From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 1C3D3A0093
	for <public@inbox.dpdk.org>; Fri, 24 Jun 2022 17:02:16 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 14E724280B;
	Fri, 24 Jun 2022 17:02:16 +0200 (CEST)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
 by mails.dpdk.org (Postfix) with ESMTP id CA1C7427F1
 for <stable@dpdk.org>; Fri, 24 Jun 2022 17:02:13 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1656082933;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=jnLBpX9qNWJj4ITt/ugVF1HqbPxNeZHSIXdsYTEzuz4=;
 b=YRp9EeCQA0S80yRIorGLnR5EoVhA4H0cRo53LvFoPo4SCIFL74eJewyUNr2emJEeGDFbEI
 4x3wdat4/8kV1VcvYeMm8GJfxe7jP+wI92GnIMvsyjxEaJhraoWH+dL9IouSNp1w+vJA6P
 Y0bQ9RclPNdf0q+IzC9oaonsojPytmc=
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com
 [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-98-1_mdC0kzMVyRKP4pKLkeow-1; Fri, 24 Jun 2022 11:02:11 -0400
X-MC-Unique: 1_mdC0kzMVyRKP4pKLkeow-1
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com
 [10.11.54.5])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E48FF1C05143;
 Fri, 24 Jun 2022 15:02:10 +0000 (UTC)
Received: from rh.redhat.com (unknown [10.39.194.217])
 by smtp.corp.redhat.com (Postfix) with ESMTP id B0F609D63;
 Fri, 24 Jun 2022 15:02:09 +0000 (UTC)
From: Kevin Traynor <ktraynor@redhat.com>
To: Radu Nicolau <radu.nicolau@intel.com>
Cc: Fan Zhang <roy.fan.zhang@intel.com>,
	dpdk stable <stable@dpdk.org>
Subject: patch 'examples/ipsec-secgw: fix NAT-T header fields' has been queued
 to stable release 21.11.2
Date: Fri, 24 Jun 2022 16:01:16 +0100
Message-Id: <20220624150148.1855580-8-ktraynor@redhat.com>
In-Reply-To: <20220624150148.1855580-1-ktraynor@redhat.com>
References: <20220624150148.1855580-1-ktraynor@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5
Authentication-Results: relay.mimecast.com;
 auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=ktraynor@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"; x-default=true
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org

Hi,

FYI, your patch has been queued to stable release 21.11.2

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 06/27/22. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable

This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable/commit/be3beb946efd3a028b5a901bcd2494b30d7f32ac

Thanks.

Kevin

---
>From be3beb946efd3a028b5a901bcd2494b30d7f32ac Mon Sep 17 00:00:00 2001
From: Radu Nicolau <radu.nicolau@intel.com>
Date: Wed, 25 May 2022 14:59:11 +0100
Subject: [PATCH] examples/ipsec-secgw: fix NAT-T header fields

[ upstream commit 5051dc42a193551a837f7a4c0a1726babde46ae6 ]

Use the proper IP protocol (UDP instead of ESP) and set the ports when
UDP encapsulation is enabled.

Fixes: 9ae86b4cfc77 ("examples/ipsec-secgw: support UDP encap for inline crypto")

Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
---
 examples/ipsec-secgw/sa.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 1839ac71af..45509c5c68 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -1459,4 +1459,6 @@ fill_ipsec_sa_prm(struct rte_ipsec_sa_prm *prm, const struct ipsec_sa *ss,
 		RTE_SECURITY_IPSEC_SA_MODE_TUNNEL;
 	prm->ipsec_xform.options.udp_encap = ss->udp_encap;
+	prm->ipsec_xform.udp.dport = ss->udp.dport;
+	prm->ipsec_xform.udp.sport = ss->udp.sport;
 	prm->ipsec_xform.options.ecn = 1;
 	prm->ipsec_xform.options.copy_dscp = 1;
@@ -1514,5 +1516,5 @@ ipsec_sa_init(struct ipsec_sa *lsa, struct rte_ipsec_sa *sa, uint32_t sa_size)
 			sizeof(v4) / RTE_IPV4_IHL_MULTIPLIER,
 		.time_to_live = IPDEFTTL,
-		.next_proto_id = IPPROTO_ESP,
+		.next_proto_id = lsa->udp_encap ? IPPROTO_UDP : IPPROTO_ESP,
 		.src_addr = lsa->src.ip.ip4,
 		.dst_addr = lsa->dst.ip.ip4,
@@ -1520,5 +1522,5 @@ ipsec_sa_init(struct ipsec_sa *lsa, struct rte_ipsec_sa *sa, uint32_t sa_size)
 	struct rte_ipv6_hdr v6 = {
 		.vtc_flow = htonl(IP6_VERSION << 28),
-		.proto = IPPROTO_ESP,
+		.proto = lsa->udp_encap ? IPPROTO_UDP : IPPROTO_ESP,
 	};
 
-- 
2.34.3

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2022-06-24 15:51:09.232330330 +0100
+++ 0008-examples-ipsec-secgw-fix-NAT-T-header-fields.patch	2022-06-24 15:51:08.848984020 +0100
@@ -1 +1 @@
-From 5051dc42a193551a837f7a4c0a1726babde46ae6 Mon Sep 17 00:00:00 2001
+From be3beb946efd3a028b5a901bcd2494b30d7f32ac Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 5051dc42a193551a837f7a4c0a1726babde46ae6 ]
+
@@ -10 +11,0 @@
-Cc: stable@dpdk.org
@@ -19 +20 @@
-index 0b27f11fc0..fde263ca33 100644
+index 1839ac71af..45509c5c68 100644
@@ -22 +23 @@
-@@ -1486,4 +1486,6 @@ fill_ipsec_sa_prm(struct rte_ipsec_sa_prm *prm, const struct ipsec_sa *ss,
+@@ -1459,4 +1459,6 @@ fill_ipsec_sa_prm(struct rte_ipsec_sa_prm *prm, const struct ipsec_sa *ss,
@@ -29 +30 @@
-@@ -1536,5 +1538,5 @@ ipsec_sa_init(struct ipsec_sa *lsa, struct rte_ipsec_sa *sa, uint32_t sa_size)
+@@ -1514,5 +1516,5 @@ ipsec_sa_init(struct ipsec_sa *lsa, struct rte_ipsec_sa *sa, uint32_t sa_size)
@@ -36 +37 @@
-@@ -1542,5 +1544,5 @@ ipsec_sa_init(struct ipsec_sa *lsa, struct rte_ipsec_sa *sa, uint32_t sa_size)
+@@ -1520,5 +1522,5 @@ ipsec_sa_init(struct ipsec_sa *lsa, struct rte_ipsec_sa *sa, uint32_t sa_size)