From patchwork Sun Dec  1 08:28:48 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "fan.du" <fan.du@windriver.com>
X-Patchwork-Id: 295642
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 0F61B2C008F
	for <patchwork-incoming@ozlabs.org>;
	Sun,  1 Dec 2013 19:29:21 +1100 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1750954Ab3LAI27 (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Sun, 1 Dec 2013 03:28:59 -0500
Received: from mail.windriver.com ([147.11.1.11]:57061 "EHLO
	mail.windriver.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750895Ab3LAI25 (ORCPT
	<rfc822;netdev@vger.kernel.org>); Sun, 1 Dec 2013 03:28:57 -0500
Received: from ALA-HCA.corp.ad.wrs.com (ala-hca.corp.ad.wrs.com
	[147.11.189.40])
	by mail.windriver.com (8.14.5/8.14.5) with ESMTP id rB18SoKF018299
	(version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL);
	Sun, 1 Dec 2013 00:28:50 -0800 (PST)
Received: from romashell-ThinkPad-T510.corp.ad.wrs.com (128.224.163.146) by
	ALA-HCA.corp.ad.wrs.com (147.11.189.40) with Microsoft SMTP Server
	id 14.2.347.0; Sun, 1 Dec 2013 00:28:50 -0800
From: Fan Du <fan.du@windriver.com>
To: <steffen.klassert@secunet.com>
CC: <davem@davemloft.net>, <netdev@vger.kernel.org>
Subject: [PATCHv2 net] {pktgen,
	xfrm} Update IPv4 header total len and checksum after tranformation
Date: Sun, 1 Dec 2013 16:28:48 +0800
Message-ID: <1385886528-9882-1-git-send-email-fan.du@windriver.com>
X-Mailer: git-send-email 1.7.9.5
MIME-Version: 1.0
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

commit a553e4a6317b2cfc7659542c10fe43184ffe53da ("[PKTGEN]: IPSEC support")
tried to support IPsec ESP transport transformation for pktgen, but acctually
this doesn't work at all for two reasons(The orignal transformed packet has
bad IPv4 checksum value, as well as wrong auth value, reported by wireshark)

- After transpormation, IPv4 header total length needs update,
  because encrypted payload's length is NOT same as that of plain text.

- After transformation, IPv4 checksum needs re-caculate because of payload
  has been changed.

With this patch, armmed pktgen with below cofiguration, Wireshark is able to
decrypted ESP packet generated by pktgen without any IPv4 checksum error or
auth value error.

pgset "flag IPSEC"
pgset "flows 1"

Signed-off-by: Fan Du <fan.du@windriver.com>
---
v2:
 - compute IPv4 checksum only after transformation taken place.
 - This weekend I also noticed auth value is not correct as well, further
   investigation indicates IPv4 header length is not updated after
   transformation.,so v2 fix this.

---
 net/core/pktgen.c |    7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/net/core/pktgen.c b/net/core/pktgen.c
index 261357a..0bb8e5c 100644
--- a/net/core/pktgen.c
+++ b/net/core/pktgen.c
@@ -2527,6 +2527,8 @@ static int process_ipsec(struct pktgen_dev *pkt_dev,
 		if (x) {
 			int ret;
 			__u8 *eth;
+			struct iphdr *iph;
+
 			nhead = x->props.header_len - skb_headroom(skb);
 			if (nhead > 0) {
 				ret = pskb_expand_head(skb, nhead, 0, GFP_ATOMIC);
@@ -2548,6 +2550,11 @@ static int process_ipsec(struct pktgen_dev *pkt_dev,
 			eth = (__u8 *) skb_push(skb, ETH_HLEN);
 			memcpy(eth, pkt_dev->hh, 12);
 			*(u16 *) &eth[12] = protocol;
+
+			/* Update IPv4 header len as well as checksum value */
+			iph = ip_hdr(skb);
+			iph->tot_len = htons(skb->len - ETH_HLEN);
+			ip_send_check(iph);
 		}
 	}
 	return 1;