| Message ID | 1385886528-9882-1-git-send-email-fan.du@windriver.com |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
From: Fan Du <fan.du@windriver.com> Date: Sun, 1 Dec 2013 16:28:48 +0800 > commit a553e4a6317b2cfc7659542c10fe43184ffe53da ("[PKTGEN]: IPSEC support") > tried to support IPsec ESP transport transformation for pktgen, but acctually > this doesn't work at all for two reasons(The orignal transformed packet has > bad IPv4 checksum value, as well as wrong auth value, reported by wireshark) > > - After transpormation, IPv4 header total length needs update, > because encrypted payload's length is NOT same as that of plain text. > > - After transformation, IPv4 checksum needs re-caculate because of payload > has been changed. > > With this patch, armmed pktgen with below cofiguration, Wireshark is able to > decrypted ESP packet generated by pktgen without any IPv4 checksum error or > auth value error. > > pgset "flag IPSEC" > pgset "flows 1" > > Signed-off-by: Fan Du <fan.du@windriver.com> Applied and queued up for -stable, thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/core/pktgen.c b/net/core/pktgen.c index 261357a..0bb8e5c 100644 --- a/net/core/pktgen.c +++ b/net/core/pktgen.c @@ -2527,6 +2527,8 @@ static int process_ipsec(struct pktgen_dev *pkt_dev, if (x) { int ret; __u8 *eth; + struct iphdr *iph; + nhead = x->props.header_len - skb_headroom(skb); if (nhead > 0) { ret = pskb_expand_head(skb, nhead, 0, GFP_ATOMIC); @@ -2548,6 +2550,11 @@ static int process_ipsec(struct pktgen_dev *pkt_dev, eth = (__u8 *) skb_push(skb, ETH_HLEN); memcpy(eth, pkt_dev->hh, 12); *(u16 *) ð[12] = protocol; + + /* Update IPv4 header len as well as checksum value */ + iph = ip_hdr(skb); + iph->tot_len = htons(skb->len - ETH_HLEN); + ip_send_check(iph); } } return 1;
commit a553e4a6317b2cfc7659542c10fe43184ffe53da ("[PKTGEN]: IPSEC support") tried to support IPsec ESP transport transformation for pktgen, but acctually this doesn't work at all for two reasons(The orignal transformed packet has bad IPv4 checksum value, as well as wrong auth value, reported by wireshark) - After transpormation, IPv4 header total length needs update, because encrypted payload's length is NOT same as that of plain text. - After transformation, IPv4 checksum needs re-caculate because of payload has been changed. With this patch, armmed pktgen with below cofiguration, Wireshark is able to decrypted ESP packet generated by pktgen without any IPv4 checksum error or auth value error. pgset "flag IPSEC" pgset "flows 1" Signed-off-by: Fan Du <fan.du@windriver.com> --- v2: - compute IPv4 checksum only after transformation taken place. - This weekend I also noticed auth value is not correct as well, further investigation indicates IPv4 header length is not updated after transformation.,so v2 fix this. --- net/core/pktgen.c | 7 +++++++ 1 file changed, 7 insertions(+)