it only for IPv6 traffic that you are having this issue?
For IPv4 traffic the PKT_TX_IP_CKSUM flag is setup in 'prepare_tx_pkt'
function in ipsec-secgw.c
Sergio
> After addition of following code, the checksum looks good and the encrypted
> packets are good.
>
> diff --git a/examples/ipsec-secgw/ipip.h b/examples/ipsec-secgw/ipip.h
> index 322076c..0f7b60f 100644
> --- a/examples/ipsec-secgw/ipip.h
> +++ b/examples/ipsec-secgw/ipip.h
> @@ -41,6 +41,24 @@
> #include <rte_mbuf.h>
>
> #define IPV6_VERSION (6)
> +static inline uint16_t
> +ip_sum(const unaligned_uint16_t *hdr, int hdr_len)
> +{
> + uint32_t sum = 0;
> +
> + while (hdr_len > 1)
> + {
> + sum += *hdr++;
> + if (sum & 0x80000000)
> + sum = (sum & 0xFFFF) + (sum >> 16);
> + hdr_len -= 2;
> + }
> +
> + while (sum >> 16)
> + sum = (sum & 0xFFFF) + (sum >> 16);
> +
> + return ~sum;
> +}
>
> static inline struct ip *
> ip4ip_outbound(struct rte_mbuf *m, uint32_t offset, uint32_t src, uint32_t
> dst)
> @@ -71,7 +89,8 @@ ip4ip_outbound(struct rte_mbuf *m, uint32_t offset,
> uint32_t src, uint32_t dst)
>
> outip->ip_src.s_addr = src;
> outip->ip_dst.s_addr = dst;
> -
> + outip->ip_sum = 0;
> + outip->ip_sum = ip_sum((const unaligned_uint16_t *)outip,
> sizeof(struct ip));
> return outip;
> }
>
> Regards,
> Akhil
>
