[dpdk-dev] [PATCH 1/2] examples/ipsec-secgw: set default to IPsec library mode

[dpdk-dev] [PATCH 1/2] examples/ipsec-secgw: set default to IPsec library mode

[Bernard Iremonger]

Set the default code path to librte_ipsec mode.
Add parameter 0 | 1 to -l option
Check for conflicting options, -w -a -e and reassembly options are
not supported in legacy mode.
Show fragment table size.
Update print_usage.
Update the ipsec-secgw guide.
Update the release notes.

Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
---
 doc/guides/rel_notes/release_19_11.rst   |  8 ++++++
 doc/guides/sample_app_ug/ipsec_secgw.rst |  6 +++--
 examples/ipsec-secgw/ipsec-secgw.c       | 44 ++++++++++++++++++++------------
 3 files changed, 40 insertions(+), 18 deletions(-)

diff --git a/doc/guides/rel_notes/release_19_11.rst b/doc/guides/rel_notes/release_19_11.rst
index 8490d89..70143c5 100644
--- a/doc/guides/rel_notes/release_19_11.rst
+++ b/doc/guides/rel_notes/release_19_11.rst
@@ -56,6 +56,14 @@ New Features
      Also, make sure to start the actual text at the margin.
      =========================================================
 
+* **Updated the IPsec Security Gateway application.**
+
+  The ``librte_ipsec`` code path is now the default code path in
+  ``ipsec-secgw``
+
+  * The ``-l`` command line option has been extended to take a 0 | 1 argument.
+    0 enables the code path that uses legacy code.
+    1 enables the code path that uses ``librte_ipsec``.
 
 Removed Items
 -------------
diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst
index ad2d79e..17b00c0 100644
--- a/doc/guides/sample_app_ug/ipsec_secgw.rst
+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
@@ -92,7 +92,7 @@ The application has a number of command line options::
 
    ./build/ipsec-secgw [EAL options] --
                         -p PORTMASK -P -u PORTMASK -j FRAMESIZE
-                        -l -w REPLAY_WINOW_SIZE -e -a
+                        -l 0 -w REPLAY_WINOW_SIZE -e -a
                         --config (port,queue,lcore)[,(port,queue,lcore]
                         --single-sa SAIDX
                         --rxoffload MASK
@@ -120,7 +120,9 @@ Where:
     Minimum value: RTE_MBUF_DEFAULT_BUF_SIZE (2176)
     Maximum value: UINT16_MAX (65535).
 
-*   ``-l``: enables code-path that uses librte_ipsec.
+*   ``-l 0 | 1``: Default is ``librte_ipsec`` code path.
+    0 enables the code path that uses legacy code.
+    1 enables the code path that uses ``librte_ipsec``.
 
 *   ``-w REPLAY_WINOW_SIZE``: specifies the IPsec sequence number replay window
     size for each Security Association (available only with librte_ipsec
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 0d1fd6a..3e4b9e0 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -188,7 +188,7 @@ static uint32_t frame_buf_size = RTE_MBUF_DEFAULT_BUF_SIZE;
 static uint32_t mtu_size = RTE_ETHER_MTU;
 
 /* application wide librte_ipsec/SA parameters */
-struct app_sa_prm app_sa_prm = {.enable = 0};
+struct app_sa_prm app_sa_prm = {.enable = 1};
 
 struct lcore_rx_queue {
 	uint16_t port_id;
@@ -1259,7 +1259,7 @@ print_usage(const char *prgname)
 		" [-P]"
 		" [-u PORTMASK]"
 		" [-j FRAMESIZE]"
-		" [-l]"
+		" [-l 0 | 1]"
 		" [-w REPLAY_WINDOW_SIZE]"
 		" [-e]"
 		" [-a]"
@@ -1277,7 +1277,8 @@ print_usage(const char *prgname)
 		"  -u PORTMASK: Hexadecimal bitmask of unprotected ports\n"
 		"  -j FRAMESIZE: Data buffer size, minimum (and default)\n"
 		"     value: RTE_MBUF_DEFAULT_BUF_SIZE\n"
-		"  -l enables code-path that uses librte_ipsec\n"
+		"  -l 0 enables code-path that uses the legacy code\n"
+		"  -l 1 enables code-path that uses librte_ipsec\n"
 		"  -w REPLAY_WINDOW_SIZE specifies IPsec SQN replay window\n"
 		"     size for each SA\n"
 		"  -e enables ESN\n"
@@ -1418,6 +1419,7 @@ print_app_sa_prm(const struct app_sa_prm *prm)
 	printf("replay window size: %u\n", prm->window_size);
 	printf("ESN: %s\n", (prm->enable_esn == 0) ? "disabled" : "enabled");
 	printf("SA flags: %#" PRIx64 "\n", prm->flags);
+	printf("Fragment Table size %u\n", frag_tbl_sz);
 }
 
 static int32_t
@@ -1431,7 +1433,7 @@ parse_args(int32_t argc, char **argv)
 
 	argvopt = argv;
 
-	while ((opt = getopt_long(argc, argvopt, "aelp:Pu:f:j:w:",
+	while ((opt = getopt_long(argc, argvopt, "aep:Pu:f:j:w:l:",
 				lgopts, &option_index)) != EOF) {
 
 		switch (opt) {
@@ -1483,18 +1485,28 @@ parse_args(int32_t argc, char **argv)
 			printf("Custom frame buffer size %u\n", frame_buf_size);
 			break;
 		case 'l':
-			app_sa_prm.enable = 1;
+			ret = parse_decimal(optarg);
+			if (ret == -1) {
+				printf("Invalid argument l %s\n", optarg);
+				print_usage(prgname);
+				return -1;
+			} else if (ret == 0)
+				app_sa_prm.enable = 0;
+			else if (ret == 1)
+				app_sa_prm.enable = 1;
+			else {
+				printf("Invalid argument l %d\n", ret);
+				print_usage(prgname);
+				return -1;
+			}
 			break;
 		case 'w':
-			app_sa_prm.enable = 1;
 			app_sa_prm.window_size = parse_decimal(optarg);
 			break;
 		case 'e':
-			app_sa_prm.enable = 1;
 			app_sa_prm.enable_esn = 1;
 			break;
 		case 'a':
-			app_sa_prm.enable = 1;
 			app_sa_prm.flags |= RTE_IPSEC_SAFLAG_SQN_ATOM;
 			break;
 		case CMD_LINE_OPT_CONFIG_NUM:
@@ -1579,14 +1591,14 @@ parse_args(int32_t argc, char **argv)
 		return -1;
 	}
 
-	/* check do we need to enable multi-seg support */
-	if (multi_seg_required()) {
-		/* legacy mode doesn't support multi-seg */
-		app_sa_prm.enable = 1;
-		printf("frame buf size: %u, mtu: %u, "
-			"number of reassemble entries: %u\n"
-			"multi-segment support is required\n",
-			frame_buf_size, mtu_size, frag_tbl_sz);
+	if (app_sa_prm.enable == 0 &&
+			(app_sa_prm.window_size > 0 ||
+					app_sa_prm.enable_esn ||
+					app_sa_prm.flags != 0 ||
+					multi_seg_required())) {
+		printf("-w -e -a and reassembly options are not "
+				"supported in legacy mode\n");
+		return -1;
 	}
 
 	print_app_sa_prm(&app_sa_prm);
-- 
2.7.4

[dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: add -l 0 parameter to old scripts

[Bernard Iremonger]

enable legacy mode in *_old scripts

Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
---
 examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh         | 2 +-
 examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh          | 2 +-
 examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh          | 2 +-
 examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_old_defs.sh | 2 +-
 examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh               | 2 +-
 examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh         | 2 +-
 examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh          | 2 +-
 examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh          | 2 +-
 examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_old_defs.sh | 2 +-
 examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh               | 2 +-
 10 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh b/examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh
index ffd945b..1f3a9f4 100644
--- a/examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh
+++ b/examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh
@@ -2,4 +2,4 @@
 
 . ${DIR}/trs_3descbc_sha1_defs.sh
 
-SGW_CMD_XPRM=
+SGW_CMD_XPRM='-l 0'
diff --git a/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh b/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh
index a3abb61..093b0c9 100644
--- a/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh
+++ b/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh
@@ -2,4 +2,4 @@
 
 . ${DIR}/trs_aescbc_sha1_defs.sh
 
-SGW_CMD_XPRM=
+SGW_CMD_XPRM='-l 0'
diff --git a/examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh b/examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh
index 3aa0712..c6e8851 100644
--- a/examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh
+++ b/examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh
@@ -2,4 +2,4 @@
 
 . ${DIR}/trs_aesctr_sha1_defs.sh
 
-SGW_CMD_XPRM=
+SGW_CMD_XPRM='-l 0'
diff --git a/examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_old_defs.sh b/examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_old_defs.sh
index 0523049..e9fc4d8 100644
--- a/examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_old_defs.sh
+++ b/examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_old_defs.sh
@@ -2,4 +2,4 @@
 
 . ${DIR}/trs_aesgcm_inline_crypto_defs.sh
 
-SGW_CMD_XPRM=
+SGW_CMD_XPRM='-l 0'
diff --git a/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh b/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh
index 951e6b6..1653d29 100644
--- a/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh
+++ b/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh
@@ -2,4 +2,4 @@
 
 . ${DIR}/trs_aesgcm_defs.sh
 
-SGW_CMD_XPRM=
+SGW_CMD_XPRM='-l 0'
diff --git a/examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh b/examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh
index eaf248a..8fec47a 100644
--- a/examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh
+++ b/examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh
@@ -2,4 +2,4 @@
 
 . ${DIR}/tun_3descbc_sha1_defs.sh
 
-SGW_CMD_XPRM=
+SGW_CMD_XPRM='-l 0'
diff --git a/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh b/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh
index 3c0d8d1..9ff08f1 100644
--- a/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh
+++ b/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh
@@ -2,4 +2,4 @@
 
 . ${DIR}/tun_aescbc_sha1_defs.sh
 
-SGW_CMD_XPRM=
+SGW_CMD_XPRM='-l 0'
diff --git a/examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh b/examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh
index 26f0d02..b23f0db 100644
--- a/examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh
+++ b/examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh
@@ -2,4 +2,4 @@
 
 . ${DIR}/tun_aesctr_sha1_defs.sh
 
-SGW_CMD_XPRM=
+SGW_CMD_XPRM='-l 0'
diff --git a/examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_old_defs.sh b/examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_old_defs.sh
index de65961..7574618 100644
--- a/examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_old_defs.sh
+++ b/examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_old_defs.sh
@@ -2,4 +2,4 @@
 
 . ${DIR}/tun_aesgcm_inline_crypto_defs.sh
 
-SGW_CMD_XPRM=
+SGW_CMD_XPRM='-l 0'
diff --git a/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh b/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh
index e0a015e..fabfe63 100644
--- a/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh
+++ b/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh
@@ -2,4 +2,4 @@
 
 . ${DIR}/tun_aesgcm_defs.sh
 
-SGW_CMD_XPRM=
+SGW_CMD_XPRM='-l 0'
-- 
2.7.4

Re: [dpdk-dev] [PATCH 1/2] examples/ipsec-secgw: set default to IPsec library mode

[Iremonger, Bernard]

Hi Konstantin,

<snip>

> > Set the default code path to librte_ipsec mode.
> > Add parameter 0 | 1 to -l option
> > Check for conflicting options, -w -a -e and reassembly options are not
> > supported in legacy mode.
> > Show fragment table size.
> > Update print_usage.
> > Update the ipsec-secgw guide.
> > Update the release notes.
> >
> > Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
> > ---
> >  doc/guides/rel_notes/release_19_11.rst   |  8 ++++++
> >  doc/guides/sample_app_ug/ipsec_secgw.rst |  6 +++--
> >  examples/ipsec-secgw/ipsec-secgw.c       | 44 ++++++++++++++++++++---
> ---------
> >  3 files changed, 40 insertions(+), 18 deletions(-)
> >
> > diff --git a/doc/guides/rel_notes/release_19_11.rst
> > b/doc/guides/rel_notes/release_19_11.rst
> > index 8490d89..70143c5 100644
> > --- a/doc/guides/rel_notes/release_19_11.rst
> > +++ b/doc/guides/rel_notes/release_19_11.rst
> > @@ -56,6 +56,14 @@ New Features
> >       Also, make sure to start the actual text at the margin.
> >
> =========================================================
> >
> > +* **Updated the IPsec Security Gateway application.**
> > +
> > +  The ``librte_ipsec`` code path is now the default code path in
> > + ``ipsec-secgw``
> > +
> > +  * The ``-l`` command line option has been extended to take a 0 | 1
> argument.
> > +    0 enables the code path that uses legacy code.
> > +    1 enables the code path that uses ``librte_ipsec``.
> >
> >  Removed Items
> >  -------------
> > diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst
> > b/doc/guides/sample_app_ug/ipsec_secgw.rst
> > index ad2d79e..17b00c0 100644
> > --- a/doc/guides/sample_app_ug/ipsec_secgw.rst
> > +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
> > @@ -92,7 +92,7 @@ The application has a number of command line
> options::
> >
> >     ./build/ipsec-secgw [EAL options] --
> >                          -p PORTMASK -P -u PORTMASK -j FRAMESIZE
> > -                        -l -w REPLAY_WINOW_SIZE -e -a
> > +                        -l 0 -w REPLAY_WINOW_SIZE -e -a
> >                          --config (port,queue,lcore)[,(port,queue,lcore]
> >                          --single-sa SAIDX
> >                          --rxoffload MASK @@ -120,7 +120,9 @@ Where:
> >      Minimum value: RTE_MBUF_DEFAULT_BUF_SIZE (2176)
> >      Maximum value: UINT16_MAX (65535).
> >
> > -*   ``-l``: enables code-path that uses librte_ipsec.
> > +*   ``-l 0 | 1``: Default is ``librte_ipsec`` code path.
> > +    0 enables the code path that uses legacy code.
> > +    1 enables the code path that uses ``librte_ipsec``.
> >
> >  *   ``-w REPLAY_WINOW_SIZE``: specifies the IPsec sequence number
> replay window
> >      size for each Security Association (available only with
> > librte_ipsec diff --git a/examples/ipsec-secgw/ipsec-secgw.c
> > b/examples/ipsec-secgw/ipsec-secgw.c
> > index 0d1fd6a..3e4b9e0 100644
> > --- a/examples/ipsec-secgw/ipsec-secgw.c
> > +++ b/examples/ipsec-secgw/ipsec-secgw.c
> > @@ -188,7 +188,7 @@ static uint32_t frame_buf_size =
> > RTE_MBUF_DEFAULT_BUF_SIZE;  static uint32_t mtu_size =
> RTE_ETHER_MTU;
> >
> >  /* application wide librte_ipsec/SA parameters */ -struct app_sa_prm
> > app_sa_prm = {.enable = 0};
> > +struct app_sa_prm app_sa_prm = {.enable = 1};
> >
> >  struct lcore_rx_queue {
> >  	uint16_t port_id;
> > @@ -1259,7 +1259,7 @@ print_usage(const char *prgname)
> >  		" [-P]"
> >  		" [-u PORTMASK]"
> >  		" [-j FRAMESIZE]"
> > -		" [-l]"
> > +		" [-l 0 | 1]"
> >  		" [-w REPLAY_WINDOW_SIZE]"
> >  		" [-e]"
> >  		" [-a]"
> > @@ -1277,7 +1277,8 @@ print_usage(const char *prgname)
> >  		"  -u PORTMASK: Hexadecimal bitmask of unprotected
> ports\n"
> >  		"  -j FRAMESIZE: Data buffer size, minimum (and default)\n"
> >  		"     value: RTE_MBUF_DEFAULT_BUF_SIZE\n"
> > -		"  -l enables code-path that uses librte_ipsec\n"
> > +		"  -l 0 enables code-path that uses the legacy code\n"
> > +		"  -l 1 enables code-path that uses librte_ipsec\n"
> >  		"  -w REPLAY_WINDOW_SIZE specifies IPsec SQN replay
> window\n"
> >  		"     size for each SA\n"
> >  		"  -e enables ESN\n"
> > @@ -1418,6 +1419,7 @@ print_app_sa_prm(const struct app_sa_prm
> *prm)
> >  	printf("replay window size: %u\n", prm->window_size);
> >  	printf("ESN: %s\n", (prm->enable_esn == 0) ? "disabled" :
> "enabled");
> >  	printf("SA flags: %#" PRIx64 "\n", prm->flags);
> > +	printf("Fragment Table size %u\n", frag_tbl_sz);
> >  }
> >
> >  static int32_t
> > @@ -1431,7 +1433,7 @@ parse_args(int32_t argc, char **argv)
> >
> >  	argvopt = argv;
> >
> > -	while ((opt = getopt_long(argc, argvopt, "aelp:Pu:f:j:w:",
> > +	while ((opt = getopt_long(argc, argvopt, "aep:Pu:f:j:w:l:",
> >  				lgopts, &option_index)) != EOF) {
> >
> >  		switch (opt) {
> > @@ -1483,18 +1485,28 @@ parse_args(int32_t argc, char **argv)
> >  			printf("Custom frame buffer size %u\n",
> frame_buf_size);
> >  			break;
> >  		case 'l':
> > -			app_sa_prm.enable = 1;
> > +			ret = parse_decimal(optarg);
> > +			if (ret == -1) {
> > +				printf("Invalid argument l %s\n", optarg);
> 
> Just as a nit, probably a bit better:
> printf("Invalid argument: \'%s\' for: \'%c\' option\n", optarg, opt); Apart from
> that:
> Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>

I will send a v2.

Regards,

Bernard

<snip>

Re: [dpdk-dev] [PATCH 1/2] examples/ipsec-secgw: set default to IPsec library mode

[Ananyev, Konstantin]

> 
> Set the default code path to librte_ipsec mode.
> Add parameter 0 | 1 to -l option
> Check for conflicting options, -w -a -e and reassembly options are
> not supported in legacy mode.
> Show fragment table size.
> Update print_usage.
> Update the ipsec-secgw guide.
> Update the release notes.
> 
> Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
> ---
>  doc/guides/rel_notes/release_19_11.rst   |  8 ++++++
>  doc/guides/sample_app_ug/ipsec_secgw.rst |  6 +++--
>  examples/ipsec-secgw/ipsec-secgw.c       | 44 ++++++++++++++++++++------------
>  3 files changed, 40 insertions(+), 18 deletions(-)
> 
> diff --git a/doc/guides/rel_notes/release_19_11.rst b/doc/guides/rel_notes/release_19_11.rst
> index 8490d89..70143c5 100644
> --- a/doc/guides/rel_notes/release_19_11.rst
> +++ b/doc/guides/rel_notes/release_19_11.rst
> @@ -56,6 +56,14 @@ New Features
>       Also, make sure to start the actual text at the margin.
>       =========================================================
> 
> +* **Updated the IPsec Security Gateway application.**
> +
> +  The ``librte_ipsec`` code path is now the default code path in
> +  ``ipsec-secgw``
> +
> +  * The ``-l`` command line option has been extended to take a 0 | 1 argument.
> +    0 enables the code path that uses legacy code.
> +    1 enables the code path that uses ``librte_ipsec``.
> 
>  Removed Items
>  -------------
> diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst
> index ad2d79e..17b00c0 100644
> --- a/doc/guides/sample_app_ug/ipsec_secgw.rst
> +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
> @@ -92,7 +92,7 @@ The application has a number of command line options::
> 
>     ./build/ipsec-secgw [EAL options] --
>                          -p PORTMASK -P -u PORTMASK -j FRAMESIZE
> -                        -l -w REPLAY_WINOW_SIZE -e -a
> +                        -l 0 -w REPLAY_WINOW_SIZE -e -a
>                          --config (port,queue,lcore)[,(port,queue,lcore]
>                          --single-sa SAIDX
>                          --rxoffload MASK
> @@ -120,7 +120,9 @@ Where:
>      Minimum value: RTE_MBUF_DEFAULT_BUF_SIZE (2176)
>      Maximum value: UINT16_MAX (65535).
> 
> -*   ``-l``: enables code-path that uses librte_ipsec.
> +*   ``-l 0 | 1``: Default is ``librte_ipsec`` code path.
> +    0 enables the code path that uses legacy code.
> +    1 enables the code path that uses ``librte_ipsec``.
> 
>  *   ``-w REPLAY_WINOW_SIZE``: specifies the IPsec sequence number replay window
>      size for each Security Association (available only with librte_ipsec
> diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
> index 0d1fd6a..3e4b9e0 100644
> --- a/examples/ipsec-secgw/ipsec-secgw.c
> +++ b/examples/ipsec-secgw/ipsec-secgw.c
> @@ -188,7 +188,7 @@ static uint32_t frame_buf_size = RTE_MBUF_DEFAULT_BUF_SIZE;
>  static uint32_t mtu_size = RTE_ETHER_MTU;
> 
>  /* application wide librte_ipsec/SA parameters */
> -struct app_sa_prm app_sa_prm = {.enable = 0};
> +struct app_sa_prm app_sa_prm = {.enable = 1};
> 
>  struct lcore_rx_queue {
>  	uint16_t port_id;
> @@ -1259,7 +1259,7 @@ print_usage(const char *prgname)
>  		" [-P]"
>  		" [-u PORTMASK]"
>  		" [-j FRAMESIZE]"
> -		" [-l]"
> +		" [-l 0 | 1]"
>  		" [-w REPLAY_WINDOW_SIZE]"
>  		" [-e]"
>  		" [-a]"
> @@ -1277,7 +1277,8 @@ print_usage(const char *prgname)
>  		"  -u PORTMASK: Hexadecimal bitmask of unprotected ports\n"
>  		"  -j FRAMESIZE: Data buffer size, minimum (and default)\n"
>  		"     value: RTE_MBUF_DEFAULT_BUF_SIZE\n"
> -		"  -l enables code-path that uses librte_ipsec\n"
> +		"  -l 0 enables code-path that uses the legacy code\n"
> +		"  -l 1 enables code-path that uses librte_ipsec\n"
>  		"  -w REPLAY_WINDOW_SIZE specifies IPsec SQN replay window\n"
>  		"     size for each SA\n"
>  		"  -e enables ESN\n"
> @@ -1418,6 +1419,7 @@ print_app_sa_prm(const struct app_sa_prm *prm)
>  	printf("replay window size: %u\n", prm->window_size);
>  	printf("ESN: %s\n", (prm->enable_esn == 0) ? "disabled" : "enabled");
>  	printf("SA flags: %#" PRIx64 "\n", prm->flags);
> +	printf("Fragment Table size %u\n", frag_tbl_sz);
>  }
> 
>  static int32_t
> @@ -1431,7 +1433,7 @@ parse_args(int32_t argc, char **argv)
> 
>  	argvopt = argv;
> 
> -	while ((opt = getopt_long(argc, argvopt, "aelp:Pu:f:j:w:",
> +	while ((opt = getopt_long(argc, argvopt, "aep:Pu:f:j:w:l:",
>  				lgopts, &option_index)) != EOF) {
> 
>  		switch (opt) {
> @@ -1483,18 +1485,28 @@ parse_args(int32_t argc, char **argv)
>  			printf("Custom frame buffer size %u\n", frame_buf_size);
>  			break;
>  		case 'l':
> -			app_sa_prm.enable = 1;
> +			ret = parse_decimal(optarg);
> +			if (ret == -1) {
> +				printf("Invalid argument l %s\n", optarg);

Just as a nit, probably a bit better:
printf("Invalid argument: \'%s\' for: \'%c\' option\n", optarg, opt);
Apart from that:
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>


> +				print_usage(prgname);
> +				return -1;
> +			} else if (ret == 0)
> +				app_sa_prm.enable = 0;
> +			else if (ret == 1)
> +				app_sa_prm.enable = 1;
> +			else {
> +				printf("Invalid argument l %d\n", ret);
> +				print_usage(prgname);
> +				return -1;
> +			}
>  			break;
>  		case 'w':
> -			app_sa_prm.enable = 1;
>  			app_sa_prm.window_size = parse_decimal(optarg);
>  			break;
>  		case 'e':
> -			app_sa_prm.enable = 1;
>  			app_sa_prm.enable_esn = 1;
>  			break;
>  		case 'a':
> -			app_sa_prm.enable = 1;
>  			app_sa_prm.flags |= RTE_IPSEC_SAFLAG_SQN_ATOM;
>  			break;
>  		case CMD_LINE_OPT_CONFIG_NUM:
> @@ -1579,14 +1591,14 @@ parse_args(int32_t argc, char **argv)
>  		return -1;
>  	}
> 
> -	/* check do we need to enable multi-seg support */
> -	if (multi_seg_required()) {
> -		/* legacy mode doesn't support multi-seg */
> -		app_sa_prm.enable = 1;
> -		printf("frame buf size: %u, mtu: %u, "
> -			"number of reassemble entries: %u\n"
> -			"multi-segment support is required\n",
> -			frame_buf_size, mtu_size, frag_tbl_sz);
> +	if (app_sa_prm.enable == 0 &&
> +			(app_sa_prm.window_size > 0 ||
> +					app_sa_prm.enable_esn ||
> +					app_sa_prm.flags != 0 ||
> +					multi_seg_required())) {
> +		printf("-w -e -a and reassembly options are not "
> +				"supported in legacy mode\n");
> +		return -1;
>  	}
> 
>  	print_app_sa_prm(&app_sa_prm);
> --
> 2.7.4

[dpdk-dev] [PATCH 1/2] examples/ipsec-secgw: set default to IPsec library mode

[Bernard Iremonger]

Set the default code path to librte_ipsec mode.
Add parameter 0 | 1 to -l option
Check for conflicting options, -w -a -e and reassembly options are
not supported in legacy mode.
Show fragment table size.
Update print_usage.
Update the ipsec-secgw guide.
Update the release notes.

Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
---
 doc/guides/rel_notes/release_19_11.rst   |  8 ++++++
 doc/guides/sample_app_ug/ipsec_secgw.rst |  6 +++--
 examples/ipsec-secgw/ipsec-secgw.c       | 44 ++++++++++++++++++++------------
 3 files changed, 40 insertions(+), 18 deletions(-)

diff --git a/doc/guides/rel_notes/release_19_11.rst b/doc/guides/rel_notes/release_19_11.rst
index 8490d89..70143c5 100644
--- a/doc/guides/rel_notes/release_19_11.rst
+++ b/doc/guides/rel_notes/release_19_11.rst
@@ -56,6 +56,14 @@ New Features
      Also, make sure to start the actual text at the margin.
      =========================================================
 
+* **Updated the IPsec Security Gateway application.**
+
+  The ``librte_ipsec`` code path is now the default code path in
+  ``ipsec-secgw``
+
+  * The ``-l`` command line option has been extended to take a 0 | 1 argument.
+    0 enables the code path that uses legacy code.
+    1 enables the code path that uses ``librte_ipsec``.
 
 Removed Items
 -------------
diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst
index ad2d79e..17b00c0 100644
--- a/doc/guides/sample_app_ug/ipsec_secgw.rst
+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
@@ -92,7 +92,7 @@ The application has a number of command line options::
 
    ./build/ipsec-secgw [EAL options] --
                         -p PORTMASK -P -u PORTMASK -j FRAMESIZE
-                        -l -w REPLAY_WINOW_SIZE -e -a
+                        -l 0 -w REPLAY_WINOW_SIZE -e -a
                         --config (port,queue,lcore)[,(port,queue,lcore]
                         --single-sa SAIDX
                         --rxoffload MASK
@@ -120,7 +120,9 @@ Where:
     Minimum value: RTE_MBUF_DEFAULT_BUF_SIZE (2176)
     Maximum value: UINT16_MAX (65535).
 
-*   ``-l``: enables code-path that uses librte_ipsec.
+*   ``-l 0 | 1``: Default is ``librte_ipsec`` code path.
+    0 enables the code path that uses legacy code.
+    1 enables the code path that uses ``librte_ipsec``.
 
 *   ``-w REPLAY_WINOW_SIZE``: specifies the IPsec sequence number replay window
     size for each Security Association (available only with librte_ipsec
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 0d1fd6a..3e4b9e0 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -188,7 +188,7 @@ static uint32_t frame_buf_size = RTE_MBUF_DEFAULT_BUF_SIZE;
 static uint32_t mtu_size = RTE_ETHER_MTU;
 
 /* application wide librte_ipsec/SA parameters */
-struct app_sa_prm app_sa_prm = {.enable = 0};
+struct app_sa_prm app_sa_prm = {.enable = 1};
 
 struct lcore_rx_queue {
 	uint16_t port_id;
@@ -1259,7 +1259,7 @@ print_usage(const char *prgname)
 		" [-P]"
 		" [-u PORTMASK]"
 		" [-j FRAMESIZE]"
-		" [-l]"
+		" [-l 0 | 1]"
 		" [-w REPLAY_WINDOW_SIZE]"
 		" [-e]"
 		" [-a]"
@@ -1277,7 +1277,8 @@ print_usage(const char *prgname)
 		"  -u PORTMASK: Hexadecimal bitmask of unprotected ports\n"
 		"  -j FRAMESIZE: Data buffer size, minimum (and default)\n"
 		"     value: RTE_MBUF_DEFAULT_BUF_SIZE\n"
-		"  -l enables code-path that uses librte_ipsec\n"
+		"  -l 0 enables code-path that uses the legacy code\n"
+		"  -l 1 enables code-path that uses librte_ipsec\n"
 		"  -w REPLAY_WINDOW_SIZE specifies IPsec SQN replay window\n"
 		"     size for each SA\n"
 		"  -e enables ESN\n"
@@ -1418,6 +1419,7 @@ print_app_sa_prm(const struct app_sa_prm *prm)
 	printf("replay window size: %u\n", prm->window_size);
 	printf("ESN: %s\n", (prm->enable_esn == 0) ? "disabled" : "enabled");
 	printf("SA flags: %#" PRIx64 "\n", prm->flags);
+	printf("Fragment Table size %u\n", frag_tbl_sz);
 }
 
 static int32_t
@@ -1431,7 +1433,7 @@ parse_args(int32_t argc, char **argv)
 
 	argvopt = argv;
 
-	while ((opt = getopt_long(argc, argvopt, "aelp:Pu:f:j:w:",
+	while ((opt = getopt_long(argc, argvopt, "aep:Pu:f:j:w:l:",
 				lgopts, &option_index)) != EOF) {
 
 		switch (opt) {
@@ -1483,18 +1485,28 @@ parse_args(int32_t argc, char **argv)
 			printf("Custom frame buffer size %u\n", frame_buf_size);
 			break;
 		case 'l':
-			app_sa_prm.enable = 1;
+			ret = parse_decimal(optarg);
+			if (ret == -1) {
+				printf("Invalid argument l %s\n", optarg);
+				print_usage(prgname);
+				return -1;
+			} else if (ret == 0)
+				app_sa_prm.enable = 0;
+			else if (ret == 1)
+				app_sa_prm.enable = 1;
+			else {
+				printf("Invalid argument l %d\n", ret);
+				print_usage(prgname);
+				return -1;
+			}
 			break;
 		case 'w':
-			app_sa_prm.enable = 1;
 			app_sa_prm.window_size = parse_decimal(optarg);
 			break;
 		case 'e':
-			app_sa_prm.enable = 1;
 			app_sa_prm.enable_esn = 1;
 			break;
 		case 'a':
-			app_sa_prm.enable = 1;
 			app_sa_prm.flags |= RTE_IPSEC_SAFLAG_SQN_ATOM;
 			break;
 		case CMD_LINE_OPT_CONFIG_NUM:
@@ -1579,14 +1591,14 @@ parse_args(int32_t argc, char **argv)
 		return -1;
 	}
 
-	/* check do we need to enable multi-seg support */
-	if (multi_seg_required()) {
-		/* legacy mode doesn't support multi-seg */
-		app_sa_prm.enable = 1;
-		printf("frame buf size: %u, mtu: %u, "
-			"number of reassemble entries: %u\n"
-			"multi-segment support is required\n",
-			frame_buf_size, mtu_size, frag_tbl_sz);
+	if (app_sa_prm.enable == 0 &&
+			(app_sa_prm.window_size > 0 ||
+					app_sa_prm.enable_esn ||
+					app_sa_prm.flags != 0 ||
+					multi_seg_required())) {
+		printf("-w -e -a and reassembly options are not "
+				"supported in legacy mode\n");
+		return -1;
 	}
 
 	print_app_sa_prm(&app_sa_prm);
-- 
2.7.4

[dpdk-dev] [PATCH 1/2] examples/ipsec-secgw: set default to IPsec library mode

[Bernard Iremonger]

Set the default code path to librte_ipsec mode.
Add parameter 0 | 1 to -l option
Check for conflicting options, -w -a -e and reassembly options are
not supported in legacy mode.
Show fragment table size.
Update print_usage.
Update the ipsec-secgw guide.
Update the release notes.

Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
---
 doc/guides/rel_notes/release_19_11.rst   |  8 ++++++
 doc/guides/sample_app_ug/ipsec_secgw.rst |  6 +++--
 examples/ipsec-secgw/ipsec-secgw.c       | 44 ++++++++++++++++++++------------
 3 files changed, 40 insertions(+), 18 deletions(-)

diff --git a/doc/guides/rel_notes/release_19_11.rst b/doc/guides/rel_notes/release_19_11.rst
index 8490d89..70143c5 100644
--- a/doc/guides/rel_notes/release_19_11.rst
+++ b/doc/guides/rel_notes/release_19_11.rst
@@ -56,6 +56,14 @@ New Features
      Also, make sure to start the actual text at the margin.
      =========================================================
 
+* **Updated the IPsec Security Gateway application.**
+
+  The ``librte_ipsec`` code path is now the default code path in
+  ``ipsec-secgw``
+
+  * The ``-l`` command line option has been extended to take a 0 | 1 argument.
+    0 enables the code path that uses legacy code.
+    1 enables the code path that uses ``librte_ipsec``.
 
 Removed Items
 -------------
diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst
index ad2d79e..17b00c0 100644
--- a/doc/guides/sample_app_ug/ipsec_secgw.rst
+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
@@ -92,7 +92,7 @@ The application has a number of command line options::
 
    ./build/ipsec-secgw [EAL options] --
                         -p PORTMASK -P -u PORTMASK -j FRAMESIZE
-                        -l -w REPLAY_WINOW_SIZE -e -a
+                        -l 0 -w REPLAY_WINOW_SIZE -e -a
                         --config (port,queue,lcore)[,(port,queue,lcore]
                         --single-sa SAIDX
                         --rxoffload MASK
@@ -120,7 +120,9 @@ Where:
     Minimum value: RTE_MBUF_DEFAULT_BUF_SIZE (2176)
     Maximum value: UINT16_MAX (65535).
 
-*   ``-l``: enables code-path that uses librte_ipsec.
+*   ``-l 0 | 1``: Default is ``librte_ipsec`` code path.
+    0 enables the code path that uses legacy code.
+    1 enables the code path that uses ``librte_ipsec``.
 
 *   ``-w REPLAY_WINOW_SIZE``: specifies the IPsec sequence number replay window
     size for each Security Association (available only with librte_ipsec
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 0d1fd6a..3e4b9e0 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -188,7 +188,7 @@ static uint32_t frame_buf_size = RTE_MBUF_DEFAULT_BUF_SIZE;
 static uint32_t mtu_size = RTE_ETHER_MTU;
 
 /* application wide librte_ipsec/SA parameters */
-struct app_sa_prm app_sa_prm = {.enable = 0};
+struct app_sa_prm app_sa_prm = {.enable = 1};
 
 struct lcore_rx_queue {
 	uint16_t port_id;
@@ -1259,7 +1259,7 @@ print_usage(const char *prgname)
 		" [-P]"
 		" [-u PORTMASK]"
 		" [-j FRAMESIZE]"
-		" [-l]"
+		" [-l 0 | 1]"
 		" [-w REPLAY_WINDOW_SIZE]"
 		" [-e]"
 		" [-a]"
@@ -1277,7 +1277,8 @@ print_usage(const char *prgname)
 		"  -u PORTMASK: Hexadecimal bitmask of unprotected ports\n"
 		"  -j FRAMESIZE: Data buffer size, minimum (and default)\n"
 		"     value: RTE_MBUF_DEFAULT_BUF_SIZE\n"
-		"  -l enables code-path that uses librte_ipsec\n"
+		"  -l 0 enables code-path that uses the legacy code\n"
+		"  -l 1 enables code-path that uses librte_ipsec\n"
 		"  -w REPLAY_WINDOW_SIZE specifies IPsec SQN replay window\n"
 		"     size for each SA\n"
 		"  -e enables ESN\n"
@@ -1418,6 +1419,7 @@ print_app_sa_prm(const struct app_sa_prm *prm)
 	printf("replay window size: %u\n", prm->window_size);
 	printf("ESN: %s\n", (prm->enable_esn == 0) ? "disabled" : "enabled");
 	printf("SA flags: %#" PRIx64 "\n", prm->flags);
+	printf("Fragment Table size %u\n", frag_tbl_sz);
 }
 
 static int32_t
@@ -1431,7 +1433,7 @@ parse_args(int32_t argc, char **argv)
 
 	argvopt = argv;
 
-	while ((opt = getopt_long(argc, argvopt, "aelp:Pu:f:j:w:",
+	while ((opt = getopt_long(argc, argvopt, "aep:Pu:f:j:w:l:",
 				lgopts, &option_index)) != EOF) {
 
 		switch (opt) {
@@ -1483,18 +1485,28 @@ parse_args(int32_t argc, char **argv)
 			printf("Custom frame buffer size %u\n", frame_buf_size);
 			break;
 		case 'l':
-			app_sa_prm.enable = 1;
+			ret = parse_decimal(optarg);
+			if (ret == -1) {
+				printf("Invalid argument l %s\n", optarg);
+				print_usage(prgname);
+				return -1;
+			} else if (ret == 0)
+				app_sa_prm.enable = 0;
+			else if (ret == 1)
+				app_sa_prm.enable = 1;
+			else {
+				printf("Invalid argument l %d\n", ret);
+				print_usage(prgname);
+				return -1;
+			}
 			break;
 		case 'w':
-			app_sa_prm.enable = 1;
 			app_sa_prm.window_size = parse_decimal(optarg);
 			break;
 		case 'e':
-			app_sa_prm.enable = 1;
 			app_sa_prm.enable_esn = 1;
 			break;
 		case 'a':
-			app_sa_prm.enable = 1;
 			app_sa_prm.flags |= RTE_IPSEC_SAFLAG_SQN_ATOM;
 			break;
 		case CMD_LINE_OPT_CONFIG_NUM:
@@ -1579,14 +1591,14 @@ parse_args(int32_t argc, char **argv)
 		return -1;
 	}
 
-	/* check do we need to enable multi-seg support */
-	if (multi_seg_required()) {
-		/* legacy mode doesn't support multi-seg */
-		app_sa_prm.enable = 1;
-		printf("frame buf size: %u, mtu: %u, "
-			"number of reassemble entries: %u\n"
-			"multi-segment support is required\n",
-			frame_buf_size, mtu_size, frag_tbl_sz);
+	if (app_sa_prm.enable == 0 &&
+			(app_sa_prm.window_size > 0 ||
+					app_sa_prm.enable_esn ||
+					app_sa_prm.flags != 0 ||
+					multi_seg_required())) {
+		printf("-w -e -a and reassembly options are not "
+				"supported in legacy mode\n");
+		return -1;
 	}
 
 	print_app_sa_prm(&app_sa_prm);
-- 
2.7.4