[dpdk-stable] [EXT] patch 'examples/ipsec-secgw: extend inline session to non AES-GCM' has been queued to stable release 19.11.1

Akhil Goyal akhil.goyal at nxp.com
Fri Feb 28 05:33:10 CET 2020



> 
> Hi Luca,
> 
> The diff between upstream patch and dpdk-stable patch doesn't look right. I
> would say we can defer this change from merge to stable.
> 
> @Akhil, what's your take on this?

Why do we need to defer this patch?
I think the only thing is declaration of ips is missing. The compilation will be broken.
Can you send the appropriate patch to stable?

> 
> Thanks,
> Anoob
> 
> > -----Original Message-----
> > From: luca.boccassi at gmail.com <luca.boccassi at gmail.com>
> > Sent: Thursday, February 27, 2020 3:03 PM
> > To: Ankur Dwivedi <adwivedi at marvell.com>
> > Cc: Anoob Joseph <anoobj at marvell.com>; Akhil Goyal
> > <akhil.goyal at nxp.com>; dpdk stable <stable at dpdk.org>
> > Subject: [EXT] patch 'examples/ipsec-secgw: extend inline session to non
> > AES-GCM' has been queued to stable release 19.11.1
> >
> > External Email
> >
> > ----------------------------------------------------------------------
> > Hi,
> >
> > FYI, your patch has been queued to stable release 19.11.1
> >
> > Note it hasn't been pushed to
> >
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefens
> e.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttp-
> &data=02%7C01%7Cakhil.goyal%40nxp.com%7C0d2ac7af89ca48357a110
> 8d7bc062ce6%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C6371846
> 07019183710&sdata=tSi80Em79D5Nvv3YUVa5HlUfyStN5MOf5eCyOs2e2b
> o%3D&reserved=0
> > 3A__dpdk.org_browse_dpdk-
> > 2Dstable&d=DwIDAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=jPfB8rwwviRSxyLWs
> > 2n6B-WYLn1v9SyTMrT5EQqh2TU&m=uIvPnv-
> > I27twfm1d6XD0AMFwcH8L4mBZAQxhhR9PzDw&s=-
> > O8xzMfTZw5m9whfatE2Ma7_ub-QaoVc1uZWrbWRSKU&e=  yet.
> > It will be pushed if I get no objections before 02/29/20. So please shout if
> > anyone has objections.
> >
> > Also note that after the patch there's a diff of the upstream commit vs the
> > patch applied to the branch. This will indicate if there was any rebasing
> > needed to apply to the stable branch. If there were code changes for
> > rebasing
> > (ie: not only metadata diffs), please double check that the rebase was
> > correctly done.
> >
> > Thanks.
> >
> > Luca Boccassi
> >
> > ---
> > From 42b568622cf6345e311aee821d755963e786a704 Mon Sep 17 00:00:00
> > 2001
> > From: Ankur Dwivedi <adwivedi at marvell.com>
> > Date: Fri, 14 Feb 2020 12:08:18 +0530
> > Subject: [PATCH] examples/ipsec-secgw: extend inline session to non AES-
> > GCM
> >
> > [ upstream commit b685f931e1ce33d287e3891d4f19ab07f8d2aa79 ]
> >
> > This patch extends creation of inline session to all the algorithms.
> > Previously the inline session was enabled only for AES-GCM cipher.
> >
> > Fixes: 3a690d5a65e2 ("examples/ipsec-secgw: fix first packet with inline
> > crypto")
> >
> > Signed-off-by: Ankur Dwivedi <adwivedi at marvell.com>
> > Acked-by: Anoob Joseph <anoobj at marvell.com>
> > Acked-by: Akhil Goyal <akhil.goyal at nxp.com>
> > ---
> >  examples/ipsec-secgw/sa.c | 25 ++++++++++++-------------
> >  1 file changed, 12 insertions(+), 13 deletions(-)
> >
> > diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c index
> > c75a5a15f5..04827d7e11 100644
> > --- a/examples/ipsec-secgw/sa.c
> > +++ b/examples/ipsec-secgw/sa.c
> > @@ -993,7 +993,6 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct
> > ipsec_sa entries[],
> >  		}
> >
> >  		if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
> > -			struct rte_ipsec_session *ips;
> >  			iv_length = 12;
> >
> >  			sa_ctx->xf[idx].a.type =
> > RTE_CRYPTO_SYM_XFORM_AEAD; @@ -1014,18 +1013,6 @@
> > sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
> >
> >  			sa->xforms = &sa_ctx->xf[idx].a;
> >
> > -			ips = ipsec_get_primary_session(sa);
> > -			if (ips->type ==
> > -
> > 	RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
> > -				ips->type ==
> > -
> > 	RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) {
> > -				rc = create_inline_session(skt_ctx, sa, ips);
> > -				if (rc != 0) {
> > -					RTE_LOG(ERR, IPSEC_ESP,
> > -						"create_inline_session()
> > failed\n");
> > -					return -EINVAL;
> > -				}
> > -			}
> >  			print_one_sa_rule(sa, inbound);
> >  		} else {
> >  			switch (sa->cipher_algo) {
> > @@ -1094,6 +1081,18 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct
> > ipsec_sa entries[],
> >
> >  			print_one_sa_rule(sa, inbound);
> >  		}
> > +
> > +		if (ips->type ==
> > +			RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
> > +			ips->type ==
> > +			RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) {
> > +			rc = create_inline_session(skt_ctx, sa, ips);
> > +			if (rc != 0) {
> > +				RTE_LOG(ERR, IPSEC_ESP,
> > +					"create_inline_session() failed\n");
> > +				return -EINVAL;
> > +			}
> > +		}
> >  	}
> >
> >  	return 0;
> > --
> > 2.20.1
> >
> > ---
> >   Diff of the applied patch vs upstream commit (please double-check if non-
> > empty:
> > ---
> > --- -	2020-02-27 09:31:55.915137861 +0000
> > +++ 0002-examples-ipsec-secgw-extend-inline-session-to-non-AE.patch
> > 	2020-02-27 09:31:55.631945112 +0000
> > @@ -1,26 +1,27 @@
> > -From b685f931e1ce33d287e3891d4f19ab07f8d2aa79 Mon Sep 17 00:00:00
> > 2001
> > +From 42b568622cf6345e311aee821d755963e786a704 Mon Sep 17 00:00:00
> > 2001
> >  From: Ankur Dwivedi <adwivedi at marvell.com>
> >  Date: Fri, 14 Feb 2020 12:08:18 +0530
> >  Subject: [PATCH] examples/ipsec-secgw: extend inline session to non AES-
> > GCM
> >
> > +[ upstream commit b685f931e1ce33d287e3891d4f19ab07f8d2aa79 ]
> > +
> >  This patch extends creation of inline session to all the algorithms.
> >  Previously the inline session was enabled only for AES-GCM cipher.
> >
> >  Fixes: 3a690d5a65e2 ("examples/ipsec-secgw: fix first packet with inline
> > crypto")
> > -Cc: stable at dpdk.org
> >
> >  Signed-off-by: Ankur Dwivedi <adwivedi at marvell.com>
> >  Acked-by: Anoob Joseph <anoobj at marvell.com>
> >  Acked-by: Akhil Goyal <akhil.goyal at nxp.com>
> >  ---
> > - examples/ipsec-secgw/sa.c | 26 ++++++++++++--------------
> > - 1 file changed, 12 insertions(+), 14 deletions(-)
> > + examples/ipsec-secgw/sa.c | 25 ++++++++++++-------------
> > + 1 file changed, 12 insertions(+), 13 deletions(-)
> >
> >  diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c -index
> > e75b687c46..4822d6bdaa 100644
> > +index c75a5a15f5..04827d7e11 100644
> >  --- a/examples/ipsec-secgw/sa.c
> >  +++ b/examples/ipsec-secgw/sa.c
> > -@@ -1057,7 +1057,6 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct
> > ipsec_sa entries[],
> > +@@ -993,7 +993,6 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct
> > +ipsec_sa entries[],
> >   		}
> >
> >   		if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) { @@ -
> > 28,11 +29,10 @@
> >   			iv_length = 12;
> >
> >   			sa_ctx->xf[idx].a.type =
> > RTE_CRYPTO_SYM_XFORM_AEAD; -@@ -1077,19 +1076,6 @@
> > sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
> > - 				sa->digest_len;
> > +@@ -1014,18 +1013,6 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct
> > +ipsec_sa entries[],
> >
> >   			sa->xforms = &sa_ctx->xf[idx].a;
> > --
> > +
> >  -			ips = ipsec_get_primary_session(sa);
> >  -			if (ips->type ==
> >  -
> > 	RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
> > @@ -45,13 +45,14 @@
> >  -					return -EINVAL;
> >  -				}
> >  -			}
> > + 			print_one_sa_rule(sa, inbound);
> >   		} else {
> >   			switch (sa->cipher_algo) {
> > - 			case RTE_CRYPTO_CIPHER_NULL:
> > -@@ -1156,6 +1142,18 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct
> > ipsec_sa entries[],
> > - 			sa->xforms = &sa_ctx->xf[idx].a;
> > - 		}
> > +@@ -1094,6 +1081,18 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct
> > +ipsec_sa entries[],
> >
> > + 			print_one_sa_rule(sa, inbound);
> > + 		}
> > ++
> >  +		if (ips->type ==
> >  +			RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
> >  +			ips->type ==
> > @@ -63,10 +64,9 @@
> >  +				return -EINVAL;
> >  +			}
> >  +		}
> > -+
> > - 		print_one_sa_rule(sa, inbound);
> >   	}
> >
> > + 	return 0;
> >  --
> >  2.20.1
> >


More information about the stable mailing list