From: Akhil Goyal <akhil.goyal@nxp.com>
To: Bernard Iremonger <bernard.iremonger@intel.com>,
"dev@dpdk.org" <dev@dpdk.org>,
"konstantin.ananyev@intel.com" <konstantin.ananyev@intel.com>
Cc: "stable@dpdk.org" <stable@dpdk.org>
Subject: Re: [dpdk-dev] [PATCH v4 1/2] examples/ipsec-secgw: fix 1st packet dropped for inline crypto
Date: Thu, 18 Apr 2019 13:51:19 +0000 [thread overview]
Message-ID: <VI1PR04MB48935FACF4F7C3E71B6D549AE6260@VI1PR04MB4893.eurprd04.prod.outlook.com> (raw)
Message-ID: <20190418135119.sItq_VGlMEF9zcqDzfl6HEb44nHQRTh2eHRdjaypXnI@z> (raw)
Hi Bernard,
> - RTE_LOG_DP(DEBUG, IPSEC, "Create session for SA spi %u on cryptodev "
> - "%u qp %u\n", sa->spi,
> - ipsec_ctx->tbl[cdev_id_qp].id,
> - ipsec_ctx->tbl[cdev_id_qp].qp);
> + if ((sa == NULL) || (pool == NULL))
> + return -EINVAL;
>
> - if (sa->type != RTE_SECURITY_ACTION_TYPE_NONE) {
> - struct rte_security_session_conf sess_conf = {
> + struct rte_security_session_conf sess_conf = {
> .action_type = sa->type,
> .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
> {.ipsec = {
> @@ -90,247 +65,340 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct
> ipsec_sa *sa)
> } },
> .crypto_xform = sa->xforms,
> .userdata = NULL,
> -
> };
>
> - if (sa->type == RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
> {
> - struct rte_security_ctx *ctx = (struct rte_security_ctx *)
> - rte_cryptodev_get_sec_ctx(
> - ipsec_ctx->tbl[cdev_id_qp].id);
> -
> - /* Set IPsec parameters in conf */
> - set_ipsec_conf(sa, &(sess_conf.ipsec));
> -
> - sa->sec_session = rte_security_session_create(ctx,
> - &sess_conf, ipsec_ctx->session_pool);
> - if (sa->sec_session == NULL) {
> - RTE_LOG(ERR, IPSEC,
> - "SEC Session init failed: err: %d\n", ret);
> - return -1;
> - }
> - } else if (sa->type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) {
> - struct rte_flow_error err;
> - struct rte_security_ctx *ctx = (struct rte_security_ctx *)
> - rte_eth_dev_get_sec_ctx(
> - sa->portid);
> - const struct rte_security_capability *sec_cap;
> - int ret = 0;
> -
> - sa->sec_session = rte_security_session_create(ctx,
> - &sess_conf, ipsec_ctx->session_pool);
> - if (sa->sec_session == NULL) {
> - RTE_LOG(ERR, IPSEC,
> - "SEC Session init failed: err: %d\n", ret);
> - return -1;
> - }
> + if (sa->type == RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) {
> + ctx = (struct rte_security_ctx *)
> + rte_eth_dev_get_sec_ctx(sa->portid);
This is breaking the lookaside mode. Ctx was retrieved using the ipsec_ctx->tbl
struct rte_security_ctx *ctx = (struct rte_security_ctx *)
rte_cryptodev_get_sec_ctx(
ipsec_ctx->tbl[cdev_id_qp].id);
I am looking into it, but I don't have time left to get it integrated in RC2. So this has to be pushed to RC3
>
> - sec_cap = rte_security_capabilities_get(ctx);
> + /* Set IPsec parameters in conf */
> + set_ipsec_conf(sa, &(sess_conf.ipsec));
>
> - /* iterate until ESP tunnel*/
> - while (sec_cap->action !=
> - RTE_SECURITY_ACTION_TYPE_NONE) {
> + sa->sec_session = rte_security_session_create(ctx,
> + &sess_conf, pool);
> + if (sa->sec_session == NULL) {
> + RTE_LOG(ERR, IPSEC,
> + "SEC Session init failed: err: %d\n",
> + ret);
> + return -1;
> + }
next reply other threads:[~2019-04-18 13:51 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-18 13:51 Akhil Goyal [this message]
2019-04-18 13:51 ` Akhil Goyal
2019-04-18 14:58 ` Iremonger, Bernard
2019-04-18 14:58 ` Iremonger, Bernard
2019-04-18 15:23 ` Iremonger, Bernard
2019-04-18 15:23 ` Iremonger, Bernard
2019-04-23 11:14 ` Akhil Goyal
2019-04-23 11:14 ` Akhil Goyal
2019-04-23 13:21 ` Ananyev, Konstantin
2019-04-23 13:21 ` Ananyev, Konstantin
2019-04-23 13:32 ` Akhil Goyal
2019-04-23 13:32 ` Akhil Goyal
2019-04-23 14:04 ` Ananyev, Konstantin
2019-04-23 14:04 ` Ananyev, Konstantin
2019-04-24 6:34 ` Akhil Goyal
2019-04-24 6:34 ` Akhil Goyal
2019-04-24 10:40 ` Iremonger, Bernard
2019-04-24 10:40 ` Iremonger, Bernard
2019-05-13 14:29 ` Ananyev, Konstantin
2019-05-13 14:29 ` Ananyev, Konstantin
2019-05-27 8:58 ` Iremonger, Bernard
-- strict thread matches above, loose matches on Subject: below --
2019-04-22 6:25 Akhil Goyal
2019-04-22 6:25 ` Akhil Goyal
2019-04-04 13:28 [dpdk-dev] [PATCH v3 0/2] examples/ipsec-secgw: fix 1st pkt dropped Bernard Iremonger
2019-04-17 13:42 ` [dpdk-dev] [PATCH v4 1/2] examples/ipsec-secgw: fix 1st packet dropped for inline crypto Bernard Iremonger
2019-04-17 13:42 ` Bernard Iremonger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=VI1PR04MB48935FACF4F7C3E71B6D549AE6260@VI1PR04MB4893.eurprd04.prod.outlook.com \
--to=akhil.goyal@nxp.com \
--cc=bernard.iremonger@intel.com \
--cc=dev@dpdk.org \
--cc=konstantin.ananyev@intel.com \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).