From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 5A93FA0613 for ; Thu, 29 Aug 2019 10:59:53 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 7C8411D445; Thu, 29 Aug 2019 10:59:44 +0200 (CEST) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by dpdk.org (Postfix) with ESMTP id 961E91D17E for ; Thu, 29 Aug 2019 10:59:41 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 29 Aug 2019 01:59:41 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,442,1559545200"; d="scan'208";a="380705104" Received: from sivswdev08.ir.intel.com (HELO localhost.localdomain) ([10.237.217.47]) by fmsmga005.fm.intel.com with ESMTP; 29 Aug 2019 01:59:40 -0700 From: Bernard Iremonger To: dev@dpdk.org, konstantin.ananyev@intel.com, akhil.goyal@nxp.com Cc: Bernard Iremonger Date: Thu, 29 Aug 2019 09:59:32 +0100 Message-Id: <1567069173-10505-2-git-send-email-bernard.iremonger@intel.com> X-Mailer: git-send-email 1.7.0.7 In-Reply-To: <1567069173-10505-1-git-send-email-bernard.iremonger@intel.com> References: <1567069173-10505-1-git-send-email-bernard.iremonger@intel.com> Subject: [dpdk-dev] [PATCH 1/2] examples/ipsec-secgw: set default to IPsec library mode X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Set the default code path to librte_ipsec mode. Add parameter 0 | 1 to -l option Check for conflicting options, -w -a -e and reassembly options are not supported in legacy mode. Show fragment table size. Update print_usage. Update the ipsec-secgw guide. Update the release notes. Signed-off-by: Bernard Iremonger --- doc/guides/rel_notes/release_19_11.rst | 8 ++++++ doc/guides/sample_app_ug/ipsec_secgw.rst | 6 +++-- examples/ipsec-secgw/ipsec-secgw.c | 44 ++++++++++++++++++++------------ 3 files changed, 40 insertions(+), 18 deletions(-) diff --git a/doc/guides/rel_notes/release_19_11.rst b/doc/guides/rel_notes/release_19_11.rst index 8490d89..70143c5 100644 --- a/doc/guides/rel_notes/release_19_11.rst +++ b/doc/guides/rel_notes/release_19_11.rst @@ -56,6 +56,14 @@ New Features Also, make sure to start the actual text at the margin. ========================================================= +* **Updated the IPsec Security Gateway application.** + + The ``librte_ipsec`` code path is now the default code path in + ``ipsec-secgw`` + + * The ``-l`` command line option has been extended to take a 0 | 1 argument. + 0 enables the code path that uses legacy code. + 1 enables the code path that uses ``librte_ipsec``. Removed Items ------------- diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst index ad2d79e..17b00c0 100644 --- a/doc/guides/sample_app_ug/ipsec_secgw.rst +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst @@ -92,7 +92,7 @@ The application has a number of command line options:: ./build/ipsec-secgw [EAL options] -- -p PORTMASK -P -u PORTMASK -j FRAMESIZE - -l -w REPLAY_WINOW_SIZE -e -a + -l 0 -w REPLAY_WINOW_SIZE -e -a --config (port,queue,lcore)[,(port,queue,lcore] --single-sa SAIDX --rxoffload MASK @@ -120,7 +120,9 @@ Where: Minimum value: RTE_MBUF_DEFAULT_BUF_SIZE (2176) Maximum value: UINT16_MAX (65535). -* ``-l``: enables code-path that uses librte_ipsec. +* ``-l 0 | 1``: Default is ``librte_ipsec`` code path. + 0 enables the code path that uses legacy code. + 1 enables the code path that uses ``librte_ipsec``. * ``-w REPLAY_WINOW_SIZE``: specifies the IPsec sequence number replay window size for each Security Association (available only with librte_ipsec diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c index 0d1fd6a..3e4b9e0 100644 --- a/examples/ipsec-secgw/ipsec-secgw.c +++ b/examples/ipsec-secgw/ipsec-secgw.c @@ -188,7 +188,7 @@ static uint32_t frame_buf_size = RTE_MBUF_DEFAULT_BUF_SIZE; static uint32_t mtu_size = RTE_ETHER_MTU; /* application wide librte_ipsec/SA parameters */ -struct app_sa_prm app_sa_prm = {.enable = 0}; +struct app_sa_prm app_sa_prm = {.enable = 1}; struct lcore_rx_queue { uint16_t port_id; @@ -1259,7 +1259,7 @@ print_usage(const char *prgname) " [-P]" " [-u PORTMASK]" " [-j FRAMESIZE]" - " [-l]" + " [-l 0 | 1]" " [-w REPLAY_WINDOW_SIZE]" " [-e]" " [-a]" @@ -1277,7 +1277,8 @@ print_usage(const char *prgname) " -u PORTMASK: Hexadecimal bitmask of unprotected ports\n" " -j FRAMESIZE: Data buffer size, minimum (and default)\n" " value: RTE_MBUF_DEFAULT_BUF_SIZE\n" - " -l enables code-path that uses librte_ipsec\n" + " -l 0 enables code-path that uses the legacy code\n" + " -l 1 enables code-path that uses librte_ipsec\n" " -w REPLAY_WINDOW_SIZE specifies IPsec SQN replay window\n" " size for each SA\n" " -e enables ESN\n" @@ -1418,6 +1419,7 @@ print_app_sa_prm(const struct app_sa_prm *prm) printf("replay window size: %u\n", prm->window_size); printf("ESN: %s\n", (prm->enable_esn == 0) ? "disabled" : "enabled"); printf("SA flags: %#" PRIx64 "\n", prm->flags); + printf("Fragment Table size %u\n", frag_tbl_sz); } static int32_t @@ -1431,7 +1433,7 @@ parse_args(int32_t argc, char **argv) argvopt = argv; - while ((opt = getopt_long(argc, argvopt, "aelp:Pu:f:j:w:", + while ((opt = getopt_long(argc, argvopt, "aep:Pu:f:j:w:l:", lgopts, &option_index)) != EOF) { switch (opt) { @@ -1483,18 +1485,28 @@ parse_args(int32_t argc, char **argv) printf("Custom frame buffer size %u\n", frame_buf_size); break; case 'l': - app_sa_prm.enable = 1; + ret = parse_decimal(optarg); + if (ret == -1) { + printf("Invalid argument l %s\n", optarg); + print_usage(prgname); + return -1; + } else if (ret == 0) + app_sa_prm.enable = 0; + else if (ret == 1) + app_sa_prm.enable = 1; + else { + printf("Invalid argument l %d\n", ret); + print_usage(prgname); + return -1; + } break; case 'w': - app_sa_prm.enable = 1; app_sa_prm.window_size = parse_decimal(optarg); break; case 'e': - app_sa_prm.enable = 1; app_sa_prm.enable_esn = 1; break; case 'a': - app_sa_prm.enable = 1; app_sa_prm.flags |= RTE_IPSEC_SAFLAG_SQN_ATOM; break; case CMD_LINE_OPT_CONFIG_NUM: @@ -1579,14 +1591,14 @@ parse_args(int32_t argc, char **argv) return -1; } - /* check do we need to enable multi-seg support */ - if (multi_seg_required()) { - /* legacy mode doesn't support multi-seg */ - app_sa_prm.enable = 1; - printf("frame buf size: %u, mtu: %u, " - "number of reassemble entries: %u\n" - "multi-segment support is required\n", - frame_buf_size, mtu_size, frag_tbl_sz); + if (app_sa_prm.enable == 0 && + (app_sa_prm.window_size > 0 || + app_sa_prm.enable_esn || + app_sa_prm.flags != 0 || + multi_seg_required())) { + printf("-w -e -a and reassembly options are not " + "supported in legacy mode\n"); + return -1; } print_app_sa_prm(&app_sa_prm); -- 2.7.4