When TTL is decremented or ecn is updated in IP header
before forwarding the packet, checksum needs to be updated.
In this patch an incremental checksum is added for ipv4 case.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Packet_type should be updated to remove/add L4 type for
encrypted/decrypted packet
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Replace the BSD license header with the SPDX tag for files
with only an Intel copyright on them.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
IPv6 payload length header field should contain only the number of bytes
following the IPv6 header and not the entire packet size.
Fixes: f159e70b09 ("examples/ipsec-secgw: support transport mode")
Fixes: 906257e965 ("examples/ipsec-secgw: support IPv6")
Cc: stable@dpdk.org
Signed-off-by: Tomasz Duszynski <tdu@semihalf.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
GCC 4.5.x does not handle well initializing anonymous union and/or
structs.
To make the compiler happy we name those anonymous union/struct.
Fixes: 906257e965 ("examples/ipsec-secgw: support IPv6")
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Support IPSec IPv6 allowing IPv4/IPv6 traffic in IPv4 or IPv6 tunnel.
We need separate Routing (LPM) and SP (ACL) tables for IPv4 and IPv6,
but a common SA table.
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
The macro RTE_VERIFY always checks a condition.
It is optimized with "unlikely" hint.
While this macro is well suited for test applications, it is preferred
in libraries and examples to enable such check in debug mode.
That's why the macro RTE_ASSERT is introduced to call RTE_VERIFY only
if built with debug logs enabled.
A lot of assert macros were duplicated and enabled with a specific flag.
Removing these #ifdef allows to test these code branches more easily
and avoid dead code pitfalls.
The ENA_ASSERT is kept (in debug mode only) because it has more
parameters to log.
Signed-off-by: Thomas Monjalon <thomas.monjalon@6wind.com>
Sample app implementing an IPsec Security Geteway.
The main goal of this app is to show the use of cryptodev framework
in a "real world" application.
Currently only supported static IPv4 ESP IPsec tunnels for the following
algorithms:
- Cipher: AES-CBC, NULL
- Authentication: HMAC-SHA1, NULL
Not supported:
- SA auto negotiation (No IKE implementation)
- chained mbufs
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
