From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 2958FA0613 for ; Tue, 24 Sep 2019 14:18:35 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 669032B93; Tue, 24 Sep 2019 14:18:33 +0200 (CEST) Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by dpdk.org (Postfix) with ESMTP id 70F672B91 for ; Tue, 24 Sep 2019 14:18:31 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 24 Sep 2019 05:18:30 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,544,1559545200"; d="scan'208";a="388836961" Received: from irsmsx151.ger.corp.intel.com ([163.33.192.59]) by fmsmga005.fm.intel.com with ESMTP; 24 Sep 2019 05:18:29 -0700 Received: from irsmsx105.ger.corp.intel.com ([169.254.7.164]) by IRSMSX151.ger.corp.intel.com ([169.254.4.234]) with mapi id 14.03.0439.000; Tue, 24 Sep 2019 13:18:28 +0100 From: "Ananyev, Konstantin" To: "Drost, MariuszX" , "Nicolau, Radu" , "akhil.goyal@nxp.com" CC: "dev@dpdk.org" , Lukasz Bartosik Thread-Topic: [PATCH v2 1/2] examples/ipsec-secgw: fix SAD selection logic Thread-Index: AQHVcsP3rs+B25omiU24dVUeLGfYdKc6vnvA Date: Tue, 24 Sep 2019 12:18:28 +0000 Message-ID: <2601191342CEEE43887BDE71AB9772580191969A27@irsmsx105.ger.corp.intel.com> References: <20190905123523.172-1-mariuszx.drost@intel.com> <20190924103539.12052-1-mariuszx.drost@intel.com> <20190924103539.12052-2-mariuszx.drost@intel.com> In-Reply-To: <20190924103539.12052-2-mariuszx.drost@intel.com> Accept-Language: en-IE, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiZDNkYjQ1MGMtYzlhYy00NzQ3LWFiYWYtZTFiZjBiOTNjYzMxIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiRUlSaE5md0RGcmZ4S0J5dkNqZ3pLaGZ6MWdWK1lmdGU1M3lJRktFa1N2SjAxaTd6NGNDSVB0QWlpSHQzT1lxcCJ9 x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.2.0.6 dlp-reaction: no-action x-originating-ip: [163.33.239.182] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dpdk-dev] [PATCH v2 1/2] examples/ipsec-secgw: fix SAD selection logic X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" > Ipsec-secgw example application fails to initialize when using default > configuration file (ep0.cfg) in library mode (librte_ipsec enabled). >=20 > The reason is that two of SP rules in ep0.cfg, one for IPv4 and one > for IPv6, are using the same SPI number. When SA rules are initialized, > their SPI number is checked against SPIs stored in SPD. For library > mode, it is not allowed for the same SA to handle both IPv4 and IPv6. >=20 > Solution is to split SAD into two separate parts - one for IPv4 and one > for IPv6. Usage of SAs stays the same. Only change is to pass correct > SAD (IPv4 or IPv6) in places where previously combined database was > passed. >=20 > Split of SA entries is done at initialization stage. Most of given SA > entries are checked against SPD. If matching entry is in IPv4 SPD, SA > rule is added to IPv4 SAD (respectively for IPv6). Different splitting > method is used only when SA entry is for tunnel in inbound direction. > In that case if IPv4 tunnel should be used, SA entry is added to IPv4 > SAD (respectively for IPv6). Reasoning is that inner IP version can > be different than outer IP version for tunneled traffic. >=20 > Bugzilla ID: 239 > Fixes: 5a032a71c6d3 ("examples/ipsec-secgw: make app to use IPsec library= ") >=20 > Reported-by: Lukasz Bartosik > Signed-off-by: Mariusz Drost Acked-by: Konstantin Ananyev Tested-by: Konstantin Ananyev > -- > 2.17.1