[dpdk-stable] [EXT] patch 'examples/ipsec-secgw: extend inline session to non AES-GCM' has been queued to stable release 19.11.1

Luca Boccassi luca.boccassi at gmail.com
Fri Feb 28 12:07:51 CET 2020
Previous message: [dpdk-stable] [EXT] patch 'examples/ipsec-secgw: extend inline session to non AES-GCM' has been queued to stable release 19.11.1
Next message: [dpdk-stable] patch 'examples/fips_validation: fix string token for CT length' has been queued to stable release 19.11.1
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Thanks for catching that! I thought this example build was enabled by
default, so I didn't spot the missing line.

On Fri, 2020-02-28 at 05:37 +0000, Anoob Joseph wrote:
> Hi Akhil,
> 
> Will send the appropriate patch after verifying build etc.
> 
> Thanks,
> Anoob
> 
> > -----Original Message-----
> > From: Akhil Goyal <
> > akhil.goyal at nxp.com
> > >
> > Sent: Friday, February 28, 2020 10:03 AM
> > To: Anoob Joseph <
> > anoobj at marvell.com
> > >; 
> > luca.boccassi at gmail.com
> > ; Ankur
> > Dwivedi <
> > adwivedi at marvell.com
> > >
> > Cc: dpdk stable <
> > stable at dpdk.org
> > >
> > Subject: RE: [EXT] patch 'examples/ipsec-secgw: extend inline
> > session to non
> > AES-GCM' has been queued to stable release 19.11.1
> > 
> > 
> > 
> > > Hi Luca,
> > > 
> > > The diff between upstream patch and dpdk-stable patch doesn't
> > > look
> > > right. I would say we can defer this change from merge to stable.
> > > 
> > > @Akhil, what's your take on this?
> > 
> > Why do we need to defer this patch?
> > I think the only thing is declaration of ips is missing. The
> > compilation will be
> > broken.
> > Can you send the appropriate patch to stable?
> > 
> > > Thanks,
> > > Anoob
> > > 
> > > > -----Original Message-----
> > > > From: 
> > > > luca.boccassi at gmail.com
> > > >  <
> > > > luca.boccassi at gmail.com
> > > > >
> > > > Sent: Thursday, February 27, 2020 3:03 PM
> > > > To: Ankur Dwivedi <
> > > > adwivedi at marvell.com
> > > > >
> > > > Cc: Anoob Joseph <
> > > > anoobj at marvell.com
> > > > >; Akhil Goyal
> > > > <
> > > > akhil.goyal at nxp.com
> > > > >; dpdk stable <
> > > > stable at dpdk.org
> > > > >
> > > > Subject: [EXT] patch 'examples/ipsec-secgw: extend inline
> > > > session to
> > > > non AES-GCM' has been queued to stable release 19.11.1
> > > > 
> > > > External Email
> > > > 
> > > > -------------------------------------------------------------
> > > > -------
> > > > --
> > > > Hi,
> > > > 
> > > > FYI, your patch has been queued to stable release 19.11.1
> > > > 
> > > > Note it hasn't been pushed to
> > > > 
> > > 
> > > https://urldefense.proofpoint.com/v2/url?u=https-3A__eur01.safelinks.p
> > > 
> > > rotection.outlook.com_-3Furl-3Dhttps-253A-252F-
> > 
> > 252Furldefens&d=DwIFAg&
> > > c=nKjWec2b6R0mOyPaz7xtfQ&r=jPfB8rwwviRSxyLWs2n6B-
> > 
> > WYLn1v9SyTMrT5EQqh2TU
> > 
> > &m=eOnW_NUoUMFWqoaBTOmC7zVyaSoWZB_hVr6nQKboVm8&s=mu21
> > wyPbS7W4bBgKdfTO4
> > > xfLokZ_8cS6b8m5O7tOKd0&e=
> > > e.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttp-
> > > 
> > 
> > &data=02%7C01%7Cakhil.goyal%40nxp.com%7C0d2ac7af89ca48357a110
> > 
> > 8d7bc062ce6%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C6371846
> > 
> > 07019183710&sdata=tSi80Em79D5Nvv3YUVa5HlUfyStN5MOf5eCyOs2e2
> > b
> > > o%3D&reserved=0
> > > > 3A__dpdk.org_browse_dpdk-
> > > > 
> > 
> > 2Dstable&d=DwIDAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=jPfB8rwwviRSxyLWs
> > > > 2n6B-WYLn1v9SyTMrT5EQqh2TU&m=uIvPnv-
> > > > I27twfm1d6XD0AMFwcH8L4mBZAQxhhR9PzDw&s=-
> > > > O8xzMfTZw5m9whfatE2Ma7_ub-QaoVc1uZWrbWRSKU&e=  yet.
> > > > It will be pushed if I get no objections before 02/29/20. So
> > > > please
> > > > shout if anyone has objections.
> > > > 
> > > > Also note that after the patch there's a diff of the upstream
> > > > commit
> > > > vs the patch applied to the branch. This will indicate if there
> > > > was
> > > > any rebasing needed to apply to the stable branch. If there
> > > > were
> > > > code changes for rebasing
> > > > (ie: not only metadata diffs), please double check that the
> > > > rebase
> > > > was correctly done.
> > > > 
> > > > Thanks.
> > > > 
> > > > Luca Boccassi
> > > > 
> > > > ---
> > > > From 42b568622cf6345e311aee821d755963e786a704 Mon Sep 17
> > > > 00:00:00
> > > > 2001
> > > > From: Ankur Dwivedi <
> > > > adwivedi at marvell.com
> > > > >
> > > > Date: Fri, 14 Feb 2020 12:08:18 +0530
> > > > Subject: [PATCH] examples/ipsec-secgw: extend inline session to
> > > > non
> > > > AES- GCM
> > > > 
> > > > [ upstream commit b685f931e1ce33d287e3891d4f19ab07f8d2aa79 ]
> > > > 
> > > > This patch extends creation of inline session to all the
> > > > algorithms.
> > > > Previously the inline session was enabled only for AES-GCM
> > > > cipher.
> > > > 
> > > > Fixes: 3a690d5a65e2 ("examples/ipsec-secgw: fix first packet
> > > > with
> > > > inline
> > > > crypto")
> > > > 
> > > > Signed-off-by: Ankur Dwivedi <
> > > > adwivedi at marvell.com
> > > > >
> > > > Acked-by: Anoob Joseph <
> > > > anoobj at marvell.com
> > > > >
> > > > Acked-by: Akhil Goyal <
> > > > akhil.goyal at nxp.com
> > > > >
> > > > ---
> > > >  examples/ipsec-secgw/sa.c | 25 ++++++++++++-------------
> > > >  1 file changed, 12 insertions(+), 13 deletions(-)
> > > > 
> > > > diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-
> > > > secgw/sa.c
> > > > index
> > > > c75a5a15f5..04827d7e11 100644
> > > > --- a/examples/ipsec-secgw/sa.c
> > > > +++ b/examples/ipsec-secgw/sa.c
> > > > @@ -993,7 +993,6 @@ sa_add_rules(struct sa_ctx *sa_ctx, const
> > > > struct
> > > > ipsec_sa entries[],
> > > >  		}
> > > > 
> > > >  		if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
> > > > -			struct rte_ipsec_session *ips;
> > > >  			iv_length = 12;
> > > > 
> > > >  			sa_ctx->xf[idx].a.type =
> > > > RTE_CRYPTO_SYM_XFORM_AEAD; @@ -1014,18 +1013,6 @@
> > > > sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa
> > > > entries[],
> > > > 
> > > >  			sa->xforms = &sa_ctx->xf[idx].a;
> > > > 
> > > > -			ips = ipsec_get_primary_session(sa);
> > > > -			if (ips->type ==
> > > > -
> > > > 	RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
> > > > -				ips->type ==
> > > > -
> > > > 	RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) {
> > > > -				rc =
> > > > create_inline_session(skt_ctx, sa, ips);
> > > > -				if (rc != 0) {
> > > > -					RTE_LOG(ERR, IPSEC_ESP,
> > > > -						"create_inline_
> > > > session()
> > > > failed\n");
> > > > -					return -EINVAL;
> > > > -				}
> > > > -			}
> > > >  			print_one_sa_rule(sa, inbound);
> > > >  		} else {
> > > >  			switch (sa->cipher_algo) {
> > > > @@ -1094,6 +1081,18 @@ sa_add_rules(struct sa_ctx *sa_ctx,
> > > > const
> > > > struct ipsec_sa entries[],
> > > > 
> > > >  			print_one_sa_rule(sa, inbound);
> > > >  		}
> > > > +
> > > > +		if (ips->type ==
> > > > +			RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCO
> > > > L ||
> > > > +			ips->type ==
> > > > +			RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO)
> > > > {
> > > > +			rc = create_inline_session(skt_ctx, sa,
> > > > ips);
> > > > +			if (rc != 0) {
> > > > +				RTE_LOG(ERR, IPSEC_ESP,
> > > > +					"create_inline_session(
> > > > ) failed\n");
> > > > +				return -EINVAL;
> > > > +			}
> > > > +		}
> > > >  	}
> > > > 
> > > >  	return 0;
> > > > --
> > > > 2.20.1
> > > > 
> > > > ---
> > > >   Diff of the applied patch vs upstream commit (please double-
> > > > check
> > > > if non-
> > > > empty:
> > > > ---
> > > > --- -	2020-02-27 09:31:55.915137861 +0000
> > > > +++ 0002-examples-ipsec-secgw-extend-inline-session-to-non-
> > > > AE.patch
> > > > 	2020-02-27 09:31:55.631945112 +0000 @@ -1,26 +1,27 @@
> > > > -From
> > > > b685f931e1ce33d287e3891d4f19ab07f8d2aa79 Mon Sep 17 00:00:00
> > > > 2001
> > > > +From 42b568622cf6345e311aee821d755963e786a704 Mon Sep 17
> > 
> > 00:00:00
> > > > 2001
> > > >  From: Ankur Dwivedi <
> > > > adwivedi at marvell.com
> > > > >
> > > >  Date: Fri, 14 Feb 2020 12:08:18 +0530
> > > >  Subject: [PATCH] examples/ipsec-secgw: extend inline session
> > > > to non
> > > > AES- GCM
> > > > 
> > > > +[ upstream commit b685f931e1ce33d287e3891d4f19ab07f8d2aa79 ]
> > > > +
> > > >  This patch extends creation of inline session to all the
> > > > algorithms.
> > > >  Previously the inline session was enabled only for AES-GCM
> > > > cipher.
> > > > 
> > > >  Fixes: 3a690d5a65e2 ("examples/ipsec-secgw: fix first packet
> > > > with
> > > > inline
> > > > crypto")
> > > > -Cc: 
> > > > stable at dpdk.org
> > > > 
> > > > 
> > > >  Signed-off-by: Ankur Dwivedi <
> > > > adwivedi at marvell.com
> > > > >
> > > >  Acked-by: Anoob Joseph <
> > > > anoobj at marvell.com
> > > > >
> > > >  Acked-by: Akhil Goyal <
> > > > akhil.goyal at nxp.com
> > > > >
> > > >  ---
> > > > - examples/ipsec-secgw/sa.c | 26 ++++++++++++--------------
> > > > - 1 file changed, 12 insertions(+), 14 deletions(-)
> > > > + examples/ipsec-secgw/sa.c | 25 ++++++++++++-------------
> > > > + 1 file changed, 12 insertions(+), 13 deletions(-)
> > > > 
> > > >  diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-
> > > > secgw/sa.c
> > > > -index e75b687c46..4822d6bdaa 100644
> > > > +index c75a5a15f5..04827d7e11 100644
> > > >  --- a/examples/ipsec-secgw/sa.c
> > > >  +++ b/examples/ipsec-secgw/sa.c
> > > > -@@ -1057,7 +1057,6 @@ sa_add_rules(struct sa_ctx *sa_ctx,
> > > > const
> > > > struct ipsec_sa entries[],
> > > > +@@ -993,7 +993,6 @@ sa_add_rules(struct sa_ctx *sa_ctx, const
> > > > +struct ipsec_sa entries[],
> > > >   		}
> > > > 
> > > >   		if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
> > > > @@ -
> > > > 28,11 +29,10 @@
> > > >   			iv_length = 12;
> > > > 
> > > >   			sa_ctx->xf[idx].a.type =
> > > > RTE_CRYPTO_SYM_XFORM_AEAD; -@@ -1077,19 +1076,6 @@
> > > > sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa
> > > > entries[],
> > > > - 				sa->digest_len;
> > > > +@@ -1014,18 +1013,6 @@ sa_add_rules(struct sa_ctx *sa_ctx,
> > > > const
> > > > +struct ipsec_sa entries[],
> > > > 
> > > >   			sa->xforms = &sa_ctx->xf[idx].a;
> > > > --
> > > > +
> > > >  -			ips = ipsec_get_primary_session(sa);
> > > >  -			if (ips->type ==
> > > >  -
> > > > 	RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL || @@ -45,13
> > 
> > +45,14 @@
> > > >  -					return -EINVAL;
> > > >  -				}
> > > >  -			}
> > > > + 			print_one_sa_rule(sa, inbound);
> > > >   		} else {
> > > >   			switch (sa->cipher_algo) {
> > > > - 			case RTE_CRYPTO_CIPHER_NULL:
> > > > -@@ -1156,6 +1142,18 @@ sa_add_rules(struct sa_ctx *sa_ctx,
> > > > const
> > > > struct ipsec_sa entries[],
> > > > - 			sa->xforms = &sa_ctx->xf[idx].a;
> > > > - 		}
> > > > +@@ -1094,6 +1081,18 @@ sa_add_rules(struct sa_ctx *sa_ctx,
> > > > const
> > > > +struct ipsec_sa entries[],
> > > > 
> > > > + 			print_one_sa_rule(sa, inbound);
> > > > + 		}
> > > > ++
> > > >  +		if (ips->type ==
> > > >  +			RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCO
> > > > L ||
> > > >  +			ips->type ==
> > > > @@ -63,10 +64,9 @@
> > > >  +				return -EINVAL;
> > > >  +			}
> > > >  +		}
> > > > -+
> > > > - 		print_one_sa_rule(sa, inbound);
> > > >   	}
> > > > 
> > > > + 	return 0;
> > > >  --
> > > >  2.20.1
> > > > 
-- 
Kind regards,
Luca Boccassi
Previous message: [dpdk-stable] [EXT] patch 'examples/ipsec-secgw: extend inline session to non AES-GCM' has been queued to stable release 19.11.1
Next message: [dpdk-stable] patch 'examples/fips_validation: fix string token for CT length' has been queued to stable release 19.11.1
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the stable mailing list