From: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>
To: "Iremonger, Bernard" <bernard.iremonger@intel.com>,
"dev@dpdk.org" <dev@dpdk.org>,
"akhil.goyal@nxp.com" <akhil.goyal@nxp.com>
Cc: "stable@dpdk.org" <stable@dpdk.org>
Subject: Re: [dpdk-stable] [PATCH 2/6] examples/ipsec-secgw: fix 1st packet dropped patch two
Date: Wed, 6 Mar 2019 19:39:58 +0000 [thread overview]
Message-ID: <2601191342CEEE43887BDE71AB9772580124140E49@irsmsx105.ger.corp.intel.com> (raw)
In-Reply-To: <1551888011-27692-3-git-send-email-bernard.iremonger@intel.com>
Hi Bernard,
>
> Call create_inline_session() at initialisition in sa.c
> Call rte_ipsec_session_prepare() in fill_ipsec_session() for inline.
Here and in other places - it probably worth to explain what is the purpose
for these changes.
As a side notice, as these series fixes that problem, it probably worse to add a patch
into series that removes the following:
# to overcome problem with ipsec-secgw for inline mode,
# when first packet(s) will be always dropped.
# note that ping will fail here
ssh ${REMOTE_HOST} ping -c 1 ${LOCAL_IPV4}
from examples/ipsec-secgw/test/(tun|trs)_aesgcm_defs.sh
Konstantin
>
> Fixes: ec17993a145a ("examples/ipsec-secgw: support security offload")
> Cc: stable@dpdk.org
> Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
> ---
> examples/ipsec-secgw/sa.c | 46 ++++++++++++++++++++++++++++++++++++----------
> 1 file changed, 36 insertions(+), 10 deletions(-)
>
> diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
> index 414fcd2..7fb1929 100644
> --- a/examples/ipsec-secgw/sa.c
> +++ b/examples/ipsec-secgw/sa.c
> @@ -762,11 +762,13 @@ check_eth_dev_caps(uint16_t portid, uint32_t inbound)
>
> static int
> sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
> - uint32_t nb_entries, uint32_t inbound)
> + uint32_t nb_entries, uint32_t inbound,
> + struct socket_ctx *skt_ctx)
> {
> struct ipsec_sa *sa;
> uint32_t i, idx;
> uint16_t iv_length, aad_length;
> + int32_t rc;
>
> /* for ESN upper 32 bits of SQN also need to be part of AAD */
> aad_length = (app_sa_prm.enable_esn != 0) ? sizeof(uint32_t) : 0;
> @@ -819,6 +821,17 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
>
> sa->xforms = &sa_ctx->xf[idx].a;
>
> + if (sa->type ==
> + RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL ||
> + sa->type ==
> + RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) {
> + rc = create_inline_session(skt_ctx, sa);
> + if (rc != 0) {
> + RTE_LOG(ERR, IPSEC_ESP,
> + "create_inline_session() failed\n");
> + return -EINVAL;
> + }
> + }
> print_one_sa_rule(sa, inbound);
> } else {
> switch (sa->cipher_algo) {
> @@ -894,16 +907,16 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
>
> static inline int
> sa_out_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
> - uint32_t nb_entries)
> + uint32_t nb_entries, struct socket_ctx *skt_ctx)
> {
> - return sa_add_rules(sa_ctx, entries, nb_entries, 0);
> + return sa_add_rules(sa_ctx, entries, nb_entries, 0, skt_ctx);
> }
>
> static inline int
> sa_in_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
> - uint32_t nb_entries)
> + uint32_t nb_entries, struct socket_ctx *skt_ctx)
> {
> - return sa_add_rules(sa_ctx, entries, nb_entries, 1);
> + return sa_add_rules(sa_ctx, entries, nb_entries, 1, skt_ctx);
> }
>
> /*
> @@ -997,10 +1010,12 @@ fill_ipsec_sa_prm(struct rte_ipsec_sa_prm *prm, const struct ipsec_sa *ss,
> return 0;
> }
>
> -static void
> +static int
> fill_ipsec_session(struct rte_ipsec_session *ss, struct rte_ipsec_sa *sa,
> const struct ipsec_sa *lsa)
> {
> + int32_t rc = 0;
> +
> ss->sa = sa;
> ss->type = lsa->type;
>
> @@ -1013,6 +1028,17 @@ fill_ipsec_session(struct rte_ipsec_session *ss, struct rte_ipsec_sa *sa,
> ss->security.ctx = lsa->security_ctx;
> ss->security.ol_flags = lsa->ol_flags;
> }
> +
> + if (ss->type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO ||
> + ss->type == RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) {
> + if (ss->security.ses != NULL) {
> + rc = rte_ipsec_session_prepare(ss);
> + if (rc != 0)
> + memset(ss, 0, sizeof(*ss));
> + }
> + }
> +
> + return rc;
> }
>
> /*
> @@ -1047,8 +1073,8 @@ ipsec_sa_init(struct ipsec_sa *lsa, struct rte_ipsec_sa *sa, uint32_t sa_size)
> if (rc < 0)
> return rc;
>
> - fill_ipsec_session(&lsa->ips, sa, lsa);
> - return 0;
> + rc = fill_ipsec_session(&lsa->ips, sa, lsa);
> + return rc;
> }
>
> /*
> @@ -1126,7 +1152,7 @@ sa_init(struct socket_ctx *ctx, int32_t socket_id)
> "context %s in socket %d\n", rte_errno,
> name, socket_id);
>
> - sa_in_add_rules(ctx->sa_in, sa_in, nb_sa_in);
> + sa_in_add_rules(ctx->sa_in, sa_in, nb_sa_in, ctx);
>
> if (app_sa_prm.enable != 0) {
> rc = ipsec_satbl_init(ctx->sa_in, sa_in, nb_sa_in,
> @@ -1146,7 +1172,7 @@ sa_init(struct socket_ctx *ctx, int32_t socket_id)
> "context %s in socket %d\n", rte_errno,
> name, socket_id);
>
> - sa_out_add_rules(ctx->sa_out, sa_out, nb_sa_out);
> + sa_out_add_rules(ctx->sa_out, sa_out, nb_sa_out, ctx);
>
> if (app_sa_prm.enable != 0) {
> rc = ipsec_satbl_init(ctx->sa_out, sa_out, nb_sa_out,
> --
> 2.7.4
next prev parent reply other threads:[~2019-03-06 19:40 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1551888011-27692-1-git-send-email-bernard.iremonger@intel.com>
2019-03-06 16:00 ` [dpdk-stable] [PATCH 1/6] examples/ipsec-secgw: fix 1st pkt dropped for inline crypto Bernard Iremonger
2019-03-06 16:00 ` [dpdk-stable] [PATCH 2/6] examples/ipsec-secgw: fix 1st packet dropped patch two Bernard Iremonger
2019-03-06 19:39 ` Ananyev, Konstantin [this message]
2019-03-07 9:54 ` Iremonger, Bernard
2019-03-06 16:00 ` [dpdk-stable] [PATCH 3/6] examples/ipsec-secgw: fix 1st packet dropped patch three Bernard Iremonger
2019-03-06 16:00 ` [dpdk-stable] [PATCH 4/6] examples/ipsec-secgw: fix debug in esp.c Bernard Iremonger
2019-03-06 16:00 ` [dpdk-stable] [PATCH 5/6] examples/ipsec-secgw: fix debug in sa.c Bernard Iremonger
2019-03-06 16:00 ` [dpdk-stable] [PATCH 6/6] examples/ipsec-secgw: fix debug in ipsec-secgw.c Bernard Iremonger
2019-03-07 14:57 ` [dpdk-stable] [PATCH v2 1/2] examples/ipsec-secgw: fix 1st pkt dropped for inline crypto Bernard Iremonger
2019-03-22 13:18 ` [dpdk-stable] [dpdk-dev] " Akhil Goyal
2019-03-26 10:22 ` Iremonger, Bernard
2019-03-26 11:04 ` Akhil Goyal
2019-03-26 11:41 ` Iremonger, Bernard
2019-03-26 11:48 ` Akhil Goyal
2019-03-26 12:29 ` Ananyev, Konstantin
2019-03-26 12:55 ` Akhil Goyal
2019-03-07 14:57 ` [dpdk-stable] [PATCH v2 2/2] examples/ipsec-secgw/test: fix inline test scripts Bernard Iremonger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2601191342CEEE43887BDE71AB9772580124140E49@irsmsx105.ger.corp.intel.com \
--to=konstantin.ananyev@intel.com \
--cc=akhil.goyal@nxp.com \
--cc=bernard.iremonger@intel.com \
--cc=dev@dpdk.org \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).