From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 16E12A00C2
	for <public@inbox.dpdk.org>; Tue,  8 Mar 2022 15:15:52 +0100 (CET)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 127E34068E;
	Tue,  8 Mar 2022 15:15:52 +0100 (CET)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
 by mails.dpdk.org (Postfix) with ESMTP id 3C8F4406B4
 for <stable@dpdk.org>; Tue,  8 Mar 2022 15:15:51 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1646748950;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=y84VtMMuRpwygbH1kq1HDjYYt2q7VXb/Cez+vRUsZng=;
 b=fxSjjYf0K7JesrdxaLG5NvQ/x73NWKzaRRfe8hFEuKu46zJdWgeEdrgeUL4EjBKe4MQED5
 0N/+4+4bttXn6POiXyF8NXJXhySTsH8iC9yLHGc993kwwLu5o6xbKrOhWgBukd8Eh7ahwi
 fjezDh3Jfvv27M8dh/pjEUJEiCK3mAE=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-232-YYcQtscnPhGEKlPMRmi8DA-1; Tue, 08 Mar 2022 09:15:47 -0500
X-MC-Unique: YYcQtscnPhGEKlPMRmi8DA-1
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 6D91F824FA8;
 Tue,  8 Mar 2022 14:15:46 +0000 (UTC)
Received: from rh.Home (unknown [10.39.195.190])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 6B09685EE5;
 Tue,  8 Mar 2022 14:15:45 +0000 (UTC)
From: Kevin Traynor <ktraynor@redhat.com>
To: Radu Nicolau <radu.nicolau@intel.com>
Cc: Qi Zhang <qi.z.zhang@intel.com>,
	dpdk stable <stable@dpdk.org>
Subject: patch 'net/iavf: support NAT-T / UDP encapsulation' has been queued
 to stable release 21.11.1
Date: Tue,  8 Mar 2022 14:14:30 +0000
Message-Id: <20220308141500.286915-15-ktraynor@redhat.com>
In-Reply-To: <20220308141500.286915-1-ktraynor@redhat.com>
References: <20220308141500.286915-1-ktraynor@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
Authentication-Results: relay.mimecast.com;
 auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=ktraynor@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org

Hi,

FYI, your patch has been queued to stable release 21.11.1

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 03/14/22. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable

This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable/commit/9b441b496390b1109fd97a6d4366030304aafeb6

Thanks.

Kevin

---
>From 9b441b496390b1109fd97a6d4366030304aafeb6 Mon Sep 17 00:00:00 2001
From: Radu Nicolau <radu.nicolau@intel.com>
Date: Mon, 28 Feb 2022 15:00:22 +0000
Subject: [PATCH] net/iavf: support NAT-T / UDP encapsulation

[ upstream commit 578da1bd2025419f8d0fef420770cbdf419b4c29 ]

Add support for NAT-T / UDP encapsulated ESP.
This fixes the inline crypto feature for iAVF which will not
function properly without setting the UDP encapsulation options.

Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto")

Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Reviewed-by: Qi Zhang <qi.z.zhang@intel.com>
---
 drivers/common/iavf/virtchnl_inline_ipsec.h |  9 +++++++++
 drivers/net/iavf/iavf_ipsec_crypto.c        | 16 +++++++++++++---
 drivers/net/iavf/iavf_ipsec_crypto.h        |  4 +++-
 3 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/drivers/common/iavf/virtchnl_inline_ipsec.h b/drivers/common/iavf/virtchnl_inline_ipsec.h
index 1e9134501e..2f4bf15725 100644
--- a/drivers/common/iavf/virtchnl_inline_ipsec.h
+++ b/drivers/common/iavf/virtchnl_inline_ipsec.h
@@ -447,4 +447,13 @@ struct virtchnl_ipsec_sp_cfg {
 	/* Set TC (congestion domain) if true. For future use. */
 	u8 set_tc;
+
+	/* 0 for NAT-T unsupported, 1 for NAT-T supported */
+	u8 is_udp;
+
+	/* reserved */
+	u8 reserved;
+
+	/* NAT-T UDP port number. Only valid in case NAT-T supported */
+	u16 udp_port;
 } __rte_packed;
 
diff --git a/drivers/net/iavf/iavf_ipsec_crypto.c b/drivers/net/iavf/iavf_ipsec_crypto.c
index a63e42f29a..d6875eb6aa 100644
--- a/drivers/net/iavf/iavf_ipsec_crypto.c
+++ b/drivers/net/iavf/iavf_ipsec_crypto.c
@@ -737,5 +737,7 @@ iavf_ipsec_crypto_inbound_security_policy_add(struct iavf_adapter *adapter,
 	rte_be32_t v4_dst_addr,
 	uint8_t *v6_dst_addr,
-	uint8_t drop)
+	uint8_t drop,
+	bool is_udp,
+	uint16_t udp_port)
 {
 	struct inline_ipsec_msg *request = NULL, *response = NULL;
@@ -782,4 +784,6 @@ iavf_ipsec_crypto_inbound_security_policy_add(struct iavf_adapter *adapter,
 	request->ipsec_data.sp_cfg->set_tc = 0;
 	request->ipsec_data.sp_cfg->cgd = 0;
+	request->ipsec_data.sp_cfg->is_udp = is_udp;
+	request->ipsec_data.sp_cfg->udp_port = htons(udp_port);
 
 	response_len = sizeof(struct inline_ipsec_msg) +
@@ -1626,4 +1630,5 @@ struct iavf_ipsec_flow_item {
 	};
 	struct rte_udp_hdr udp_hdr;
+	uint8_t is_udp;
 };
 
@@ -1738,4 +1743,5 @@ iavf_ipsec_flow_item_parse(struct rte_eth_dev *ethdev,
 				pattern[2].spec,
 			&ipsec_flow->udp_hdr);
+		ipsec_flow->is_udp = true;
 		ipsec_flow->spi =
 			((const struct rte_flow_item_esp *)
@@ -1807,5 +1813,7 @@ iavf_ipsec_flow_create(struct iavf_adapter *ad,
 			ipsec_flow->ipv4_hdr.dst_addr,
 			NULL,
-			0);
+			0,
+			ipsec_flow->is_udp,
+			ipsec_flow->udp_hdr.dst_port);
 	} else {
 		ipsec_flow->id =
@@ -1815,5 +1823,7 @@ iavf_ipsec_flow_create(struct iavf_adapter *ad,
 			0,
 			ipsec_flow->ipv6_hdr.dst_addr,
-			0);
+			0,
+			ipsec_flow->is_udp,
+			ipsec_flow->udp_hdr.dst_port);
 	}
 
diff --git a/drivers/net/iavf/iavf_ipsec_crypto.h b/drivers/net/iavf/iavf_ipsec_crypto.h
index 687541077a..8ea0f9540e 100644
--- a/drivers/net/iavf/iavf_ipsec_crypto.h
+++ b/drivers/net/iavf/iavf_ipsec_crypto.h
@@ -146,5 +146,7 @@ iavf_ipsec_crypto_inbound_security_policy_add(struct iavf_adapter *adapter,
 	rte_be32_t v4_dst_addr,
 	uint8_t *v6_dst_addr,
-	uint8_t drop);
+	uint8_t drop,
+	bool is_udp,
+	uint16_t udp_port);
 
 /**
-- 
2.34.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2022-03-08 13:55:28.814465021 +0000
+++ 0015-net-iavf-support-NAT-T-UDP-encapsulation.patch	2022-03-08 13:55:28.410314926 +0000
@@ -1 +1 @@
-From 578da1bd2025419f8d0fef420770cbdf419b4c29 Mon Sep 17 00:00:00 2001
+From 9b441b496390b1109fd97a6d4366030304aafeb6 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 578da1bd2025419f8d0fef420770cbdf419b4c29 ]
+
@@ -11 +12,0 @@
-Cc: stable@dpdk.org