From: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>
To: "Iremonger, Bernard" <bernard.iremonger@intel.com>,
"dev@dpdk.org" <dev@dpdk.org>,
"akhil.goyal@nxp.com" <akhil.goyal@nxp.com>
Cc: "stable@dpdk.org" <stable@dpdk.org>
Subject: Re: [PATCH 2/6] examples/ipsec-secgw: fix 1st packet dropped patch two
Date: Wed, 6 Mar 2019 19:39:58 +0000 [thread overview]
Message-ID: <2601191342CEEE43887BDE71AB9772580124140E49@irsmsx105.ger.corp.intel.com> (raw)
In-Reply-To: <1551888011-27692-3-git-send-email-bernard.iremonger@intel.com>
Hi Bernard,
>
> Call create_inline_session() at initialisition in sa.c
> Call rte_ipsec_session_prepare() in fill_ipsec_session() for inline.
Here and in other places - it probably worth to explain what is the purpose
for these changes.
As a side notice, as these series fixes that problem, it probably worse to add a patch
into series that removes the following:
# to overcome problem with ipsec-secgw for inline mode,
# when first packet(s) will be always dropped.
# note that ping will fail here
ssh ${REMOTE_HOST} ping -c 1 ${LOCAL_IPV4}
from examples/ipsec-secgw/test/(tun|trs)_aesgcm_defs.sh
Konstantin
>
> Fixes: ec17993a145a ("examples/ipsec-secgw: support security offload")
> Cc: stable@dpdk.org
> Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
> ---
> examples/ipsec-secgw/sa.c | 46 ++++++++++++++++++++++++++++++++++++----------
> 1 file changed, 36 insertions(+), 10 deletions(-)
>
> diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
> index 414fcd2..7fb1929 100644
> --- a/examples/ipsec-secgw/sa.c
> +++ b/examples/ipsec-secgw/sa.c
> @@ -762,11 +762,13 @@ check_eth_dev_caps(uint16_t portid, uint32_t inbound)
>
> static int
> sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
> - uint32_t nb_entries, uint32_t inbound)
> + uint32_t nb_entries, uint32_t inbound,
> + struct socket_ctx *skt_ctx)
> {
> struct ipsec_sa *sa;
> uint32_t i, idx;
> uint16_t iv_length, aad_length;
> + int32_t rc;
>
> /* for ESN upper 32 bits of SQN also need to be part of AAD */
> aad_length = (app_sa_prm.enable_esn != 0) ? sizeof(uint32_t) : 0;
> @@ -819,6 +821,17 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
>
> sa->xforms = &sa_ctx->xf[idx].a;
>
> + if (sa->type ==
> + RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
> + sa->type ==
> + RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) {
> + rc = create_inline_session(skt_ctx, sa);
> + if (rc != 0) {
> + RTE_LOG(ERR, IPSEC_ESP,
> + "create_inline_session() failed\n");
> + return -EINVAL;
> + }
> + }
> print_one_sa_rule(sa, inbound);
> } else {
> switch (sa->cipher_algo) {
> @@ -894,16 +907,16 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
>
> static inline int
> sa_out_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
> - uint32_t nb_entries)
> + uint32_t nb_entries, struct socket_ctx *skt_ctx)
> {
> - return sa_add_rules(sa_ctx, entries, nb_entries, 0);
> + return sa_add_rules(sa_ctx, entries, nb_entries, 0, skt_ctx);
> }
>
> static inline int
> sa_in_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
> - uint32_t nb_entries)
> + uint32_t nb_entries, struct socket_ctx *skt_ctx)
> {
> - return sa_add_rules(sa_ctx, entries, nb_entries, 1);
> + return sa_add_rules(sa_ctx, entries, nb_entries, 1, skt_ctx);
> }
>
> /*
> @@ -997,10 +1010,12 @@ fill_ipsec_sa_prm(struct rte_ipsec_sa_prm *prm, const struct ipsec_sa *ss,
> return 0;
> }
>
> -static void
> +static int
> fill_ipsec_session(struct rte_ipsec_session *ss, struct rte_ipsec_sa *sa,
> const struct ipsec_sa *lsa)
> {
> + int32_t rc = 0;
> +
> ss->sa = sa;
> ss->type = lsa->type;
>
> @@ -1013,6 +1028,17 @@ fill_ipsec_session(struct rte_ipsec_session *ss, struct rte_ipsec_sa *sa,
> ss->security.ctx = lsa->security_ctx;
> ss->security.ol_flags = lsa->ol_flags;
> }
> +
> + if (ss->type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO ||
> + ss->type == RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) {
> + if (ss->security.ses != NULL) {
> + rc = rte_ipsec_session_prepare(ss);
> + if (rc != 0)
> + memset(ss, 0, sizeof(*ss));
> + }
> + }
> +
> + return rc;
> }
>
> /*
> @@ -1047,8 +1073,8 @@ ipsec_sa_init(struct ipsec_sa *lsa, struct rte_ipsec_sa *sa, uint32_t sa_size)
> if (rc < 0)
> return rc;
>
> - fill_ipsec_session(&lsa->ips, sa, lsa);
> - return 0;
> + rc = fill_ipsec_session(&lsa->ips, sa, lsa);
> + return rc;
> }
>
> /*
> @@ -1126,7 +1152,7 @@ sa_init(struct socket_ctx *ctx, int32_t socket_id)
> "context %s in socket %d\n", rte_errno,
> name, socket_id);
>
> - sa_in_add_rules(ctx->sa_in, sa_in, nb_sa_in);
> + sa_in_add_rules(ctx->sa_in, sa_in, nb_sa_in, ctx);
>
> if (app_sa_prm.enable != 0) {
> rc = ipsec_satbl_init(ctx->sa_in, sa_in, nb_sa_in,
> @@ -1146,7 +1172,7 @@ sa_init(struct socket_ctx *ctx, int32_t socket_id)
> "context %s in socket %d\n", rte_errno,
> name, socket_id);
>
> - sa_out_add_rules(ctx->sa_out, sa_out, nb_sa_out);
> + sa_out_add_rules(ctx->sa_out, sa_out, nb_sa_out, ctx);
>
> if (app_sa_prm.enable != 0) {
> rc = ipsec_satbl_init(ctx->sa_out, sa_out, nb_sa_out,
> --
> 2.7.4
next prev parent reply other threads:[~2019-03-06 19:39 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-06 16:00 [PATCH 0/6] examples/ipsec-secgw: fix 1st pkt dropped Bernard Iremonger
2019-03-06 16:00 ` [PATCH 1/6] examples/ipsec-secgw: fix 1st pkt dropped for inline crypto Bernard Iremonger
2019-03-06 16:00 ` [PATCH 2/6] examples/ipsec-secgw: fix 1st packet dropped patch two Bernard Iremonger
2019-03-06 19:39 ` Ananyev, Konstantin [this message]
2019-03-07 9:54 ` Iremonger, Bernard
2019-03-06 16:00 ` [PATCH 3/6] examples/ipsec-secgw: fix 1st packet dropped patch three Bernard Iremonger
2019-03-06 16:00 ` [PATCH 4/6] examples/ipsec-secgw: fix debug in esp.c Bernard Iremonger
2019-03-06 16:00 ` [PATCH 5/6] examples/ipsec-secgw: fix debug in sa.c Bernard Iremonger
2019-03-06 16:00 ` [PATCH 6/6] examples/ipsec-secgw: fix debug in ipsec-secgw.c Bernard Iremonger
2019-03-06 16:14 ` [PATCH 0/6] examples/ipsec-secgw: fix 1st pkt dropped Akhil Goyal
2019-03-07 10:06 ` Iremonger, Bernard
2019-03-07 14:57 ` [PATCH v2 0/2] " Bernard Iremonger
2019-03-08 15:35 ` Ananyev, Konstantin
2019-04-04 13:28 ` [PATCH v3 " Bernard Iremonger
2019-04-05 11:15 ` [dpdk-dev] " Ananyev, Konstantin
2019-04-17 13:42 ` [dpdk-dev] [PATCH v4 " Bernard Iremonger
2019-06-06 11:12 ` [dpdk-dev] [PATCH v5 " Bernard Iremonger
2019-06-12 14:51 ` [dpdk-dev] [PATCH v6 " Bernard Iremonger
2019-07-10 11:23 ` [dpdk-dev] [PATCH v7 " Bernard Iremonger
2019-07-19 12:53 ` Akhil Goyal
2019-07-19 13:03 ` Iremonger, Bernard
2019-07-19 15:40 ` Iremonger, Bernard
2019-07-10 11:23 ` [dpdk-dev] [PATCH v7 1/2] examples/ipsec-secgw: fix 1st pkt dropped for inline crypto Bernard Iremonger
2019-07-10 11:23 ` [dpdk-dev] [PATCH v7 2/2] examples/ipsec-secgw/test: fix inline test scripts Bernard Iremonger
2019-06-12 14:52 ` [dpdk-dev] [PATCH v6 1/2] examples/ipsec-secgw: fix 1st pkt dropped for inline crypto Bernard Iremonger
2019-06-13 12:34 ` Ananyev, Konstantin
2019-07-03 10:04 ` Akhil Goyal
2019-07-03 10:13 ` Iremonger, Bernard
2019-07-03 10:18 ` Akhil Goyal
2019-07-03 10:30 ` Iremonger, Bernard
2019-07-03 10:32 ` Akhil Goyal
2019-06-12 14:52 ` [dpdk-dev] [PATCH v6 2/2] examples/ipsec-secgw/test: fix inline test scripts Bernard Iremonger
2019-06-13 12:34 ` Ananyev, Konstantin
2019-06-06 11:12 ` [dpdk-dev] [PATCH v5 1/2] examples/ipsec-secgw: fix 1st pkt dropped for inline crypto Bernard Iremonger
2019-06-11 15:29 ` Ananyev, Konstantin
2019-06-12 9:29 ` Iremonger, Bernard
2019-06-06 11:12 ` [dpdk-dev] [PATCH v5 2/2] examples/ipsec-secgw/test: fix inline test scripts Bernard Iremonger
2019-04-17 13:42 ` [dpdk-dev] [PATCH v4 1/2] examples/ipsec-secgw: fix 1st packet dropped for inline crypto Bernard Iremonger
2019-04-17 13:42 ` [dpdk-dev] [PATCH v4 2/2] examples/ipsec-secgw/test: fix inline test scripts Bernard Iremonger
2019-04-04 13:28 ` [PATCH v3 1/2] examples/ipsec-secgw: fix 1st packet dropped for inline crypto Bernard Iremonger
2019-04-17 11:51 ` [dpdk-dev] " Akhil Goyal
2019-04-17 12:53 ` Iremonger, Bernard
2019-04-17 13:01 ` [dpdk-dev] [EXT] " Akhil Goyal
2019-04-04 13:28 ` [PATCH v3 2/2] examples/ipsec-secgw/test: fix inline test scripts Bernard Iremonger
2019-03-07 14:57 ` [PATCH v2 1/2] examples/ipsec-secgw: fix 1st pkt dropped for inline crypto Bernard Iremonger
2019-03-22 13:18 ` Akhil Goyal
2019-03-26 10:22 ` Iremonger, Bernard
2019-03-26 11:04 ` Akhil Goyal
2019-03-26 11:41 ` Iremonger, Bernard
2019-03-26 11:48 ` Akhil Goyal
2019-03-26 12:29 ` Ananyev, Konstantin
2019-03-26 12:55 ` Akhil Goyal
2019-03-07 14:57 ` [PATCH v2 2/2] examples/ipsec-secgw/test: fix inline test scripts Bernard Iremonger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2601191342CEEE43887BDE71AB9772580124140E49@irsmsx105.ger.corp.intel.com \
--to=konstantin.ananyev@intel.com \
--cc=akhil.goyal@nxp.com \
--cc=bernard.iremonger@intel.com \
--cc=dev@dpdk.org \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.