[dpdk-stable] patch 'examples/ipsec-secgw: fix outbound codepath for single SA' has been queued to LTS release 17.11.6

Yongseok Koh yskoh at mellanox.com
Fri Mar 8 18:47:06 CET 2019

Previous message: [dpdk-stable] patch 'test/crypto: fix misleading trace message' has been queued to LTS release 17.11.6
Next message: [dpdk-stable] patch 'examples/ipsec-secgw: make local variables static' has been queued to LTS release 17.11.6
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

FYI, your patch has been queued to LTS release 17.11.6

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objection by 03/13/19. So please
shout if anyone has objection.

Also note that after the patch there's a diff of the upstream commit vs the patch applied
to the branch. If the code is different (ie: not only metadata diffs), due for example to
a change in context or macro names, please double check it.

Thanks.

Yongseok

---
>From f253fbcab7690dd6aa8df5e9e4d0ba24cc5e98d9 Mon Sep 17 00:00:00 2001
From: Konstantin Ananyev <konstantin.ananyev at intel.com>
Date: Thu, 10 Jan 2019 21:09:07 +0000
Subject: [PATCH] examples/ipsec-secgw: fix outbound codepath for single SA

[ upstream commit aed6eb10edd12237645d3af7fe116287aefcd7e8 ]

Looking at process_pkts_outbound_nosp() there seems few issues:
- accessing mbuf after it was freed
- invoking ipsec_outbound() for ipv4 packets only
- copying number of packets, but not the mbuf pointers itself

that patch provides fixes for that issues.

Fixes: 906257e965b7 ("examples/ipsec-secgw: support IPv6")

Signed-off-by: Konstantin Ananyev <konstantin.ananyev at intel.com>
Acked-by: Radu Nicolau <radu.nicolau at intel.com>
Acked-by: Akhil Goyal <akhil.goyal at nxp.com>
---
 examples/ipsec-secgw/ipsec-secgw.c | 33 +++++++++++++++++++++++----------
 1 file changed, 23 insertions(+), 10 deletions(-)

diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 46af3f05f..f98d529f5 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -561,32 +561,45 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx,
 		struct ipsec_traffic *traffic)
 {
 	struct rte_mbuf *m;
-	uint32_t nb_pkts_out, i;
+	uint32_t nb_pkts_out, i, n;
 	struct ip *ip;
 
 	/* Drop any IPsec traffic from protected ports */
 	for (i = 0; i < traffic->ipsec.num; i++)
 		rte_pktmbuf_free(traffic->ipsec.pkts[i]);
 
-	traffic->ipsec.num = 0;
+	n = 0;
 
-	for (i = 0; i < traffic->ip4.num; i++)
-		traffic->ip4.res[i] = single_sa_idx;
+	for (i = 0; i < traffic->ip4.num; i++) {
+		traffic->ipsec.pkts[n] = traffic->ip4.pkts[i];
+		traffic->ipsec.res[n++] = single_sa_idx;
+	}
 
-	for (i = 0; i < traffic->ip6.num; i++)
-		traffic->ip6.res[i] = single_sa_idx;
+	for (i = 0; i < traffic->ip6.num; i++) {
+		traffic->ipsec.pkts[n] = traffic->ip6.pkts[i];
+		traffic->ipsec.res[n++] = single_sa_idx;
+	}
+
+	traffic->ip4.num = 0;
+	traffic->ip6.num = 0;
+	traffic->ipsec.num = n;
 
-	nb_pkts_out = ipsec_outbound(ipsec_ctx, traffic->ip4.pkts,
-			traffic->ip4.res, traffic->ip4.num,
+	nb_pkts_out = ipsec_outbound(ipsec_ctx, traffic->ipsec.pkts,
+			traffic->ipsec.res, traffic->ipsec.num,
 			MAX_PKT_BURST);
 
 	/* They all sue the same SA (ip4 or ip6 tunnel) */
 	m = traffic->ipsec.pkts[i];
 	ip = rte_pktmbuf_mtod(m, struct ip *);
-	if (ip->ip_v == IPVERSION)
+	if (ip->ip_v == IPVERSION) {
 		traffic->ip4.num = nb_pkts_out;
-	else
+		for (i = 0; i < nb_pkts_out; i++)
+			traffic->ip4.pkts[i] = traffic->ipsec.pkts[i];
+	} else {
 		traffic->ip6.num = nb_pkts_out;
+		for (i = 0; i < nb_pkts_out; i++)
+			traffic->ip6.pkts[i] = traffic->ipsec.pkts[i];
+	}
 }
 
 static inline int32_t
-- 
2.11.0

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2019-03-08 09:46:41.712227754 -0800
+++ 0028-examples-ipsec-secgw-fix-outbound-codepath-for-singl.patch	2019-03-08 09:46:40.110403000 -0800
@@ -1,8 +1,10 @@
-From aed6eb10edd12237645d3af7fe116287aefcd7e8 Mon Sep 17 00:00:00 2001
+From f253fbcab7690dd6aa8df5e9e4d0ba24cc5e98d9 Mon Sep 17 00:00:00 2001
 From: Konstantin Ananyev <konstantin.ananyev at intel.com>
 Date: Thu, 10 Jan 2019 21:09:07 +0000
 Subject: [PATCH] examples/ipsec-secgw: fix outbound codepath for single SA
 
+[ upstream commit aed6eb10edd12237645d3af7fe116287aefcd7e8 ]
+
 Looking at process_pkts_outbound_nosp() there seems few issues:
 - accessing mbuf after it was freed
 - invoking ipsec_outbound() for ipv4 packets only
@@ -11,7 +13,6 @@
 that patch provides fixes for that issues.
 
 Fixes: 906257e965b7 ("examples/ipsec-secgw: support IPv6")
-Cc: stable at dpdk.org
 
 Signed-off-by: Konstantin Ananyev <konstantin.ananyev at intel.com>
 Acked-by: Radu Nicolau <radu.nicolau at intel.com>
@@ -21,10 +22,10 @@
  1 file changed, 23 insertions(+), 10 deletions(-)
 
 diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
-index 0c2005eea..a5dfd1826 100644
+index 46af3f05f..f98d529f5 100644
 --- a/examples/ipsec-secgw/ipsec-secgw.c
 +++ b/examples/ipsec-secgw/ipsec-secgw.c
-@@ -629,32 +629,45 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx,
+@@ -561,32 +561,45 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx,
  		struct ipsec_traffic *traffic)
  {
  	struct rte_mbuf *m;

Previous message: [dpdk-stable] patch 'test/crypto: fix misleading trace message' has been queued to LTS release 17.11.6
Next message: [dpdk-stable] patch 'examples/ipsec-secgw: make local variables static' has been queued to LTS release 17.11.6
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list