From: Kevin Traynor <ktraynor@redhat.com>
To: Radu Nicolau <radu.nicolau@intel.com>
Cc: Qi Zhang <qi.z.zhang@intel.com>, dpdk stable <stable@dpdk.org>
Subject: patch 'net/iavf: support NAT-T / UDP encapsulation' has been queued to stable release 21.11.1
Date: Tue, 8 Mar 2022 14:14:30 +0000 [thread overview]
Message-ID: <20220308141500.286915-15-ktraynor@redhat.com> (raw)
In-Reply-To: <20220308141500.286915-1-ktraynor@redhat.com>
Hi,
FYI, your patch has been queued to stable release 21.11.1
Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 03/14/22. So please
shout if anyone has objections.
Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.
Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable
This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable/commit/9b441b496390b1109fd97a6d4366030304aafeb6
Thanks.
Kevin
---
From 9b441b496390b1109fd97a6d4366030304aafeb6 Mon Sep 17 00:00:00 2001
From: Radu Nicolau <radu.nicolau@intel.com>
Date: Mon, 28 Feb 2022 15:00:22 +0000
Subject: [PATCH] net/iavf: support NAT-T / UDP encapsulation
[ upstream commit 578da1bd2025419f8d0fef420770cbdf419b4c29 ]
Add support for NAT-T / UDP encapsulated ESP.
This fixes the inline crypto feature for iAVF which will not
function properly without setting the UDP encapsulation options.
Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto")
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Reviewed-by: Qi Zhang <qi.z.zhang@intel.com>
---
drivers/common/iavf/virtchnl_inline_ipsec.h | 9 +++++++++
drivers/net/iavf/iavf_ipsec_crypto.c | 16 +++++++++++++---
drivers/net/iavf/iavf_ipsec_crypto.h | 4 +++-
3 files changed, 25 insertions(+), 4 deletions(-)
diff --git a/drivers/common/iavf/virtchnl_inline_ipsec.h b/drivers/common/iavf/virtchnl_inline_ipsec.h
index 1e9134501e..2f4bf15725 100644
--- a/drivers/common/iavf/virtchnl_inline_ipsec.h
+++ b/drivers/common/iavf/virtchnl_inline_ipsec.h
@@ -447,4 +447,13 @@ struct virtchnl_ipsec_sp_cfg {
/* Set TC (congestion domain) if true. For future use. */
u8 set_tc;
+
+ /* 0 for NAT-T unsupported, 1 for NAT-T supported */
+ u8 is_udp;
+
+ /* reserved */
+ u8 reserved;
+
+ /* NAT-T UDP port number. Only valid in case NAT-T supported */
+ u16 udp_port;
} __rte_packed;
diff --git a/drivers/net/iavf/iavf_ipsec_crypto.c b/drivers/net/iavf/iavf_ipsec_crypto.c
index a63e42f29a..d6875eb6aa 100644
--- a/drivers/net/iavf/iavf_ipsec_crypto.c
+++ b/drivers/net/iavf/iavf_ipsec_crypto.c
@@ -737,5 +737,7 @@ iavf_ipsec_crypto_inbound_security_policy_add(struct iavf_adapter *adapter,
rte_be32_t v4_dst_addr,
uint8_t *v6_dst_addr,
- uint8_t drop)
+ uint8_t drop,
+ bool is_udp,
+ uint16_t udp_port)
{
struct inline_ipsec_msg *request = NULL, *response = NULL;
@@ -782,4 +784,6 @@ iavf_ipsec_crypto_inbound_security_policy_add(struct iavf_adapter *adapter,
request->ipsec_data.sp_cfg->set_tc = 0;
request->ipsec_data.sp_cfg->cgd = 0;
+ request->ipsec_data.sp_cfg->is_udp = is_udp;
+ request->ipsec_data.sp_cfg->udp_port = htons(udp_port);
response_len = sizeof(struct inline_ipsec_msg) +
@@ -1626,4 +1630,5 @@ struct iavf_ipsec_flow_item {
};
struct rte_udp_hdr udp_hdr;
+ uint8_t is_udp;
};
@@ -1738,4 +1743,5 @@ iavf_ipsec_flow_item_parse(struct rte_eth_dev *ethdev,
pattern[2].spec,
&ipsec_flow->udp_hdr);
+ ipsec_flow->is_udp = true;
ipsec_flow->spi =
((const struct rte_flow_item_esp *)
@@ -1807,5 +1813,7 @@ iavf_ipsec_flow_create(struct iavf_adapter *ad,
ipsec_flow->ipv4_hdr.dst_addr,
NULL,
- 0);
+ 0,
+ ipsec_flow->is_udp,
+ ipsec_flow->udp_hdr.dst_port);
} else {
ipsec_flow->id =
@@ -1815,5 +1823,7 @@ iavf_ipsec_flow_create(struct iavf_adapter *ad,
0,
ipsec_flow->ipv6_hdr.dst_addr,
- 0);
+ 0,
+ ipsec_flow->is_udp,
+ ipsec_flow->udp_hdr.dst_port);
}
diff --git a/drivers/net/iavf/iavf_ipsec_crypto.h b/drivers/net/iavf/iavf_ipsec_crypto.h
index 687541077a..8ea0f9540e 100644
--- a/drivers/net/iavf/iavf_ipsec_crypto.h
+++ b/drivers/net/iavf/iavf_ipsec_crypto.h
@@ -146,5 +146,7 @@ iavf_ipsec_crypto_inbound_security_policy_add(struct iavf_adapter *adapter,
rte_be32_t v4_dst_addr,
uint8_t *v6_dst_addr,
- uint8_t drop);
+ uint8_t drop,
+ bool is_udp,
+ uint16_t udp_port);
/**
--
2.34.1
---
Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- - 2022-03-08 13:55:28.814465021 +0000
+++ 0015-net-iavf-support-NAT-T-UDP-encapsulation.patch 2022-03-08 13:55:28.410314926 +0000
@@ -1 +1 @@
-From 578da1bd2025419f8d0fef420770cbdf419b4c29 Mon Sep 17 00:00:00 2001
+From 9b441b496390b1109fd97a6d4366030304aafeb6 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 578da1bd2025419f8d0fef420770cbdf419b4c29 ]
+
@@ -11 +12,0 @@
-Cc: stable@dpdk.org
next prev parent reply other threads:[~2022-03-08 14:15 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-08 14:14 patch 'event/cnxk: fix sub-event clearing mask length' " Kevin Traynor
2022-03-08 14:14 ` patch 'event/cnxk: fix Rx adapter config check' " Kevin Traynor
2022-03-08 14:14 ` patch 'event/dlb2: add shift value check in sparse dequeue' " Kevin Traynor
2022-03-08 14:14 ` patch 'app/compress-perf: fix cycle count operations allocation' " Kevin Traynor
2022-03-08 14:14 ` patch 'app/compress-perf: optimize operations pool " Kevin Traynor
2022-03-08 14:14 ` patch 'compress/mlx5: support out-of-space status' " Kevin Traynor
2022-03-08 14:14 ` patch 'app/compress-perf: fix socket ID type during init' " Kevin Traynor
2022-03-08 14:14 ` patch 'app/compress-perf: fix number of queue pairs to setup' " Kevin Traynor
2022-03-08 14:14 ` patch 'compressdev: fix socket ID type' " Kevin Traynor
2022-03-08 14:14 ` patch 'net/hns3: remove duplicate macro definition' " Kevin Traynor
2022-03-08 14:14 ` patch 'net/hns3: fix RSS TC mode entry' " Kevin Traynor
2022-03-08 14:14 ` patch 'net/hns3: fix VF " Kevin Traynor
2022-03-08 14:14 ` patch 'net/hns3: increase time waiting for PF reset completion' " Kevin Traynor
2022-03-08 14:14 ` patch 'net/ixgbe: fix FSP check for X550EM devices' " Kevin Traynor
2022-03-08 14:14 ` Kevin Traynor [this message]
2022-03-08 14:14 ` patch 'net/iavf: fix function pointer in multi-process' " Kevin Traynor
2022-03-08 14:14 ` patch 'net/mlx5: fix indexed pool fetch overlap' " Kevin Traynor
2022-03-08 14:14 ` patch 'net/mlx5: fix destroying empty matchers list' " Kevin Traynor
2022-03-08 14:14 ` patch 'net/mlx5: fix shared counter flag in flow validation' " Kevin Traynor
2022-03-08 14:14 ` patch 'net/mlx5: fix check in count action " Kevin Traynor
2022-03-08 14:14 ` patch 'net/txgbe: fix queue statistics mapping' " Kevin Traynor
2022-03-08 14:14 ` patch 'net/kni: fix config initialization' " Kevin Traynor
2022-03-08 14:14 ` patch 'doc: fix typos and punctuation in flow API guide' " Kevin Traynor
2022-03-08 14:14 ` patch 'net/mlx5: fix GRE item translation in Verbs' " Kevin Traynor
2022-03-08 14:14 ` patch 'net/mlx5: reduce flex item flow handle size' " Kevin Traynor
2022-03-08 14:14 ` patch 'net/mlx5: fix matcher priority with ICMP or ICMPv6' " Kevin Traynor
2022-03-08 14:14 ` patch 'net/mlx5: fix flex item header length translation' " Kevin Traynor
2022-03-08 14:14 ` patch 'net/iavf: fix AES-GMAC IV size' " Kevin Traynor
2022-03-08 14:14 ` patch 'common/cnxk: fix bitmap usage for TM' " Kevin Traynor
2022-03-08 14:14 ` patch 'common/cnxk: fix mbuf data offset for VF' " Kevin Traynor
2022-03-08 14:14 ` patch 'net/ice: fix Tx offload path choice' " Kevin Traynor
2022-03-08 14:14 ` patch 'vhost: fix linker script syntax' " Kevin Traynor
2022-03-08 14:14 ` patch 'examples/vhost: fix launch with physical port' " Kevin Traynor
2022-03-08 14:14 ` patch 'eal/linux: fix device monitor stop return' " Kevin Traynor
2022-03-08 14:14 ` patch 'sched: remove useless malloc in PIE data init' " Kevin Traynor
2022-03-08 14:14 ` patch 'gpu/cuda: fix dependency loading path' " Kevin Traynor
2022-03-08 14:14 ` patch 'raw/ifpga: fix variable initialization in probing' " Kevin Traynor
2022-03-08 14:14 ` patch 'raw/ifpga: fix interrupt handle allocation' " Kevin Traynor
2022-03-08 14:14 ` patch 'raw/ifpga: fix monitor thread' " Kevin Traynor
2022-03-08 14:14 ` patch 'app/pdump: abort on multi-core capture limit' " Kevin Traynor
2022-03-08 14:14 ` patch 'pcapng: handle failure of link status query' " Kevin Traynor
2022-03-08 14:14 ` patch 'test/bpf: skip dump if conversion fails' " Kevin Traynor
2022-03-08 14:14 ` patch 'app/dumpcap: check for failure to set promiscuous' " Kevin Traynor
2022-03-08 14:14 ` patch 'examples/distributor: reduce Tx queue number to 1' " Kevin Traynor
2022-03-08 14:15 ` patch 'examples/flow_classify: fix failure message' " Kevin Traynor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220308141500.286915-15-ktraynor@redhat.com \
--to=ktraynor@redhat.com \
--cc=qi.z.zhang@intel.com \
--cc=radu.nicolau@intel.com \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).