From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by dpdk.org (Postfix) with ESMTP id 314451B13F; Wed, 6 Mar 2019 17:00:24 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Mar 2019 08:00:24 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.58,448,1544515200"; d="scan'208";a="325973533" Received: from sivswdev08.ir.intel.com (HELO localhost.localdomain) ([10.237.217.47]) by fmsmga005.fm.intel.com with ESMTP; 06 Mar 2019 08:00:23 -0800 From: Bernard Iremonger To: dev@dpdk.org, konstantin.ananyev@intel.com, akhil.goyal@nxp.com Cc: Bernard Iremonger , stable@dpdk.org Date: Wed, 6 Mar 2019 16:00:07 +0000 Message-Id: <1551888011-27692-3-git-send-email-bernard.iremonger@intel.com> X-Mailer: git-send-email 1.7.0.7 In-Reply-To: <1551888011-27692-1-git-send-email-bernard.iremonger@intel.com> References: <1551888011-27692-1-git-send-email-bernard.iremonger@intel.com> Subject: [dpdk-dev] [PATCH 2/6] examples/ipsec-secgw: fix 1st packet dropped patch two X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Mar 2019 16:00:25 -0000 Call create_inline_session() at initialisition in sa.c Call rte_ipsec_session_prepare() in fill_ipsec_session() for inline. Fixes: ec17993a145a ("examples/ipsec-secgw: support security offload") Cc: stable@dpdk.org Signed-off-by: Bernard Iremonger --- examples/ipsec-secgw/sa.c | 46 ++++++++++++++++++++++++++++++++++++---------- 1 file changed, 36 insertions(+), 10 deletions(-) diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c index 414fcd2..7fb1929 100644 --- a/examples/ipsec-secgw/sa.c +++ b/examples/ipsec-secgw/sa.c @@ -762,11 +762,13 @@ check_eth_dev_caps(uint16_t portid, uint32_t inbound) static int sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[], - uint32_t nb_entries, uint32_t inbound) + uint32_t nb_entries, uint32_t inbound, + struct socket_ctx *skt_ctx) { struct ipsec_sa *sa; uint32_t i, idx; uint16_t iv_length, aad_length; + int32_t rc; /* for ESN upper 32 bits of SQN also need to be part of AAD */ aad_length = (app_sa_prm.enable_esn != 0) ? sizeof(uint32_t) : 0; @@ -819,6 +821,17 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[], sa->xforms = &sa_ctx->xf[idx].a; + if (sa->type == + RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL || + sa->type == + RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) { + rc = create_inline_session(skt_ctx, sa); + if (rc != 0) { + RTE_LOG(ERR, IPSEC_ESP, + "create_inline_session() failed\n"); + return -EINVAL; + } + } print_one_sa_rule(sa, inbound); } else { switch (sa->cipher_algo) { @@ -894,16 +907,16 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[], static inline int sa_out_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[], - uint32_t nb_entries) + uint32_t nb_entries, struct socket_ctx *skt_ctx) { - return sa_add_rules(sa_ctx, entries, nb_entries, 0); + return sa_add_rules(sa_ctx, entries, nb_entries, 0, skt_ctx); } static inline int sa_in_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[], - uint32_t nb_entries) + uint32_t nb_entries, struct socket_ctx *skt_ctx) { - return sa_add_rules(sa_ctx, entries, nb_entries, 1); + return sa_add_rules(sa_ctx, entries, nb_entries, 1, skt_ctx); } /* @@ -997,10 +1010,12 @@ fill_ipsec_sa_prm(struct rte_ipsec_sa_prm *prm, const struct ipsec_sa *ss, return 0; } -static void +static int fill_ipsec_session(struct rte_ipsec_session *ss, struct rte_ipsec_sa *sa, const struct ipsec_sa *lsa) { + int32_t rc = 0; + ss->sa = sa; ss->type = lsa->type; @@ -1013,6 +1028,17 @@ fill_ipsec_session(struct rte_ipsec_session *ss, struct rte_ipsec_sa *sa, ss->security.ctx = lsa->security_ctx; ss->security.ol_flags = lsa->ol_flags; } + + if (ss->type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO || + ss->type == RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) { + if (ss->security.ses != NULL) { + rc = rte_ipsec_session_prepare(ss); + if (rc != 0) + memset(ss, 0, sizeof(*ss)); + } + } + + return rc; } /* @@ -1047,8 +1073,8 @@ ipsec_sa_init(struct ipsec_sa *lsa, struct rte_ipsec_sa *sa, uint32_t sa_size) if (rc < 0) return rc; - fill_ipsec_session(&lsa->ips, sa, lsa); - return 0; + rc = fill_ipsec_session(&lsa->ips, sa, lsa); + return rc; } /* @@ -1126,7 +1152,7 @@ sa_init(struct socket_ctx *ctx, int32_t socket_id) "context %s in socket %d\n", rte_errno, name, socket_id); - sa_in_add_rules(ctx->sa_in, sa_in, nb_sa_in); + sa_in_add_rules(ctx->sa_in, sa_in, nb_sa_in, ctx); if (app_sa_prm.enable != 0) { rc = ipsec_satbl_init(ctx->sa_in, sa_in, nb_sa_in, @@ -1146,7 +1172,7 @@ sa_init(struct socket_ctx *ctx, int32_t socket_id) "context %s in socket %d\n", rte_errno, name, socket_id); - sa_out_add_rules(ctx->sa_out, sa_out, nb_sa_out); + sa_out_add_rules(ctx->sa_out, sa_out, nb_sa_out, ctx); if (app_sa_prm.enable != 0) { rc = ipsec_satbl_init(ctx->sa_out, sa_out, nb_sa_out, -- 2.7.4