Hi,

On 18/07/2016 13:41, Akhil Goyal wrote:
> Hi,
>
> In Ipsec-secgw application, while adding the outer IP header, it seems that 
> the application does not update the checksum value for outbound packets. This 
> result in incorrect ip->checksum in the encrypted packet.
>
> Please let me know if the checksum value is updated somewhere else or not.
>
> Also In case of inner ip header also the TTL value is decremented by one but 
> the checksum value is not updated. Is it intentional or it is done somewhere 
> else?

It is intentional. The application is using IP checksum offload but just 
looking now at the code there is a bug for IPv6 packets where the flag 
does not get setup.
Is it only for IPv6 traffic that you are having this issue?

For IPv4 traffic the PKT_TX_IP_CKSUM flag is setup in 'prepare_tx_pkt' 
function in ipsec-secgw.c

Sergio

> After addition of following code, the checksum looks good and the encrypted 
> packets are good.
>
> diff --git a/examples/ipsec-secgw/ipip.h b/examples/ipsec-secgw/ipip.h
> index 322076c..0f7b60f 100644
> --- a/examples/ipsec-secgw/ipip.h
> +++ b/examples/ipsec-secgw/ipip.h
> @@ -41,6 +41,24 @@
> #include <rte_mbuf.h>
>
> #define IPV6_VERSION (6)
> +static inline uint16_t
> +ip_sum(const unaligned_uint16_t *hdr, int hdr_len)
> +{
> +       uint32_t sum = 0;
> +
> +       while (hdr_len > 1)
> +       {
> +               sum += *hdr++;
> +               if (sum & 0x80000000)
> +                       sum = (sum & 0xFFFF) + (sum >> 16);
> +               hdr_len -= 2;
> +       }
> +
> +       while (sum >> 16)
> +               sum = (sum & 0xFFFF) + (sum >> 16);
> +
> +       return ~sum;
> +}
>
> static inline  struct ip *
> ip4ip_outbound(struct rte_mbuf *m, uint32_t offset, uint32_t src, uint32_t 
> dst)
> @@ -71,7 +89,8 @@ ip4ip_outbound(struct rte_mbuf *m, uint32_t offset, 
> uint32_t src, uint32_t dst)
>
>          outip->ip_src.s_addr = src;
>          outip->ip_dst.s_addr = dst;
> -
> +       outip->ip_sum = 0;
> +       outip->ip_sum = ip_sum((const unaligned_uint16_t *)outip, 
> sizeof(struct ip));
>          return outip;
> }
>
> Regards,
> Akhil
>

Reply via email to