* [dpdk-dev] [PATCH 1/2] examples/ipsec-secgw: fix bypass rule processing for outbound port
@ 2018-06-05 14:16 Konstantin Ananyev
2018-06-05 14:16 ` [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing Konstantin Ananyev
2018-06-21 13:25 ` [dpdk-dev] [PATCH 1/2] examples/ipsec-secgw: fix bypass rule processing for outbound port Akhil Goyal
0 siblings, 2 replies; 16+ messages in thread
From: Konstantin Ananyev @ 2018-06-05 14:16 UTC (permalink / raw)
To: dev, dev; +Cc: Konstantin Ananyev, radu.nicolau
For outbound ports BYPASS rule is erroneously treated as PROTECT one
with SA idx zero.
Fixes: 2a5106af132b ("examples/ipsec-secgw: fix corner case for SPI value")
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
---
examples/ipsec-secgw/ipsec-secgw.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index a5da8b280..fafb41161 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -510,11 +510,13 @@ outbound_sp(struct sp_ctx *sp, struct traffic_type *ip,
sa_idx = ip->res[i] & PROTECT_MASK;
if (ip->res[i] & DISCARD)
rte_pktmbuf_free(m);
+ else if (ip->res[i] & BYPASS)
+ ip->pkts[j++] = m;
else if (sa_idx < IPSEC_SA_MAX_ENTRIES) {
ipsec->res[ipsec->num] = sa_idx;
ipsec->pkts[ipsec->num++] = m;
- } else /* BYPASS */
- ip->pkts[j++] = m;
+ } else /* invalid SA idx */
+ rte_pktmbuf_free(m);
}
ip->num = j;
}
--
2.13.6
^ permalink raw reply [flat|nested] 16+ messages in thread
* [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
2018-06-05 14:16 [dpdk-dev] [PATCH 1/2] examples/ipsec-secgw: fix bypass rule processing for outbound port Konstantin Ananyev
@ 2018-06-05 14:16 ` Konstantin Ananyev
2018-06-05 15:36 ` Iremonger, Bernard
2018-06-21 13:48 ` Akhil Goyal
2018-06-21 13:25 ` [dpdk-dev] [PATCH 1/2] examples/ipsec-secgw: fix bypass rule processing for outbound port Akhil Goyal
1 sibling, 2 replies; 16+ messages in thread
From: Konstantin Ananyev @ 2018-06-05 14:16 UTC (permalink / raw)
To: dev, dev; +Cc: Konstantin Ananyev, radu.nicolau
parse_portmask() returns both portmask value and possible error code
as 32-bit integer. That causes some confusion for callers.
Split error code and portmask value into two distinct variables.
Also allows to run the app with unprotected_port_mask == 0.
Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
---
examples/ipsec-secgw/ipsec-secgw.c | 29 +++++++++++++++--------------
1 file changed, 15 insertions(+), 14 deletions(-)
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index fafb41161..5d7071657 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -972,20 +972,19 @@ print_usage(const char *prgname)
}
static int32_t
-parse_portmask(const char *portmask)
+parse_portmask(const char *portmask, uint32_t *pmv)
{
- char *end = NULL;
+ char *end;
unsigned long pm;
/* parse hexadecimal string */
+ errno = 0;
pm = strtoul(portmask, &end, 16);
- if ((portmask[0] == '\0') || (end == NULL) || (*end != '\0'))
+ if (errno != 0 || *end != '\0' || pm > UINT32_MAX)
return -1;
- if ((pm == 0) && errno)
- return -1;
-
- return pm;
+ *pmv = pm;
+ return 0;
}
static int32_t
@@ -1063,6 +1062,7 @@ parse_args(int32_t argc, char **argv)
int32_t opt, ret;
char **argvopt;
int32_t option_index;
+ uint32_t v;
char *prgname = argv[0];
int32_t f_present = 0;
@@ -1073,8 +1073,8 @@ parse_args(int32_t argc, char **argv)
switch (opt) {
case 'p':
- enabled_port_mask = parse_portmask(optarg);
- if (enabled_port_mask == 0) {
+ ret = parse_portmask(optarg, &enabled_port_mask);
+ if (ret < 0 || enabled_port_mask == 0) {
printf("invalid portmask\n");
print_usage(prgname);
return -1;
@@ -1085,8 +1085,8 @@ parse_args(int32_t argc, char **argv)
promiscuous_on = 1;
break;
case 'u':
- unprotected_port_mask = parse_portmask(optarg);
- if (unprotected_port_mask == 0) {
+ ret = parse_portmask(optarg, &unprotected_port_mask);
+ if (ret < 0) {
printf("invalid unprotected portmask\n");
print_usage(prgname);
return -1;
@@ -1147,15 +1147,16 @@ parse_args(int32_t argc, char **argv)
single_sa_idx);
break;
case CMD_LINE_OPT_CRYPTODEV_MASK_NUM:
- ret = parse_portmask(optarg);
+ ret = parse_portmask(optarg, &v);
if (ret == -1) {
- printf("Invalid argument[portmask]\n");
+ printf("Invalid argument[%s]\n",
+ CMD_LINE_OPT_CRYPTODEV_MASK);
print_usage(prgname);
return -1;
}
/* else */
- enabled_cryptodev_mask = ret;
+ enabled_cryptodev_mask = v;
break;
default:
print_usage(prgname);
--
2.13.6
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
2018-06-05 14:16 ` [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing Konstantin Ananyev
@ 2018-06-05 15:36 ` Iremonger, Bernard
2018-06-21 13:48 ` Akhil Goyal
1 sibling, 0 replies; 16+ messages in thread
From: Iremonger, Bernard @ 2018-06-05 15:36 UTC (permalink / raw)
To: Ananyev, Konstantin, dev, dev; +Cc: Nicolau, Radu
Hi Konstantin,
> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Konstantin Ananyev
> Sent: Tuesday, June 5, 2018 3:16 PM
> To: dev@dpdk.org; dev@dpdk.org
> Cc: Ananyev, Konstantin <konstantin.ananyev@intel.com>; Nicolau, Radu
> <radu.nicolau@intel.com>
> Subject: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option
> parsing
>
> parse_portmask() returns both portmask value and possible error code as 32-bit
> integer. That causes some confusion for callers.
> Split error code and portmask value into two distinct variables.
> Also allows to run the app with unprotected_port_mask == 0.
>
> Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
>
> Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> ---
> examples/ipsec-secgw/ipsec-secgw.c | 29 +++++++++++++++--------------
> 1 file changed, 15 insertions(+), 14 deletions(-)
>
> diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-
> secgw/ipsec-secgw.c
> index fafb41161..5d7071657 100644
> --- a/examples/ipsec-secgw/ipsec-secgw.c
> +++ b/examples/ipsec-secgw/ipsec-secgw.c
> @@ -972,20 +972,19 @@ print_usage(const char *prgname) }
>
> static int32_t
> -parse_portmask(const char *portmask)
> +parse_portmask(const char *portmask, uint32_t *pmv)
> {
> - char *end = NULL;
> + char *end;
> unsigned long pm;
>
> /* parse hexadecimal string */
> + errno = 0;
> pm = strtoul(portmask, &end, 16);
> - if ((portmask[0] == '\0') || (end == NULL) || (*end != '\0'))
> + if (errno != 0 || *end != '\0' || pm > UINT32_MAX)
> return -1;
>
> - if ((pm == 0) && errno)
> - return -1;
> -
> - return pm;
> + *pmv = pm;
> + return 0;
> }
>
> static int32_t
> @@ -1063,6 +1062,7 @@ parse_args(int32_t argc, char **argv)
> int32_t opt, ret;
> char **argvopt;
> int32_t option_index;
> + uint32_t v;
The variable "v" seems a bit cryptic to me, how about "pmv" or "mask_val" or "value"?
> char *prgname = argv[0];
> int32_t f_present = 0;
>
> @@ -1073,8 +1073,8 @@ parse_args(int32_t argc, char **argv)
>
> switch (opt) {
> case 'p':
> - enabled_port_mask = parse_portmask(optarg);
> - if (enabled_port_mask == 0) {
> + ret = parse_portmask(optarg, &enabled_port_mask);
> + if (ret < 0 || enabled_port_mask == 0) {
> printf("invalid portmask\n");
> print_usage(prgname);
> return -1;
> @@ -1085,8 +1085,8 @@ parse_args(int32_t argc, char **argv)
> promiscuous_on = 1;
> break;
> case 'u':
> - unprotected_port_mask = parse_portmask(optarg);
> - if (unprotected_port_mask == 0) {
> + ret = parse_portmask(optarg,
> &unprotected_port_mask);
> + if (ret < 0) {
> printf("invalid unprotected portmask\n");
> print_usage(prgname);
> return -1;
> @@ -1147,15 +1147,16 @@ parse_args(int32_t argc, char **argv)
> single_sa_idx);
> break;
> case CMD_LINE_OPT_CRYPTODEV_MASK_NUM:
> - ret = parse_portmask(optarg);
> + ret = parse_portmask(optarg, &v);
> if (ret == -1) {
> - printf("Invalid argument[portmask]\n");
> + printf("Invalid argument[%s]\n",
> + CMD_LINE_OPT_CRYPTODEV_MASK);
> print_usage(prgname);
> return -1;
> }
>
> /* else */
> - enabled_cryptodev_mask = ret;
> + enabled_cryptodev_mask = v;
> break;
> default:
> print_usage(prgname);
> --
> 2.13.6
Regards,
Bernard.
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [dpdk-dev] [PATCH 1/2] examples/ipsec-secgw: fix bypass rule processing for outbound port
2018-06-05 14:16 [dpdk-dev] [PATCH 1/2] examples/ipsec-secgw: fix bypass rule processing for outbound port Konstantin Ananyev
2018-06-05 14:16 ` [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing Konstantin Ananyev
@ 2018-06-21 13:25 ` Akhil Goyal
2018-07-24 16:30 ` De Lara Guarch, Pablo
1 sibling, 1 reply; 16+ messages in thread
From: Akhil Goyal @ 2018-06-21 13:25 UTC (permalink / raw)
To: Konstantin Ananyev, dev; +Cc: radu.nicolau
On 6/5/2018 7:46 PM, Konstantin Ananyev wrote:
> For outbound ports BYPASS rule is erroneously treated as PROTECT one
> with SA idx zero.
>
> Fixes: 2a5106af132b ("examples/ipsec-secgw: fix corner case for SPI value")
>
> Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> ---
>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
2018-06-05 14:16 ` [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing Konstantin Ananyev
2018-06-05 15:36 ` Iremonger, Bernard
@ 2018-06-21 13:48 ` Akhil Goyal
2018-06-21 15:02 ` Ananyev, Konstantin
1 sibling, 1 reply; 16+ messages in thread
From: Akhil Goyal @ 2018-06-21 13:48 UTC (permalink / raw)
To: Konstantin Ananyev, dev; +Cc: radu.nicolau
Hi Konstantin,
On 6/5/2018 7:46 PM, Konstantin Ananyev wrote:
> parse_portmask() returns both portmask value and possible error code
> as 32-bit integer. That causes some confusion for callers.
> Split error code and portmask value into two distinct variables.
> Also allows to run the app with unprotected_port_mask == 0.
This would also allow cryptodev_mask == 0 to work well which should not be the case.
>
> Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
>
> Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> ---
> examples/ipsec-secgw/ipsec-secgw.c | 29 +++++++++++++++--------------
> 1 file changed, 15 insertions(+), 14 deletions(-)
>
> diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
> index fafb41161..5d7071657 100644
> --- a/examples/ipsec-secgw/ipsec-secgw.c
> +++ b/examples/ipsec-secgw/ipsec-secgw.c
> @@ -972,20 +972,19 @@ print_usage(const char *prgname)
> }
>
> static int32_t
> -parse_portmask(const char *portmask)
> +parse_portmask(const char *portmask, uint32_t *pmv)
> {
> - char *end = NULL;
> + char *end;
> unsigned long pm;
>
> /* parse hexadecimal string */
> + errno = 0;
> pm = strtoul(portmask, &end, 16);
> - if ((portmask[0] == '\0') || (end == NULL) || (*end != '\0'))
> + if (errno != 0 || *end != '\0' || pm > UINT32_MAX)
> return -1;
>
> - if ((pm == 0) && errno)
> - return -1;
> -
> - return pm;
> + *pmv = pm;
> + return 0;
> }
>
> static int32_t
> @@ -1063,6 +1062,7 @@ parse_args(int32_t argc, char **argv)
> int32_t opt, ret;
> char **argvopt;
> int32_t option_index;
> + uint32_t v;
> char *prgname = argv[0];
> int32_t f_present = 0;
>
> @@ -1073,8 +1073,8 @@ parse_args(int32_t argc, char **argv)
>
> switch (opt) {
> case 'p':
> - enabled_port_mask = parse_portmask(optarg);
> - if (enabled_port_mask == 0) {
> + ret = parse_portmask(optarg, &enabled_port_mask);
> + if (ret < 0 || enabled_port_mask == 0) {
> printf("invalid portmask\n");
> print_usage(prgname);
> return -1;
> @@ -1085,8 +1085,8 @@ parse_args(int32_t argc, char **argv)
> promiscuous_on = 1;
> break;
> case 'u':
> - unprotected_port_mask = parse_portmask(optarg);
> - if (unprotected_port_mask == 0) {
> + ret = parse_portmask(optarg, &unprotected_port_mask);
> + if (ret < 0) {
> printf("invalid unprotected portmask\n");
> print_usage(prgname);
> return -1;
> @@ -1147,15 +1147,16 @@ parse_args(int32_t argc, char **argv)
> single_sa_idx);
> break;
> case CMD_LINE_OPT_CRYPTODEV_MASK_NUM:
> - ret = parse_portmask(optarg);
> + ret = parse_portmask(optarg, &v);
I think there is no need for v, enabled_cryptodev_mask can be used instead.
> if (ret == -1) {
enabled_cryptodev_mask should not be 0 and should be checked here.
-Akhil
> - printf("Invalid argument[portmask]\n");
> + printf("Invalid argument[%s]\n",
> + CMD_LINE_OPT_CRYPTODEV_MASK);
> print_usage(prgname);
> return -1;
> }
>
> /* else */
> - enabled_cryptodev_mask = ret;
> + enabled_cryptodev_mask = v;
> break;
> default:
> print_usage(prgname);
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
2018-06-21 13:48 ` Akhil Goyal
@ 2018-06-21 15:02 ` Ananyev, Konstantin
2018-06-22 10:00 ` Akhil Goyal
0 siblings, 1 reply; 16+ messages in thread
From: Ananyev, Konstantin @ 2018-06-21 15:02 UTC (permalink / raw)
To: Akhil Goyal, dev; +Cc: Nicolau, Radu
Hi Akhil,
> -----Original Message-----
> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> Sent: Thursday, June 21, 2018 2:49 PM
> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>; dev@dpdk.org
> Cc: Nicolau, Radu <radu.nicolau@intel.com>
> Subject: Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
>
> Hi Konstantin,
>
> On 6/5/2018 7:46 PM, Konstantin Ananyev wrote:
> > parse_portmask() returns both portmask value and possible error code
> > as 32-bit integer. That causes some confusion for callers.
> > Split error code and portmask value into two distinct variables.
> > Also allows to run the app with unprotected_port_mask == 0.
>
> This would also allow cryptodev_mask == 0 to work well which should not be the case.
>
> >
> > Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
> >
> > Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> > ---
> > examples/ipsec-secgw/ipsec-secgw.c | 29 +++++++++++++++--------------
> > 1 file changed, 15 insertions(+), 14 deletions(-)
> >
> > diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
> > index fafb41161..5d7071657 100644
> > --- a/examples/ipsec-secgw/ipsec-secgw.c
> > +++ b/examples/ipsec-secgw/ipsec-secgw.c
> > @@ -972,20 +972,19 @@ print_usage(const char *prgname)
> > }
> >
> > static int32_t
> > -parse_portmask(const char *portmask)
> > +parse_portmask(const char *portmask, uint32_t *pmv)
> > {
> > - char *end = NULL;
> > + char *end;
> > unsigned long pm;
> >
> > /* parse hexadecimal string */
> > + errno = 0;
> > pm = strtoul(portmask, &end, 16);
> > - if ((portmask[0] == '\0') || (end == NULL) || (*end != '\0'))
> > + if (errno != 0 || *end != '\0' || pm > UINT32_MAX)
> > return -1;
> >
> > - if ((pm == 0) && errno)
> > - return -1;
> > -
> > - return pm;
> > + *pmv = pm;
> > + return 0;
> > }
> >
> > static int32_t
> > @@ -1063,6 +1062,7 @@ parse_args(int32_t argc, char **argv)
> > int32_t opt, ret;
> > char **argvopt;
> > int32_t option_index;
> > + uint32_t v;
> > char *prgname = argv[0];
> > int32_t f_present = 0;
> >
> > @@ -1073,8 +1073,8 @@ parse_args(int32_t argc, char **argv)
> >
> > switch (opt) {
> > case 'p':
> > - enabled_port_mask = parse_portmask(optarg);
> > - if (enabled_port_mask == 0) {
> > + ret = parse_portmask(optarg, &enabled_port_mask);
> > + if (ret < 0 || enabled_port_mask == 0) {
> > printf("invalid portmask\n");
> > print_usage(prgname);
> > return -1;
> > @@ -1085,8 +1085,8 @@ parse_args(int32_t argc, char **argv)
> > promiscuous_on = 1;
> > break;
> > case 'u':
> > - unprotected_port_mask = parse_portmask(optarg);
> > - if (unprotected_port_mask == 0) {
> > + ret = parse_portmask(optarg, &unprotected_port_mask);
> > + if (ret < 0) {
> > printf("invalid unprotected portmask\n");
> > print_usage(prgname);
> > return -1;
> > @@ -1147,15 +1147,16 @@ parse_args(int32_t argc, char **argv)
> > single_sa_idx);
> > break;
> > case CMD_LINE_OPT_CRYPTODEV_MASK_NUM:
> > - ret = parse_portmask(optarg);
> > + ret = parse_portmask(optarg, &v);
>
> I think there is no need for v, enabled_cryptodev_mask can be used instead.
Right now - it can't as enabled_cryptodevmask is uint64_t.
To do what you suggesting we have either downgrade enabled_cryptodevmask 32-bits,
or upgrade enabled_port_mask to 64-bit and change parse_portmask() to accept 64-bit parameter.
>
> > if (ret == -1) {
>
> enabled_cryptodev_mask should not be 0 and should be checked here.
Could you explain a bit more why enabled_cryptodevmask==0 is not allowed?
Konstantin
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
2018-06-21 15:02 ` Ananyev, Konstantin
@ 2018-06-22 10:00 ` Akhil Goyal
2018-06-22 10:10 ` Ananyev, Konstantin
0 siblings, 1 reply; 16+ messages in thread
From: Akhil Goyal @ 2018-06-22 10:00 UTC (permalink / raw)
To: Ananyev, Konstantin, dev; +Cc: Nicolau, Radu
Hi Konstantin,
On 6/21/2018 8:32 PM, Ananyev, Konstantin wrote:
> Hi Akhil,
>
>> -----Original Message-----
>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
>> Sent: Thursday, June 21, 2018 2:49 PM
>> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>; dev@dpdk.org
>> Cc: Nicolau, Radu <radu.nicolau@intel.com>
>> Subject: Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
>>
>> Hi Konstantin,
>>
>> On 6/5/2018 7:46 PM, Konstantin Ananyev wrote:
>>> parse_portmask() returns both portmask value and possible error code
>>> as 32-bit integer. That causes some confusion for callers.
>>> Split error code and portmask value into two distinct variables.
>>> Also allows to run the app with unprotected_port_mask == 0.
>> This would also allow cryptodev_mask == 0 to work well which should not be the case.
>>
>>> Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
>>>
>>> Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
>>> ---
>>> examples/ipsec-secgw/ipsec-secgw.c | 29 +++++++++++++++--------------
>>> 1 file changed, 15 insertions(+), 14 deletions(-)
>>>
>>> diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
>>> index fafb41161..5d7071657 100644
>>> --- a/examples/ipsec-secgw/ipsec-secgw.c
>>> +++ b/examples/ipsec-secgw/ipsec-secgw.c
>>> @@ -972,20 +972,19 @@ print_usage(const char *prgname)
>>> }
>>>
>>> static int32_t
>>> -parse_portmask(const char *portmask)
>>> +parse_portmask(const char *portmask, uint32_t *pmv)
>>> {
>>> - char *end = NULL;
>>> + char *end;
>>> unsigned long pm;
>>>
>>> /* parse hexadecimal string */
>>> + errno = 0;
>>> pm = strtoul(portmask, &end, 16);
>>> - if ((portmask[0] == '\0') || (end == NULL) || (*end != '\0'))
>>> + if (errno != 0 || *end != '\0' || pm > UINT32_MAX)
>>> return -1;
>>>
>>> - if ((pm == 0) && errno)
>>> - return -1;
>>> -
>>> - return pm;
>>> + *pmv = pm;
>>> + return 0;
>>> }
>>>
>>> static int32_t
>>> @@ -1063,6 +1062,7 @@ parse_args(int32_t argc, char **argv)
>>> int32_t opt, ret;
>>> char **argvopt;
>>> int32_t option_index;
>>> + uint32_t v;
>>> char *prgname = argv[0];
>>> int32_t f_present = 0;
>>>
>>> @@ -1073,8 +1073,8 @@ parse_args(int32_t argc, char **argv)
>>>
>>> switch (opt) {
>>> case 'p':
>>> - enabled_port_mask = parse_portmask(optarg);
>>> - if (enabled_port_mask == 0) {
>>> + ret = parse_portmask(optarg, &enabled_port_mask);
>>> + if (ret < 0 || enabled_port_mask == 0) {
>>> printf("invalid portmask\n");
>>> print_usage(prgname);
>>> return -1;
>>> @@ -1085,8 +1085,8 @@ parse_args(int32_t argc, char **argv)
>>> promiscuous_on = 1;
>>> break;
>>> case 'u':
>>> - unprotected_port_mask = parse_portmask(optarg);
>>> - if (unprotected_port_mask == 0) {
>>> + ret = parse_portmask(optarg, &unprotected_port_mask);
>>> + if (ret < 0) {
>>> printf("invalid unprotected portmask\n");
>>> print_usage(prgname);
>>> return -1;
>>> @@ -1147,15 +1147,16 @@ parse_args(int32_t argc, char **argv)
>>> single_sa_idx);
>>> break;
>>> case CMD_LINE_OPT_CRYPTODEV_MASK_NUM:
>>> - ret = parse_portmask(optarg);
>>> + ret = parse_portmask(optarg, &v);
>> I think there is no need for v, enabled_cryptodev_mask can be used instead.
> Right now - it can't as enabled_cryptodevmask is uint64_t.
> To do what you suggesting we have either downgrade enabled_cryptodevmask 32-bits,
> or upgrade enabled_port_mask to 64-bit and change parse_portmask() to accept 64-bit parameter.
I am ok with any of the case.
>
>>> if (ret == -1) {
>> enabled_cryptodev_mask should not be 0 and should be checked here.
> Could you explain a bit more why enabled_cryptodevmask==0 is not allowed?
By default, the value of enabled_cryptodevmask is UINT64_MAX, which means all crypto
devices are enabled, and if it is marked as 0, then all get disabled which is not
correct as we need atleast 1 crypto device in ipsec application. So if the user doesn't
want to give the cryptodev_mask then he may skip that parameter, but if it is giving,
then it cannot be 0.
>
> Konstantin
>
>
-Akhil
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
2018-06-22 10:00 ` Akhil Goyal
@ 2018-06-22 10:10 ` Ananyev, Konstantin
2018-06-22 10:40 ` Akhil Goyal
0 siblings, 1 reply; 16+ messages in thread
From: Ananyev, Konstantin @ 2018-06-22 10:10 UTC (permalink / raw)
To: Akhil Goyal, dev; +Cc: Nicolau, Radu
> -----Original Message-----
> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> Sent: Friday, June 22, 2018 11:01 AM
> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>; dev@dpdk.org
> Cc: Nicolau, Radu <radu.nicolau@intel.com>
> Subject: Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
>
> Hi Konstantin,
>
> On 6/21/2018 8:32 PM, Ananyev, Konstantin wrote:
>
> > Hi Akhil,
> >
> >> -----Original Message-----
> >> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> >> Sent: Thursday, June 21, 2018 2:49 PM
> >> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>; dev@dpdk.org
> >> Cc: Nicolau, Radu <radu.nicolau@intel.com>
> >> Subject: Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
> >>
> >> Hi Konstantin,
> >>
> >> On 6/5/2018 7:46 PM, Konstantin Ananyev wrote:
> >>> parse_portmask() returns both portmask value and possible error code
> >>> as 32-bit integer. That causes some confusion for callers.
> >>> Split error code and portmask value into two distinct variables.
> >>> Also allows to run the app with unprotected_port_mask == 0.
> >> This would also allow cryptodev_mask == 0 to work well which should not be the case.
> >>
> >>> Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
> >>>
> >>> Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> >>> ---
> >>> examples/ipsec-secgw/ipsec-secgw.c | 29 +++++++++++++++--------------
> >>> 1 file changed, 15 insertions(+), 14 deletions(-)
> >>>
> >>> diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
> >>> index fafb41161..5d7071657 100644
> >>> --- a/examples/ipsec-secgw/ipsec-secgw.c
> >>> +++ b/examples/ipsec-secgw/ipsec-secgw.c
> >>> @@ -972,20 +972,19 @@ print_usage(const char *prgname)
> >>> }
> >>>
> >>> static int32_t
> >>> -parse_portmask(const char *portmask)
> >>> +parse_portmask(const char *portmask, uint32_t *pmv)
> >>> {
> >>> - char *end = NULL;
> >>> + char *end;
> >>> unsigned long pm;
> >>>
> >>> /* parse hexadecimal string */
> >>> + errno = 0;
> >>> pm = strtoul(portmask, &end, 16);
> >>> - if ((portmask[0] == '\0') || (end == NULL) || (*end != '\0'))
> >>> + if (errno != 0 || *end != '\0' || pm > UINT32_MAX)
> >>> return -1;
> >>>
> >>> - if ((pm == 0) && errno)
> >>> - return -1;
> >>> -
> >>> - return pm;
> >>> + *pmv = pm;
> >>> + return 0;
> >>> }
> >>>
> >>> static int32_t
> >>> @@ -1063,6 +1062,7 @@ parse_args(int32_t argc, char **argv)
> >>> int32_t opt, ret;
> >>> char **argvopt;
> >>> int32_t option_index;
> >>> + uint32_t v;
> >>> char *prgname = argv[0];
> >>> int32_t f_present = 0;
> >>>
> >>> @@ -1073,8 +1073,8 @@ parse_args(int32_t argc, char **argv)
> >>>
> >>> switch (opt) {
> >>> case 'p':
> >>> - enabled_port_mask = parse_portmask(optarg);
> >>> - if (enabled_port_mask == 0) {
> >>> + ret = parse_portmask(optarg, &enabled_port_mask);
> >>> + if (ret < 0 || enabled_port_mask == 0) {
> >>> printf("invalid portmask\n");
> >>> print_usage(prgname);
> >>> return -1;
> >>> @@ -1085,8 +1085,8 @@ parse_args(int32_t argc, char **argv)
> >>> promiscuous_on = 1;
> >>> break;
> >>> case 'u':
> >>> - unprotected_port_mask = parse_portmask(optarg);
> >>> - if (unprotected_port_mask == 0) {
> >>> + ret = parse_portmask(optarg, &unprotected_port_mask);
> >>> + if (ret < 0) {
> >>> printf("invalid unprotected portmask\n");
> >>> print_usage(prgname);
> >>> return -1;
> >>> @@ -1147,15 +1147,16 @@ parse_args(int32_t argc, char **argv)
> >>> single_sa_idx);
> >>> break;
> >>> case CMD_LINE_OPT_CRYPTODEV_MASK_NUM:
> >>> - ret = parse_portmask(optarg);
> >>> + ret = parse_portmask(optarg, &v);
> >> I think there is no need for v, enabled_cryptodev_mask can be used instead.
> > Right now - it can't as enabled_cryptodevmask is uint64_t.
> > To do what you suggesting we have either downgrade enabled_cryptodevmask 32-bits,
> > or upgrade enabled_port_mask to 64-bit and change parse_portmask() to accept 64-bit parameter.
>
> I am ok with any of the case.
>
> >
> >>> if (ret == -1) {
> >> enabled_cryptodev_mask should not be 0 and should be checked here.
> > Could you explain a bit more why enabled_cryptodevmask==0 is not allowed?
>
> By default, the value of enabled_cryptodevmask is UINT64_MAX, which means all crypto
> devices are enabled, and if it is marked as 0, then all get disabled which is not
> correct as we need atleast 1 crypto device in ipsec application.
Might be user would like to run app with inline ipsec only,
or have app to work in bypass mode only (no encrypt/decrypt) at all.
Why that should be considered as a problem?
Konstantin
> So if the user doesn't
> want to give the cryptodev_mask then he may skip that parameter, but if it is giving,
> then it cannot be 0.
>
> >
> > Konstantin
> >
> >
> -Akhil
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
2018-06-22 10:10 ` Ananyev, Konstantin
@ 2018-06-22 10:40 ` Akhil Goyal
2018-06-22 11:51 ` Ananyev, Konstantin
0 siblings, 1 reply; 16+ messages in thread
From: Akhil Goyal @ 2018-06-22 10:40 UTC (permalink / raw)
To: Ananyev, Konstantin, dev; +Cc: Nicolau, Radu
On 6/22/2018 3:40 PM, Ananyev, Konstantin wrote:
>
>> -----Original Message-----
>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
>> Sent: Friday, June 22, 2018 11:01 AM
>> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>; dev@dpdk.org
>> Cc: Nicolau, Radu <radu.nicolau@intel.com>
>> Subject: Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
>>
>> Hi Konstantin,
>>
>> On 6/21/2018 8:32 PM, Ananyev, Konstantin wrote:
>>
>>> Hi Akhil,
>>>
>>>> -----Original Message-----
>>>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
>>>> Sent: Thursday, June 21, 2018 2:49 PM
>>>> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>; dev@dpdk.org
>>>> Cc: Nicolau, Radu <radu.nicolau@intel.com>
>>>> Subject: Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
>>>>
>>>> Hi Konstantin,
>>>>
>>>> On 6/5/2018 7:46 PM, Konstantin Ananyev wrote:
>>>>> parse_portmask() returns both portmask value and possible error code
>>>>> as 32-bit integer. That causes some confusion for callers.
>>>>> Split error code and portmask value into two distinct variables.
>>>>> Also allows to run the app with unprotected_port_mask == 0.
>>>> This would also allow cryptodev_mask == 0 to work well which should not be the case.
>>>>
>>>>> Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
>>>>>
>>>>> Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
>>>>> ---
>>>>> examples/ipsec-secgw/ipsec-secgw.c | 29 +++++++++++++++--------------
>>>>> 1 file changed, 15 insertions(+), 14 deletions(-)
>>>>>
>>>>> diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
>>>>> index fafb41161..5d7071657 100644
>>>>> --- a/examples/ipsec-secgw/ipsec-secgw.c
>>>>> +++ b/examples/ipsec-secgw/ipsec-secgw.c
>>>>> @@ -972,20 +972,19 @@ print_usage(const char *prgname)
>>>>> }
>>>>>
>>>>> static int32_t
>>>>> -parse_portmask(const char *portmask)
>>>>> +parse_portmask(const char *portmask, uint32_t *pmv)
>>>>> {
>>>>> - char *end = NULL;
>>>>> + char *end;
>>>>> unsigned long pm;
>>>>>
>>>>> /* parse hexadecimal string */
>>>>> + errno = 0;
>>>>> pm = strtoul(portmask, &end, 16);
>>>>> - if ((portmask[0] == '\0') || (end == NULL) || (*end != '\0'))
>>>>> + if (errno != 0 || *end != '\0' || pm > UINT32_MAX)
>>>>> return -1;
>>>>>
>>>>> - if ((pm == 0) && errno)
>>>>> - return -1;
>>>>> -
>>>>> - return pm;
>>>>> + *pmv = pm;
>>>>> + return 0;
>>>>> }
>>>>>
>>>>> static int32_t
>>>>> @@ -1063,6 +1062,7 @@ parse_args(int32_t argc, char **argv)
>>>>> int32_t opt, ret;
>>>>> char **argvopt;
>>>>> int32_t option_index;
>>>>> + uint32_t v;
>>>>> char *prgname = argv[0];
>>>>> int32_t f_present = 0;
>>>>>
>>>>> @@ -1073,8 +1073,8 @@ parse_args(int32_t argc, char **argv)
>>>>>
>>>>> switch (opt) {
>>>>> case 'p':
>>>>> - enabled_port_mask = parse_portmask(optarg);
>>>>> - if (enabled_port_mask == 0) {
>>>>> + ret = parse_portmask(optarg, &enabled_port_mask);
>>>>> + if (ret < 0 || enabled_port_mask == 0) {
>>>>> printf("invalid portmask\n");
>>>>> print_usage(prgname);
>>>>> return -1;
>>>>> @@ -1085,8 +1085,8 @@ parse_args(int32_t argc, char **argv)
>>>>> promiscuous_on = 1;
>>>>> break;
>>>>> case 'u':
>>>>> - unprotected_port_mask = parse_portmask(optarg);
>>>>> - if (unprotected_port_mask == 0) {
>>>>> + ret = parse_portmask(optarg, &unprotected_port_mask);
>>>>> + if (ret < 0) {
>>>>> printf("invalid unprotected portmask\n");
>>>>> print_usage(prgname);
>>>>> return -1;
>>>>> @@ -1147,15 +1147,16 @@ parse_args(int32_t argc, char **argv)
>>>>> single_sa_idx);
>>>>> break;
>>>>> case CMD_LINE_OPT_CRYPTODEV_MASK_NUM:
>>>>> - ret = parse_portmask(optarg);
>>>>> + ret = parse_portmask(optarg, &v);
>>>> I think there is no need for v, enabled_cryptodev_mask can be used instead.
>>> Right now - it can't as enabled_cryptodevmask is uint64_t.
>>> To do what you suggesting we have either downgrade enabled_cryptodevmask 32-bits,
>>> or upgrade enabled_port_mask to 64-bit and change parse_portmask() to accept 64-bit parameter.
>> I am ok with any of the case.
>>
>>>>> if (ret == -1) {
>>>> enabled_cryptodev_mask should not be 0 and should be checked here.
>>> Could you explain a bit more why enabled_cryptodevmask==0 is not allowed?
>> By default, the value of enabled_cryptodevmask is UINT64_MAX, which means all crypto
>> devices are enabled, and if it is marked as 0, then all get disabled which is not
>> correct as we need atleast 1 crypto device in ipsec application.
> Might be user would like to run app with inline ipsec only,
> or have app to work in bypass mode only (no encrypt/decrypt) at all.
> Why that should be considered as a problem?
> Konstantin
Agreed with your point. But in case of inline ipsec, user may not be initializing the crypto device either.
So the cryptodev_mask option would be redundant in that case and it may not give that parameter.
-Akhil
>> So if the user doesn't
>> want to give the cryptodev_mask then he may skip that parameter, but if it is giving,
>> then it cannot be 0.
>>
>>> Konstantin
>>>
>>>
>> -Akhil
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
2018-06-22 10:40 ` Akhil Goyal
@ 2018-06-22 11:51 ` Ananyev, Konstantin
2018-07-05 9:03 ` Akhil Goyal
0 siblings, 1 reply; 16+ messages in thread
From: Ananyev, Konstantin @ 2018-06-22 11:51 UTC (permalink / raw)
To: Akhil Goyal, dev; +Cc: Nicolau, Radu
> -----Original Message-----
> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> Sent: Friday, June 22, 2018 11:41 AM
> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>; dev@dpdk.org
> Cc: Nicolau, Radu <radu.nicolau@intel.com>
> Subject: Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
>
>
>
> On 6/22/2018 3:40 PM, Ananyev, Konstantin wrote:
> >
> >> -----Original Message-----
> >> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> >> Sent: Friday, June 22, 2018 11:01 AM
> >> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>; dev@dpdk.org
> >> Cc: Nicolau, Radu <radu.nicolau@intel.com>
> >> Subject: Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
> >>
> >> Hi Konstantin,
> >>
> >> On 6/21/2018 8:32 PM, Ananyev, Konstantin wrote:
> >>
> >>> Hi Akhil,
> >>>
> >>>> -----Original Message-----
> >>>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> >>>> Sent: Thursday, June 21, 2018 2:49 PM
> >>>> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>; dev@dpdk.org
> >>>> Cc: Nicolau, Radu <radu.nicolau@intel.com>
> >>>> Subject: Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
> >>>>
> >>>> Hi Konstantin,
> >>>>
> >>>> On 6/5/2018 7:46 PM, Konstantin Ananyev wrote:
> >>>>> parse_portmask() returns both portmask value and possible error code
> >>>>> as 32-bit integer. That causes some confusion for callers.
> >>>>> Split error code and portmask value into two distinct variables.
> >>>>> Also allows to run the app with unprotected_port_mask == 0.
> >>>> This would also allow cryptodev_mask == 0 to work well which should not be the case.
> >>>>
> >>>>> Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
> >>>>>
> >>>>> Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> >>>>> ---
> >>>>> examples/ipsec-secgw/ipsec-secgw.c | 29 +++++++++++++++--------------
> >>>>> 1 file changed, 15 insertions(+), 14 deletions(-)
> >>>>>
> >>>>> diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
> >>>>> index fafb41161..5d7071657 100644
> >>>>> --- a/examples/ipsec-secgw/ipsec-secgw.c
> >>>>> +++ b/examples/ipsec-secgw/ipsec-secgw.c
> >>>>> @@ -972,20 +972,19 @@ print_usage(const char *prgname)
> >>>>> }
> >>>>>
> >>>>> static int32_t
> >>>>> -parse_portmask(const char *portmask)
> >>>>> +parse_portmask(const char *portmask, uint32_t *pmv)
> >>>>> {
> >>>>> - char *end = NULL;
> >>>>> + char *end;
> >>>>> unsigned long pm;
> >>>>>
> >>>>> /* parse hexadecimal string */
> >>>>> + errno = 0;
> >>>>> pm = strtoul(portmask, &end, 16);
> >>>>> - if ((portmask[0] == '\0') || (end == NULL) || (*end != '\0'))
> >>>>> + if (errno != 0 || *end != '\0' || pm > UINT32_MAX)
> >>>>> return -1;
> >>>>>
> >>>>> - if ((pm == 0) && errno)
> >>>>> - return -1;
> >>>>> -
> >>>>> - return pm;
> >>>>> + *pmv = pm;
> >>>>> + return 0;
> >>>>> }
> >>>>>
> >>>>> static int32_t
> >>>>> @@ -1063,6 +1062,7 @@ parse_args(int32_t argc, char **argv)
> >>>>> int32_t opt, ret;
> >>>>> char **argvopt;
> >>>>> int32_t option_index;
> >>>>> + uint32_t v;
> >>>>> char *prgname = argv[0];
> >>>>> int32_t f_present = 0;
> >>>>>
> >>>>> @@ -1073,8 +1073,8 @@ parse_args(int32_t argc, char **argv)
> >>>>>
> >>>>> switch (opt) {
> >>>>> case 'p':
> >>>>> - enabled_port_mask = parse_portmask(optarg);
> >>>>> - if (enabled_port_mask == 0) {
> >>>>> + ret = parse_portmask(optarg, &enabled_port_mask);
> >>>>> + if (ret < 0 || enabled_port_mask == 0) {
> >>>>> printf("invalid portmask\n");
> >>>>> print_usage(prgname);
> >>>>> return -1;
> >>>>> @@ -1085,8 +1085,8 @@ parse_args(int32_t argc, char **argv)
> >>>>> promiscuous_on = 1;
> >>>>> break;
> >>>>> case 'u':
> >>>>> - unprotected_port_mask = parse_portmask(optarg);
> >>>>> - if (unprotected_port_mask == 0) {
> >>>>> + ret = parse_portmask(optarg, &unprotected_port_mask);
> >>>>> + if (ret < 0) {
> >>>>> printf("invalid unprotected portmask\n");
> >>>>> print_usage(prgname);
> >>>>> return -1;
> >>>>> @@ -1147,15 +1147,16 @@ parse_args(int32_t argc, char **argv)
> >>>>> single_sa_idx);
> >>>>> break;
> >>>>> case CMD_LINE_OPT_CRYPTODEV_MASK_NUM:
> >>>>> - ret = parse_portmask(optarg);
> >>>>> + ret = parse_portmask(optarg, &v);
> >>>> I think there is no need for v, enabled_cryptodev_mask can be used instead.
> >>> Right now - it can't as enabled_cryptodevmask is uint64_t.
> >>> To do what you suggesting we have either downgrade enabled_cryptodevmask 32-bits,
> >>> or upgrade enabled_port_mask to 64-bit and change parse_portmask() to accept 64-bit parameter.
> >> I am ok with any of the case.
> >>
> >>>>> if (ret == -1) {
> >>>> enabled_cryptodev_mask should not be 0 and should be checked here.
> >>> Could you explain a bit more why enabled_cryptodevmask==0 is not allowed?
> >> By default, the value of enabled_cryptodevmask is UINT64_MAX, which means all crypto
> >> devices are enabled, and if it is marked as 0, then all get disabled which is not
> >> correct as we need atleast 1 crypto device in ipsec application.
> > Might be user would like to run app with inline ipsec only,
> > or have app to work in bypass mode only (no encrypt/decrypt) at all.
> > Why that should be considered as a problem?
> > Konstantin
>
> Agreed with your point. But in case of inline ipsec, user may not be initializing the crypto device either.
>
> So the cryptodev_mask option would be redundant in that case and it may not give that parameter.
It is still not clear to me why you'd like to prohibit cryptodev_mask==0?
Would anything will be broken?
Konstantin
>
> -Akhil
>
> >> So if the user doesn't
> >> want to give the cryptodev_mask then he may skip that parameter, but if it is giving,
> >> then it cannot be 0.
> >>
> >>> Konstantin
> >>>
> >>>
> >> -Akhil
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
2018-06-22 11:51 ` Ananyev, Konstantin
@ 2018-07-05 9:03 ` Akhil Goyal
2018-07-24 8:48 ` De Lara Guarch, Pablo
2018-07-24 12:37 ` Ananyev, Konstantin
0 siblings, 2 replies; 16+ messages in thread
From: Akhil Goyal @ 2018-07-05 9:03 UTC (permalink / raw)
To: Ananyev, Konstantin, dev; +Cc: Nicolau, Radu
Hi Konstantin,
On 6/22/2018 5:21 PM, Ananyev, Konstantin wrote:
>
>> -----Original Message-----
>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
>> Sent: Friday, June 22, 2018 11:41 AM
>> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>; dev@dpdk.org
>> Cc: Nicolau, Radu <radu.nicolau@intel.com>
>> Subject: Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
>>
>>
>>
>> On 6/22/2018 3:40 PM, Ananyev, Konstantin wrote:
>>>> -----Original Message-----
>>>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
>>>> Sent: Friday, June 22, 2018 11:01 AM
>>>> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>; dev@dpdk.org
>>>> Cc: Nicolau, Radu <radu.nicolau@intel.com>
>>>> Subject: Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
>>>>
>>>> Hi Konstantin,
>>>>
>>>> On 6/21/2018 8:32 PM, Ananyev, Konstantin wrote:
>>>>
>>>>> Hi Akhil,
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
>>>>>> Sent: Thursday, June 21, 2018 2:49 PM
>>>>>> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>; dev@dpdk.org
>>>>>> Cc: Nicolau, Radu <radu.nicolau@intel.com>
>>>>>> Subject: Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
>>>>>>
>>>>>> Hi Konstantin,
>>>>>>
>>>>>> On 6/5/2018 7:46 PM, Konstantin Ananyev wrote:
>>>>>>> parse_portmask() returns both portmask value and possible error code
>>>>>>> as 32-bit integer. That causes some confusion for callers.
>>>>>>> Split error code and portmask value into two distinct variables.
>>>>>>> Also allows to run the app with unprotected_port_mask == 0.
>>>>>> This would also allow cryptodev_mask == 0 to work well which should not be the case.
>>>>>>
>>>>>>> Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
>>>>>>>
>>>>>>> Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
>>>>>>> ---
>>>>>>> examples/ipsec-secgw/ipsec-secgw.c | 29 +++++++++++++++--------------
>>>>>>> 1 file changed, 15 insertions(+), 14 deletions(-)
>>>>>>>
>>>>>>> diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
>>>>>>> index fafb41161..5d7071657 100644
>>>>>>> --- a/examples/ipsec-secgw/ipsec-secgw.c
>>>>>>> +++ b/examples/ipsec-secgw/ipsec-secgw.c
>>>>>>> @@ -972,20 +972,19 @@ print_usage(const char *prgname)
>>>>>>> }
>>>>>>>
>>>>>>> static int32_t
>>>>>>> -parse_portmask(const char *portmask)
>>>>>>> +parse_portmask(const char *portmask, uint32_t *pmv)
>>>>>>> {
>>>>>>> - char *end = NULL;
>>>>>>> + char *end;
>>>>>>> unsigned long pm;
>>>>>>>
>>>>>>> /* parse hexadecimal string */
>>>>>>> + errno = 0;
>>>>>>> pm = strtoul(portmask, &end, 16);
>>>>>>> - if ((portmask[0] == '\0') || (end == NULL) || (*end != '\0'))
>>>>>>> + if (errno != 0 || *end != '\0' || pm > UINT32_MAX)
>>>>>>> return -1;
>>>>>>>
>>>>>>> - if ((pm == 0) && errno)
>>>>>>> - return -1;
>>>>>>> -
>>>>>>> - return pm;
>>>>>>> + *pmv = pm;
>>>>>>> + return 0;
>>>>>>> }
>>>>>>>
>>>>>>> static int32_t
>>>>>>> @@ -1063,6 +1062,7 @@ parse_args(int32_t argc, char **argv)
>>>>>>> int32_t opt, ret;
>>>>>>> char **argvopt;
>>>>>>> int32_t option_index;
>>>>>>> + uint32_t v;
>>>>>>> char *prgname = argv[0];
>>>>>>> int32_t f_present = 0;
>>>>>>>
>>>>>>> @@ -1073,8 +1073,8 @@ parse_args(int32_t argc, char **argv)
>>>>>>>
>>>>>>> switch (opt) {
>>>>>>> case 'p':
>>>>>>> - enabled_port_mask = parse_portmask(optarg);
>>>>>>> - if (enabled_port_mask == 0) {
>>>>>>> + ret = parse_portmask(optarg, &enabled_port_mask);
>>>>>>> + if (ret < 0 || enabled_port_mask == 0) {
>>>>>>> printf("invalid portmask\n");
>>>>>>> print_usage(prgname);
>>>>>>> return -1;
>>>>>>> @@ -1085,8 +1085,8 @@ parse_args(int32_t argc, char **argv)
>>>>>>> promiscuous_on = 1;
>>>>>>> break;
>>>>>>> case 'u':
>>>>>>> - unprotected_port_mask = parse_portmask(optarg);
>>>>>>> - if (unprotected_port_mask == 0) {
>>>>>>> + ret = parse_portmask(optarg, &unprotected_port_mask);
>>>>>>> + if (ret < 0) {
>>>>>>> printf("invalid unprotected portmask\n");
>>>>>>> print_usage(prgname);
>>>>>>> return -1;
>>>>>>> @@ -1147,15 +1147,16 @@ parse_args(int32_t argc, char **argv)
>>>>>>> single_sa_idx);
>>>>>>> break;
>>>>>>> case CMD_LINE_OPT_CRYPTODEV_MASK_NUM:
>>>>>>> - ret = parse_portmask(optarg);
>>>>>>> + ret = parse_portmask(optarg, &v);
>>>>>> I think there is no need for v, enabled_cryptodev_mask can be used instead.
>>>>> Right now - it can't as enabled_cryptodevmask is uint64_t.
>>>>> To do what you suggesting we have either downgrade enabled_cryptodevmask 32-bits,
>>>>> or upgrade enabled_port_mask to 64-bit and change parse_portmask() to accept 64-bit parameter.
>>>> I am ok with any of the case.
>>>>
>>>>>>> if (ret == -1) {
>>>>>> enabled_cryptodev_mask should not be 0 and should be checked here.
>>>>> Could you explain a bit more why enabled_cryptodevmask==0 is not allowed?
>>>> By default, the value of enabled_cryptodevmask is UINT64_MAX, which means all crypto
>>>> devices are enabled, and if it is marked as 0, then all get disabled which is not
>>>> correct as we need atleast 1 crypto device in ipsec application.
>>> Might be user would like to run app with inline ipsec only,
>>> or have app to work in bypass mode only (no encrypt/decrypt) at all.
>>> Why that should be considered as a problem?
>>> Konstantin
>> Agreed with your point. But in case of inline ipsec, user may not be initializing the crypto device either.
>>
>> So the cryptodev_mask option would be redundant in that case and it may not give that parameter.
> It is still not clear to me why you'd like to prohibit cryptodev_mask==0?
> Would anything will be broken?
> Konstantin
Sorry for delayed response. I missed this one somehow.
Nothing is broken, but it looks very redundant in case of inline modes, and it is not a valid value in case of other modes.
>
>> -Akhil
>>
>>>> So if the user doesn't
>>>> want to give the cryptodev_mask then he may skip that parameter, but if it is giving,
>>>> then it cannot be 0.
>>>>
>>>>> Konstantin
>>>>>
>>>>>
>>>> -Akhil
>
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
2018-07-05 9:03 ` Akhil Goyal
@ 2018-07-24 8:48 ` De Lara Guarch, Pablo
2018-07-24 12:37 ` Ananyev, Konstantin
1 sibling, 0 replies; 16+ messages in thread
From: De Lara Guarch, Pablo @ 2018-07-24 8:48 UTC (permalink / raw)
To: Akhil Goyal, Ananyev, Konstantin, dev; +Cc: Nicolau, Radu
> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Akhil Goyal
> Sent: Thursday, July 5, 2018 10:03 AM
> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>; dev@dpdk.org
> Cc: Nicolau, Radu <radu.nicolau@intel.com>
> Subject: Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option
> parsing
>
> Hi Konstantin,
>
> On 6/22/2018 5:21 PM, Ananyev, Konstantin wrote:
>
> >
> >> -----Original Message-----
> >> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> >> Sent: Friday, June 22, 2018 11:41 AM
> >> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>; dev@dpdk.org
> >> Cc: Nicolau, Radu <radu.nicolau@intel.com>
> >> Subject: Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix
> >> portmask option parsing
> >>
> >>
> >>
> >> On 6/22/2018 3:40 PM, Ananyev, Konstantin wrote:
> >>>> -----Original Message-----
> >>>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> >>>> Sent: Friday, June 22, 2018 11:01 AM
> >>>> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>;
> >>>> dev@dpdk.org
> >>>> Cc: Nicolau, Radu <radu.nicolau@intel.com>
> >>>> Subject: Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix
> >>>> portmask option parsing
> >>>>
> >>>> Hi Konstantin,
> >>>>
> >>>> On 6/21/2018 8:32 PM, Ananyev, Konstantin wrote:
> >>>>
> >>>>> Hi Akhil,
> >>>>>
> >>>>>> -----Original Message-----
> >>>>>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> >>>>>> Sent: Thursday, June 21, 2018 2:49 PM
> >>>>>> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>;
> >>>>>> dev@dpdk.org
> >>>>>> Cc: Nicolau, Radu <radu.nicolau@intel.com>
> >>>>>> Subject: Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix
> >>>>>> portmask option parsing
> >>>>>>
> >>>>>> Hi Konstantin,
> >>>>>>
> >>>>>> On 6/5/2018 7:46 PM, Konstantin Ananyev wrote:
> >>>>>>> parse_portmask() returns both portmask value and possible error
> >>>>>>> code as 32-bit integer. That causes some confusion for callers.
> >>>>>>> Split error code and portmask value into two distinct variables.
> >>>>>>> Also allows to run the app with unprotected_port_mask == 0.
> >>>>>> This would also allow cryptodev_mask == 0 to work well which should
> not be the case.
> >>>>>>
> >>>>>>> Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample
> >>>>>>> application")
> >>>>>>>
> >>>>>>> Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> >>>>>>> ---
> >>>>>>> examples/ipsec-secgw/ipsec-secgw.c | 29 +++++++++++++++---------
> -----
> >>>>>>> 1 file changed, 15 insertions(+), 14 deletions(-)
> >>>>>>>
> >>>>>>> diff --git a/examples/ipsec-secgw/ipsec-secgw.c
> >>>>>>> b/examples/ipsec-secgw/ipsec-secgw.c
> >>>>>>> index fafb41161..5d7071657 100644
> >>>>>>> --- a/examples/ipsec-secgw/ipsec-secgw.c
> >>>>>>> +++ b/examples/ipsec-secgw/ipsec-secgw.c
> >>>>>>> @@ -972,20 +972,19 @@ print_usage(const char *prgname)
> >>>>>>> }
> >>>>>>>
> >>>>>>> static int32_t
> >>>>>>> -parse_portmask(const char *portmask)
> >>>>>>> +parse_portmask(const char *portmask, uint32_t *pmv)
> >>>>>>> {
> >>>>>>> - char *end = NULL;
> >>>>>>> + char *end;
> >>>>>>> unsigned long pm;
> >>>>>>>
> >>>>>>> /* parse hexadecimal string */
> >>>>>>> + errno = 0;
> >>>>>>> pm = strtoul(portmask, &end, 16);
> >>>>>>> - if ((portmask[0] == '\0') || (end == NULL) || (*end != '\0'))
> >>>>>>> + if (errno != 0 || *end != '\0' || pm > UINT32_MAX)
> >>>>>>> return -1;
> >>>>>>>
> >>>>>>> - if ((pm == 0) && errno)
> >>>>>>> - return -1;
> >>>>>>> -
> >>>>>>> - return pm;
> >>>>>>> + *pmv = pm;
> >>>>>>> + return 0;
> >>>>>>> }
> >>>>>>>
> >>>>>>> static int32_t
> >>>>>>> @@ -1063,6 +1062,7 @@ parse_args(int32_t argc, char **argv)
> >>>>>>> int32_t opt, ret;
> >>>>>>> char **argvopt;
> >>>>>>> int32_t option_index;
> >>>>>>> + uint32_t v;
> >>>>>>> char *prgname = argv[0];
> >>>>>>> int32_t f_present = 0;
> >>>>>>>
> >>>>>>> @@ -1073,8 +1073,8 @@ parse_args(int32_t argc, char **argv)
> >>>>>>>
> >>>>>>> switch (opt) {
> >>>>>>> case 'p':
> >>>>>>> - enabled_port_mask = parse_portmask(optarg);
> >>>>>>> - if (enabled_port_mask == 0) {
> >>>>>>> + ret = parse_portmask(optarg,
> &enabled_port_mask);
> >>>>>>> + if (ret < 0 || enabled_port_mask == 0) {
> >>>>>>> printf("invalid portmask\n");
> >>>>>>> print_usage(prgname);
> >>>>>>> return -1;
> >>>>>>> @@ -1085,8 +1085,8 @@ parse_args(int32_t argc, char **argv)
> >>>>>>> promiscuous_on = 1;
> >>>>>>> break;
> >>>>>>> case 'u':
> >>>>>>> - unprotected_port_mask =
> parse_portmask(optarg);
> >>>>>>> - if (unprotected_port_mask == 0) {
> >>>>>>> + ret = parse_portmask(optarg,
> &unprotected_port_mask);
> >>>>>>> + if (ret < 0) {
> >>>>>>> printf("invalid unprotected
> portmask\n");
> >>>>>>> print_usage(prgname);
> >>>>>>> return -1;
> >>>>>>> @@ -1147,15 +1147,16 @@ parse_args(int32_t argc, char **argv)
> >>>>>>> single_sa_idx);
> >>>>>>> break;
> >>>>>>> case CMD_LINE_OPT_CRYPTODEV_MASK_NUM:
> >>>>>>> - ret = parse_portmask(optarg);
> >>>>>>> + ret = parse_portmask(optarg, &v);
> >>>>>> I think there is no need for v, enabled_cryptodev_mask can be used
> instead.
> >>>>> Right now - it can't as enabled_cryptodevmask is uint64_t.
> >>>>> To do what you suggesting we have either downgrade
> >>>>> enabled_cryptodevmask 32-bits, or upgrade enabled_port_mask to 64-bit
> and change parse_portmask() to accept 64-bit parameter.
> >>>> I am ok with any of the case.
> >>>>
> >>>>>>> if (ret == -1) {
> >>>>>> enabled_cryptodev_mask should not be 0 and should be checked here.
> >>>>> Could you explain a bit more why enabled_cryptodevmask==0 is not
> allowed?
> >>>> By default, the value of enabled_cryptodevmask is UINT64_MAX, which
> >>>> means all crypto devices are enabled, and if it is marked as 0,
> >>>> then all get disabled which is not correct as we need atleast 1 crypto
> device in ipsec application.
> >>> Might be user would like to run app with inline ipsec only, or have
> >>> app to work in bypass mode only (no encrypt/decrypt) at all.
> >>> Why that should be considered as a problem?
> >>> Konstantin
> >> Agreed with your point. But in case of inline ipsec, user may not be initializing
> the crypto device either.
> >>
> >> So the cryptodev_mask option would be redundant in that case and it may
> not give that parameter.
> > It is still not clear to me why you'd like to prohibit cryptodev_mask==0?
> > Would anything will be broken?
> > Konstantin
>
> Sorry for delayed response. I missed this one somehow.
>
> Nothing is broken, but it looks very redundant in case of inline modes, and it is
> not a valid value in case of other modes.
Any further comments?
Thanks,
Pablo
>
> >
> >> -Akhil
> >>
> >>>> So if the user doesn't
> >>>> want to give the cryptodev_mask then he may skip that parameter,
> >>>> but if it is giving, then it cannot be 0.
> >>>>
> >>>>> Konstantin
> >>>>>
> >>>>>
> >>>> -Akhil
> >
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
2018-07-05 9:03 ` Akhil Goyal
2018-07-24 8:48 ` De Lara Guarch, Pablo
@ 2018-07-24 12:37 ` Ananyev, Konstantin
2018-07-24 12:49 ` Akhil Goyal
1 sibling, 1 reply; 16+ messages in thread
From: Ananyev, Konstantin @ 2018-07-24 12:37 UTC (permalink / raw)
To: Akhil Goyal, dev; +Cc: Nicolau, Radu
Hi Akhil,
>
> Hi Konstantin,
>
> On 6/22/2018 5:21 PM, Ananyev, Konstantin wrote:
>
> >
> >> -----Original Message-----
> >> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> >> Sent: Friday, June 22, 2018 11:41 AM
> >> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>; dev@dpdk.org
> >> Cc: Nicolau, Radu <radu.nicolau@intel.com>
> >> Subject: Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
> >>
> >>
> >>
> >> On 6/22/2018 3:40 PM, Ananyev, Konstantin wrote:
> >>>> -----Original Message-----
> >>>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> >>>> Sent: Friday, June 22, 2018 11:01 AM
> >>>> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>; dev@dpdk.org
> >>>> Cc: Nicolau, Radu <radu.nicolau@intel.com>
> >>>> Subject: Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
> >>>>
> >>>> Hi Konstantin,
> >>>>
> >>>> On 6/21/2018 8:32 PM, Ananyev, Konstantin wrote:
> >>>>
> >>>>> Hi Akhil,
> >>>>>
> >>>>>> -----Original Message-----
> >>>>>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> >>>>>> Sent: Thursday, June 21, 2018 2:49 PM
> >>>>>> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>; dev@dpdk.org
> >>>>>> Cc: Nicolau, Radu <radu.nicolau@intel.com>
> >>>>>> Subject: Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
> >>>>>>
> >>>>>> Hi Konstantin,
> >>>>>>
> >>>>>> On 6/5/2018 7:46 PM, Konstantin Ananyev wrote:
> >>>>>>> parse_portmask() returns both portmask value and possible error code
> >>>>>>> as 32-bit integer. That causes some confusion for callers.
> >>>>>>> Split error code and portmask value into two distinct variables.
> >>>>>>> Also allows to run the app with unprotected_port_mask == 0.
> >>>>>> This would also allow cryptodev_mask == 0 to work well which should not be the case.
> >>>>>>
> >>>>>>> Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
> >>>>>>>
> >>>>>>> Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> >>>>>>> ---
> >>>>>>> examples/ipsec-secgw/ipsec-secgw.c | 29 +++++++++++++++--------------
> >>>>>>> 1 file changed, 15 insertions(+), 14 deletions(-)
> >>>>>>>
> >>>>>>> diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
> >>>>>>> index fafb41161..5d7071657 100644
> >>>>>>> --- a/examples/ipsec-secgw/ipsec-secgw.c
> >>>>>>> +++ b/examples/ipsec-secgw/ipsec-secgw.c
> >>>>>>> @@ -972,20 +972,19 @@ print_usage(const char *prgname)
> >>>>>>> }
> >>>>>>>
> >>>>>>> static int32_t
> >>>>>>> -parse_portmask(const char *portmask)
> >>>>>>> +parse_portmask(const char *portmask, uint32_t *pmv)
> >>>>>>> {
> >>>>>>> - char *end = NULL;
> >>>>>>> + char *end;
> >>>>>>> unsigned long pm;
> >>>>>>>
> >>>>>>> /* parse hexadecimal string */
> >>>>>>> + errno = 0;
> >>>>>>> pm = strtoul(portmask, &end, 16);
> >>>>>>> - if ((portmask[0] == '\0') || (end == NULL) || (*end != '\0'))
> >>>>>>> + if (errno != 0 || *end != '\0' || pm > UINT32_MAX)
> >>>>>>> return -1;
> >>>>>>>
> >>>>>>> - if ((pm == 0) && errno)
> >>>>>>> - return -1;
> >>>>>>> -
> >>>>>>> - return pm;
> >>>>>>> + *pmv = pm;
> >>>>>>> + return 0;
> >>>>>>> }
> >>>>>>>
> >>>>>>> static int32_t
> >>>>>>> @@ -1063,6 +1062,7 @@ parse_args(int32_t argc, char **argv)
> >>>>>>> int32_t opt, ret;
> >>>>>>> char **argvopt;
> >>>>>>> int32_t option_index;
> >>>>>>> + uint32_t v;
> >>>>>>> char *prgname = argv[0];
> >>>>>>> int32_t f_present = 0;
> >>>>>>>
> >>>>>>> @@ -1073,8 +1073,8 @@ parse_args(int32_t argc, char **argv)
> >>>>>>>
> >>>>>>> switch (opt) {
> >>>>>>> case 'p':
> >>>>>>> - enabled_port_mask = parse_portmask(optarg);
> >>>>>>> - if (enabled_port_mask == 0) {
> >>>>>>> + ret = parse_portmask(optarg, &enabled_port_mask);
> >>>>>>> + if (ret < 0 || enabled_port_mask == 0) {
> >>>>>>> printf("invalid portmask\n");
> >>>>>>> print_usage(prgname);
> >>>>>>> return -1;
> >>>>>>> @@ -1085,8 +1085,8 @@ parse_args(int32_t argc, char **argv)
> >>>>>>> promiscuous_on = 1;
> >>>>>>> break;
> >>>>>>> case 'u':
> >>>>>>> - unprotected_port_mask = parse_portmask(optarg);
> >>>>>>> - if (unprotected_port_mask == 0) {
> >>>>>>> + ret = parse_portmask(optarg, &unprotected_port_mask);
> >>>>>>> + if (ret < 0) {
> >>>>>>> printf("invalid unprotected portmask\n");
> >>>>>>> print_usage(prgname);
> >>>>>>> return -1;
> >>>>>>> @@ -1147,15 +1147,16 @@ parse_args(int32_t argc, char **argv)
> >>>>>>> single_sa_idx);
> >>>>>>> break;
> >>>>>>> case CMD_LINE_OPT_CRYPTODEV_MASK_NUM:
> >>>>>>> - ret = parse_portmask(optarg);
> >>>>>>> + ret = parse_portmask(optarg, &v);
> >>>>>> I think there is no need for v, enabled_cryptodev_mask can be used instead.
> >>>>> Right now - it can't as enabled_cryptodevmask is uint64_t.
> >>>>> To do what you suggesting we have either downgrade enabled_cryptodevmask 32-bits,
> >>>>> or upgrade enabled_port_mask to 64-bit and change parse_portmask() to accept 64-bit parameter.
> >>>> I am ok with any of the case.
> >>>>
> >>>>>>> if (ret == -1) {
> >>>>>> enabled_cryptodev_mask should not be 0 and should be checked here.
> >>>>> Could you explain a bit more why enabled_cryptodevmask==0 is not allowed?
> >>>> By default, the value of enabled_cryptodevmask is UINT64_MAX, which means all crypto
> >>>> devices are enabled, and if it is marked as 0, then all get disabled which is not
> >>>> correct as we need atleast 1 crypto device in ipsec application.
> >>> Might be user would like to run app with inline ipsec only,
> >>> or have app to work in bypass mode only (no encrypt/decrypt) at all.
> >>> Why that should be considered as a problem?
> >>> Konstantin
> >> Agreed with your point. But in case of inline ipsec, user may not be initializing the crypto device either.
> >>
> >> So the cryptodev_mask option would be redundant in that case and it may not give that parameter.
> > It is still not clear to me why you'd like to prohibit cryptodev_mask==0?
> > Would anything will be broken?
> > Konstantin
>
> Sorry for delayed response. I missed this one somehow.
>
> Nothing is broken,
Ok
> but it looks very redundant in case of inline modes,
Why is that?
Let say I have a crypto device enabled for DPDK, but don't want to use it
for that particular run.
>and it is not a valid value in case of other modes.
How that differs from any other invalid crypto-dev mask?
Let say right now, user can have only one crypto device, but nothing stops him to specify
--cryptodev_mask=0x10, or so.
Konstantin
>
> >
> >> -Akhil
> >>
> >>>> So if the user doesn't
> >>>> want to give the cryptodev_mask then he may skip that parameter, but if it is giving,
> >>>> then it cannot be 0.
> >>>>
> >>>>> Konstantin
> >>>>>
> >>>>>
> >>>> -Akhil
> >
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
2018-07-24 12:37 ` Ananyev, Konstantin
@ 2018-07-24 12:49 ` Akhil Goyal
2018-07-24 13:04 ` Ananyev, Konstantin
0 siblings, 1 reply; 16+ messages in thread
From: Akhil Goyal @ 2018-07-24 12:49 UTC (permalink / raw)
To: Ananyev, Konstantin, dev; +Cc: Nicolau, Radu
Hi Konstantin,
On 7/24/2018 6:07 PM, Ananyev, Konstantin wrote:
> Hi Akhil,
>
>> Hi Konstantin,
>>
>> On 6/22/2018 5:21 PM, Ananyev, Konstantin wrote:
>>
>>>> -----Original Message-----
>>>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
>>>> Sent: Friday, June 22, 2018 11:41 AM
>>>> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>; dev@dpdk.org
>>>> Cc: Nicolau, Radu <radu.nicolau@intel.com>
>>>> Subject: Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
>>>>
>>>>
>>>>
>>>> On 6/22/2018 3:40 PM, Ananyev, Konstantin wrote:
>>>>>> -----Original Message-----
>>>>>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
>>>>>> Sent: Friday, June 22, 2018 11:01 AM
>>>>>> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>; dev@dpdk.org
>>>>>> Cc: Nicolau, Radu <radu.nicolau@intel.com>
>>>>>> Subject: Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
>>>>>>
>>>>>> Hi Konstantin,
>>>>>>
>>>>>> On 6/21/2018 8:32 PM, Ananyev, Konstantin wrote:
>>>>>>
>>>>>>> Hi Akhil,
>>>>>>>
>>>>>>>> -----Original Message-----
>>>>>>>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
>>>>>>>> Sent: Thursday, June 21, 2018 2:49 PM
>>>>>>>> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>; dev@dpdk.org
>>>>>>>> Cc: Nicolau, Radu <radu.nicolau@intel.com>
>>>>>>>> Subject: Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
>>>>>>>>
>>>>>>>> Hi Konstantin,
>>>>>>>>
>>>>>>>> On 6/5/2018 7:46 PM, Konstantin Ananyev wrote:
>>>>>>>>> parse_portmask() returns both portmask value and possible error code
>>>>>>>>> as 32-bit integer. That causes some confusion for callers.
>>>>>>>>> Split error code and portmask value into two distinct variables.
>>>>>>>>> Also allows to run the app with unprotected_port_mask == 0.
>>>>>>>> This would also allow cryptodev_mask == 0 to work well which should not be the case.
>>>>>>>>
>>>>>>>>> Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
>>>>>>>>>
>>>>>>>>> Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
>>>>>>>>> ---
>>>>>>>>> examples/ipsec-secgw/ipsec-secgw.c | 29 +++++++++++++++--------------
>>>>>>>>> 1 file changed, 15 insertions(+), 14 deletions(-)
>>>>>>>>>
>>>>>>>>> diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
>>>>>>>>> index fafb41161..5d7071657 100644
>>>>>>>>> --- a/examples/ipsec-secgw/ipsec-secgw.c
>>>>>>>>> +++ b/examples/ipsec-secgw/ipsec-secgw.c
>>>>>>>>> @@ -972,20 +972,19 @@ print_usage(const char *prgname)
>>>>>>>>> }
>>>>>>>>>
>>>>>>>>> static int32_t
>>>>>>>>> -parse_portmask(const char *portmask)
>>>>>>>>> +parse_portmask(const char *portmask, uint32_t *pmv)
>>>>>>>>> {
>>>>>>>>> - char *end = NULL;
>>>>>>>>> + char *end;
>>>>>>>>> unsigned long pm;
>>>>>>>>>
>>>>>>>>> /* parse hexadecimal string */
>>>>>>>>> + errno = 0;
>>>>>>>>> pm = strtoul(portmask, &end, 16);
>>>>>>>>> - if ((portmask[0] == '\0') || (end == NULL) || (*end != '\0'))
>>>>>>>>> + if (errno != 0 || *end != '\0' || pm > UINT32_MAX)
>>>>>>>>> return -1;
>>>>>>>>>
>>>>>>>>> - if ((pm == 0) && errno)
>>>>>>>>> - return -1;
>>>>>>>>> -
>>>>>>>>> - return pm;
>>>>>>>>> + *pmv = pm;
>>>>>>>>> + return 0;
>>>>>>>>> }
>>>>>>>>>
>>>>>>>>> static int32_t
>>>>>>>>> @@ -1063,6 +1062,7 @@ parse_args(int32_t argc, char **argv)
>>>>>>>>> int32_t opt, ret;
>>>>>>>>> char **argvopt;
>>>>>>>>> int32_t option_index;
>>>>>>>>> + uint32_t v;
>>>>>>>>> char *prgname = argv[0];
>>>>>>>>> int32_t f_present = 0;
>>>>>>>>>
>>>>>>>>> @@ -1073,8 +1073,8 @@ parse_args(int32_t argc, char **argv)
>>>>>>>>>
>>>>>>>>> switch (opt) {
>>>>>>>>> case 'p':
>>>>>>>>> - enabled_port_mask = parse_portmask(optarg);
>>>>>>>>> - if (enabled_port_mask == 0) {
>>>>>>>>> + ret = parse_portmask(optarg, &enabled_port_mask);
>>>>>>>>> + if (ret < 0 || enabled_port_mask == 0) {
>>>>>>>>> printf("invalid portmask\n");
>>>>>>>>> print_usage(prgname);
>>>>>>>>> return -1;
>>>>>>>>> @@ -1085,8 +1085,8 @@ parse_args(int32_t argc, char **argv)
>>>>>>>>> promiscuous_on = 1;
>>>>>>>>> break;
>>>>>>>>> case 'u':
>>>>>>>>> - unprotected_port_mask = parse_portmask(optarg);
>>>>>>>>> - if (unprotected_port_mask == 0) {
>>>>>>>>> + ret = parse_portmask(optarg, &unprotected_port_mask);
>>>>>>>>> + if (ret < 0) {
>>>>>>>>> printf("invalid unprotected portmask\n");
>>>>>>>>> print_usage(prgname);
>>>>>>>>> return -1;
>>>>>>>>> @@ -1147,15 +1147,16 @@ parse_args(int32_t argc, char **argv)
>>>>>>>>> single_sa_idx);
>>>>>>>>> break;
>>>>>>>>> case CMD_LINE_OPT_CRYPTODEV_MASK_NUM:
>>>>>>>>> - ret = parse_portmask(optarg);
>>>>>>>>> + ret = parse_portmask(optarg, &v);
>>>>>>>> I think there is no need for v, enabled_cryptodev_mask can be used instead.
>>>>>>> Right now - it can't as enabled_cryptodevmask is uint64_t.
>>>>>>> To do what you suggesting we have either downgrade enabled_cryptodevmask 32-bits,
>>>>>>> or upgrade enabled_port_mask to 64-bit and change parse_portmask() to accept 64-bit parameter.
>>>>>> I am ok with any of the case.
>>>>>>
>>>>>>>>> if (ret == -1) {
>>>>>>>> enabled_cryptodev_mask should not be 0 and should be checked here.
>>>>>>> Could you explain a bit more why enabled_cryptodevmask==0 is not allowed?
>>>>>> By default, the value of enabled_cryptodevmask is UINT64_MAX, which means all crypto
>>>>>> devices are enabled, and if it is marked as 0, then all get disabled which is not
>>>>>> correct as we need atleast 1 crypto device in ipsec application.
>>>>> Might be user would like to run app with inline ipsec only,
>>>>> or have app to work in bypass mode only (no encrypt/decrypt) at all.
>>>>> Why that should be considered as a problem?
>>>>> Konstantin
>>>> Agreed with your point. But in case of inline ipsec, user may not be initializing the crypto device either.
>>>>
>>>> So the cryptodev_mask option would be redundant in that case and it may not give that parameter.
>>> It is still not clear to me why you'd like to prohibit cryptodev_mask==0?
>>> Would anything will be broken?
>>> Konstantin
>> Sorry for delayed response. I missed this one somehow.
>>
>> Nothing is broken,
> Ok
>
>> but it looks very redundant in case of inline modes,
> Why is that?
> Let say I have a crypto device enabled for DPDK, but don't want to use it
> for that particular run.
crypto device will not be used in case of inline, whether you specify the cryptodev_mask or not.
>> and it is not a valid value in case of other modes.
> How that differs from any other invalid crypto-dev mask?
> Let say right now, user can have only one crypto device, but nothing stops him to specify
> --cryptodev_mask=0x10, or so.
That can be an enhancement to the application to validate the cryptodev_mask before using.
But in case it is 0, then it cannot be correct in any of the case, because atleast one crypto device needs to be enabled.
-Akhil
>
> Konstantin
>
>>>> -Akhil
>>>>
>>>>>> So if the user doesn't
>>>>>> want to give the cryptodev_mask then he may skip that parameter, but if it is giving,
>>>>>> then it cannot be 0.
>>>>>>
>>>>>>> Konstantin
>>>>>>>
>>>>>>>
>>>>>> -Akhil
>>>
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
2018-07-24 12:49 ` Akhil Goyal
@ 2018-07-24 13:04 ` Ananyev, Konstantin
0 siblings, 0 replies; 16+ messages in thread
From: Ananyev, Konstantin @ 2018-07-24 13:04 UTC (permalink / raw)
To: Akhil Goyal, dev; +Cc: Nicolau, Radu
> -----Original Message-----
> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> Sent: Tuesday, July 24, 2018 1:50 PM
> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>; dev@dpdk.org
> Cc: Nicolau, Radu <radu.nicolau@intel.com>
> Subject: Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
>
> Hi Konstantin,
>
> On 7/24/2018 6:07 PM, Ananyev, Konstantin wrote:
>
> > Hi Akhil,
> >
> >> Hi Konstantin,
> >>
> >> On 6/22/2018 5:21 PM, Ananyev, Konstantin wrote:
> >>
> >>>> -----Original Message-----
> >>>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> >>>> Sent: Friday, June 22, 2018 11:41 AM
> >>>> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>; dev@dpdk.org
> >>>> Cc: Nicolau, Radu <radu.nicolau@intel.com>
> >>>> Subject: Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
> >>>>
> >>>>
> >>>>
> >>>> On 6/22/2018 3:40 PM, Ananyev, Konstantin wrote:
> >>>>>> -----Original Message-----
> >>>>>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> >>>>>> Sent: Friday, June 22, 2018 11:01 AM
> >>>>>> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>; dev@dpdk.org
> >>>>>> Cc: Nicolau, Radu <radu.nicolau@intel.com>
> >>>>>> Subject: Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
> >>>>>>
> >>>>>> Hi Konstantin,
> >>>>>>
> >>>>>> On 6/21/2018 8:32 PM, Ananyev, Konstantin wrote:
> >>>>>>
> >>>>>>> Hi Akhil,
> >>>>>>>
> >>>>>>>> -----Original Message-----
> >>>>>>>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> >>>>>>>> Sent: Thursday, June 21, 2018 2:49 PM
> >>>>>>>> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>; dev@dpdk.org
> >>>>>>>> Cc: Nicolau, Radu <radu.nicolau@intel.com>
> >>>>>>>> Subject: Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing
> >>>>>>>>
> >>>>>>>> Hi Konstantin,
> >>>>>>>>
> >>>>>>>> On 6/5/2018 7:46 PM, Konstantin Ananyev wrote:
> >>>>>>>>> parse_portmask() returns both portmask value and possible error code
> >>>>>>>>> as 32-bit integer. That causes some confusion for callers.
> >>>>>>>>> Split error code and portmask value into two distinct variables.
> >>>>>>>>> Also allows to run the app with unprotected_port_mask == 0.
> >>>>>>>> This would also allow cryptodev_mask == 0 to work well which should not be the case.
> >>>>>>>>
> >>>>>>>>> Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample application")
> >>>>>>>>>
> >>>>>>>>> Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> >>>>>>>>> ---
> >>>>>>>>> examples/ipsec-secgw/ipsec-secgw.c | 29 +++++++++++++++--------------
> >>>>>>>>> 1 file changed, 15 insertions(+), 14 deletions(-)
> >>>>>>>>>
> >>>>>>>>> diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
> >>>>>>>>> index fafb41161..5d7071657 100644
> >>>>>>>>> --- a/examples/ipsec-secgw/ipsec-secgw.c
> >>>>>>>>> +++ b/examples/ipsec-secgw/ipsec-secgw.c
> >>>>>>>>> @@ -972,20 +972,19 @@ print_usage(const char *prgname)
> >>>>>>>>> }
> >>>>>>>>>
> >>>>>>>>> static int32_t
> >>>>>>>>> -parse_portmask(const char *portmask)
> >>>>>>>>> +parse_portmask(const char *portmask, uint32_t *pmv)
> >>>>>>>>> {
> >>>>>>>>> - char *end = NULL;
> >>>>>>>>> + char *end;
> >>>>>>>>> unsigned long pm;
> >>>>>>>>>
> >>>>>>>>> /* parse hexadecimal string */
> >>>>>>>>> + errno = 0;
> >>>>>>>>> pm = strtoul(portmask, &end, 16);
> >>>>>>>>> - if ((portmask[0] == '\0') || (end == NULL) || (*end != '\0'))
> >>>>>>>>> + if (errno != 0 || *end != '\0' || pm > UINT32_MAX)
> >>>>>>>>> return -1;
> >>>>>>>>>
> >>>>>>>>> - if ((pm == 0) && errno)
> >>>>>>>>> - return -1;
> >>>>>>>>> -
> >>>>>>>>> - return pm;
> >>>>>>>>> + *pmv = pm;
> >>>>>>>>> + return 0;
> >>>>>>>>> }
> >>>>>>>>>
> >>>>>>>>> static int32_t
> >>>>>>>>> @@ -1063,6 +1062,7 @@ parse_args(int32_t argc, char **argv)
> >>>>>>>>> int32_t opt, ret;
> >>>>>>>>> char **argvopt;
> >>>>>>>>> int32_t option_index;
> >>>>>>>>> + uint32_t v;
> >>>>>>>>> char *prgname = argv[0];
> >>>>>>>>> int32_t f_present = 0;
> >>>>>>>>>
> >>>>>>>>> @@ -1073,8 +1073,8 @@ parse_args(int32_t argc, char **argv)
> >>>>>>>>>
> >>>>>>>>> switch (opt) {
> >>>>>>>>> case 'p':
> >>>>>>>>> - enabled_port_mask = parse_portmask(optarg);
> >>>>>>>>> - if (enabled_port_mask == 0) {
> >>>>>>>>> + ret = parse_portmask(optarg, &enabled_port_mask);
> >>>>>>>>> + if (ret < 0 || enabled_port_mask == 0) {
> >>>>>>>>> printf("invalid portmask\n");
> >>>>>>>>> print_usage(prgname);
> >>>>>>>>> return -1;
> >>>>>>>>> @@ -1085,8 +1085,8 @@ parse_args(int32_t argc, char **argv)
> >>>>>>>>> promiscuous_on = 1;
> >>>>>>>>> break;
> >>>>>>>>> case 'u':
> >>>>>>>>> - unprotected_port_mask = parse_portmask(optarg);
> >>>>>>>>> - if (unprotected_port_mask == 0) {
> >>>>>>>>> + ret = parse_portmask(optarg, &unprotected_port_mask);
> >>>>>>>>> + if (ret < 0) {
> >>>>>>>>> printf("invalid unprotected portmask\n");
> >>>>>>>>> print_usage(prgname);
> >>>>>>>>> return -1;
> >>>>>>>>> @@ -1147,15 +1147,16 @@ parse_args(int32_t argc, char **argv)
> >>>>>>>>> single_sa_idx);
> >>>>>>>>> break;
> >>>>>>>>> case CMD_LINE_OPT_CRYPTODEV_MASK_NUM:
> >>>>>>>>> - ret = parse_portmask(optarg);
> >>>>>>>>> + ret = parse_portmask(optarg, &v);
> >>>>>>>> I think there is no need for v, enabled_cryptodev_mask can be used instead.
> >>>>>>> Right now - it can't as enabled_cryptodevmask is uint64_t.
> >>>>>>> To do what you suggesting we have either downgrade enabled_cryptodevmask 32-bits,
> >>>>>>> or upgrade enabled_port_mask to 64-bit and change parse_portmask() to accept 64-bit parameter.
> >>>>>> I am ok with any of the case.
> >>>>>>
> >>>>>>>>> if (ret == -1) {
> >>>>>>>> enabled_cryptodev_mask should not be 0 and should be checked here.
> >>>>>>> Could you explain a bit more why enabled_cryptodevmask==0 is not allowed?
> >>>>>> By default, the value of enabled_cryptodevmask is UINT64_MAX, which means all crypto
> >>>>>> devices are enabled, and if it is marked as 0, then all get disabled which is not
> >>>>>> correct as we need atleast 1 crypto device in ipsec application.
> >>>>> Might be user would like to run app with inline ipsec only,
> >>>>> or have app to work in bypass mode only (no encrypt/decrypt) at all.
> >>>>> Why that should be considered as a problem?
> >>>>> Konstantin
> >>>> Agreed with your point. But in case of inline ipsec, user may not be initializing the crypto device either.
> >>>>
> >>>> So the cryptodev_mask option would be redundant in that case and it may not give that parameter.
> >>> It is still not clear to me why you'd like to prohibit cryptodev_mask==0?
> >>> Would anything will be broken?
> >>> Konstantin
> >> Sorry for delayed response. I missed this one somehow.
> >>
> >> Nothing is broken,
> > Ok
> >
> >> but it looks very redundant in case of inline modes,
> > Why is that?
> > Let say I have a crypto device enabled for DPDK, but don't want to use it
> > for that particular run.
>
> crypto device will not be used in case of inline, whether you specify the cryptodev_mask or not.
Not sure why is that?
We can have one SA using inline-crypto, while second one using crypto device.
>
> >> and it is not a valid value in case of other modes.
> > How that differs from any other invalid crypto-dev mask?
> > Let say right now, user can have only one crypto device, but nothing stops him to specify
> > --cryptodev_mask=0x10, or so.
>
> That can be an enhancement to the application to validate the cryptodev_mask before using.
>
> But in case it is 0, then it cannot be correct in any of the case, because atleast one crypto device needs to be enabled.
Again, not sure why?
As you said above user may choose to use inline-crypto devs only for that particular run.
Konstantin
>
> -Akhil
>
> >
> > Konstantin
> >
> >>>> -Akhil
> >>>>
> >>>>>> So if the user doesn't
> >>>>>> want to give the cryptodev_mask then he may skip that parameter, but if it is giving,
> >>>>>> then it cannot be 0.
> >>>>>>
> >>>>>>> Konstantin
> >>>>>>>
> >>>>>>>
> >>>>>> -Akhil
> >>>
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [dpdk-dev] [PATCH 1/2] examples/ipsec-secgw: fix bypass rule processing for outbound port
2018-06-21 13:25 ` [dpdk-dev] [PATCH 1/2] examples/ipsec-secgw: fix bypass rule processing for outbound port Akhil Goyal
@ 2018-07-24 16:30 ` De Lara Guarch, Pablo
0 siblings, 0 replies; 16+ messages in thread
From: De Lara Guarch, Pablo @ 2018-07-24 16:30 UTC (permalink / raw)
To: Akhil Goyal, Ananyev, Konstantin, dev; +Cc: Nicolau, Radu
> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Akhil Goyal
> Sent: Thursday, June 21, 2018 2:26 PM
> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>; dev@dpdk.org
> Cc: Nicolau, Radu <radu.nicolau@intel.com>
> Subject: Re: [dpdk-dev] [PATCH 1/2] examples/ipsec-secgw: fix bypass rule
> processing for outbound port
>
> On 6/5/2018 7:46 PM, Konstantin Ananyev wrote:
>
> > For outbound ports BYPASS rule is erroneously treated as PROTECT one
> > with SA idx zero.
> >
> > Fixes: 2a5106af132b ("examples/ipsec-secgw: fix corner case for SPI
> > value")
> >
> > Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> > ---
> >
> Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Applied this patch to dpdk-next-crypto.
The other patch of the series is still under discussion, so it will need to target RC3.
Thanks,
Pablo
^ permalink raw reply [flat|nested] 16+ messages in thread
end of thread, other threads:[~2018-07-24 16:30 UTC | newest]
Thread overview: 16+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-06-05 14:16 [dpdk-dev] [PATCH 1/2] examples/ipsec-secgw: fix bypass rule processing for outbound port Konstantin Ananyev
2018-06-05 14:16 ` [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: fix portmask option parsing Konstantin Ananyev
2018-06-05 15:36 ` Iremonger, Bernard
2018-06-21 13:48 ` Akhil Goyal
2018-06-21 15:02 ` Ananyev, Konstantin
2018-06-22 10:00 ` Akhil Goyal
2018-06-22 10:10 ` Ananyev, Konstantin
2018-06-22 10:40 ` Akhil Goyal
2018-06-22 11:51 ` Ananyev, Konstantin
2018-07-05 9:03 ` Akhil Goyal
2018-07-24 8:48 ` De Lara Guarch, Pablo
2018-07-24 12:37 ` Ananyev, Konstantin
2018-07-24 12:49 ` Akhil Goyal
2018-07-24 13:04 ` Ananyev, Konstantin
2018-06-21 13:25 ` [dpdk-dev] [PATCH 1/2] examples/ipsec-secgw: fix bypass rule processing for outbound port Akhil Goyal
2018-07-24 16:30 ` De Lara Guarch, Pablo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).