From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by dpdk.org (Postfix) with ESMTP id E55972B87; Wed, 6 Mar 2019 20:40:07 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Mar 2019 11:40:02 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.58,448,1544515200"; d="scan'208";a="121563999" Received: from irsmsx103.ger.corp.intel.com ([163.33.3.157]) by orsmga006.jf.intel.com with ESMTP; 06 Mar 2019 11:40:00 -0800 Received: from irsmsx105.ger.corp.intel.com ([169.254.7.72]) by IRSMSX103.ger.corp.intel.com ([169.254.3.199]) with mapi id 14.03.0415.000; Wed, 6 Mar 2019 19:39:59 +0000 From: "Ananyev, Konstantin" To: "Iremonger, Bernard" , "dev@dpdk.org" , "akhil.goyal@nxp.com" CC: "stable@dpdk.org" Thread-Topic: [PATCH 2/6] examples/ipsec-secgw: fix 1st packet dropped patch two Thread-Index: AQHU1DXUMjRbd1kHhka2ffPZAFFVHKX+/yNg Date: Wed, 6 Mar 2019 19:39:58 +0000 Message-ID: <2601191342CEEE43887BDE71AB9772580124140E49@irsmsx105.ger.corp.intel.com> References: <1551888011-27692-1-git-send-email-bernard.iremonger@intel.com> <1551888011-27692-3-git-send-email-bernard.iremonger@intel.com> In-Reply-To: <1551888011-27692-3-git-send-email-bernard.iremonger@intel.com> Accept-Language: en-IE, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiNzdjOTRjOTctZDEzNC00ZTM3LWI4NjItYmIxNjg2NDQ1YjFjIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoia2JzSndZa2phTFpUVWFtS3MrXC90VXg2T1NDdGJTNE5mVjhxNnUyY1NKVDgrK0pGcFNhY1BEWUd4MmNQQ1d5dmIifQ== x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.0.400.15 dlp-reaction: no-action x-originating-ip: [163.33.239.180] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dpdk-dev] [PATCH 2/6] examples/ipsec-secgw: fix 1st packet dropped patch two X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Mar 2019 19:40:08 -0000 Hi Bernard, >=20 > Call create_inline_session() at initialisition in sa.c > Call rte_ipsec_session_prepare() in fill_ipsec_session() for inline. Here and in other places - it probably worth to explain what is the purpose for these changes.=20 As a side notice, as these series fixes that problem, it probably worse to = add a patch into series that removes the following: # to overcome problem with ipsec-secgw for inline mode, # when first packet(s) will be always dropped. # note that ping will fail here ssh ${REMOTE_HOST} ping -c 1 ${LOCAL_IPV4} from examples/ipsec-secgw/test/(tun|trs)_aesgcm_defs.sh Konstantin >=20 > Fixes: ec17993a145a ("examples/ipsec-secgw: support security offload") > Cc: stable@dpdk.org > Signed-off-by: Bernard Iremonger > --- > examples/ipsec-secgw/sa.c | 46 ++++++++++++++++++++++++++++++++++++-----= ----- > 1 file changed, 36 insertions(+), 10 deletions(-) >=20 > diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c > index 414fcd2..7fb1929 100644 > --- a/examples/ipsec-secgw/sa.c > +++ b/examples/ipsec-secgw/sa.c > @@ -762,11 +762,13 @@ check_eth_dev_caps(uint16_t portid, uint32_t inboun= d) >=20 > static int > sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[], > - uint32_t nb_entries, uint32_t inbound) > + uint32_t nb_entries, uint32_t inbound, > + struct socket_ctx *skt_ctx) > { > struct ipsec_sa *sa; > uint32_t i, idx; > uint16_t iv_length, aad_length; > + int32_t rc; >=20 > /* for ESN upper 32 bits of SQN also need to be part of AAD */ > aad_length =3D (app_sa_prm.enable_esn !=3D 0) ? sizeof(uint32_t) : 0; > @@ -819,6 +821,17 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ips= ec_sa entries[], >=20 > sa->xforms =3D &sa_ctx->xf[idx].a; >=20 > + if (sa->type =3D=3D > + RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL || > + sa->type =3D=3D > + RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) { > + rc =3D create_inline_session(skt_ctx, sa); > + if (rc !=3D 0) { > + RTE_LOG(ERR, IPSEC_ESP, > + "create_inline_session() failed\n"); > + return -EINVAL; > + } > + } > print_one_sa_rule(sa, inbound); > } else { > switch (sa->cipher_algo) { > @@ -894,16 +907,16 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ip= sec_sa entries[], >=20 > static inline int > sa_out_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[], > - uint32_t nb_entries) > + uint32_t nb_entries, struct socket_ctx *skt_ctx) > { > - return sa_add_rules(sa_ctx, entries, nb_entries, 0); > + return sa_add_rules(sa_ctx, entries, nb_entries, 0, skt_ctx); > } >=20 > static inline int > sa_in_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[], > - uint32_t nb_entries) > + uint32_t nb_entries, struct socket_ctx *skt_ctx) > { > - return sa_add_rules(sa_ctx, entries, nb_entries, 1); > + return sa_add_rules(sa_ctx, entries, nb_entries, 1, skt_ctx); > } >=20 > /* > @@ -997,10 +1010,12 @@ fill_ipsec_sa_prm(struct rte_ipsec_sa_prm *prm, co= nst struct ipsec_sa *ss, > return 0; > } >=20 > -static void > +static int > fill_ipsec_session(struct rte_ipsec_session *ss, struct rte_ipsec_sa *sa= , > const struct ipsec_sa *lsa) > { > + int32_t rc =3D 0; > + > ss->sa =3D sa; > ss->type =3D lsa->type; >=20 > @@ -1013,6 +1028,17 @@ fill_ipsec_session(struct rte_ipsec_session *ss, s= truct rte_ipsec_sa *sa, > ss->security.ctx =3D lsa->security_ctx; > ss->security.ol_flags =3D lsa->ol_flags; > } > + > + if (ss->type =3D=3D RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO || > + ss->type =3D=3D RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) { > + if (ss->security.ses !=3D NULL) { > + rc =3D rte_ipsec_session_prepare(ss); > + if (rc !=3D 0) > + memset(ss, 0, sizeof(*ss)); > + } > + } > + > + return rc; > } >=20 > /* > @@ -1047,8 +1073,8 @@ ipsec_sa_init(struct ipsec_sa *lsa, struct rte_ipse= c_sa *sa, uint32_t sa_size) > if (rc < 0) > return rc; >=20 > - fill_ipsec_session(&lsa->ips, sa, lsa); > - return 0; > + rc =3D fill_ipsec_session(&lsa->ips, sa, lsa); > + return rc; > } >=20 > /* > @@ -1126,7 +1152,7 @@ sa_init(struct socket_ctx *ctx, int32_t socket_id) > "context %s in socket %d\n", rte_errno, > name, socket_id); >=20 > - sa_in_add_rules(ctx->sa_in, sa_in, nb_sa_in); > + sa_in_add_rules(ctx->sa_in, sa_in, nb_sa_in, ctx); >=20 > if (app_sa_prm.enable !=3D 0) { > rc =3D ipsec_satbl_init(ctx->sa_in, sa_in, nb_sa_in, > @@ -1146,7 +1172,7 @@ sa_init(struct socket_ctx *ctx, int32_t socket_id) > "context %s in socket %d\n", rte_errno, > name, socket_id); >=20 > - sa_out_add_rules(ctx->sa_out, sa_out, nb_sa_out); > + sa_out_add_rules(ctx->sa_out, sa_out, nb_sa_out, ctx); >=20 > if (app_sa_prm.enable !=3D 0) { > rc =3D ipsec_satbl_init(ctx->sa_out, sa_out, nb_sa_out, > -- > 2.7.4