From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by dpdk.org (Postfix) with ESMTP id 668EB1B148 for ; Wed, 2 Jan 2019 14:01:37 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 02 Jan 2019 05:01:36 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,431,1539673200"; d="scan'208";a="114886462" Received: from irsmsx110.ger.corp.intel.com ([163.33.3.25]) by orsmga003.jf.intel.com with ESMTP; 02 Jan 2019 05:01:35 -0800 Received: from irsmsx106.ger.corp.intel.com ([169.254.8.227]) by irsmsx110.ger.corp.intel.com ([169.254.15.233]) with mapi id 14.03.0415.000; Wed, 2 Jan 2019 13:01:34 +0000 From: "Ananyev, Konstantin" To: Akhil Goyal , "dev@dpdk.org" Thread-Topic: [dpdk-dev] [PATCH v5 00/10] examples/ipsec-secgw: make app to use ipsec library Thread-Index: AdSimmcaGfBrVzx+SbWTDmMOQh47pg== Date: Wed, 2 Jan 2019 13:01:34 +0000 Message-ID: <2601191342CEEE43887BDE71AB977258010D8C044C@IRSMSX106.ger.corp.intel.com> Accept-Language: en-IE, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiNTBmODBiMWEtMjg1NS00YjVhLWE3NTMtNzE0OGEyN2Q2MDY4IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiSW02bFF1bFNMdVJhQkpyOGVWT1FmU2d2R244UktNRjZDTXVNY2VaMXNuZU5jYnZCemVrN2RmUEthQ0liSzdxSCJ9 x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.0.400.15 dlp-reaction: no-action x-originating-ip: [163.33.239.181] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dpdk-dev] [PATCH v5 00/10] examples/ipsec-secgw: make app to use ipsec library X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Jan 2019 13:01:38 -0000 Hi Akhil, > Hi Konstantin, >=20 > I just got results on running the ipsec-secgw on NXP hardware. Thanks for doing that. We don't have NXP HW, so would need more help from you. >=20 > with -l option, I got a seg fault while running traffic. gdb suggest > that pkt_func is not filled up and is NULL. > #1 0x00000000004689bc in rte_ipsec_pkt_crypto_prepare (ss=3D0x17ad82d80, > mb=3D0xffffffffe498, cop=3D0xffffffffdfc0, num=3D1) > at > /home/akhil/netperf/dpdk_up/dpdk-next-crypto/arm64-dpaa-linuxapp-gcc/incl= ude/rte_ipsec.h:115 > (gdb) p /x *ss > $1 =3D {sa =3D 0x17ad7ea40, type =3D 0x3, {crypto =3D {ses =3D 0x165a4e90= 0}, > security =3D {ses =3D 0x165a4e900, ctx =3D 0x0, ol_flags =3D 0x0}}, pkt_f= unc =3D { > prepare =3D 0x0, process =3D 0x0}} >=20 I guess I understand the reason: right now rte_ipsec_session_prepare() expects that for all modes except RTE_SECURITY_ACTION_TYPE_NONE security.ctx to be not NULL. Which as I understand is not necessary for lookaside-proto. Could you try the fix below? If it would work as expected, I'll include these changes into v6? Konstantin --- examples/ipsec-secgw/ipsec_process.c | 24 ++++++++++++++++++++---- lib/librte_ipsec/ses.c | 11 +++++++++-- 2 files changed, 29 insertions(+), 6 deletions(-) diff --git a/examples/ipsec-secgw/ipsec_process.c b/examples/ipsec-secgw/ip= sec_process.c index 7ab378f6a..e403c461a 100644 --- a/examples/ipsec-secgw/ipsec_process.c +++ b/examples/ipsec-secgw/ipsec_process.c @@ -87,19 +87,36 @@ enqueue_cop_bulk(struct cdev_qp *cqp, struct rte_crypto= _op *cop[], uint32_t num) } =20 static inline int -fill_ipsec_session(struct rte_ipsec_session *ss, const struct ipsec_sa *sa= ) +fill_ipsec_session(struct rte_ipsec_session *ss, struct ipsec_ctx *ctx, + struct ipsec_sa *sa) { + int32_t rc; + /* setup crypto section */ if (ss->type =3D=3D RTE_SECURITY_ACTION_TYPE_NONE) { + if (sa->crypto_session =3D=3D NULL) { + rc =3D create_session(ctx, sa); + if (rc !=3D 0) + return rc; + } ss->crypto.ses =3D sa->crypto_session; /* setup session action type */ } else { + if (sa->sec_session =3D=3D NULL) { + rc =3D create_session(ctx, sa); + if (rc !=3D 0) + return rc; + } ss->security.ses =3D sa->sec_session; ss->security.ctx =3D sa->security_ctx; ss->security.ol_flags =3D sa->ol_flags; } =20 - return rte_ipsec_session_prepare(ss); + rc =3D rte_ipsec_session_prepare(ss); + if (rc !=3D 0) + memset(ss, 0, sizeof(*ss)); + + return rc; } =20 /* @@ -209,8 +226,7 @@ ipsec_process(struct ipsec_ctx *ctx, struct ipsec_traff= ic *trf) =20 /* no valid HW session for that SA, try to create one */ if (ips->crypto.ses =3D=3D NULL && - (create_session(ctx, sa) !=3D 0 || - fill_ipsec_session(ips, sa) !=3D 0)) + fill_ipsec_session(ips, ctx, sa) !=3D 0) k =3D 0; =20 /* process packets inline */ diff --git a/lib/librte_ipsec/ses.c b/lib/librte_ipsec/ses.c index 562c1423e..11580970e 100644 --- a/lib/librte_ipsec/ses.c +++ b/lib/librte_ipsec/ses.c @@ -14,8 +14,15 @@ session_check(struct rte_ipsec_session *ss) if (ss->type =3D=3D RTE_SECURITY_ACTION_TYPE_NONE) { if (ss->crypto.ses =3D=3D NULL) return -EINVAL; - } else if (ss->security.ses =3D=3D NULL || ss->security.ctx =3D=3D NULL) - return -EINVAL; + } else { + if (ss->security.ses =3D=3D NULL) + return -EINVAL; + if ((ss->type =3D=3D RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO || + ss->type =3D=3D + RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) && + ss->security.ctx =3D=3D NULL) + return -EINVAL; + } =20 return 0; } --=20 2.17.1