From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ktraynor@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 by dpdk.org (Postfix) with ESMTP id 2C9811B455
 for <stable@dpdk.org>; Thu, 31 Jan 2019 16:49:46 +0100 (CET)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.redhat.com (Postfix) with ESMTPS id 8B5A6394D3F;
 Thu, 31 Jan 2019 15:49:45 +0000 (UTC)
Received: from ktraynor.remote.csb (ovpn-117-200.ams2.redhat.com
 [10.36.117.200])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 0AD155C207;
 Thu, 31 Jan 2019 15:49:43 +0000 (UTC)
From: Kevin Traynor <ktraynor@redhat.com>
To: Konstantin Ananyev <konstantin.ananyev@intel.com>
Cc: Radu Nicolau <radu.nicolau@intel.com>, Akhil Goyal <akhil.goyal@nxp.com>,
 dpdk stable <stable@dpdk.org>
Date: Thu, 31 Jan 2019 15:48:16 +0000
Message-Id: <20190131154901.5383-8-ktraynor@redhat.com>
In-Reply-To: <20190131154901.5383-1-ktraynor@redhat.com>
References: <20190131154901.5383-1-ktraynor@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
 (mx1.redhat.com [10.5.110.38]); Thu, 31 Jan 2019 15:49:45 +0000 (UTC)
Subject: [dpdk-stable] patch 'examples/ipsec-secgw: fix outbound codepath
	for single SA' has been queued to LTS release 18.11.1
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Jan 2019 15:49:46 -0000

Hi,

FYI, your patch has been queued to LTS release 18.11.1

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 02/07/19. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Thanks.

Kevin Traynor

---
>>From 7a842e373828f02e171631782f2ce69be6b22d99 Mon Sep 17 00:00:00 2001
From: Konstantin Ananyev <konstantin.ananyev@intel.com>
Date: Thu, 10 Jan 2019 21:09:07 +0000
Subject: [PATCH] examples/ipsec-secgw: fix outbound codepath for single SA

[ upstream commit aed6eb10edd12237645d3af7fe116287aefcd7e8 ]

Looking at process_pkts_outbound_nosp() there seems few issues:
- accessing mbuf after it was freed
- invoking ipsec_outbound() for ipv4 packets only
- copying number of packets, but not the mbuf pointers itself

that patch provides fixes for that issues.

Fixes: 906257e965b7 ("examples/ipsec-secgw: support IPv6")

Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 examples/ipsec-secgw/ipsec-secgw.c | 33 +++++++++++++++++++++---------
 1 file changed, 23 insertions(+), 10 deletions(-)

diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 2234826de..f88fdb4c4 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -612,5 +612,5 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx,
 {
 	struct rte_mbuf *m;
-	uint32_t nb_pkts_out, i;
+	uint32_t nb_pkts_out, i, n;
 	struct ip *ip;
 
@@ -619,14 +619,22 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx,
 		rte_pktmbuf_free(traffic->ipsec.pkts[i]);
 
-	traffic->ipsec.num = 0;
+	n = 0;
 
-	for (i = 0; i < traffic->ip4.num; i++)
-		traffic->ip4.res[i] = single_sa_idx;
+	for (i = 0; i < traffic->ip4.num; i++) {
+		traffic->ipsec.pkts[n] = traffic->ip4.pkts[i];
+		traffic->ipsec.res[n++] = single_sa_idx;
+	}
 
-	for (i = 0; i < traffic->ip6.num; i++)
-		traffic->ip6.res[i] = single_sa_idx;
+	for (i = 0; i < traffic->ip6.num; i++) {
+		traffic->ipsec.pkts[n] = traffic->ip6.pkts[i];
+		traffic->ipsec.res[n++] = single_sa_idx;
+	}
 
-	nb_pkts_out = ipsec_outbound(ipsec_ctx, traffic->ip4.pkts,
-			traffic->ip4.res, traffic->ip4.num,
+	traffic->ip4.num = 0;
+	traffic->ip6.num = 0;
+	traffic->ipsec.num = n;
+
+	nb_pkts_out = ipsec_outbound(ipsec_ctx, traffic->ipsec.pkts,
+			traffic->ipsec.res, traffic->ipsec.num,
 			MAX_PKT_BURST);
 
@@ -634,8 +642,13 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx,
 	m = traffic->ipsec.pkts[i];
 	ip = rte_pktmbuf_mtod(m, struct ip *);
-	if (ip->ip_v == IPVERSION)
+	if (ip->ip_v == IPVERSION) {
 		traffic->ip4.num = nb_pkts_out;
-	else
+		for (i = 0; i < nb_pkts_out; i++)
+			traffic->ip4.pkts[i] = traffic->ipsec.pkts[i];
+	} else {
 		traffic->ip6.num = nb_pkts_out;
+		for (i = 0; i < nb_pkts_out; i++)
+			traffic->ip6.pkts[i] = traffic->ipsec.pkts[i];
+	}
 }
 
-- 
2.19.0

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2019-01-31 15:44:05.937112912 +0000
+++ 0008-examples-ipsec-secgw-fix-outbound-codepath-for-singl.patch	2019-01-31 15:44:05.000000000 +0000
@@ -1,8 +1,10 @@
-From aed6eb10edd12237645d3af7fe116287aefcd7e8 Mon Sep 17 00:00:00 2001
+From 7a842e373828f02e171631782f2ce69be6b22d99 Mon Sep 17 00:00:00 2001
 From: Konstantin Ananyev <konstantin.ananyev@intel.com>
 Date: Thu, 10 Jan 2019 21:09:07 +0000
 Subject: [PATCH] examples/ipsec-secgw: fix outbound codepath for single SA
 
+[ upstream commit aed6eb10edd12237645d3af7fe116287aefcd7e8 ]
+
 Looking at process_pkts_outbound_nosp() there seems few issues:
 - accessing mbuf after it was freed
 - invoking ipsec_outbound() for ipv4 packets only
@@ -11,7 +13,6 @@
 that patch provides fixes for that issues.
 
 Fixes: 906257e965b7 ("examples/ipsec-secgw: support IPv6")
-Cc: stable@dpdk.org
 
 Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
 Acked-by: Radu Nicolau <radu.nicolau@intel.com>
@@ -21,17 +22,17 @@
  1 file changed, 23 insertions(+), 10 deletions(-)
 
 diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
-index 0c2005eea..a5dfd1826 100644
+index 2234826de..f88fdb4c4 100644
 --- a/examples/ipsec-secgw/ipsec-secgw.c
 +++ b/examples/ipsec-secgw/ipsec-secgw.c
-@@ -630,5 +630,5 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx,
+@@ -612,5 +612,5 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx,
  {
  	struct rte_mbuf *m;
 -	uint32_t nb_pkts_out, i;
 +	uint32_t nb_pkts_out, i, n;
  	struct ip *ip;
  
-@@ -637,14 +637,22 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx,
+@@ -619,14 +619,22 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx,
  		rte_pktmbuf_free(traffic->ipsec.pkts[i]);
  
 -	traffic->ipsec.num = 0;
@@ -61,7 +62,7 @@
 +			traffic->ipsec.res, traffic->ipsec.num,
  			MAX_PKT_BURST);
  
-@@ -652,8 +660,13 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx,
+@@ -634,8 +642,13 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx,
  	m = traffic->ipsec.pkts[i];
  	ip = rte_pktmbuf_mtod(m, struct ip *);
 -	if (ip->ip_v == IPVERSION)