[dpdk-stable] [EXT] patch 'examples/ipsec-secgw: extend inline session to non AES-GCM' has been queued to stable release 19.11.1

Anoob Joseph anoobj at marvell.com
Fri Feb 28 06:37:55 CET 2020
Previous message: [dpdk-stable] [EXT] patch 'examples/ipsec-secgw: extend inline session to non AES-GCM' has been queued to stable release 19.11.1
Next message: [dpdk-stable] [EXT] patch 'examples/ipsec-secgw: extend inline session to non AES-GCM' has been queued to stable release 19.11.1
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Akhil,

Will send the appropriate patch after verifying build etc.

Thanks,
Anoob

> -----Original Message-----
> From: Akhil Goyal <akhil.goyal at nxp.com>
> Sent: Friday, February 28, 2020 10:03 AM
> To: Anoob Joseph <anoobj at marvell.com>; luca.boccassi at gmail.com; Ankur
> Dwivedi <adwivedi at marvell.com>
> Cc: dpdk stable <stable at dpdk.org>
> Subject: RE: [EXT] patch 'examples/ipsec-secgw: extend inline session to non
> AES-GCM' has been queued to stable release 19.11.1
> 
> 
> 
> >
> > Hi Luca,
> >
> > The diff between upstream patch and dpdk-stable patch doesn't look
> > right. I would say we can defer this change from merge to stable.
> >
> > @Akhil, what's your take on this?
> 
> Why do we need to defer this patch?
> I think the only thing is declaration of ips is missing. The compilation will be
> broken.
> Can you send the appropriate patch to stable?
> 
> >
> > Thanks,
> > Anoob
> >
> > > -----Original Message-----
> > > From: luca.boccassi at gmail.com <luca.boccassi at gmail.com>
> > > Sent: Thursday, February 27, 2020 3:03 PM
> > > To: Ankur Dwivedi <adwivedi at marvell.com>
> > > Cc: Anoob Joseph <anoobj at marvell.com>; Akhil Goyal
> > > <akhil.goyal at nxp.com>; dpdk stable <stable at dpdk.org>
> > > Subject: [EXT] patch 'examples/ipsec-secgw: extend inline session to
> > > non AES-GCM' has been queued to stable release 19.11.1
> > >
> > > External Email
> > >
> > > --------------------------------------------------------------------
> > > --
> > > Hi,
> > >
> > > FYI, your patch has been queued to stable release 19.11.1
> > >
> > > Note it hasn't been pushed to
> > >
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__eur01.safelinks.p
> > rotection.outlook.com_-3Furl-3Dhttps-253A-252F-
> 252Furldefens&d=DwIFAg&
> > c=nKjWec2b6R0mOyPaz7xtfQ&r=jPfB8rwwviRSxyLWs2n6B-
> WYLn1v9SyTMrT5EQqh2TU
> >
> &m=eOnW_NUoUMFWqoaBTOmC7zVyaSoWZB_hVr6nQKboVm8&s=mu21
> wyPbS7W4bBgKdfTO4
> > xfLokZ_8cS6b8m5O7tOKd0&e=
> > e.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttp-
> >
> &data=02%7C01%7Cakhil.goyal%40nxp.com%7C0d2ac7af89ca48357a110
> >
> 8d7bc062ce6%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C6371846
> >
> 07019183710&sdata=tSi80Em79D5Nvv3YUVa5HlUfyStN5MOf5eCyOs2e2
> b
> > o%3D&reserved=0
> > > 3A__dpdk.org_browse_dpdk-
> > >
> 2Dstable&d=DwIDAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=jPfB8rwwviRSxyLWs
> > > 2n6B-WYLn1v9SyTMrT5EQqh2TU&m=uIvPnv-
> > > I27twfm1d6XD0AMFwcH8L4mBZAQxhhR9PzDw&s=-
> > > O8xzMfTZw5m9whfatE2Ma7_ub-QaoVc1uZWrbWRSKU&e=  yet.
> > > It will be pushed if I get no objections before 02/29/20. So please
> > > shout if anyone has objections.
> > >
> > > Also note that after the patch there's a diff of the upstream commit
> > > vs the patch applied to the branch. This will indicate if there was
> > > any rebasing needed to apply to the stable branch. If there were
> > > code changes for rebasing
> > > (ie: not only metadata diffs), please double check that the rebase
> > > was correctly done.
> > >
> > > Thanks.
> > >
> > > Luca Boccassi
> > >
> > > ---
> > > From 42b568622cf6345e311aee821d755963e786a704 Mon Sep 17 00:00:00
> > > 2001
> > > From: Ankur Dwivedi <adwivedi at marvell.com>
> > > Date: Fri, 14 Feb 2020 12:08:18 +0530
> > > Subject: [PATCH] examples/ipsec-secgw: extend inline session to non
> > > AES- GCM
> > >
> > > [ upstream commit b685f931e1ce33d287e3891d4f19ab07f8d2aa79 ]
> > >
> > > This patch extends creation of inline session to all the algorithms.
> > > Previously the inline session was enabled only for AES-GCM cipher.
> > >
> > > Fixes: 3a690d5a65e2 ("examples/ipsec-secgw: fix first packet with
> > > inline
> > > crypto")
> > >
> > > Signed-off-by: Ankur Dwivedi <adwivedi at marvell.com>
> > > Acked-by: Anoob Joseph <anoobj at marvell.com>
> > > Acked-by: Akhil Goyal <akhil.goyal at nxp.com>
> > > ---
> > >  examples/ipsec-secgw/sa.c | 25 ++++++++++++-------------
> > >  1 file changed, 12 insertions(+), 13 deletions(-)
> > >
> > > diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
> > > index
> > > c75a5a15f5..04827d7e11 100644
> > > --- a/examples/ipsec-secgw/sa.c
> > > +++ b/examples/ipsec-secgw/sa.c
> > > @@ -993,7 +993,6 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct
> > > ipsec_sa entries[],
> > >  		}
> > >
> > >  		if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
> > > -			struct rte_ipsec_session *ips;
> > >  			iv_length = 12;
> > >
> > >  			sa_ctx->xf[idx].a.type =
> > > RTE_CRYPTO_SYM_XFORM_AEAD; @@ -1014,18 +1013,6 @@
> > > sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
> > >
> > >  			sa->xforms = &sa_ctx->xf[idx].a;
> > >
> > > -			ips = ipsec_get_primary_session(sa);
> > > -			if (ips->type ==
> > > -
> > > 	RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
> > > -				ips->type ==
> > > -
> > > 	RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) {
> > > -				rc = create_inline_session(skt_ctx, sa, ips);
> > > -				if (rc != 0) {
> > > -					RTE_LOG(ERR, IPSEC_ESP,
> > > -						"create_inline_session()
> > > failed\n");
> > > -					return -EINVAL;
> > > -				}
> > > -			}
> > >  			print_one_sa_rule(sa, inbound);
> > >  		} else {
> > >  			switch (sa->cipher_algo) {
> > > @@ -1094,6 +1081,18 @@ sa_add_rules(struct sa_ctx *sa_ctx, const
> > > struct ipsec_sa entries[],
> > >
> > >  			print_one_sa_rule(sa, inbound);
> > >  		}
> > > +
> > > +		if (ips->type ==
> > > +			RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
> > > +			ips->type ==
> > > +			RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) {
> > > +			rc = create_inline_session(skt_ctx, sa, ips);
> > > +			if (rc != 0) {
> > > +				RTE_LOG(ERR, IPSEC_ESP,
> > > +					"create_inline_session() failed\n");
> > > +				return -EINVAL;
> > > +			}
> > > +		}
> > >  	}
> > >
> > >  	return 0;
> > > --
> > > 2.20.1
> > >
> > > ---
> > >   Diff of the applied patch vs upstream commit (please double-check
> > > if non-
> > > empty:
> > > ---
> > > --- -	2020-02-27 09:31:55.915137861 +0000
> > > +++ 0002-examples-ipsec-secgw-extend-inline-session-to-non-AE.patch
> > > 	2020-02-27 09:31:55.631945112 +0000 @@ -1,26 +1,27 @@ -From
> > > b685f931e1ce33d287e3891d4f19ab07f8d2aa79 Mon Sep 17 00:00:00
> > > 2001
> > > +From 42b568622cf6345e311aee821d755963e786a704 Mon Sep 17
> 00:00:00
> > > 2001
> > >  From: Ankur Dwivedi <adwivedi at marvell.com>
> > >  Date: Fri, 14 Feb 2020 12:08:18 +0530
> > >  Subject: [PATCH] examples/ipsec-secgw: extend inline session to non
> > > AES- GCM
> > >
> > > +[ upstream commit b685f931e1ce33d287e3891d4f19ab07f8d2aa79 ]
> > > +
> > >  This patch extends creation of inline session to all the algorithms.
> > >  Previously the inline session was enabled only for AES-GCM cipher.
> > >
> > >  Fixes: 3a690d5a65e2 ("examples/ipsec-secgw: fix first packet with
> > > inline
> > > crypto")
> > > -Cc: stable at dpdk.org
> > >
> > >  Signed-off-by: Ankur Dwivedi <adwivedi at marvell.com>
> > >  Acked-by: Anoob Joseph <anoobj at marvell.com>
> > >  Acked-by: Akhil Goyal <akhil.goyal at nxp.com>
> > >  ---
> > > - examples/ipsec-secgw/sa.c | 26 ++++++++++++--------------
> > > - 1 file changed, 12 insertions(+), 14 deletions(-)
> > > + examples/ipsec-secgw/sa.c | 25 ++++++++++++-------------
> > > + 1 file changed, 12 insertions(+), 13 deletions(-)
> > >
> > >  diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
> > > -index e75b687c46..4822d6bdaa 100644
> > > +index c75a5a15f5..04827d7e11 100644
> > >  --- a/examples/ipsec-secgw/sa.c
> > >  +++ b/examples/ipsec-secgw/sa.c
> > > -@@ -1057,7 +1057,6 @@ sa_add_rules(struct sa_ctx *sa_ctx, const
> > > struct ipsec_sa entries[],
> > > +@@ -993,7 +993,6 @@ sa_add_rules(struct sa_ctx *sa_ctx, const
> > > +struct ipsec_sa entries[],
> > >   		}
> > >
> > >   		if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) { @@ -
> > > 28,11 +29,10 @@
> > >   			iv_length = 12;
> > >
> > >   			sa_ctx->xf[idx].a.type =
> > > RTE_CRYPTO_SYM_XFORM_AEAD; -@@ -1077,19 +1076,6 @@
> > > sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
> > > - 				sa->digest_len;
> > > +@@ -1014,18 +1013,6 @@ sa_add_rules(struct sa_ctx *sa_ctx, const
> > > +struct ipsec_sa entries[],
> > >
> > >   			sa->xforms = &sa_ctx->xf[idx].a;
> > > --
> > > +
> > >  -			ips = ipsec_get_primary_session(sa);
> > >  -			if (ips->type ==
> > >  -
> > > 	RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL || @@ -45,13
> +45,14 @@
> > >  -					return -EINVAL;
> > >  -				}
> > >  -			}
> > > + 			print_one_sa_rule(sa, inbound);
> > >   		} else {
> > >   			switch (sa->cipher_algo) {
> > > - 			case RTE_CRYPTO_CIPHER_NULL:
> > > -@@ -1156,6 +1142,18 @@ sa_add_rules(struct sa_ctx *sa_ctx, const
> > > struct ipsec_sa entries[],
> > > - 			sa->xforms = &sa_ctx->xf[idx].a;
> > > - 		}
> > > +@@ -1094,6 +1081,18 @@ sa_add_rules(struct sa_ctx *sa_ctx, const
> > > +struct ipsec_sa entries[],
> > >
> > > + 			print_one_sa_rule(sa, inbound);
> > > + 		}
> > > ++
> > >  +		if (ips->type ==
> > >  +			RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
> > >  +			ips->type ==
> > > @@ -63,10 +64,9 @@
> > >  +				return -EINVAL;
> > >  +			}
> > >  +		}
> > > -+
> > > - 		print_one_sa_rule(sa, inbound);
> > >   	}
> > >
> > > + 	return 0;
> > >  --
> > >  2.20.1
> > >
Previous message: [dpdk-stable] [EXT] patch 'examples/ipsec-secgw: extend inline session to non AES-GCM' has been queued to stable release 19.11.1
Next message: [dpdk-stable] [EXT] patch 'examples/ipsec-secgw: extend inline session to non AES-GCM' has been queued to stable release 19.11.1
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the stable mailing list