From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 9FE2AA0C41
	for <public@inbox.dpdk.org>; Tue, 30 Nov 2021 17:44:00 +0100 (CET)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 8721541177;
	Tue, 30 Nov 2021 17:44:00 +0100 (CET)
Received: from smtp-relay-internal-0.canonical.com
 (smtp-relay-internal-0.canonical.com [185.125.188.122])
 by mails.dpdk.org (Postfix) with ESMTP id 8D25F410F7
 for <stable@dpdk.org>; Tue, 30 Nov 2021 17:43:59 +0100 (CET)
Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com
 [209.85.208.70])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 6E3C93F1B2
 for <stable@dpdk.org>; Tue, 30 Nov 2021 16:43:59 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
 s=20210705; t=1638290639;
 bh=rr1NBnlpPAOAD2dOarPJ0PWm8RV2q0hsPNw3p1guJfA=;
 h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
 MIME-Version;
 b=r1bWTz4MGpaqKv3rBkjm904V6fL8KsK3RDdz82uoVGWA3UCboi7UWFugDegntFRkW
 2x84wsOAFrsudLT66bjVY+kVKLV9ArI4mNDnWFHz6lIgaqnnUjLEo8jXOktC/uJ3mo
 kJHAsF8MbJf+rVgLIuv8bOkIKnD8oXLoS+OmOhwAJ0LwEGbJ0+AskaVkIHt+8SWTtX
 vnzWI1jGsmEXVLZsGBuKYJc0CaIQjzygknWy2d5exdUTOtHlbX0QezKTmIMoqTYyYh
 xKWh6j95IUAKFcFg2P94poqP4HriWDa+RBzP08qtTrhtXrCzn+8yhXQ0C49Uw0f8Vc
 WCN+j1s560Apg==
Received: by mail-ed1-f70.google.com with SMTP id
 bx28-20020a0564020b5c00b003e7c42443dbso17416153edb.15
 for <stable@dpdk.org>; Tue, 30 Nov 2021 08:43:59 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=rr1NBnlpPAOAD2dOarPJ0PWm8RV2q0hsPNw3p1guJfA=;
 b=RuST6U1/dnbpfp5J/IRyCJDlq6a8TXa+J4zACSrmZHiLONmvfVidxWfp/h1WM+a0bo
 QiEvnIWwhS+TgFshrC9VUsvdpcGZ92DaXLmv5hxivk+zL/NMcnP++cGVnCQZ6Sh8Ltr3
 XakmXR715mEwI70QjgmWVwop/1IRE6BaZmCrFIxCvT8hwGQbWs7TYs0InLIueN2DMYVP
 QWwkFLUc7jSt7iEYPwcfk5oNTnumfsQLHpXsNOcYYpHTwKsDsYeWTAfrE99r823lljnS
 jeQl299YcyPF3H8X69ncDWvYRXNTmNJMQiXxRHGq63+XAXXiHh3pFo0d4843i+7FcBsB
 7G1A==
X-Gm-Message-State: AOAM530EhARtKzQwJOzg/Jk1/eQomi+7ui++BFgpkAaQTKV+1ldeNnDD
 R8Gm9v3a05cZm3yNcyiItNkpw3uC7zz4sA1zCOzoks57yIg9altBImjDv0gyrrx+aFt0hQ9vTHk
 JYKGjBnL9XUatYdWGINTxNnyC
X-Received: by 2002:a17:906:382:: with SMTP id b2mr239808eja.13.1638290638906; 
 Tue, 30 Nov 2021 08:43:58 -0800 (PST)
X-Google-Smtp-Source: ABdhPJyu81x89xCdv8NOlsLkZxIAmmgfjlOFj4ApdlgJRVHzSDY3ANB+qBmokqlQAqoYy7OgwfIcVQ==
X-Received: by 2002:a17:906:382:: with SMTP id b2mr239783eja.13.1638290638708; 
 Tue, 30 Nov 2021 08:43:58 -0800 (PST)
Received: from localhost.localdomain ([2001:67c:1560:8007::aac:c4ad])
 by smtp.gmail.com with ESMTPSA id f16sm12779083edd.37.2021.11.30.08.43.57
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 30 Nov 2021 08:43:58 -0800 (PST)
From: christian.ehrhardt@canonical.com
To: Gagandeep Singh <g.singh@nxp.com>
Cc: Akhil Goyal <gakhil@marvell.com>,
	dpdk stable <stable@dpdk.org>
Subject: patch 'drivers/crypto: fix IPsec TTL decrement option' has been
 queued to stable release 19.11.11
Date: Tue, 30 Nov 2021 17:35:56 +0100
Message-Id: <20211130163605.2460997-152-christian.ehrhardt@canonical.com>
X-Mailer: git-send-email 2.34.0
In-Reply-To: <20211130163605.2460997-1-christian.ehrhardt@canonical.com>
References: <20211130163605.2460997-1-christian.ehrhardt@canonical.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org

Hi,

FYI, your patch has been queued to stable release 19.11.11

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before December 10th 2021. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/cpaelzer/dpdk-stable-queue

This queued commit can be viewed at:
https://github.com/cpaelzer/dpdk-stable-queue/commit/71476c8a7712ff6e4a530f856a5dc23d3c5ae152

Thanks.

Christian Ehrhardt <christian.ehrhardt@canonical.com>

---
>From 71476c8a7712ff6e4a530f856a5dc23d3c5ae152 Mon Sep 17 00:00:00 2001
From: Gagandeep Singh <g.singh@nxp.com>
Date: Thu, 18 Nov 2021 12:30:18 +0530
Subject: [PATCH] drivers/crypto: fix IPsec TTL decrement option

[ upstream commit 0aa5986c280f34893b2a6bacf044cff31484fe0c ]

dpaa, dpaa2 and caam_jr drivers decrement the inner IP header
TTL for all packets and ignoring the dec_ttl option of SA.

In this patch, using the dec_ttl to decide to decrement the
packets inner IP header TTL or not.

Fixes: 0a23d4b6f4c2 ("crypto/dpaa2_sec: support protocol offload IPsec")
Fixes: 3e33486f80a5 ("crypto/caam_jr: add security offload")
Fixes: 1f14d500bce1 ("crypto/dpaa_sec: support IPsec protocol offload")

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
---
 drivers/crypto/caam_jr/caam_jr.c            | 5 +++--
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 3 ++-
 drivers/crypto/dpaa_sec/dpaa_sec.c          | 4 +++-
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index 74bb3c3ed4..143dd9df76 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1888,8 +1888,9 @@ caam_jr_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
 		session->encap_pdb.options =
 			(IPVERSION << PDBNH_ESP_ENCAP_SHIFT) |
 			PDBOPTS_ESP_OIHI_PDB_INL |
-			PDBOPTS_ESP_IVSRC |
-			PDBHMO_ESP_ENCAP_DTTL;
+			PDBOPTS_ESP_IVSRC;
+		if (ipsec_xform->options.dec_ttl)
+			session->encap_pdb.options |= PDBHMO_ESP_ENCAP_DTTL;
 		if (ipsec_xform->options.esn)
 			session->encap_pdb.options |= PDBOPTS_ESP_ESN;
 		session->encap_pdb.spi = ipsec_xform->spi;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index cebe590e67..e6691c6cd0 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -2834,8 +2834,9 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
 		encap_pdb.options = (IPVERSION << PDBNH_ESP_ENCAP_SHIFT) |
 			PDBOPTS_ESP_OIHI_PDB_INL |
 			PDBOPTS_ESP_IVSRC |
-			PDBHMO_ESP_ENCAP_DTTL |
 			PDBHMO_ESP_SNR;
+		if (ipsec_xform->options.dec_ttl)
+			encap_pdb.options |= PDBHMO_ESP_ENCAP_DTTL;
 		if (ipsec_xform->options.esn)
 			encap_pdb.options |= PDBOPTS_ESP_ESN;
 		encap_pdb.spi = ipsec_xform->spi;
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index f5471120f3..1a4a296ae2 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -2781,12 +2781,14 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
 			session->encap_pdb.ip_hdr_len =
 						sizeof(struct rte_ipv6_hdr);
 		}
+
 		session->encap_pdb.options =
 			(IPVERSION << PDBNH_ESP_ENCAP_SHIFT) |
 			PDBOPTS_ESP_OIHI_PDB_INL |
 			PDBOPTS_ESP_IVSRC |
-			PDBHMO_ESP_ENCAP_DTTL |
 			PDBHMO_ESP_SNR;
+		if (ipsec_xform->options.dec_ttl)
+			session->encap_pdb.options |= PDBHMO_ESP_ENCAP_DTTL;
 		if (ipsec_xform->options.esn)
 			session->encap_pdb.options |= PDBOPTS_ESP_ESN;
 		session->encap_pdb.spi = ipsec_xform->spi;
-- 
2.34.0

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2021-11-30 16:50:14.696736658 +0100
+++ 0152-drivers-crypto-fix-IPsec-TTL-decrement-option.patch	2021-11-30 16:50:06.130876025 +0100
@@ -1 +1 @@
-From 0aa5986c280f34893b2a6bacf044cff31484fe0c Mon Sep 17 00:00:00 2001
+From 71476c8a7712ff6e4a530f856a5dc23d3c5ae152 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 0aa5986c280f34893b2a6bacf044cff31484fe0c ]
+
@@ -15 +16,0 @@
-Cc: stable@dpdk.org
@@ -26 +27 @@
-index 8c56610ac8..5909eca6e4 100644
+index 74bb3c3ed4..143dd9df76 100644
@@ -29 +30 @@
-@@ -1881,8 +1881,9 @@ caam_jr_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
+@@ -1888,8 +1888,9 @@ caam_jr_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
@@ -42 +43 @@
-index cb2ad435bf..2e8e4c6adf 100644
+index cebe590e67..e6691c6cd0 100644
@@ -45 +46 @@
-@@ -2935,8 +2935,9 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
+@@ -2834,8 +2834,9 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
@@ -57 +58 @@
-index 454b9c4785..9a7d5eb8b7 100644
+index f5471120f3..1a4a296ae2 100644
@@ -60 +61 @@
-@@ -2898,12 +2898,14 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
+@@ -2781,12 +2781,14 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,