[dpdk-stable] patch 'examples/ipsec-secgw: extend inline session to non AES-GCM' has been queued to stable release 19.11.1

luca.boccassi at gmail.com luca.boccassi at gmail.com
Thu Feb 27 10:33:22 CET 2020


Hi,

FYI, your patch has been queued to stable release 19.11.1

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 02/29/20. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Thanks.

Luca Boccassi

---
>From 42b568622cf6345e311aee821d755963e786a704 Mon Sep 17 00:00:00 2001
From: Ankur Dwivedi <adwivedi at marvell.com>
Date: Fri, 14 Feb 2020 12:08:18 +0530
Subject: [PATCH] examples/ipsec-secgw: extend inline session to non AES-GCM

[ upstream commit b685f931e1ce33d287e3891d4f19ab07f8d2aa79 ]

This patch extends creation of inline session to all the algorithms.
Previously the inline session was enabled only for AES-GCM cipher.

Fixes: 3a690d5a65e2 ("examples/ipsec-secgw: fix first packet with inline crypto")

Signed-off-by: Ankur Dwivedi <adwivedi at marvell.com>
Acked-by: Anoob Joseph <anoobj at marvell.com>
Acked-by: Akhil Goyal <akhil.goyal at nxp.com>
---
 examples/ipsec-secgw/sa.c | 25 ++++++++++++-------------
 1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index c75a5a15f5..04827d7e11 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -993,7 +993,6 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 		}
 
 		if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
-			struct rte_ipsec_session *ips;
 			iv_length = 12;
 
 			sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_AEAD;
@@ -1014,18 +1013,6 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 
 			sa->xforms = &sa_ctx->xf[idx].a;
 
-			ips = ipsec_get_primary_session(sa);
-			if (ips->type ==
-				RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
-				ips->type ==
-				RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) {
-				rc = create_inline_session(skt_ctx, sa, ips);
-				if (rc != 0) {
-					RTE_LOG(ERR, IPSEC_ESP,
-						"create_inline_session() failed\n");
-					return -EINVAL;
-				}
-			}
 			print_one_sa_rule(sa, inbound);
 		} else {
 			switch (sa->cipher_algo) {
@@ -1094,6 +1081,18 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
 
 			print_one_sa_rule(sa, inbound);
 		}
+
+		if (ips->type ==
+			RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
+			ips->type ==
+			RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) {
+			rc = create_inline_session(skt_ctx, sa, ips);
+			if (rc != 0) {
+				RTE_LOG(ERR, IPSEC_ESP,
+					"create_inline_session() failed\n");
+				return -EINVAL;
+			}
+		}
 	}
 
 	return 0;
-- 
2.20.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2020-02-27 09:31:55.915137861 +0000
+++ 0002-examples-ipsec-secgw-extend-inline-session-to-non-AE.patch	2020-02-27 09:31:55.631945112 +0000
@@ -1,26 +1,27 @@
-From b685f931e1ce33d287e3891d4f19ab07f8d2aa79 Mon Sep 17 00:00:00 2001
+From 42b568622cf6345e311aee821d755963e786a704 Mon Sep 17 00:00:00 2001
 From: Ankur Dwivedi <adwivedi at marvell.com>
 Date: Fri, 14 Feb 2020 12:08:18 +0530
 Subject: [PATCH] examples/ipsec-secgw: extend inline session to non AES-GCM
 
+[ upstream commit b685f931e1ce33d287e3891d4f19ab07f8d2aa79 ]
+
 This patch extends creation of inline session to all the algorithms.
 Previously the inline session was enabled only for AES-GCM cipher.
 
 Fixes: 3a690d5a65e2 ("examples/ipsec-secgw: fix first packet with inline crypto")
-Cc: stable at dpdk.org
 
 Signed-off-by: Ankur Dwivedi <adwivedi at marvell.com>
 Acked-by: Anoob Joseph <anoobj at marvell.com>
 Acked-by: Akhil Goyal <akhil.goyal at nxp.com>
 ---
- examples/ipsec-secgw/sa.c | 26 ++++++++++++--------------
- 1 file changed, 12 insertions(+), 14 deletions(-)
+ examples/ipsec-secgw/sa.c | 25 ++++++++++++-------------
+ 1 file changed, 12 insertions(+), 13 deletions(-)
 
 diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
-index e75b687c46..4822d6bdaa 100644
+index c75a5a15f5..04827d7e11 100644
 --- a/examples/ipsec-secgw/sa.c
 +++ b/examples/ipsec-secgw/sa.c
-@@ -1057,7 +1057,6 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
+@@ -993,7 +993,6 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
  		}
  
  		if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
@@ -28,11 +29,10 @@
  			iv_length = 12;
  
  			sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_AEAD;
-@@ -1077,19 +1076,6 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
- 				sa->digest_len;
+@@ -1014,18 +1013,6 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
  
  			sa->xforms = &sa_ctx->xf[idx].a;
--
+ 
 -			ips = ipsec_get_primary_session(sa);
 -			if (ips->type ==
 -				RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
@@ -45,13 +45,14 @@
 -					return -EINVAL;
 -				}
 -			}
+ 			print_one_sa_rule(sa, inbound);
  		} else {
  			switch (sa->cipher_algo) {
- 			case RTE_CRYPTO_CIPHER_NULL:
-@@ -1156,6 +1142,18 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
- 			sa->xforms = &sa_ctx->xf[idx].a;
- 		}
+@@ -1094,6 +1081,18 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
  
+ 			print_one_sa_rule(sa, inbound);
+ 		}
++
 +		if (ips->type ==
 +			RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
 +			ips->type ==
@@ -63,10 +64,9 @@
 +				return -EINVAL;
 +			}
 +		}
-+
- 		print_one_sa_rule(sa, inbound);
  	}
  
+ 	return 0;
 -- 
 2.20.1
 


More information about the stable mailing list