From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by dpdk.org (Postfix) with ESMTP id 2C9811B455 for ; Thu, 31 Jan 2019 16:49:46 +0100 (CET) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 8B5A6394D3F; Thu, 31 Jan 2019 15:49:45 +0000 (UTC) Received: from ktraynor.remote.csb (ovpn-117-200.ams2.redhat.com [10.36.117.200]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0AD155C207; Thu, 31 Jan 2019 15:49:43 +0000 (UTC) From: Kevin Traynor To: Konstantin Ananyev Cc: Radu Nicolau , Akhil Goyal , dpdk stable Date: Thu, 31 Jan 2019 15:48:16 +0000 Message-Id: <20190131154901.5383-8-ktraynor@redhat.com> In-Reply-To: <20190131154901.5383-1-ktraynor@redhat.com> References: <20190131154901.5383-1-ktraynor@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Thu, 31 Jan 2019 15:49:45 +0000 (UTC) Subject: [dpdk-stable] patch 'examples/ipsec-secgw: fix outbound codepath for single SA' has been queued to LTS release 18.11.1 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jan 2019 15:49:46 -0000 Hi, FYI, your patch has been queued to LTS release 18.11.1 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 02/07/19. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Thanks. Kevin Traynor --- >>From 7a842e373828f02e171631782f2ce69be6b22d99 Mon Sep 17 00:00:00 2001 From: Konstantin Ananyev Date: Thu, 10 Jan 2019 21:09:07 +0000 Subject: [PATCH] examples/ipsec-secgw: fix outbound codepath for single SA [ upstream commit aed6eb10edd12237645d3af7fe116287aefcd7e8 ] Looking at process_pkts_outbound_nosp() there seems few issues: - accessing mbuf after it was freed - invoking ipsec_outbound() for ipv4 packets only - copying number of packets, but not the mbuf pointers itself that patch provides fixes for that issues. Fixes: 906257e965b7 ("examples/ipsec-secgw: support IPv6") Signed-off-by: Konstantin Ananyev Acked-by: Radu Nicolau Acked-by: Akhil Goyal --- examples/ipsec-secgw/ipsec-secgw.c | 33 +++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 10 deletions(-) diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c index 2234826de..f88fdb4c4 100644 --- a/examples/ipsec-secgw/ipsec-secgw.c +++ b/examples/ipsec-secgw/ipsec-secgw.c @@ -612,5 +612,5 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx, { struct rte_mbuf *m; - uint32_t nb_pkts_out, i; + uint32_t nb_pkts_out, i, n; struct ip *ip; @@ -619,14 +619,22 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx, rte_pktmbuf_free(traffic->ipsec.pkts[i]); - traffic->ipsec.num = 0; + n = 0; - for (i = 0; i < traffic->ip4.num; i++) - traffic->ip4.res[i] = single_sa_idx; + for (i = 0; i < traffic->ip4.num; i++) { + traffic->ipsec.pkts[n] = traffic->ip4.pkts[i]; + traffic->ipsec.res[n++] = single_sa_idx; + } - for (i = 0; i < traffic->ip6.num; i++) - traffic->ip6.res[i] = single_sa_idx; + for (i = 0; i < traffic->ip6.num; i++) { + traffic->ipsec.pkts[n] = traffic->ip6.pkts[i]; + traffic->ipsec.res[n++] = single_sa_idx; + } - nb_pkts_out = ipsec_outbound(ipsec_ctx, traffic->ip4.pkts, - traffic->ip4.res, traffic->ip4.num, + traffic->ip4.num = 0; + traffic->ip6.num = 0; + traffic->ipsec.num = n; + + nb_pkts_out = ipsec_outbound(ipsec_ctx, traffic->ipsec.pkts, + traffic->ipsec.res, traffic->ipsec.num, MAX_PKT_BURST); @@ -634,8 +642,13 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx, m = traffic->ipsec.pkts[i]; ip = rte_pktmbuf_mtod(m, struct ip *); - if (ip->ip_v == IPVERSION) + if (ip->ip_v == IPVERSION) { traffic->ip4.num = nb_pkts_out; - else + for (i = 0; i < nb_pkts_out; i++) + traffic->ip4.pkts[i] = traffic->ipsec.pkts[i]; + } else { traffic->ip6.num = nb_pkts_out; + for (i = 0; i < nb_pkts_out; i++) + traffic->ip6.pkts[i] = traffic->ipsec.pkts[i]; + } } -- 2.19.0 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2019-01-31 15:44:05.937112912 +0000 +++ 0008-examples-ipsec-secgw-fix-outbound-codepath-for-singl.patch 2019-01-31 15:44:05.000000000 +0000 @@ -1,8 +1,10 @@ -From aed6eb10edd12237645d3af7fe116287aefcd7e8 Mon Sep 17 00:00:00 2001 +From 7a842e373828f02e171631782f2ce69be6b22d99 Mon Sep 17 00:00:00 2001 From: Konstantin Ananyev Date: Thu, 10 Jan 2019 21:09:07 +0000 Subject: [PATCH] examples/ipsec-secgw: fix outbound codepath for single SA +[ upstream commit aed6eb10edd12237645d3af7fe116287aefcd7e8 ] + Looking at process_pkts_outbound_nosp() there seems few issues: - accessing mbuf after it was freed - invoking ipsec_outbound() for ipv4 packets only @@ -11,7 +13,6 @@ that patch provides fixes for that issues. Fixes: 906257e965b7 ("examples/ipsec-secgw: support IPv6") -Cc: stable@dpdk.org Signed-off-by: Konstantin Ananyev Acked-by: Radu Nicolau @@ -21,17 +22,17 @@ 1 file changed, 23 insertions(+), 10 deletions(-) diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c -index 0c2005eea..a5dfd1826 100644 +index 2234826de..f88fdb4c4 100644 --- a/examples/ipsec-secgw/ipsec-secgw.c +++ b/examples/ipsec-secgw/ipsec-secgw.c -@@ -630,5 +630,5 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx, +@@ -612,5 +612,5 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx, { struct rte_mbuf *m; - uint32_t nb_pkts_out, i; + uint32_t nb_pkts_out, i, n; struct ip *ip; -@@ -637,14 +637,22 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx, +@@ -619,14 +619,22 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx, rte_pktmbuf_free(traffic->ipsec.pkts[i]); - traffic->ipsec.num = 0; @@ -61,7 +62,7 @@ + traffic->ipsec.res, traffic->ipsec.num, MAX_PKT_BURST); -@@ -652,8 +660,13 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx, +@@ -634,8 +642,13 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx, m = traffic->ipsec.pkts[i]; ip = rte_pktmbuf_mtod(m, struct ip *); - if (ip->ip_v == IPVERSION)