[dpdk-stable] patch 'examples/ipsec-secgw: fix outbound codepath for single SA' has been queued to LTS release 18.11.1
Kevin Traynor
ktraynor at redhat.com
Thu Jan 31 16:48:16 CET 2019
Hi,
FYI, your patch has been queued to LTS release 18.11.1
Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 02/07/19. So please
shout if anyone has objections.
Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.
Thanks.
Kevin Traynor
---
>From 7a842e373828f02e171631782f2ce69be6b22d99 Mon Sep 17 00:00:00 2001
From: Konstantin Ananyev <konstantin.ananyev at intel.com>
Date: Thu, 10 Jan 2019 21:09:07 +0000
Subject: [PATCH] examples/ipsec-secgw: fix outbound codepath for single SA
[ upstream commit aed6eb10edd12237645d3af7fe116287aefcd7e8 ]
Looking at process_pkts_outbound_nosp() there seems few issues:
- accessing mbuf after it was freed
- invoking ipsec_outbound() for ipv4 packets only
- copying number of packets, but not the mbuf pointers itself
that patch provides fixes for that issues.
Fixes: 906257e965b7 ("examples/ipsec-secgw: support IPv6")
Signed-off-by: Konstantin Ananyev <konstantin.ananyev at intel.com>
Acked-by: Radu Nicolau <radu.nicolau at intel.com>
Acked-by: Akhil Goyal <akhil.goyal at nxp.com>
---
examples/ipsec-secgw/ipsec-secgw.c | 33 +++++++++++++++++++++---------
1 file changed, 23 insertions(+), 10 deletions(-)
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 2234826de..f88fdb4c4 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -612,5 +612,5 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx,
{
struct rte_mbuf *m;
- uint32_t nb_pkts_out, i;
+ uint32_t nb_pkts_out, i, n;
struct ip *ip;
@@ -619,14 +619,22 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx,
rte_pktmbuf_free(traffic->ipsec.pkts[i]);
- traffic->ipsec.num = 0;
+ n = 0;
- for (i = 0; i < traffic->ip4.num; i++)
- traffic->ip4.res[i] = single_sa_idx;
+ for (i = 0; i < traffic->ip4.num; i++) {
+ traffic->ipsec.pkts[n] = traffic->ip4.pkts[i];
+ traffic->ipsec.res[n++] = single_sa_idx;
+ }
- for (i = 0; i < traffic->ip6.num; i++)
- traffic->ip6.res[i] = single_sa_idx;
+ for (i = 0; i < traffic->ip6.num; i++) {
+ traffic->ipsec.pkts[n] = traffic->ip6.pkts[i];
+ traffic->ipsec.res[n++] = single_sa_idx;
+ }
- nb_pkts_out = ipsec_outbound(ipsec_ctx, traffic->ip4.pkts,
- traffic->ip4.res, traffic->ip4.num,
+ traffic->ip4.num = 0;
+ traffic->ip6.num = 0;
+ traffic->ipsec.num = n;
+
+ nb_pkts_out = ipsec_outbound(ipsec_ctx, traffic->ipsec.pkts,
+ traffic->ipsec.res, traffic->ipsec.num,
MAX_PKT_BURST);
@@ -634,8 +642,13 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx,
m = traffic->ipsec.pkts[i];
ip = rte_pktmbuf_mtod(m, struct ip *);
- if (ip->ip_v == IPVERSION)
+ if (ip->ip_v == IPVERSION) {
traffic->ip4.num = nb_pkts_out;
- else
+ for (i = 0; i < nb_pkts_out; i++)
+ traffic->ip4.pkts[i] = traffic->ipsec.pkts[i];
+ } else {
traffic->ip6.num = nb_pkts_out;
+ for (i = 0; i < nb_pkts_out; i++)
+ traffic->ip6.pkts[i] = traffic->ipsec.pkts[i];
+ }
}
--
2.19.0
---
Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- - 2019-01-31 15:44:05.937112912 +0000
+++ 0008-examples-ipsec-secgw-fix-outbound-codepath-for-singl.patch 2019-01-31 15:44:05.000000000 +0000
@@ -1,8 +1,10 @@
-From aed6eb10edd12237645d3af7fe116287aefcd7e8 Mon Sep 17 00:00:00 2001
+From 7a842e373828f02e171631782f2ce69be6b22d99 Mon Sep 17 00:00:00 2001
From: Konstantin Ananyev <konstantin.ananyev at intel.com>
Date: Thu, 10 Jan 2019 21:09:07 +0000
Subject: [PATCH] examples/ipsec-secgw: fix outbound codepath for single SA
+[ upstream commit aed6eb10edd12237645d3af7fe116287aefcd7e8 ]
+
Looking at process_pkts_outbound_nosp() there seems few issues:
- accessing mbuf after it was freed
- invoking ipsec_outbound() for ipv4 packets only
@@ -11,7 +13,6 @@
that patch provides fixes for that issues.
Fixes: 906257e965b7 ("examples/ipsec-secgw: support IPv6")
-Cc: stable at dpdk.org
Signed-off-by: Konstantin Ananyev <konstantin.ananyev at intel.com>
Acked-by: Radu Nicolau <radu.nicolau at intel.com>
@@ -21,17 +22,17 @@
1 file changed, 23 insertions(+), 10 deletions(-)
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
-index 0c2005eea..a5dfd1826 100644
+index 2234826de..f88fdb4c4 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
-@@ -630,5 +630,5 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx,
+@@ -612,5 +612,5 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx,
{
struct rte_mbuf *m;
- uint32_t nb_pkts_out, i;
+ uint32_t nb_pkts_out, i, n;
struct ip *ip;
-@@ -637,14 +637,22 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx,
+@@ -619,14 +619,22 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx,
rte_pktmbuf_free(traffic->ipsec.pkts[i]);
- traffic->ipsec.num = 0;
@@ -61,7 +62,7 @@
+ traffic->ipsec.res, traffic->ipsec.num,
MAX_PKT_BURST);
-@@ -652,8 +660,13 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx,
+@@ -634,8 +642,13 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx,
m = traffic->ipsec.pkts[i];
ip = rte_pktmbuf_mtod(m, struct ip *);
- if (ip->ip_v == IPVERSION)
More information about the stable
mailing list