From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 0F269A2EDB for ; Wed, 2 Oct 2019 17:43:39 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 754031BF13; Wed, 2 Oct 2019 17:43:37 +0200 (CEST) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by dpdk.org (Postfix) with ESMTP id 44A991BF0B for ; Wed, 2 Oct 2019 17:43:35 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 02 Oct 2019 08:43:33 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.67,574,1566889200"; d="scan'208";a="190978757" Received: from rnicolau-mobl1.ger.corp.intel.com (HELO [10.237.221.62]) ([10.237.221.62]) by fmsmga008.fm.intel.com with ESMTP; 02 Oct 2019 08:43:31 -0700 To: "Drost, MariuszX" , "akhil.goyal@nxp.com" , "Ananyev, Konstantin" Cc: "dev@dpdk.org" , Lukasz Bartosik References: <20190905123523.172-1-mariuszx.drost@intel.com> <20190924103539.12052-1-mariuszx.drost@intel.com> <20190924103539.12052-2-mariuszx.drost@intel.com> From: "Nicolau, Radu" Message-ID: Date: Wed, 2 Oct 2019 16:43:30 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.0 MIME-Version: 1.0 In-Reply-To: <20190924103539.12052-2-mariuszx.drost@intel.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-GB Subject: Re: [dpdk-dev] [PATCH v2 1/2] examples/ipsec-secgw: fix SAD selection logic X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On 9/24/2019 11:35 AM, Drost, MariuszX wrote: > Ipsec-secgw example application fails to initialize when using default > configuration file (ep0.cfg) in library mode (librte_ipsec enabled). > > The reason is that two of SP rules in ep0.cfg, one for IPv4 and one > for IPv6, are using the same SPI number. When SA rules are initialized, > their SPI number is checked against SPIs stored in SPD. For library > mode, it is not allowed for the same SA to handle both IPv4 and IPv6. > > Solution is to split SAD into two separate parts - one for IPv4 and one > for IPv6. Usage of SAs stays the same. Only change is to pass correct > SAD (IPv4 or IPv6) in places where previously combined database was > passed. > > Split of SA entries is done at initialization stage. Most of given SA > entries are checked against SPD. If matching entry is in IPv4 SPD, SA > rule is added to IPv4 SAD (respectively for IPv6). Different splitting > method is used only when SA entry is for tunnel in inbound direction. > In that case if IPv4 tunnel should be used, SA entry is added to IPv4 > SAD (respectively for IPv6). Reasoning is that inner IP version can > be different than outer IP version for tunneled traffic. > > Bugzilla ID: 239 > Fixes: 5a032a71c6d3 ("examples/ipsec-secgw: make app to use IPsec library") > > Reported-by: Lukasz Bartosik > Signed-off-by: Mariusz Drost > --- Acked-by: Radu Nicolau