[dpdk-stable] [EXT] patch 'examples/ipsec-secgw: extend inline session to non AES-GCM' has been queued to stable release 19.11.1

Anoob Joseph anoobj at marvell.com
Fri Feb 28 05:24:52 CET 2020

Previous message: [dpdk-stable] patch 'examples/ipsec-secgw: extend inline session to non AES-GCM' has been queued to stable release 19.11.1
Next message: [dpdk-stable] [EXT] patch 'examples/ipsec-secgw: extend inline session to non AES-GCM' has been queued to stable release 19.11.1
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Luca,

The diff between upstream patch and dpdk-stable patch doesn't look right. I would say we can defer this change from merge to stable.

@Akhil, what's your take on this?

Thanks,
Anoob

> -----Original Message-----
> From: luca.boccassi at gmail.com <luca.boccassi at gmail.com>
> Sent: Thursday, February 27, 2020 3:03 PM
> To: Ankur Dwivedi <adwivedi at marvell.com>
> Cc: Anoob Joseph <anoobj at marvell.com>; Akhil Goyal
> <akhil.goyal at nxp.com>; dpdk stable <stable at dpdk.org>
> Subject: [EXT] patch 'examples/ipsec-secgw: extend inline session to non
> AES-GCM' has been queued to stable release 19.11.1
> 
> External Email
> 
> ----------------------------------------------------------------------
> Hi,
> 
> FYI, your patch has been queued to stable release 19.11.1
> 
> Note it hasn't been pushed to
> https://urldefense.proofpoint.com/v2/url?u=http-
> 3A__dpdk.org_browse_dpdk-
> 2Dstable&d=DwIDAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=jPfB8rwwviRSxyLWs
> 2n6B-WYLn1v9SyTMrT5EQqh2TU&m=uIvPnv-
> I27twfm1d6XD0AMFwcH8L4mBZAQxhhR9PzDw&s=-
> O8xzMfTZw5m9whfatE2Ma7_ub-QaoVc1uZWrbWRSKU&e=  yet.
> It will be pushed if I get no objections before 02/29/20. So please shout if
> anyone has objections.
> 
> Also note that after the patch there's a diff of the upstream commit vs the
> patch applied to the branch. This will indicate if there was any rebasing
> needed to apply to the stable branch. If there were code changes for
> rebasing
> (ie: not only metadata diffs), please double check that the rebase was
> correctly done.
> 
> Thanks.
> 
> Luca Boccassi
> 
> ---
> From 42b568622cf6345e311aee821d755963e786a704 Mon Sep 17 00:00:00
> 2001
> From: Ankur Dwivedi <adwivedi at marvell.com>
> Date: Fri, 14 Feb 2020 12:08:18 +0530
> Subject: [PATCH] examples/ipsec-secgw: extend inline session to non AES-
> GCM
> 
> [ upstream commit b685f931e1ce33d287e3891d4f19ab07f8d2aa79 ]
> 
> This patch extends creation of inline session to all the algorithms.
> Previously the inline session was enabled only for AES-GCM cipher.
> 
> Fixes: 3a690d5a65e2 ("examples/ipsec-secgw: fix first packet with inline
> crypto")
> 
> Signed-off-by: Ankur Dwivedi <adwivedi at marvell.com>
> Acked-by: Anoob Joseph <anoobj at marvell.com>
> Acked-by: Akhil Goyal <akhil.goyal at nxp.com>
> ---
>  examples/ipsec-secgw/sa.c | 25 ++++++++++++-------------
>  1 file changed, 12 insertions(+), 13 deletions(-)
> 
> diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c index
> c75a5a15f5..04827d7e11 100644
> --- a/examples/ipsec-secgw/sa.c
> +++ b/examples/ipsec-secgw/sa.c
> @@ -993,7 +993,6 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct
> ipsec_sa entries[],
>  		}
> 
>  		if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
> -			struct rte_ipsec_session *ips;
>  			iv_length = 12;
> 
>  			sa_ctx->xf[idx].a.type =
> RTE_CRYPTO_SYM_XFORM_AEAD; @@ -1014,18 +1013,6 @@
> sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
> 
>  			sa->xforms = &sa_ctx->xf[idx].a;
> 
> -			ips = ipsec_get_primary_session(sa);
> -			if (ips->type ==
> -
> 	RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
> -				ips->type ==
> -
> 	RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) {
> -				rc = create_inline_session(skt_ctx, sa, ips);
> -				if (rc != 0) {
> -					RTE_LOG(ERR, IPSEC_ESP,
> -						"create_inline_session()
> failed\n");
> -					return -EINVAL;
> -				}
> -			}
>  			print_one_sa_rule(sa, inbound);
>  		} else {
>  			switch (sa->cipher_algo) {
> @@ -1094,6 +1081,18 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct
> ipsec_sa entries[],
> 
>  			print_one_sa_rule(sa, inbound);
>  		}
> +
> +		if (ips->type ==
> +			RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
> +			ips->type ==
> +			RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) {
> +			rc = create_inline_session(skt_ctx, sa, ips);
> +			if (rc != 0) {
> +				RTE_LOG(ERR, IPSEC_ESP,
> +					"create_inline_session() failed\n");
> +				return -EINVAL;
> +			}
> +		}
>  	}
> 
>  	return 0;
> --
> 2.20.1
> 
> ---
>   Diff of the applied patch vs upstream commit (please double-check if non-
> empty:
> ---
> --- -	2020-02-27 09:31:55.915137861 +0000
> +++ 0002-examples-ipsec-secgw-extend-inline-session-to-non-AE.patch
> 	2020-02-27 09:31:55.631945112 +0000
> @@ -1,26 +1,27 @@
> -From b685f931e1ce33d287e3891d4f19ab07f8d2aa79 Mon Sep 17 00:00:00
> 2001
> +From 42b568622cf6345e311aee821d755963e786a704 Mon Sep 17 00:00:00
> 2001
>  From: Ankur Dwivedi <adwivedi at marvell.com>
>  Date: Fri, 14 Feb 2020 12:08:18 +0530
>  Subject: [PATCH] examples/ipsec-secgw: extend inline session to non AES-
> GCM
> 
> +[ upstream commit b685f931e1ce33d287e3891d4f19ab07f8d2aa79 ]
> +
>  This patch extends creation of inline session to all the algorithms.
>  Previously the inline session was enabled only for AES-GCM cipher.
> 
>  Fixes: 3a690d5a65e2 ("examples/ipsec-secgw: fix first packet with inline
> crypto")
> -Cc: stable at dpdk.org
> 
>  Signed-off-by: Ankur Dwivedi <adwivedi at marvell.com>
>  Acked-by: Anoob Joseph <anoobj at marvell.com>
>  Acked-by: Akhil Goyal <akhil.goyal at nxp.com>
>  ---
> - examples/ipsec-secgw/sa.c | 26 ++++++++++++--------------
> - 1 file changed, 12 insertions(+), 14 deletions(-)
> + examples/ipsec-secgw/sa.c | 25 ++++++++++++-------------
> + 1 file changed, 12 insertions(+), 13 deletions(-)
> 
>  diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c -index
> e75b687c46..4822d6bdaa 100644
> +index c75a5a15f5..04827d7e11 100644
>  --- a/examples/ipsec-secgw/sa.c
>  +++ b/examples/ipsec-secgw/sa.c
> -@@ -1057,7 +1057,6 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct
> ipsec_sa entries[],
> +@@ -993,7 +993,6 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct
> +ipsec_sa entries[],
>   		}
> 
>   		if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) { @@ -
> 28,11 +29,10 @@
>   			iv_length = 12;
> 
>   			sa_ctx->xf[idx].a.type =
> RTE_CRYPTO_SYM_XFORM_AEAD; -@@ -1077,19 +1076,6 @@
> sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
> - 				sa->digest_len;
> +@@ -1014,18 +1013,6 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct
> +ipsec_sa entries[],
> 
>   			sa->xforms = &sa_ctx->xf[idx].a;
> --
> +
>  -			ips = ipsec_get_primary_session(sa);
>  -			if (ips->type ==
>  -
> 	RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
> @@ -45,13 +45,14 @@
>  -					return -EINVAL;
>  -				}
>  -			}
> + 			print_one_sa_rule(sa, inbound);
>   		} else {
>   			switch (sa->cipher_algo) {
> - 			case RTE_CRYPTO_CIPHER_NULL:
> -@@ -1156,6 +1142,18 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct
> ipsec_sa entries[],
> - 			sa->xforms = &sa_ctx->xf[idx].a;
> - 		}
> +@@ -1094,6 +1081,18 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct
> +ipsec_sa entries[],
> 
> + 			print_one_sa_rule(sa, inbound);
> + 		}
> ++
>  +		if (ips->type ==
>  +			RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
>  +			ips->type ==
> @@ -63,10 +64,9 @@
>  +				return -EINVAL;
>  +			}
>  +		}
> -+
> - 		print_one_sa_rule(sa, inbound);
>   	}
> 
> + 	return 0;
>  --
>  2.20.1
>

Previous message: [dpdk-stable] patch 'examples/ipsec-secgw: extend inline session to non AES-GCM' has been queued to stable release 19.11.1
Next message: [dpdk-stable] [EXT] patch 'examples/ipsec-secgw: extend inline session to non AES-GCM' has been queued to stable release 19.11.1
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list