[dpdk-stable] [EXT] patch 'examples/ipsec-secgw: extend inline session to non AES-GCM' has been queued to stable release 19.11.1
Anoob Joseph
anoobj at marvell.com
Fri Feb 28 05:24:52 CET 2020
Hi Luca,
The diff between upstream patch and dpdk-stable patch doesn't look right. I would say we can defer this change from merge to stable.
@Akhil, what's your take on this?
Thanks,
Anoob
> -----Original Message-----
> From: luca.boccassi at gmail.com <luca.boccassi at gmail.com>
> Sent: Thursday, February 27, 2020 3:03 PM
> To: Ankur Dwivedi <adwivedi at marvell.com>
> Cc: Anoob Joseph <anoobj at marvell.com>; Akhil Goyal
> <akhil.goyal at nxp.com>; dpdk stable <stable at dpdk.org>
> Subject: [EXT] patch 'examples/ipsec-secgw: extend inline session to non
> AES-GCM' has been queued to stable release 19.11.1
>
> External Email
>
> ----------------------------------------------------------------------
> Hi,
>
> FYI, your patch has been queued to stable release 19.11.1
>
> Note it hasn't been pushed to
> https://urldefense.proofpoint.com/v2/url?u=http-
> 3A__dpdk.org_browse_dpdk-
> 2Dstable&d=DwIDAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=jPfB8rwwviRSxyLWs
> 2n6B-WYLn1v9SyTMrT5EQqh2TU&m=uIvPnv-
> I27twfm1d6XD0AMFwcH8L4mBZAQxhhR9PzDw&s=-
> O8xzMfTZw5m9whfatE2Ma7_ub-QaoVc1uZWrbWRSKU&e= yet.
> It will be pushed if I get no objections before 02/29/20. So please shout if
> anyone has objections.
>
> Also note that after the patch there's a diff of the upstream commit vs the
> patch applied to the branch. This will indicate if there was any rebasing
> needed to apply to the stable branch. If there were code changes for
> rebasing
> (ie: not only metadata diffs), please double check that the rebase was
> correctly done.
>
> Thanks.
>
> Luca Boccassi
>
> ---
> From 42b568622cf6345e311aee821d755963e786a704 Mon Sep 17 00:00:00
> 2001
> From: Ankur Dwivedi <adwivedi at marvell.com>
> Date: Fri, 14 Feb 2020 12:08:18 +0530
> Subject: [PATCH] examples/ipsec-secgw: extend inline session to non AES-
> GCM
>
> [ upstream commit b685f931e1ce33d287e3891d4f19ab07f8d2aa79 ]
>
> This patch extends creation of inline session to all the algorithms.
> Previously the inline session was enabled only for AES-GCM cipher.
>
> Fixes: 3a690d5a65e2 ("examples/ipsec-secgw: fix first packet with inline
> crypto")
>
> Signed-off-by: Ankur Dwivedi <adwivedi at marvell.com>
> Acked-by: Anoob Joseph <anoobj at marvell.com>
> Acked-by: Akhil Goyal <akhil.goyal at nxp.com>
> ---
> examples/ipsec-secgw/sa.c | 25 ++++++++++++-------------
> 1 file changed, 12 insertions(+), 13 deletions(-)
>
> diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c index
> c75a5a15f5..04827d7e11 100644
> --- a/examples/ipsec-secgw/sa.c
> +++ b/examples/ipsec-secgw/sa.c
> @@ -993,7 +993,6 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct
> ipsec_sa entries[],
> }
>
> if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
> - struct rte_ipsec_session *ips;
> iv_length = 12;
>
> sa_ctx->xf[idx].a.type =
> RTE_CRYPTO_SYM_XFORM_AEAD; @@ -1014,18 +1013,6 @@
> sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
>
> sa->xforms = &sa_ctx->xf[idx].a;
>
> - ips = ipsec_get_primary_session(sa);
> - if (ips->type ==
> -
> RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
> - ips->type ==
> -
> RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) {
> - rc = create_inline_session(skt_ctx, sa, ips);
> - if (rc != 0) {
> - RTE_LOG(ERR, IPSEC_ESP,
> - "create_inline_session()
> failed\n");
> - return -EINVAL;
> - }
> - }
> print_one_sa_rule(sa, inbound);
> } else {
> switch (sa->cipher_algo) {
> @@ -1094,6 +1081,18 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct
> ipsec_sa entries[],
>
> print_one_sa_rule(sa, inbound);
> }
> +
> + if (ips->type ==
> + RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
> + ips->type ==
> + RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) {
> + rc = create_inline_session(skt_ctx, sa, ips);
> + if (rc != 0) {
> + RTE_LOG(ERR, IPSEC_ESP,
> + "create_inline_session() failed\n");
> + return -EINVAL;
> + }
> + }
> }
>
> return 0;
> --
> 2.20.1
>
> ---
> Diff of the applied patch vs upstream commit (please double-check if non-
> empty:
> ---
> --- - 2020-02-27 09:31:55.915137861 +0000
> +++ 0002-examples-ipsec-secgw-extend-inline-session-to-non-AE.patch
> 2020-02-27 09:31:55.631945112 +0000
> @@ -1,26 +1,27 @@
> -From b685f931e1ce33d287e3891d4f19ab07f8d2aa79 Mon Sep 17 00:00:00
> 2001
> +From 42b568622cf6345e311aee821d755963e786a704 Mon Sep 17 00:00:00
> 2001
> From: Ankur Dwivedi <adwivedi at marvell.com>
> Date: Fri, 14 Feb 2020 12:08:18 +0530
> Subject: [PATCH] examples/ipsec-secgw: extend inline session to non AES-
> GCM
>
> +[ upstream commit b685f931e1ce33d287e3891d4f19ab07f8d2aa79 ]
> +
> This patch extends creation of inline session to all the algorithms.
> Previously the inline session was enabled only for AES-GCM cipher.
>
> Fixes: 3a690d5a65e2 ("examples/ipsec-secgw: fix first packet with inline
> crypto")
> -Cc: stable at dpdk.org
>
> Signed-off-by: Ankur Dwivedi <adwivedi at marvell.com>
> Acked-by: Anoob Joseph <anoobj at marvell.com>
> Acked-by: Akhil Goyal <akhil.goyal at nxp.com>
> ---
> - examples/ipsec-secgw/sa.c | 26 ++++++++++++--------------
> - 1 file changed, 12 insertions(+), 14 deletions(-)
> + examples/ipsec-secgw/sa.c | 25 ++++++++++++-------------
> + 1 file changed, 12 insertions(+), 13 deletions(-)
>
> diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c -index
> e75b687c46..4822d6bdaa 100644
> +index c75a5a15f5..04827d7e11 100644
> --- a/examples/ipsec-secgw/sa.c
> +++ b/examples/ipsec-secgw/sa.c
> -@@ -1057,7 +1057,6 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct
> ipsec_sa entries[],
> +@@ -993,7 +993,6 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct
> +ipsec_sa entries[],
> }
>
> if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) { @@ -
> 28,11 +29,10 @@
> iv_length = 12;
>
> sa_ctx->xf[idx].a.type =
> RTE_CRYPTO_SYM_XFORM_AEAD; -@@ -1077,19 +1076,6 @@
> sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
> - sa->digest_len;
> +@@ -1014,18 +1013,6 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct
> +ipsec_sa entries[],
>
> sa->xforms = &sa_ctx->xf[idx].a;
> --
> +
> - ips = ipsec_get_primary_session(sa);
> - if (ips->type ==
> -
> RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
> @@ -45,13 +45,14 @@
> - return -EINVAL;
> - }
> - }
> + print_one_sa_rule(sa, inbound);
> } else {
> switch (sa->cipher_algo) {
> - case RTE_CRYPTO_CIPHER_NULL:
> -@@ -1156,6 +1142,18 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct
> ipsec_sa entries[],
> - sa->xforms = &sa_ctx->xf[idx].a;
> - }
> +@@ -1094,6 +1081,18 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct
> +ipsec_sa entries[],
>
> + print_one_sa_rule(sa, inbound);
> + }
> ++
> + if (ips->type ==
> + RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
> + ips->type ==
> @@ -63,10 +64,9 @@
> + return -EINVAL;
> + }
> + }
> -+
> - print_one_sa_rule(sa, inbound);
> }
>
> + return 0;
> --
> 2.20.1
>
More information about the stable
mailing list