patch 'examples/ipsec-secgw: fix NAT-T header fields' has been queued to stable release 21.11.2

Kevin Traynor ktraynor at redhat.com
Fri Jun 24 17:01:16 CEST 2022 

Hi,

FYI, your patch has been queued to stable release 21.11.2

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 06/27/22. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable

This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable/commit/be3beb946efd3a028b5a901bcd2494b30d7f32ac

Thanks.

Kevin

---
>From be3beb946efd3a028b5a901bcd2494b30d7f32ac Mon Sep 17 00:00:00 2001
From: Radu Nicolau <radu.nicolau at intel.com>
Date: Wed, 25 May 2022 14:59:11 +0100
Subject: [PATCH] examples/ipsec-secgw: fix NAT-T header fields

[ upstream commit 5051dc42a193551a837f7a4c0a1726babde46ae6 ]

Use the proper IP protocol (UDP instead of ESP) and set the ports when
UDP encapsulation is enabled.

Fixes: 9ae86b4cfc77 ("examples/ipsec-secgw: support UDP encap for inline crypto")

Signed-off-by: Radu Nicolau <radu.nicolau at intel.com>
Acked-by: Fan Zhang <roy.fan.zhang at intel.com>
---
 examples/ipsec-secgw/sa.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 1839ac71af..45509c5c68 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -1459,4 +1459,6 @@ fill_ipsec_sa_prm(struct rte_ipsec_sa_prm *prm, const struct ipsec_sa *ss,
 		RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
 	prm->ipsec_xform.options.udp_encap = ss->udp_encap;
+	prm->ipsec_xform.udp.dport = ss->udp.dport;
+	prm->ipsec_xform.udp.sport = ss->udp.sport;
 	prm->ipsec_xform.options.ecn = 1;
 	prm->ipsec_xform.options.copy_dscp = 1;
@@ -1514,5 +1516,5 @@ ipsec_sa_init(struct ipsec_sa *lsa, struct rte_ipsec_sa *sa, uint32_t sa_size)
 			sizeof(v4) / RTE_IPV4_IHL_MULTIPLIER,
 		.time_to_live = IPDEFTTL,
-		.next_proto_id = IPPROTO_ESP,
+		.next_proto_id = lsa->udp_encap ? IPPROTO_UDP : IPPROTO_ESP,
 		.src_addr = lsa->src.ip.ip4,
 		.dst_addr = lsa->dst.ip.ip4,
@@ -1520,5 +1522,5 @@ ipsec_sa_init(struct ipsec_sa *lsa, struct rte_ipsec_sa *sa, uint32_t sa_size)
 	struct rte_ipv6_hdr v6 = {
 		.vtc_flow = htonl(IP6_VERSION << 28),
-		.proto = IPPROTO_ESP,
+		.proto = lsa->udp_encap ? IPPROTO_UDP : IPPROTO_ESP,
 	};
 
-- 
2.34.3

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2022-06-24 15:51:09.232330330 +0100
+++ 0008-examples-ipsec-secgw-fix-NAT-T-header-fields.patch	2022-06-24 15:51:08.848984020 +0100
@@ -1 +1 @@
-From 5051dc42a193551a837f7a4c0a1726babde46ae6 Mon Sep 17 00:00:00 2001
+From be3beb946efd3a028b5a901bcd2494b30d7f32ac Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 5051dc42a193551a837f7a4c0a1726babde46ae6 ]
+
@@ -10 +11,0 @@
-Cc: stable at dpdk.org
@@ -19 +20 @@
-index 0b27f11fc0..fde263ca33 100644
+index 1839ac71af..45509c5c68 100644
@@ -22 +23 @@
-@@ -1486,4 +1486,6 @@ fill_ipsec_sa_prm(struct rte_ipsec_sa_prm *prm, const struct ipsec_sa *ss,
+@@ -1459,4 +1459,6 @@ fill_ipsec_sa_prm(struct rte_ipsec_sa_prm *prm, const struct ipsec_sa *ss,
@@ -29 +30 @@
-@@ -1536,5 +1538,5 @@ ipsec_sa_init(struct ipsec_sa *lsa, struct rte_ipsec_sa *sa, uint32_t sa_size)
+@@ -1514,5 +1516,5 @@ ipsec_sa_init(struct ipsec_sa *lsa, struct rte_ipsec_sa *sa, uint32_t sa_size)
@@ -36 +37 @@
-@@ -1542,5 +1544,5 @@ ipsec_sa_init(struct ipsec_sa *lsa, struct rte_ipsec_sa *sa, uint32_t sa_size)
+@@ -1520,5 +1522,5 @@ ipsec_sa_init(struct ipsec_sa *lsa, struct rte_ipsec_sa *sa, uint32_t sa_size)

More information about the stable mailing list