patch 'net/iavf: support NAT-T / UDP encapsulation' has been queued to stable release 21.11.1

Kevin Traynor ktraynor at redhat.com
Tue Mar 8 15:14:30 CET 2022

Previous message (by thread): patch 'net/ixgbe: fix FSP check for X550EM devices' has been queued to stable release 21.11.1
Next message (by thread): patch 'net/iavf: fix function pointer in multi-process' has been queued to stable release 21.11.1
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

FYI, your patch has been queued to stable release 21.11.1

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 03/14/22. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable

This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable/commit/9b441b496390b1109fd97a6d4366030304aafeb6

Thanks.

Kevin

---
>From 9b441b496390b1109fd97a6d4366030304aafeb6 Mon Sep 17 00:00:00 2001
From: Radu Nicolau <radu.nicolau at intel.com>
Date: Mon, 28 Feb 2022 15:00:22 +0000
Subject: [PATCH] net/iavf: support NAT-T / UDP encapsulation

[ upstream commit 578da1bd2025419f8d0fef420770cbdf419b4c29 ]

Add support for NAT-T / UDP encapsulated ESP.
This fixes the inline crypto feature for iAVF which will not
function properly without setting the UDP encapsulation options.

Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto")

Signed-off-by: Radu Nicolau <radu.nicolau at intel.com>
Reviewed-by: Qi Zhang <qi.z.zhang at intel.com>
---
 drivers/common/iavf/virtchnl_inline_ipsec.h |  9 +++++++++
 drivers/net/iavf/iavf_ipsec_crypto.c        | 16 +++++++++++++---
 drivers/net/iavf/iavf_ipsec_crypto.h        |  4 +++-
 3 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/drivers/common/iavf/virtchnl_inline_ipsec.h b/drivers/common/iavf/virtchnl_inline_ipsec.h
index 1e9134501e..2f4bf15725 100644
--- a/drivers/common/iavf/virtchnl_inline_ipsec.h
+++ b/drivers/common/iavf/virtchnl_inline_ipsec.h
@@ -447,4 +447,13 @@ struct virtchnl_ipsec_sp_cfg {
 	/* Set TC (congestion domain) if true. For future use. */
 	u8 set_tc;
+
+	/* 0 for NAT-T unsupported, 1 for NAT-T supported */
+	u8 is_udp;
+
+	/* reserved */
+	u8 reserved;
+
+	/* NAT-T UDP port number. Only valid in case NAT-T supported */
+	u16 udp_port;
 } __rte_packed;
 
diff --git a/drivers/net/iavf/iavf_ipsec_crypto.c b/drivers/net/iavf/iavf_ipsec_crypto.c
index a63e42f29a..d6875eb6aa 100644
--- a/drivers/net/iavf/iavf_ipsec_crypto.c
+++ b/drivers/net/iavf/iavf_ipsec_crypto.c
@@ -737,5 +737,7 @@ iavf_ipsec_crypto_inbound_security_policy_add(struct iavf_adapter *adapter,
 	rte_be32_t v4_dst_addr,
 	uint8_t *v6_dst_addr,
-	uint8_t drop)
+	uint8_t drop,
+	bool is_udp,
+	uint16_t udp_port)
 {
 	struct inline_ipsec_msg *request = NULL, *response = NULL;
@@ -782,4 +784,6 @@ iavf_ipsec_crypto_inbound_security_policy_add(struct iavf_adapter *adapter,
 	request->ipsec_data.sp_cfg->set_tc = 0;
 	request->ipsec_data.sp_cfg->cgd = 0;
+	request->ipsec_data.sp_cfg->is_udp = is_udp;
+	request->ipsec_data.sp_cfg->udp_port = htons(udp_port);
 
 	response_len = sizeof(struct inline_ipsec_msg) +
@@ -1626,4 +1630,5 @@ struct iavf_ipsec_flow_item {
 	};
 	struct rte_udp_hdr udp_hdr;
+	uint8_t is_udp;
 };
 
@@ -1738,4 +1743,5 @@ iavf_ipsec_flow_item_parse(struct rte_eth_dev *ethdev,
 				pattern[2].spec,
 			&ipsec_flow->udp_hdr);
+		ipsec_flow->is_udp = true;
 		ipsec_flow->spi =
 			((const struct rte_flow_item_esp *)
@@ -1807,5 +1813,7 @@ iavf_ipsec_flow_create(struct iavf_adapter *ad,
 			ipsec_flow->ipv4_hdr.dst_addr,
 			NULL,
-			0);
+			0,
+			ipsec_flow->is_udp,
+			ipsec_flow->udp_hdr.dst_port);
 	} else {
 		ipsec_flow->id =
@@ -1815,5 +1823,7 @@ iavf_ipsec_flow_create(struct iavf_adapter *ad,
 			0,
 			ipsec_flow->ipv6_hdr.dst_addr,
-			0);
+			0,
+			ipsec_flow->is_udp,
+			ipsec_flow->udp_hdr.dst_port);
 	}
 
diff --git a/drivers/net/iavf/iavf_ipsec_crypto.h b/drivers/net/iavf/iavf_ipsec_crypto.h
index 687541077a..8ea0f9540e 100644
--- a/drivers/net/iavf/iavf_ipsec_crypto.h
+++ b/drivers/net/iavf/iavf_ipsec_crypto.h
@@ -146,5 +146,7 @@ iavf_ipsec_crypto_inbound_security_policy_add(struct iavf_adapter *adapter,
 	rte_be32_t v4_dst_addr,
 	uint8_t *v6_dst_addr,
-	uint8_t drop);
+	uint8_t drop,
+	bool is_udp,
+	uint16_t udp_port);
 
 /**
-- 
2.34.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2022-03-08 13:55:28.814465021 +0000
+++ 0015-net-iavf-support-NAT-T-UDP-encapsulation.patch	2022-03-08 13:55:28.410314926 +0000
@@ -1 +1 @@
-From 578da1bd2025419f8d0fef420770cbdf419b4c29 Mon Sep 17 00:00:00 2001
+From 9b441b496390b1109fd97a6d4366030304aafeb6 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 578da1bd2025419f8d0fef420770cbdf419b4c29 ]
+
@@ -11 +12,0 @@
-Cc: stable at dpdk.org

Previous message (by thread): patch 'net/ixgbe: fix FSP check for X550EM devices' has been queued to stable release 21.11.1
Next message (by thread): patch 'net/iavf: fix function pointer in multi-process' has been queued to stable release 21.11.1
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list