From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id A6ACBA04F5 for ; Wed, 11 Dec 2019 22:28:40 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 897861B994; Wed, 11 Dec 2019 22:28:40 +0100 (CET) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by dpdk.org (Postfix) with ESMTP id ABC151B994 for ; Wed, 11 Dec 2019 22:28:39 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1576099719; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Mx/3Vpt85yvIuE+0aMVZAe2IjmB6mLPUBy1JGkWCsoo=; b=HmX6t0i6LtlRdPm/9AjhJPcAG+5v3nVelG+C8ECSeX2Q1qhbC+tz0jWvOpB7QkMahg4Ppx kH7CQRWMcM/nPXqvNzbb9N9BGX7mtoLYnd2qlvtOp1QiNdU11rOJqovDW65ex+m1Hf2pM8 xw+RFG6yF56eCdLkxZ2DcHlxm9iVczc= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-351-EjXO0HAnNa2ReIHJYIxCgg-1; Wed, 11 Dec 2019 16:28:36 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id CFCB7800D4E; Wed, 11 Dec 2019 21:28:34 +0000 (UTC) Received: from rh.redhat.com (ovpn-116-64.ams2.redhat.com [10.36.116.64]) by smtp.corp.redhat.com (Postfix) with ESMTP id A08E810013A1; Wed, 11 Dec 2019 21:28:33 +0000 (UTC) From: Kevin Traynor To: Lukasz Bartosik Cc: Anoob Joseph , Akhil Goyal , dpdk stable Date: Wed, 11 Dec 2019 21:26:27 +0000 Message-Id: <20191211212702.27851-35-ktraynor@redhat.com> In-Reply-To: <20191211212702.27851-1-ktraynor@redhat.com> References: <20191211212702.27851-1-ktraynor@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-MC-Unique: EjXO0HAnNa2ReIHJYIxCgg-1 X-Mimecast-Spam-Score: 0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Subject: [dpdk-stable] patch 'examples/ipsec-secgw: fix default configuration' has been queued to LTS release 18.11.6 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" Hi, FYI, your patch has been queued to LTS release 18.11.6 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 12/17/19. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasi= ng (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/kevintraynor/dpdk-stable-queue This queued commit can be viewed at: https://github.com/kevintraynor/dpdk-stable-queue/commit/0b467aef91528961d4= 5c61dcb6b30b82f4eb24b8 Thanks. Kevin. --- >From 0b467aef91528961d45c61dcb6b30b82f4eb24b8 Mon Sep 17 00:00:00 2001 From: Lukasz Bartosik Date: Wed, 6 Nov 2019 16:48:14 +0100 Subject: [PATCH] examples/ipsec-secgw: fix default configuration [ upstream commit 742be57872bed881106ed93f4dadc645d32e1996 ] Update default configuration of ipsec-secgw: 1.In ep0.cfg change SPI value used by two inbound IPv6 security policies from 15 to 115 and 16 to 116 to point to existing inbound SAs. There are no inbound SAs with SPI value 15, 16. - In ep1.cfg change SPI value used by two outbound IPv6 security policies from 15 to 115 and 16 to 116 to point to existing outbound SAs. There are no outbound SAs with SPI value 15, 16. Add missing priority parameter in two inbound IPv4 security policies. Fixes: 60a94afefc84 ("examples/ipsec-secgw: add sample configuration files"= ) Signed-off-by: Lukasz Bartosik Acked-by: Anoob Joseph Acked-by: Akhil Goyal --- examples/ipsec-secgw/ep0.cfg | 8 ++++---- examples/ipsec-secgw/ep1.cfg | 12 ++++++------ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/examples/ipsec-secgw/ep0.cfg b/examples/ipsec-secgw/ep0.cfg index 299aa9e06..dfd4aca7d 100644 --- a/examples/ipsec-secgw/ep0.cfg +++ b/examples/ipsec-secgw/ep0.cfg @@ -50,12 +50,12 @@ sp ipv6 out esp protect 26 pri 1 dst 0000:0000:0000:000= 0:bbbb:bbbb:0000:0000/96 sport 0:65535 dport 0:65535 =20 -sp ipv6 in esp protect 15 pri 1 dst ffff:0000:0000:0000:5555:5555:0000:000= 0/96 \ -sport 0:65535 dport 0:65535 -sp ipv6 in esp protect 16 pri 1 dst ffff:0000:0000:0000:6666:6666:0000:000= 0/96 \ -sport 0:65535 dport 0:65535 sp ipv6 in esp protect 110 pri 1 dst ffff:0000:1111:1111:0000:0000:0000:00= 00/96 \ sport 0:65535 dport 0:65535 sp ipv6 in esp protect 111 pri 1 dst ffff:0000:1111:1111:1111:1111:0000:00= 00/96 \ sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 115 pri 1 dst ffff:0000:0000:0000:5555:5555:0000:00= 00/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 in esp protect 116 pri 1 dst ffff:0000:0000:0000:6666:6666:0000:00= 00/96 \ +sport 0:65535 dport 0:65535 sp ipv6 in esp protect 125 pri 1 dst ffff:0000:0000:0000:aaaa:aaaa:0000:00= 00/96 \ sport 0:65535 dport 0:65535 diff --git a/examples/ipsec-secgw/ep1.cfg b/examples/ipsec-secgw/ep1.cfg index 3f6ff8111..19bdc68ea 100644 --- a/examples/ipsec-secgw/ep1.cfg +++ b/examples/ipsec-secgw/ep1.cfg @@ -20,6 +20,6 @@ sp ipv4 in esp protect 16 pri 1 dst 192.168.201.0/24 spor= t 0:65535 dport 0:65535 sp ipv4 in esp protect 25 pri 1 dst 192.168.55.0/24 sport 0:65535 dport 0:= 65535 sp ipv4 in esp protect 26 pri 1 dst 192.168.56.0/24 sport 0:65535 dport 0:= 65535 -sp ipv4 in esp bypass dst 192.168.240.0/24 sport 0:65535 dport 0:65535 -sp ipv4 in esp bypass dst 192.168.241.0/24 sport 0:65535 dport 0:65535 +sp ipv4 in esp bypass pri 1 dst 192.168.240.0/24 sport 0:65535 dport 0:655= 35 +sp ipv4 in esp bypass pri 1 dst 192.168.241.0/24 sport 0:65535 dport 0:655= 35 =20 sp ipv4 out esp protect 105 pri 1 dst 192.168.115.0/24 sport 0:65535 dport= 0:65535 @@ -50,12 +50,12 @@ sp ipv6 in esp protect 26 pri 1 dst 0000:0000:0000:0000= :bbbb:bbbb:0000:0000/96 \ sport 0:65535 dport 0:65535 =20 -sp ipv6 out esp protect 15 pri 1 dst ffff:0000:0000:0000:5555:5555:0000:00= 00/96 \ -sport 0:65535 dport 0:65535 -sp ipv6 out esp protect 16 pri 1 dst ffff:0000:0000:0000:6666:6666:0000:00= 00/96 \ -sport 0:65535 dport 0:65535 sp ipv6 out esp protect 110 pri 1 dst ffff:0000:1111:1111:0000:0000:0000:0= 000/96 \ sport 0:65535 dport 0:65535 sp ipv6 out esp protect 111 pri 1 dst ffff:0000:1111:1111:1111:1111:0000:0= 000/96 \ sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 115 pri 1 dst ffff:0000:0000:0000:5555:5555:0000:0= 000/96 \ +sport 0:65535 dport 0:65535 +sp ipv6 out esp protect 116 pri 1 dst ffff:0000:0000:0000:6666:6666:0000:0= 000/96 \ +sport 0:65535 dport 0:65535 sp ipv6 out esp protect 125 pri 1 dst ffff:0000:0000:0000:aaaa:aaaa:0000:0= 000/96 \ sport 0:65535 dport 0:65535 --=20 2.21.0 --- Diff of the applied patch vs upstream commit (please double-check if non-= empty: --- --- -=092019-12-11 21:24:15.496258779 +0000 +++ 0035-examples-ipsec-secgw-fix-default-configuration.patch=092019-12-11 = 21:24:12.667651217 +0000 @@ -1 +1 @@ -From 742be57872bed881106ed93f4dadc645d32e1996 Mon Sep 17 00:00:00 2001 +From 0b467aef91528961d45c61dcb6b30b82f4eb24b8 Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit 742be57872bed881106ed93f4dadc645d32e1996 ] + @@ -16 +17,0 @@ -Cc: stable@dpdk.org