Hi, Piotr
The follow is example fixed code.
ipsec_fp_get_policy_5tuple (ipsec_policy_t *policy, ipsec_fp_5tuple_t *tuple,
bool inbound)
{
memset (tuple, 0, sizeof (*tuple));
tuple->is_ipv6 = policy->is_ipv6;
if (tuple->is_ipv6)
{
tuple->ip6_laddr = policy->laddr.start.ip6;
tuple->ip6_raddr = policy->raddr.start.ip6;
}
else
{
tuple->laddr = policy->laddr.start.ip4;
tuple->raddr = policy->raddr.start.ip4;
}
if (inbound)
{
if ((policy->type == IPSEC_SPD_POLICY_IP4_INBOUND_PROTECT ||
policy->type == IPSEC_SPD_POLICY_IP6_INBOUND_PROTECT) &&
policy->sa_index != INDEX_INVALID)
{
ipsec_sa_t *s = ipsec_sa_get (policy->sa_index);
tuple->spi = s->spi;
if (ipsec_sa_is_set_IS_TUNNEL (s))
{
if (tuple->is_ipv6)
{
tuple->ip6_laddr = s->tunnel.t_src.ip.ip6;
tuple->ip6_raddr = s->tunnel.t_dst.ip.ip6;
}
else
{
tuple->laddr = s->tunnel.t_src.ip.ip4;
tuple->raddr = s->tunnel.t_dst.ip.ip4;
}
}
}
else
tuple->spi = INDEX_INVALID;
Guangming
[email protected]
From: Bronowski, PiotrX
Date: 2023-02-13 05:13
To: zhang, Guangming; vpp-dev
Subject: RE: One question about fast path ipv4 inbound
Hi Guangming
I am not sure if I understand your question. There was a bug, in implementation
of fast path for inbound traffic, where I’ve messed up translation of src and
dst to the local and remote address, but it has been fixed with
commit 1d9780a43fe54a55c7540f3528b8703ede0a5871
Author: Piotr Bronowski [email protected]
Date: Fri Oct 21 15:48:55 2022 +0000
BR,
Piotr
From: [email protected] <[email protected]>
Sent: Saturday, February 11, 2023 11:04 AM
To: Bronowski, PiotrX <[email protected]>; vpp-dev
<[email protected]>
Subject: One question about fast path ipv4 inbound
Hi Piotr,
I found you work on the ipsec policy mode optiimization, introduced a
fast path about ipsec policy match .
In the fast path ipv4 inbound , add item into hash, you used traffic
selector src and dst address, but search item from hash
you used esp packetr src and dst address( tunne out header address). Is this
is bug or you have some speical code that i did not find
Thansk
Guangming
[email protected]
--------------------------------------------------------------
Intel Research and Development Ireland Limited
Registered in Ireland
Registered Office: Collinstown Industrial Park, Leixlip, County Kildare
Registered Number: 308263
This e-mail and any attachments may contain confidential material for the sole
use of the intended recipient(s). Any review or distribution by others is
strictly prohibited. If you are not the intended recipient, please contact the
sender and delete all copies.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#22581): https://lists.fd.io/g/vpp-dev/message/22581
Mute This Topic: https://lists.fd.io/mt/96894359/21656
Group Owner: [email protected]
Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/1480452/21656/631435203/xyzzy
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
