From b685f931e1ce33d287e3891d4f19ab07f8d2aa79 Mon Sep 17 00:00:00 2001 From: Ankur Dwivedi Date: Fri, 14 Feb 2020 12:08:18 +0530 Subject: [PATCH] examples/ipsec-secgw: extend inline session to non AES-GCM This patch extends creation of inline session to all the algorithms. Previously the inline session was enabled only for AES-GCM cipher. Fixes: 3a690d5a65e2 ("examples/ipsec-secgw: fix first packet with inline crypto") Cc: stable@dpdk.org Signed-off-by: Ankur Dwivedi Acked-by: Anoob Joseph Acked-by: Akhil Goyal --- examples/ipsec-secgw/sa.c | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c index e75b687c46..4822d6bdaa 100644 --- a/examples/ipsec-secgw/sa.c +++ b/examples/ipsec-secgw/sa.c @@ -1057,7 +1057,6 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[], } if (sa->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) { - struct rte_ipsec_session *ips; iv_length = 12; sa_ctx->xf[idx].a.type = RTE_CRYPTO_SYM_XFORM_AEAD; @@ -1077,19 +1076,6 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[], sa->digest_len; sa->xforms = &sa_ctx->xf[idx].a; - - ips = ipsec_get_primary_session(sa); - if (ips->type == - RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL || - ips->type == - RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) { - rc = create_inline_session(skt_ctx, sa, ips); - if (rc != 0) { - RTE_LOG(ERR, IPSEC_ESP, - "create_inline_session() failed\n"); - return -EINVAL; - } - } } else { switch (sa->cipher_algo) { case RTE_CRYPTO_CIPHER_NULL: @@ -1156,6 +1142,18 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[], sa->xforms = &sa_ctx->xf[idx].a; } + if (ips->type == + RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL || + ips->type == + RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) { + rc = create_inline_session(skt_ctx, sa, ips); + if (rc != 0) { + RTE_LOG(ERR, IPSEC_ESP, + "create_inline_session() failed\n"); + return -EINVAL; + } + } + print_one_sa_rule(sa, inbound); } -- 2.20.1