[dpdk-stable] [EXT] patch 'examples/ipsec-secgw: extend inline session to non AES-GCM' has been queued to stable release 19.11.1
Akhil Goyal
akhil.goyal at nxp.com
Fri Feb 28 05:33:10 CET 2020
>
> Hi Luca,
>
> The diff between upstream patch and dpdk-stable patch doesn't look right. I
> would say we can defer this change from merge to stable.
>
> @Akhil, what's your take on this?
Why do we need to defer this patch?
I think the only thing is declaration of ips is missing. The compilation will be broken.
Can you send the appropriate patch to stable?
>
> Thanks,
> Anoob
>
> > -----Original Message-----
> > From: luca.boccassi at gmail.com <luca.boccassi at gmail.com>
> > Sent: Thursday, February 27, 2020 3:03 PM
> > To: Ankur Dwivedi <adwivedi at marvell.com>
> > Cc: Anoob Joseph <anoobj at marvell.com>; Akhil Goyal
> > <akhil.goyal at nxp.com>; dpdk stable <stable at dpdk.org>
> > Subject: [EXT] patch 'examples/ipsec-secgw: extend inline session to non
> > AES-GCM' has been queued to stable release 19.11.1
> >
> > External Email
> >
> > ----------------------------------------------------------------------
> > Hi,
> >
> > FYI, your patch has been queued to stable release 19.11.1
> >
> > Note it hasn't been pushed to
> >
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefens
> e.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttp-
> &data=02%7C01%7Cakhil.goyal%40nxp.com%7C0d2ac7af89ca48357a110
> 8d7bc062ce6%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C6371846
> 07019183710&sdata=tSi80Em79D5Nvv3YUVa5HlUfyStN5MOf5eCyOs2e2b
> o%3D&reserved=0
> > 3A__dpdk.org_browse_dpdk-
> > 2Dstable&d=DwIDAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=jPfB8rwwviRSxyLWs
> > 2n6B-WYLn1v9SyTMrT5EQqh2TU&m=uIvPnv-
> > I27twfm1d6XD0AMFwcH8L4mBZAQxhhR9PzDw&s=-
> > O8xzMfTZw5m9whfatE2Ma7_ub-QaoVc1uZWrbWRSKU&e= yet.
> > It will be pushed if I get no objections before 02/29/20. So please shout if
> > anyone has objections.
> >
> > Also note that after the patch there's a diff of the upstream commit vs the
> > patch applied to the branch. This will indicate if there was any rebasing
> > needed to apply to the stable branch. If there were code changes for
> > rebasing
> > (ie: not only metadata diffs), please double check that the rebase was
> > correctly done.
> >
> > Thanks.
> >
> > Luca Boccassi
> >
> > ---
> > From 42b568622cf6345e311aee821d755963e786a704 Mon Sep 17 00:00:00
> > 2001
> > From: Ankur Dwivedi <adwivedi at marvell.com>
> > Date: Fri, 14 Feb 2020 12:08:18 +0530
> > Subject: [PATCH] examples/ipsec-secgw: extend inline session to non AES-
> > GCM
> >
> > [ upstream commit b685f931e1ce33d287e3891d4f19ab07f8d2aa79 ]
> >
> > This patch extends creation of inline session to all the algorithms.
> > Previously the inline session was enabled only for AES-GCM cipher.
> >
> > Fixes: 3a690d5a65e2 ("examples/ipsec-secgw: fix first packet with inline
> > crypto")
> >
> > Signed-off-by: Ankur Dwivedi <adwivedi at marvell.com>
> > Acked-by: Anoob Joseph <anoobj at marvell.com>
> > Acked-by: Akhil Goyal <akhil.goyal at nxp.com>
> > ---
> > examples/ipsec-secgw/sa.c | 25 ++++++++++++-------------
> > 1 file changed, 12 insertions(+), 13 deletions(-)
> >
> > diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c index
> > c75a5a15f5..04827d7e11 100644
> > --- a/examples/ipsec-secgw/sa.c
> > +++ b/examples/ipsec-secgw/sa.c
> > @@ -993,7 +993,6 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct
> > ipsec_sa entries[],
> > }
> >
> > if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
> > - struct rte_ipsec_session *ips;
> > iv_length = 12;
> >
> > sa_ctx->xf[idx].a.type =
> > RTE_CRYPTO_SYM_XFORM_AEAD; @@ -1014,18 +1013,6 @@
> > sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
> >
> > sa->xforms = &sa_ctx->xf[idx].a;
> >
> > - ips = ipsec_get_primary_session(sa);
> > - if (ips->type ==
> > -
> > RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
> > - ips->type ==
> > -
> > RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) {
> > - rc = create_inline_session(skt_ctx, sa, ips);
> > - if (rc != 0) {
> > - RTE_LOG(ERR, IPSEC_ESP,
> > - "create_inline_session()
> > failed\n");
> > - return -EINVAL;
> > - }
> > - }
> > print_one_sa_rule(sa, inbound);
> > } else {
> > switch (sa->cipher_algo) {
> > @@ -1094,6 +1081,18 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct
> > ipsec_sa entries[],
> >
> > print_one_sa_rule(sa, inbound);
> > }
> > +
> > + if (ips->type ==
> > + RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
> > + ips->type ==
> > + RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) {
> > + rc = create_inline_session(skt_ctx, sa, ips);
> > + if (rc != 0) {
> > + RTE_LOG(ERR, IPSEC_ESP,
> > + "create_inline_session() failed\n");
> > + return -EINVAL;
> > + }
> > + }
> > }
> >
> > return 0;
> > --
> > 2.20.1
> >
> > ---
> > Diff of the applied patch vs upstream commit (please double-check if non-
> > empty:
> > ---
> > --- - 2020-02-27 09:31:55.915137861 +0000
> > +++ 0002-examples-ipsec-secgw-extend-inline-session-to-non-AE.patch
> > 2020-02-27 09:31:55.631945112 +0000
> > @@ -1,26 +1,27 @@
> > -From b685f931e1ce33d287e3891d4f19ab07f8d2aa79 Mon Sep 17 00:00:00
> > 2001
> > +From 42b568622cf6345e311aee821d755963e786a704 Mon Sep 17 00:00:00
> > 2001
> > From: Ankur Dwivedi <adwivedi at marvell.com>
> > Date: Fri, 14 Feb 2020 12:08:18 +0530
> > Subject: [PATCH] examples/ipsec-secgw: extend inline session to non AES-
> > GCM
> >
> > +[ upstream commit b685f931e1ce33d287e3891d4f19ab07f8d2aa79 ]
> > +
> > This patch extends creation of inline session to all the algorithms.
> > Previously the inline session was enabled only for AES-GCM cipher.
> >
> > Fixes: 3a690d5a65e2 ("examples/ipsec-secgw: fix first packet with inline
> > crypto")
> > -Cc: stable at dpdk.org
> >
> > Signed-off-by: Ankur Dwivedi <adwivedi at marvell.com>
> > Acked-by: Anoob Joseph <anoobj at marvell.com>
> > Acked-by: Akhil Goyal <akhil.goyal at nxp.com>
> > ---
> > - examples/ipsec-secgw/sa.c | 26 ++++++++++++--------------
> > - 1 file changed, 12 insertions(+), 14 deletions(-)
> > + examples/ipsec-secgw/sa.c | 25 ++++++++++++-------------
> > + 1 file changed, 12 insertions(+), 13 deletions(-)
> >
> > diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c -index
> > e75b687c46..4822d6bdaa 100644
> > +index c75a5a15f5..04827d7e11 100644
> > --- a/examples/ipsec-secgw/sa.c
> > +++ b/examples/ipsec-secgw/sa.c
> > -@@ -1057,7 +1057,6 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct
> > ipsec_sa entries[],
> > +@@ -993,7 +993,6 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct
> > +ipsec_sa entries[],
> > }
> >
> > if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) { @@ -
> > 28,11 +29,10 @@
> > iv_length = 12;
> >
> > sa_ctx->xf[idx].a.type =
> > RTE_CRYPTO_SYM_XFORM_AEAD; -@@ -1077,19 +1076,6 @@
> > sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
> > - sa->digest_len;
> > +@@ -1014,18 +1013,6 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct
> > +ipsec_sa entries[],
> >
> > sa->xforms = &sa_ctx->xf[idx].a;
> > --
> > +
> > - ips = ipsec_get_primary_session(sa);
> > - if (ips->type ==
> > -
> > RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
> > @@ -45,13 +45,14 @@
> > - return -EINVAL;
> > - }
> > - }
> > + print_one_sa_rule(sa, inbound);
> > } else {
> > switch (sa->cipher_algo) {
> > - case RTE_CRYPTO_CIPHER_NULL:
> > -@@ -1156,6 +1142,18 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct
> > ipsec_sa entries[],
> > - sa->xforms = &sa_ctx->xf[idx].a;
> > - }
> > +@@ -1094,6 +1081,18 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct
> > +ipsec_sa entries[],
> >
> > + print_one_sa_rule(sa, inbound);
> > + }
> > ++
> > + if (ips->type ==
> > + RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
> > + ips->type ==
> > @@ -63,10 +64,9 @@
> > + return -EINVAL;
> > + }
> > + }
> > -+
> > - print_one_sa_rule(sa, inbound);
> > }
> >
> > + return 0;
> > --
> > 2.20.1
> >
More information about the stable
mailing list