From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mellanox.co.il (mail-il-dmz.mellanox.com [193.47.165.129]) by dpdk.org (Postfix) with ESMTP id 137402B87 for ; Fri, 8 Mar 2019 18:48:43 +0100 (CET) Received: from Internal Mail-Server by MTLPINE1 (envelope-from yskoh@mellanox.com) with ESMTPS (AES256-SHA encrypted); 8 Mar 2019 19:48:38 +0200 Received: from scfae-sc-2.mti.labs.mlnx (scfae-sc-2.mti.labs.mlnx [10.101.0.96]) by labmailer.mlnx (8.13.8/8.13.8) with ESMTP id x28HloAi002625; Fri, 8 Mar 2019 19:48:37 +0200 From: Yongseok Koh To: Konstantin Ananyev Cc: Radu Nicolau , Akhil Goyal , dpdk stable Date: Fri, 8 Mar 2019 09:47:06 -0800 Message-Id: <20190308174749.30771-28-yskoh@mellanox.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20190308174749.30771-1-yskoh@mellanox.com> References: <20190308174749.30771-1-yskoh@mellanox.com> Subject: [dpdk-stable] patch 'examples/ipsec-secgw: fix outbound codepath for single SA' has been queued to LTS release 17.11.6 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Mar 2019 17:48:43 -0000 Hi, FYI, your patch has been queued to LTS release 17.11.6 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objection by 03/13/19. So please shout if anyone has objection. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. If the code is different (ie: not only metadata diffs), due for example to a change in context or macro names, please double check it. Thanks. Yongseok --- >>From f253fbcab7690dd6aa8df5e9e4d0ba24cc5e98d9 Mon Sep 17 00:00:00 2001 From: Konstantin Ananyev Date: Thu, 10 Jan 2019 21:09:07 +0000 Subject: [PATCH] examples/ipsec-secgw: fix outbound codepath for single SA [ upstream commit aed6eb10edd12237645d3af7fe116287aefcd7e8 ] Looking at process_pkts_outbound_nosp() there seems few issues: - accessing mbuf after it was freed - invoking ipsec_outbound() for ipv4 packets only - copying number of packets, but not the mbuf pointers itself that patch provides fixes for that issues. Fixes: 906257e965b7 ("examples/ipsec-secgw: support IPv6") Signed-off-by: Konstantin Ananyev Acked-by: Radu Nicolau Acked-by: Akhil Goyal --- examples/ipsec-secgw/ipsec-secgw.c | 33 +++++++++++++++++++++++---------- 1 file changed, 23 insertions(+), 10 deletions(-) diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c index 46af3f05f..f98d529f5 100644 --- a/examples/ipsec-secgw/ipsec-secgw.c +++ b/examples/ipsec-secgw/ipsec-secgw.c @@ -561,32 +561,45 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx, struct ipsec_traffic *traffic) { struct rte_mbuf *m; - uint32_t nb_pkts_out, i; + uint32_t nb_pkts_out, i, n; struct ip *ip; /* Drop any IPsec traffic from protected ports */ for (i = 0; i < traffic->ipsec.num; i++) rte_pktmbuf_free(traffic->ipsec.pkts[i]); - traffic->ipsec.num = 0; + n = 0; - for (i = 0; i < traffic->ip4.num; i++) - traffic->ip4.res[i] = single_sa_idx; + for (i = 0; i < traffic->ip4.num; i++) { + traffic->ipsec.pkts[n] = traffic->ip4.pkts[i]; + traffic->ipsec.res[n++] = single_sa_idx; + } - for (i = 0; i < traffic->ip6.num; i++) - traffic->ip6.res[i] = single_sa_idx; + for (i = 0; i < traffic->ip6.num; i++) { + traffic->ipsec.pkts[n] = traffic->ip6.pkts[i]; + traffic->ipsec.res[n++] = single_sa_idx; + } + + traffic->ip4.num = 0; + traffic->ip6.num = 0; + traffic->ipsec.num = n; - nb_pkts_out = ipsec_outbound(ipsec_ctx, traffic->ip4.pkts, - traffic->ip4.res, traffic->ip4.num, + nb_pkts_out = ipsec_outbound(ipsec_ctx, traffic->ipsec.pkts, + traffic->ipsec.res, traffic->ipsec.num, MAX_PKT_BURST); /* They all sue the same SA (ip4 or ip6 tunnel) */ m = traffic->ipsec.pkts[i]; ip = rte_pktmbuf_mtod(m, struct ip *); - if (ip->ip_v == IPVERSION) + if (ip->ip_v == IPVERSION) { traffic->ip4.num = nb_pkts_out; - else + for (i = 0; i < nb_pkts_out; i++) + traffic->ip4.pkts[i] = traffic->ipsec.pkts[i]; + } else { traffic->ip6.num = nb_pkts_out; + for (i = 0; i < nb_pkts_out; i++) + traffic->ip6.pkts[i] = traffic->ipsec.pkts[i]; + } } static inline int32_t -- 2.11.0 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2019-03-08 09:46:41.712227754 -0800 +++ 0028-examples-ipsec-secgw-fix-outbound-codepath-for-singl.patch 2019-03-08 09:46:40.110403000 -0800 @@ -1,8 +1,10 @@ -From aed6eb10edd12237645d3af7fe116287aefcd7e8 Mon Sep 17 00:00:00 2001 +From f253fbcab7690dd6aa8df5e9e4d0ba24cc5e98d9 Mon Sep 17 00:00:00 2001 From: Konstantin Ananyev Date: Thu, 10 Jan 2019 21:09:07 +0000 Subject: [PATCH] examples/ipsec-secgw: fix outbound codepath for single SA +[ upstream commit aed6eb10edd12237645d3af7fe116287aefcd7e8 ] + Looking at process_pkts_outbound_nosp() there seems few issues: - accessing mbuf after it was freed - invoking ipsec_outbound() for ipv4 packets only @@ -11,7 +13,6 @@ that patch provides fixes for that issues. Fixes: 906257e965b7 ("examples/ipsec-secgw: support IPv6") -Cc: stable@dpdk.org Signed-off-by: Konstantin Ananyev Acked-by: Radu Nicolau @@ -21,10 +22,10 @@ 1 file changed, 23 insertions(+), 10 deletions(-) diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c -index 0c2005eea..a5dfd1826 100644 +index 46af3f05f..f98d529f5 100644 --- a/examples/ipsec-secgw/ipsec-secgw.c +++ b/examples/ipsec-secgw/ipsec-secgw.c -@@ -629,32 +629,45 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx, +@@ -561,32 +561,45 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx, struct ipsec_traffic *traffic) { struct rte_mbuf *m;