DPDK patches and discussions
 help / color / mirror / Atom feed
* [PATCH] examples/l2fwd-macsec: add MACsec forwarding application
@ 2023-07-27 13:20 Akhil Goyal
  2023-10-31 18:44 ` [PATCH v2] " Akhil Goyal
  0 siblings, 1 reply; 6+ messages in thread
From: Akhil Goyal @ 2023-07-27 13:20 UTC (permalink / raw)
  To: dev; +Cc: jerinj, vattunuru, thomas, Akhil Goyal

Added a new application based on l2fwd to demonstrate inline protocol
offload MACsec performance using rte_security APIs.
Example command:
./dpdk-l2fwd-macsec -a 0002:04:00.0 -a 0002:05:00.0 -c 0x6 -- -p 0x3 \
--mcs-tx-portmask 0x1 --mcs-rx-portmask 0x2 --mcs-port-config \
'(0,02:03:04:05:06:07,01:02:03:04:05:06),(1,02:03:04:05:06:17,01:02:03:04:05:16)'

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 .../sample_app_ug/l2_forward_macsec.rst       |  106 ++
 examples/l2fwd-macsec/Makefile                |   52 +
 examples/l2fwd-macsec/main.c                  | 1570 +++++++++++++++++
 examples/l2fwd-macsec/meson.build             |   13 +
 examples/meson.build                          |    1 +
 5 files changed, 1742 insertions(+)
 create mode 100644 doc/guides/sample_app_ug/l2_forward_macsec.rst
 create mode 100644 examples/l2fwd-macsec/Makefile
 create mode 100644 examples/l2fwd-macsec/main.c
 create mode 100644 examples/l2fwd-macsec/meson.build

diff --git a/doc/guides/sample_app_ug/l2_forward_macsec.rst b/doc/guides/sample_app_ug/l2_forward_macsec.rst
new file mode 100644
index 0000000000..9fd4ba116f
--- /dev/null
+++ b/doc/guides/sample_app_ug/l2_forward_macsec.rst
@@ -0,0 +1,106 @@
+..  SPDX-License-Identifier: BSD-3-Clause
+    Copyright(C) 2023 Marvell.
+
+.. _l2_fwd_macsec_app:
+
+L2 Forwarding MACsec Sample Application
+=======================================
+
+The L2 Forwarding MACsec application is a simple example of packet processing using
+the Data Plane Development Kit (DPDK) which encrypt/decrypt packets based on
+rte_security MACsec sessions.
+
+Overview
+--------
+
+The L2 Forwarding MACsec application performs L2 forwarding for each packet that is
+received on an RX_PORT after encrypting/decrypting the packets based on rte_security
+sessions using inline protocol mode.
+The destination port is the adjacent port from the enabled portmask, that is,
+if the first four ports are enabled (portmask 0xf),
+ports 1 and 2 forward into each other, and ports 3 and 4 forward into each other.
+
+This application can be used to benchmark performance using a traffic-generator,
+as shown in the :numref:`figure_l2_fwd_benchmark_setup`.
+
+.. _figure_l2_fwd_benchmark_setup:
+
+.. figure:: img/l2_fwd_benchmark_setup.*
+
+   Performance Benchmark Setup (Basic Environment)
+
+.. _l2_fwd_vf_setup:
+
+Compiling the Application
+-------------------------
+
+To compile the sample application see :doc:`compiling`.
+
+The application is located in the ``l2fwd-macsec`` sub-directory.
+
+Running the Application
+-----------------------
+
+The application requires a number of command line options:
+
+.. code-block:: console
+
+    ./<build_dir>/examples/dpdk-l2fwd-macsec [EAL options] -- -p PORTMASK
+                                   [-q NQ]
+                                   --mcs-tx-portmask OUTBOUND_PORTMASK
+                                   --mcs-rx-portmask INBOUND_PORTMASK
+                                   --mcs-port-config '(port,src_mac,dst_mac)[,(port,src_mac,dst_mac)]'
+                                   [--portmap="(port, port)[,(port, port)]"]
+                                   [-T STAT_INTERVAL]
+
+where,
+
+*   ``p PORTMASK``: A hexadecimal bitmask of the ports to configure
+
+*   ``q NQ``: A number of queues (=ports) per lcore (default is 1)
+
+*   ``T STAT_INTERVAL``: Time interval in seconds for refreshing the stats(default is 1 sec).
+    Value 0 disables stats display.
+
+*   ``--mcs-tx-portmask OUTBOUND_PORTMASK``: A hexadecimal bitmask of the ports
+    to configure encryption flows.
+
+*   ``--mcs-rx-portmask INBOUND_PORTMASK``: A hexadecimal bitmask of the ports
+    to configure decryption flows.
+
+*   ``--mcs-port-config '(port,src_mac,dst_mac)[,(port,src_mac,dst_mac)]'``:
+    Configures the source and destination MAC addresses of incoming packets
+    on a port for which MACsec processing is to be done.
+
+*   ``--portmap="(port,port)[,(port,port)]"``: Determines forwarding ports mapping.
+
+To run the application in linux environment with 4 lcores, 4 ports with
+2 ports for outbound and 2 ports for outbound, issue the command:
+
+.. code-block:: console
+
+    $ ./<build_dir>/examples/dpdk-l2fwd-macsec -a 0002:04:00.0 -a 0002:05:00.0       \
+        -a 0002:06:00.0 -a 0002:07:00.0 -c 0x1E -- -p 0xf                            \
+        --mcs-tx-portmask 0x5 --mcs-rx-portmask 0xA                                  \
+        --mcs-port-config '(0,02:03:04:05:06:07,01:02:03:04:05:06),                  \
+        (1,02:03:04:05:06:17,01:02:03:04:05:16),                                     \
+        (2,02:03:04:05:06:27,01:02:03:04:05:26),                                     \
+        (3,02:03:04:05:06:37,01:02:03:04:05:36)' -T 10
+
+To run the application in linux environment with 4 lcores, 4 ports,
+to forward RX traffic of ports 0 & 1 on ports 2 & 3 respectively and
+vice versa, issue the command:
+
+.. code-block:: console
+
+    $ ./<build_dir>/examples/dpdk-l2fwd-macsec -a 0002:04:00.0 -a 0002:05:00.0       \
+        -a 0002:06:00.0 -a 0002:07:00.0 -c 0x1E -- -p 0xf                            \
+        --mcs-tx-portmask 0x5 --mcs-rx-portmask 0xA                                  \
+        --mcs-port-config="(0,02:03:04:05:06:07,01:02:03:04:05:06),                  \
+        (1,02:03:04:05:06:17,01:02:03:04:05:16),                                     \
+        (2,02:03:04:05:06:27,01:02:03:04:05:26),                                     \
+        (3,02:03:04:05:06:37,01:02:03:04:05:36)" -T 10                               \
+        --portmap="(0,2)(1,3)"
+
+Refer to the *DPDK Getting Started Guide* for general information on running applications
+and the Environment Abstraction Layer (EAL) options.
diff --git a/examples/l2fwd-macsec/Makefile b/examples/l2fwd-macsec/Makefile
new file mode 100644
index 0000000000..f26e8a9846
--- /dev/null
+++ b/examples/l2fwd-macsec/Makefile
@@ -0,0 +1,52 @@
+# SPDX-License-Identifier: BSD-3-Clause
+# Copyright(C) 2023 Marvell.
+
+# binary name
+APP = l2fwd-macsec
+
+# all source are stored in SRCS-y
+SRCS-y := main.c
+
+PKGCONF ?= pkg-config
+
+# Build using pkg-config variables if possible
+ifneq ($(shell $(PKGCONF) --exists libdpdk && echo 0),0)
+$(error "no installation of DPDK found")
+endif
+
+all: shared
+.PHONY: shared static
+shared: build/$(APP)-shared
+	ln -sf $(APP)-shared build/$(APP)
+static: build/$(APP)-static
+	ln -sf $(APP)-static build/$(APP)
+
+PC_FILE := $(shell $(PKGCONF) --path libdpdk 2>/dev/null)
+CFLAGS += -O3 $(shell $(PKGCONF) --cflags libdpdk)
+LDFLAGS_SHARED = $(shell $(PKGCONF) --libs libdpdk)
+LDFLAGS_STATIC = $(shell $(PKGCONF) --static --libs libdpdk)
+
+ifeq ($(MAKECMDGOALS),static)
+# check for broken pkg-config
+ifeq ($(shell echo $(LDFLAGS_STATIC) | grep 'whole-archive.*l:lib.*no-whole-archive'),)
+$(warning "pkg-config output list does not contain drivers between 'whole-archive'/'no-whole-archive' flags.")
+$(error "Cannot generate statically-linked binaries with this version of pkg-config")
+endif
+endif
+
+CFLAGS += -DALLOW_EXPERIMENTAL_API
+CONFIG_DEFINES = $(shell $(CC) $(CFLAGS) -dM -E - < /dev/null)
+
+build/$(APP)-shared: $(SRCS-y) Makefile $(PC_FILE) | build
+	$(CC) $(CFLAGS) $(SRCS-y) -o $@ $(LDFLAGS) $(LDFLAGS_SHARED)
+
+build/$(APP)-static: $(SRCS-y) Makefile $(PC_FILE) | build
+	$(CC) $(CFLAGS) $(SRCS-y) -o $@ $(LDFLAGS) $(LDFLAGS_STATIC)
+
+build:
+	@mkdir -p $@
+
+.PHONY: clean
+clean:
+	rm -f build/$(APP) build/$(APP)-static build/$(APP)-shared
+	test -d build && rmdir -p build || true
diff --git a/examples/l2fwd-macsec/main.c b/examples/l2fwd-macsec/main.c
new file mode 100644
index 0000000000..dfc567e36e
--- /dev/null
+++ b/examples/l2fwd-macsec/main.c
@@ -0,0 +1,1570 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2023 Marvell.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+#include <inttypes.h>
+#include <sys/types.h>
+#include <sys/queue.h>
+#include <setjmp.h>
+#include <stdarg.h>
+#include <ctype.h>
+#include <errno.h>
+#include <getopt.h>
+#include <signal.h>
+#include <stdbool.h>
+
+#include <rte_common.h>
+#include <rte_log.h>
+#include <rte_malloc.h>
+#include <rte_memory.h>
+#include <rte_memcpy.h>
+#include <rte_eal.h>
+#include <rte_launch.h>
+#include <rte_cycles.h>
+#include <rte_prefetch.h>
+#include <rte_lcore.h>
+#include <rte_per_lcore.h>
+#include <rte_branch_prediction.h>
+#include <rte_interrupts.h>
+#include <rte_random.h>
+#include <rte_debug.h>
+#include <rte_ether.h>
+#include <rte_ethdev.h>
+#include <rte_mempool.h>
+#include <rte_mbuf.h>
+#include <rte_security.h>
+#include <rte_string_fns.h>
+
+static volatile bool force_quit;
+
+/* MAC updating enabled by default */
+static int mac_updating;
+
+/* Ports set in promiscuous mode on by default. */
+static int promiscuous_on = 1;
+
+#define RTE_LOGTYPE_L2FWD RTE_LOGTYPE_USER1
+
+#define MAX_PKT_BURST 32
+#define BURST_TX_DRAIN_US 100 /* TX drain every ~100us */
+#define MEMPOOL_CACHE_SIZE 256
+#define SESSION_POOL_CACHE_SIZE 0
+
+/* Configurable number of RX/TX ring descriptors */
+#define RX_DESC_DEFAULT 1024
+#define TX_DESC_DEFAULT 1024
+static uint16_t nb_rxd = RX_DESC_DEFAULT;
+static uint16_t nb_txd = TX_DESC_DEFAULT;
+
+/* ethernet addresses of ports */
+static struct rte_ether_addr l2fwd_ports_eth_addr[RTE_MAX_ETHPORTS];
+
+/* Ethernet header configuration for MACsec flow on each port. */
+static struct rte_ether_hdr port_ether_hdr_config[RTE_MAX_ETHPORTS];
+
+/* mask of enabled ports */
+static uint32_t l2fwd_enabled_port_mask;
+
+/* list of enabled ports */
+static uint32_t l2fwd_dst_ports[RTE_MAX_ETHPORTS];
+
+struct port_pair_params {
+#define NUM_PORTS	2
+	uint16_t port[NUM_PORTS];
+} __rte_cache_aligned;
+
+static struct port_pair_params port_pair_params_array[RTE_MAX_ETHPORTS / 2];
+static struct port_pair_params *port_pair_params;
+static uint16_t nb_port_pair_params;
+
+static unsigned int l2fwd_rx_queue_per_lcore = 1;
+
+#define MAX_RX_QUEUE_PER_LCORE 16
+#define MAX_TX_QUEUE_PER_PORT 16
+/* List of queues to be polled for a given lcore. 8< */
+struct lcore_queue_conf {
+	unsigned int n_rx_port;
+	unsigned int rx_port_list[MAX_RX_QUEUE_PER_LCORE];
+} __rte_cache_aligned;
+struct lcore_queue_conf lcore_queue_conf[RTE_MAX_LCORE];
+/* >8 End of list of queues to be polled for a given lcore. */
+
+static struct rte_eth_dev_tx_buffer *tx_buffer[RTE_MAX_ETHPORTS];
+
+static struct rte_eth_conf port_conf = {
+	.txmode = {
+		.mq_mode = RTE_ETH_MQ_TX_NONE,
+	},
+};
+
+/* Mempools for mbuf and security session */
+struct rte_mempool *l2fwd_pktmbuf_pool;
+
+/* Per-port statistics struct */
+struct l2fwd_port_statistics {
+	uint64_t tx;
+	uint64_t rx;
+	uint64_t dropped;
+} __rte_cache_aligned;
+struct l2fwd_port_statistics port_statistics[RTE_MAX_ETHPORTS];
+
+#define MAX_TIMER_PERIOD 86400 /* 1 day max */
+/* A tsc-based timer responsible for triggering statistics printout */
+static uint64_t timer_period = 10; /* default period is 10 seconds */
+
+#define MCS_MAX_KEY_LEN		32
+#define MCS_SALT_LEN		12
+
+struct l2fwd_key {
+	uint8_t data[MCS_MAX_KEY_LEN];
+	uint32_t len;
+	rte_iova_t phys_addr;
+};
+
+/** l2fwd macsec application command line options */
+struct l2fwd_macsec_options {
+	unsigned int portmask;
+	unsigned int tx_portmask;
+	unsigned int rx_portmask;
+	unsigned int nb_ports_per_lcore;
+	unsigned int refresh_period;
+	unsigned int single_lcore:1;
+};
+
+/** l2fwd macsec lcore params */
+struct l2fwd_macsec_port_params {
+	uint8_t dev_id;
+	uint8_t qp_id;
+	struct rte_security_ctx *sec_ctx;
+	struct rte_mempool *sess_pool;
+
+	void *sess;
+	uint16_t sa_id[4];
+	uint16_t sc_id;
+	struct rte_flow *tx_flow;
+	struct rte_flow *rx_flow;
+
+	enum rte_security_macsec_direction dir;
+	enum rte_security_macsec_alg alg;
+	struct l2fwd_key sa_key;
+	uint8_t salt[MCS_SALT_LEN];
+
+	uint8_t eth_hdr[RTE_ETHER_HDR_LEN];
+	uint32_t ssci;
+	uint64_t sci;
+	uint64_t pn_threshold;
+	uint32_t xpn;
+	uint32_t next_pn;
+	uint32_t mtu;
+	uint8_t sectag_insert_mode;
+	bool encrypt;
+	bool protect_frames;
+	bool replay_protect;
+	int val_frames;
+	uint32_t replay_win_sz;
+	bool send_sci;
+	bool end_station;
+	bool scb;
+	uint8_t an;
+};
+struct l2fwd_macsec_port_params mcs_port_params[RTE_MAX_ETHPORTS];
+
+static void
+mcs_stats_dump(uint16_t portid)
+{
+	struct rte_security_stats sess_stats = {0};
+	struct rte_security_macsec_secy_stats *secy_stat;
+	struct rte_security_macsec_sc_stats sc_stat = {0};
+
+	if (mcs_port_params[portid].dir == RTE_SECURITY_MACSEC_DIR_RX) {
+		printf("\n********* RX SECY STATS ************\n");
+		rte_security_session_stats_get(mcs_port_params[portid].sec_ctx,
+				mcs_port_params[portid].sess, &sess_stats);
+		secy_stat = &sess_stats.macsec;
+
+		if (secy_stat->ctl_pkt_bcast_cnt)
+			printf("RX: ctl_pkt_bcast_cnt: 0x%" PRIx64 "\n",
+					secy_stat->ctl_pkt_bcast_cnt);
+		if (secy_stat->ctl_pkt_mcast_cnt)
+			printf("RX: ctl_pkt_mcast_cnt: 0x%" PRIx64 "\n",
+					secy_stat->ctl_pkt_mcast_cnt);
+		if (secy_stat->ctl_pkt_ucast_cnt)
+			printf("RX: ctl_pkt_ucast_cnt: 0x%" PRIx64 "\n",
+					secy_stat->ctl_pkt_ucast_cnt);
+		if (secy_stat->ctl_octet_cnt)
+			printf("RX: ctl_octet_cnt: 0x%" PRIx64 "\n", secy_stat->ctl_octet_cnt);
+		if (secy_stat->unctl_pkt_bcast_cnt)
+			printf("RX: unctl_pkt_bcast_cnt: 0x%" PRIx64 "\n",
+					secy_stat->unctl_pkt_bcast_cnt);
+		if (secy_stat->unctl_pkt_mcast_cnt)
+			printf("RX: unctl_pkt_mcast_cnt: 0x%" PRIx64 "\n",
+					secy_stat->unctl_pkt_mcast_cnt);
+		if (secy_stat->unctl_pkt_ucast_cnt)
+			printf("RX: unctl_pkt_ucast_cnt: 0x%" PRIx64 "\n",
+					secy_stat->unctl_pkt_ucast_cnt);
+		if (secy_stat->unctl_octet_cnt)
+			printf("RX: unctl_octet_cnt: 0x%" PRIx64 "\n", secy_stat->unctl_octet_cnt);
+		/* Valid only for RX */
+		if (secy_stat->octet_decrypted_cnt)
+			printf("RX: octet_decrypted_cnt: 0x%" PRIx64 "\n",
+					secy_stat->octet_decrypted_cnt);
+		if (secy_stat->octet_validated_cnt)
+			printf("RX: octet_validated_cnt: 0x%" PRIx64 "\n",
+					secy_stat->octet_validated_cnt);
+		if (secy_stat->pkt_port_disabled_cnt)
+			printf("RX: pkt_port_disabled_cnt: 0x%" PRIx64 "\n",
+					secy_stat->pkt_port_disabled_cnt);
+		if (secy_stat->pkt_badtag_cnt)
+			printf("RX: pkt_badtag_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_badtag_cnt);
+		if (secy_stat->pkt_nosa_cnt)
+			printf("RX: pkt_nosa_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_nosa_cnt);
+		if (secy_stat->pkt_nosaerror_cnt)
+			printf("RX: pkt_nosaerror_cnt: 0x%" PRIx64 "\n",
+					secy_stat->pkt_nosaerror_cnt);
+		if (secy_stat->pkt_tagged_ctl_cnt)
+			printf("RX: pkt_tagged_ctl_cnt: 0x%" PRIx64 "\n",
+					secy_stat->pkt_tagged_ctl_cnt);
+		if (secy_stat->pkt_untaged_cnt)
+			printf("RX: pkt_untaged_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_untaged_cnt);
+		if (secy_stat->pkt_ctl_cnt)
+			printf("RX: pkt_ctl_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_ctl_cnt);
+		if (secy_stat->pkt_notag_cnt)
+			printf("RX: pkt_notag_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_notag_cnt);
+		printf("\n");
+		printf("\n********** RX SC[%u] STATS **************\n",
+				mcs_port_params[portid].sc_id);
+
+		rte_security_macsec_sc_stats_get(mcs_port_params[portid].sec_ctx,
+				mcs_port_params[portid].sc_id, RTE_SECURITY_MACSEC_DIR_RX,
+						 &sc_stat);
+		/* RX */
+		if (sc_stat.hit_cnt)
+			printf("RX hit_cnt: 0x%" PRIx64 "\n", sc_stat.hit_cnt);
+		if (sc_stat.pkt_invalid_cnt)
+			printf("RX pkt_invalid_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_invalid_cnt);
+		if (sc_stat.pkt_late_cnt)
+			printf("RX pkt_late_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_late_cnt);
+		if (sc_stat.pkt_notvalid_cnt)
+			printf("RX pkt_notvalid_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_notvalid_cnt);
+		if (sc_stat.pkt_unchecked_cnt)
+			printf("RX pkt_unchecked_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_unchecked_cnt);
+		if (sc_stat.pkt_delay_cnt)
+			printf("RX pkt_delay_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_delay_cnt);
+		if (sc_stat.pkt_ok_cnt)
+			printf("RX pkt_ok_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_ok_cnt);
+		if (sc_stat.octet_decrypt_cnt)
+			printf("RX octet_decrypt_cnt: 0x%" PRIx64 "\n", sc_stat.octet_decrypt_cnt);
+		if (sc_stat.octet_validate_cnt)
+			printf("RX octet_validate_cnt: 0x%" PRIx64 "\n",
+					sc_stat.octet_validate_cnt);
+	}
+
+	if (mcs_port_params[portid].dir == RTE_SECURITY_MACSEC_DIR_TX) {
+		memset(&sess_stats, 0, sizeof(struct rte_security_stats));
+		rte_security_session_stats_get(mcs_port_params[portid].sec_ctx,
+				mcs_port_params[portid].sess, &sess_stats);
+		secy_stat = &sess_stats.macsec;
+
+		printf("\n********* TX SECY STATS ************\n");
+		if (secy_stat->ctl_pkt_bcast_cnt)
+			printf("TX: ctl_pkt_bcast_cnt: 0x%" PRIx64 "\n",
+					secy_stat->ctl_pkt_bcast_cnt);
+		if (secy_stat->ctl_pkt_mcast_cnt)
+			printf("TX: ctl_pkt_mcast_cnt: 0x%" PRIx64 "\n",
+					secy_stat->ctl_pkt_mcast_cnt);
+		if (secy_stat->ctl_pkt_ucast_cnt)
+			printf("TX: ctl_pkt_ucast_cnt: 0x%" PRIx64 "\n",
+					secy_stat->ctl_pkt_ucast_cnt);
+		if (secy_stat->ctl_octet_cnt)
+			printf("TX: ctl_octet_cnt: 0x%" PRIx64 "\n", secy_stat->ctl_octet_cnt);
+		if (secy_stat->unctl_pkt_bcast_cnt)
+			printf("TX: unctl_pkt_bcast_cnt: 0x%" PRIx64 "\n",
+					secy_stat->unctl_pkt_bcast_cnt);
+		if (secy_stat->unctl_pkt_mcast_cnt)
+			printf("TX: unctl_pkt_mcast_cnt: 0x%" PRIx64 "\n",
+					secy_stat->unctl_pkt_mcast_cnt);
+		if (secy_stat->unctl_pkt_ucast_cnt)
+			printf("TX: unctl_pkt_ucast_cnt: 0x%" PRIx64 "\n",
+					secy_stat->unctl_pkt_ucast_cnt);
+		if (secy_stat->unctl_octet_cnt)
+			printf("TX: unctl_octet_cnt: 0x%" PRIx64 "\n",
+					secy_stat->unctl_octet_cnt);
+		/* Valid only for TX */
+		if (secy_stat->octet_encrypted_cnt)
+			printf("TX: octet_encrypted_cnt: 0x%" PRIx64 "\n",
+					secy_stat->octet_encrypted_cnt);
+		if (secy_stat->octet_protected_cnt)
+			printf("TX: octet_protected_cnt: 0x%" PRIx64 "\n",
+					secy_stat->octet_protected_cnt);
+		if (secy_stat->pkt_noactivesa_cnt)
+			printf("TX: pkt_noactivesa_cnt: 0x%" PRIx64 "\n",
+					secy_stat->pkt_noactivesa_cnt);
+		if (secy_stat->pkt_toolong_cnt)
+			printf("TX: pkt_toolong_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_toolong_cnt);
+		if (secy_stat->pkt_untagged_cnt)
+			printf("TX: pkt_untagged_cnt: 0x%" PRIx64 "\n",
+					secy_stat->pkt_untagged_cnt);
+
+
+		memset(&sc_stat, 0, sizeof(struct rte_security_macsec_sc_stats));
+		rte_security_macsec_sc_stats_get(mcs_port_params[portid].sec_ctx,
+				mcs_port_params[portid].sc_id, RTE_SECURITY_MACSEC_DIR_TX,
+				&sc_stat);
+		printf("\n********** TX SC[%u] STATS **************\n",
+				mcs_port_params[portid].sc_id);
+		if (sc_stat.pkt_encrypt_cnt)
+			printf("TX pkt_encrypt_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_encrypt_cnt);
+		if (sc_stat.pkt_protected_cnt)
+			printf("TX pkt_protected_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_protected_cnt);
+		if (sc_stat.octet_encrypt_cnt)
+			printf("TX octet_encrypt_cnt: 0x%" PRIx64 "\n", sc_stat.octet_encrypt_cnt);
+	}
+}
+
+/* Print out statistics on packets dropped */
+static void
+print_stats(void)
+{
+	uint64_t total_packets_dropped, total_packets_tx, total_packets_rx;
+	unsigned int portid;
+
+	total_packets_dropped = 0;
+	total_packets_tx = 0;
+	total_packets_rx = 0;
+
+	const char clr[] = { 27, '[', '2', 'J', '\0' };
+	const char topLeft[] = { 27, '[', '1', ';', '1', 'H', '\0' };
+
+		/* Clear screen and move to top left */
+	printf("%s%s", clr, topLeft);
+
+	printf("\nPort statistics ====================================");
+
+	for (portid = 0; portid < RTE_MAX_ETHPORTS; portid++) {
+		/* skip disabled ports */
+		if ((l2fwd_enabled_port_mask & (1 << portid)) == 0)
+			continue;
+		printf("\nStatistics for port %u ------------------------------"
+			   "\nPackets sent: %24"PRIu64
+			   "\nPackets received: %20"PRIu64
+			   "\nPackets dropped: %21"PRIu64,
+			   portid,
+			   port_statistics[portid].tx,
+			   port_statistics[portid].rx,
+			   port_statistics[portid].dropped);
+
+		total_packets_dropped += port_statistics[portid].dropped;
+		total_packets_tx += port_statistics[portid].tx;
+		total_packets_rx += port_statistics[portid].rx;
+
+		mcs_stats_dump(portid);
+	}
+	printf("\nAggregate statistics ==============================="
+		   "\nTotal packets sent: %18"PRIu64
+		   "\nTotal packets received: %14"PRIu64
+		   "\nTotal packets dropped: %15"PRIu64,
+		   total_packets_tx,
+		   total_packets_rx,
+		   total_packets_dropped);
+	printf("\n====================================================\n");
+
+	fflush(stdout);
+}
+
+static void
+l2fwd_mac_updating(struct rte_mbuf *m, unsigned int dest_portid)
+{
+	struct rte_ether_hdr *eth;
+	void *tmp;
+
+	eth = rte_pktmbuf_mtod(m, struct rte_ether_hdr *);
+
+	/* 02:00:00:00:00:xx */
+	tmp = &eth->dst_addr.addr_bytes[0];
+	*((uint64_t *)tmp) = 0x000000000002 + ((uint64_t)dest_portid << 40);
+
+	/* src addr */
+	rte_ether_addr_copy(&l2fwd_ports_eth_addr[dest_portid], &eth->src_addr);
+}
+
+static void
+l2fwd_simple_forward(struct rte_mbuf *m, unsigned int portid)
+{
+	unsigned int dst_port;
+	int sent;
+	struct rte_eth_dev_tx_buffer *buffer;
+
+	dst_port = l2fwd_dst_ports[portid];
+
+	if (mac_updating)
+		l2fwd_mac_updating(m, dst_port);
+
+	buffer = tx_buffer[dst_port];
+	sent = rte_eth_tx_buffer(dst_port, 0, buffer, m);
+	if (sent)
+		port_statistics[dst_port].tx += sent;
+}
+
+static void
+fill_macsec_sa_conf(uint16_t portid, struct rte_security_macsec_sa *sa)
+{
+	sa->dir = mcs_port_params[portid].dir;
+
+	sa->key.data = mcs_port_params[portid].sa_key.data;
+	sa->key.length = mcs_port_params[portid].sa_key.len;
+
+	memcpy((uint8_t *)sa->salt, (const uint8_t *)mcs_port_params[portid].salt,
+		RTE_SECURITY_MACSEC_SALT_LEN);
+
+	/* AN is set as per the value in secure packet in test vector */
+	sa->an = mcs_port_params[portid].an & RTE_MACSEC_AN_MASK;
+
+	sa->ssci = mcs_port_params[portid].ssci;
+	sa->xpn = mcs_port_params[portid].xpn;
+	/* Starting packet number which is expected to come next.
+	 * It is take from the test vector so that we can match the out packet.
+	 */
+	sa->next_pn = mcs_port_params[portid].next_pn;
+}
+
+static void
+fill_macsec_sc_conf(uint16_t portid, struct rte_security_macsec_sc *sc_conf)
+{
+	uint8_t i;
+
+	sc_conf->dir = mcs_port_params[portid].dir;
+	sc_conf->pn_threshold = mcs_port_params[portid].pn_threshold;
+	if (sc_conf->dir == RTE_SECURITY_MACSEC_DIR_TX) {
+		sc_conf->sc_tx.sa_id = mcs_port_params[portid].sa_id[0];
+		if (mcs_port_params[portid].sa_id[1] != 0xFFFF) {
+			sc_conf->sc_tx.sa_id_rekey = mcs_port_params[portid].sa_id[1];
+			sc_conf->sc_tx.re_key_en = 1;
+		}
+		sc_conf->sc_tx.active = 1;
+		sc_conf->sc_tx.sci = mcs_port_params[portid].sci;
+		if (mcs_port_params[portid].xpn > 0)
+			sc_conf->sc_tx.is_xpn = 1;
+	} else {
+		for (i = 0; i < RTE_SECURITY_MACSEC_NUM_AN; i++) {
+			if (mcs_port_params[portid].sa_id[i] != 0xFFFF) {
+				sc_conf->sc_rx.sa_id[i] = mcs_port_params[portid].sa_id[i];
+				sc_conf->sc_rx.sa_in_use[i] = 1;
+			}
+		}
+		sc_conf->sc_rx.active = 1;
+		if (mcs_port_params[portid].xpn > 0)
+			sc_conf->sc_rx.is_xpn = 1;
+	}
+}
+
+/* Create Inline MACsec session */
+static int
+fill_session_conf(uint16_t portid, struct rte_security_session_conf *sess_conf)
+{
+	sess_conf->action_type = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL;
+	sess_conf->protocol = RTE_SECURITY_PROTOCOL_MACSEC;
+	sess_conf->macsec.dir = mcs_port_params[portid].dir;
+	sess_conf->macsec.alg = mcs_port_params[portid].alg;
+	sess_conf->macsec.cipher_off = 0;
+	sess_conf->macsec.sci = mcs_port_params[portid].sci;
+	sess_conf->macsec.sc_id = mcs_port_params[portid].sc_id;
+	if (mcs_port_params[portid].dir == RTE_SECURITY_MACSEC_DIR_TX) {
+		sess_conf->macsec.tx_secy.mtu = mcs_port_params[portid].mtu;
+		sess_conf->macsec.tx_secy.sectag_off =
+			(mcs_port_params[portid].sectag_insert_mode == 1) ?
+					2 * RTE_ETHER_ADDR_LEN : RTE_VLAN_HLEN;
+		sess_conf->macsec.tx_secy.sectag_insert_mode =
+			mcs_port_params[portid].sectag_insert_mode;
+		sess_conf->macsec.tx_secy.ctrl_port_enable = 1;
+		sess_conf->macsec.tx_secy.sectag_version = 0;
+		sess_conf->macsec.tx_secy.end_station = mcs_port_params[portid].end_station;
+		sess_conf->macsec.tx_secy.send_sci = mcs_port_params[portid].send_sci;
+		sess_conf->macsec.tx_secy.scb = mcs_port_params[portid].scb;
+		sess_conf->macsec.tx_secy.encrypt = mcs_port_params[portid].encrypt;
+		sess_conf->macsec.tx_secy.protect_frames = mcs_port_params[portid].protect_frames;
+		sess_conf->macsec.tx_secy.icv_include_da_sa = 1;
+	} else {
+		sess_conf->macsec.rx_secy.replay_win_sz = mcs_port_params[portid].replay_win_sz;
+		sess_conf->macsec.rx_secy.replay_protect = mcs_port_params[portid].replay_protect;
+		sess_conf->macsec.rx_secy.icv_include_da_sa = 1;
+		sess_conf->macsec.rx_secy.ctrl_port_enable = 1;
+		sess_conf->macsec.rx_secy.preserve_sectag = 0;
+		sess_conf->macsec.rx_secy.preserve_icv = 0;
+		sess_conf->macsec.rx_secy.validate_frames = mcs_port_params[portid].val_frames;
+	}
+
+	return 0;
+}
+
+static int
+create_default_flow(uint16_t portid)
+{
+	struct rte_flow_action action[2];
+	struct rte_flow_item pattern[2];
+	struct rte_flow_attr attr = {0};
+	struct rte_flow_error err;
+	struct rte_flow *flow;
+	struct rte_flow_item_eth eth = {0};
+	static const struct rte_flow_item_eth eth_mask = {
+		.hdr.dst_addr.addr_bytes = "\x00\x00\x00\x00\x00\x00",
+		.hdr.src_addr.addr_bytes = "\x00\x00\x00\x00\x00\x00",
+		.hdr.ether_type = RTE_BE16(0xFFFF),
+	};
+	int ret;
+
+	eth.has_vlan = 0;
+	memcpy(&eth.hdr, mcs_port_params[portid].eth_hdr, RTE_ETHER_HDR_LEN);
+
+	printf("Creating flow on port %u with DST MAC address: " RTE_ETHER_ADDR_PRT_FMT
+			", SRC MAC address: "RTE_ETHER_ADDR_PRT_FMT"\n\n",
+			portid,
+			RTE_ETHER_ADDR_BYTES(&eth.hdr.dst_addr),
+			RTE_ETHER_ADDR_BYTES(&eth.hdr.src_addr));
+
+	pattern[0].type = RTE_FLOW_ITEM_TYPE_ETH;
+	pattern[0].spec = &eth;
+	pattern[0].mask = &eth_mask;
+	pattern[0].last = NULL;
+	pattern[1].type = RTE_FLOW_ITEM_TYPE_END;
+
+	action[0].type = RTE_FLOW_ACTION_TYPE_SECURITY;
+	action[0].conf = mcs_port_params[portid].sess;
+	action[1].type = RTE_FLOW_ACTION_TYPE_END;
+	action[1].conf = NULL;
+
+	attr.ingress = (mcs_port_params[portid].dir == RTE_SECURITY_MACSEC_DIR_RX) ? 1 : 0;
+	attr.egress = (mcs_port_params[portid].dir == RTE_SECURITY_MACSEC_DIR_TX) ? 1 : 0;
+
+	ret = rte_flow_validate(portid, &attr, pattern, action, &err);
+	if (ret) {
+		printf("\nValidate flow failed, ret = %d\n", ret);
+		return -1;
+	}
+	flow = rte_flow_create(portid, &attr, pattern, action, &err);
+	if (flow == NULL) {
+		printf("\nDefault flow rule create failed\n");
+		return -1;
+	}
+
+	if (mcs_port_params[portid].dir == RTE_SECURITY_MACSEC_DIR_TX)
+		mcs_port_params[portid].tx_flow = flow;
+	else
+		mcs_port_params[portid].rx_flow = flow;
+
+	return 0;
+}
+
+static void
+destroy_default_flow(uint16_t portid)
+{
+	struct rte_flow_error err;
+	int ret;
+
+	if (mcs_port_params[portid].tx_flow) {
+		ret = rte_flow_destroy(portid, mcs_port_params[portid].tx_flow, &err);
+		if (ret) {
+			printf("\nDefault Tx flow rule destroy failed\n");
+			return;
+		}
+		mcs_port_params[portid].tx_flow = NULL;
+	}
+	if (mcs_port_params[portid].rx_flow) {
+		ret = rte_flow_destroy(portid, mcs_port_params[portid].rx_flow, &err);
+		if (ret) {
+			printf("\nDefault Rx flow rule destroy failed\n");
+			return;
+		}
+		mcs_port_params[portid].rx_flow = NULL;
+	}
+}
+
+static void
+clean_macsec_resources(uint16_t portid)
+{
+	uint8_t an;
+
+	destroy_default_flow(portid);
+	rte_security_session_destroy(mcs_port_params[portid].sec_ctx,
+				mcs_port_params[portid].sess);
+	rte_security_macsec_sc_destroy(mcs_port_params[portid].sec_ctx,
+				mcs_port_params[portid].sc_id,
+				mcs_port_params[portid].dir);
+	for (an = 0; an < RTE_SECURITY_MACSEC_NUM_AN; an++) {
+		if (mcs_port_params[portid].sa_id[an] != 0xFFFF)
+			rte_security_macsec_sa_destroy(mcs_port_params[portid].sec_ctx,
+				mcs_port_params[portid].sa_id[an],
+				mcs_port_params[portid].dir);
+	}
+}
+
+static int
+initialize_macsec_session(uint8_t portid)
+{
+	struct rte_security_session_conf sess_conf = {0};
+	struct rte_security_macsec_sa sa_conf = {0};
+	struct rte_security_macsec_sc sc_conf = {0};
+	int id, ret;
+
+	/* Create MACsec SA. */
+	fill_macsec_sa_conf(portid, &sa_conf);
+	id = rte_security_macsec_sa_create(mcs_port_params[portid].sec_ctx, &sa_conf);
+	if (id < 0) {
+		printf("MACsec SA create failed : %d.\n", id);
+		return -1;
+	}
+	mcs_port_params[portid].sa_id[0] = (uint16_t)id;
+	mcs_port_params[portid].sa_id[1] = 0xFFFF;
+	mcs_port_params[portid].sa_id[2] = 0xFFFF;
+	mcs_port_params[portid].sa_id[3] = 0xFFFF;
+
+	printf("\nsa_id %d created.\n", mcs_port_params[portid].sa_id[0]);
+
+	/* Create MACsec SC. */
+	fill_macsec_sc_conf(portid, &sc_conf);
+	id = rte_security_macsec_sc_create(mcs_port_params[portid].sec_ctx, &sc_conf);
+	if (id < 0) {
+		printf("MACsec SC create failed : %d.\n", id);
+		goto out;
+	}
+	mcs_port_params[portid].sc_id = (uint16_t)id;
+	printf("\nsc_id %d created.\n", mcs_port_params[portid].sc_id);
+
+	/* Create Inline MACsec session. */
+	ret = fill_session_conf(portid, &sess_conf);
+	if (ret) {
+		printf("MACsec Session conf failed.\n");
+		goto out;
+	}
+	mcs_port_params[portid].sess =
+		rte_security_session_create(mcs_port_params[portid].sec_ctx,
+				&sess_conf, mcs_port_params[portid].sess_pool);
+	if (mcs_port_params[portid].sess == NULL) {
+		printf("MACSEC Session init failed errno: %d.\n", rte_errno);
+		goto out;
+	}
+
+	/* Create MACsec flow. */
+	ret = create_default_flow(portid);
+	if (ret)
+		goto out;
+
+	return 0;
+out:
+	clean_macsec_resources(portid);
+	return -1;
+}
+
+/* main processing loop */
+static void
+l2fwd_main_loop(void)
+{
+	struct rte_mbuf *pkts_burst[MAX_PKT_BURST];
+	struct rte_mbuf *m;
+	int sent;
+	unsigned int lcore_id;
+	uint64_t prev_tsc, diff_tsc, cur_tsc, timer_tsc;
+	unsigned int i, j, portid, nb_rx;
+	struct lcore_queue_conf *qconf;
+	const uint64_t drain_tsc = (rte_get_tsc_hz() + US_PER_S - 1) / US_PER_S *
+			BURST_TX_DRAIN_US;
+	struct rte_eth_dev_tx_buffer *buffer;
+
+	prev_tsc = 0;
+	timer_tsc = 0;
+
+	lcore_id = rte_lcore_id();
+	qconf = &lcore_queue_conf[lcore_id];
+
+	if (qconf->n_rx_port == 0) {
+		RTE_LOG(INFO, L2FWD, "lcore %u has nothing to do\n", lcore_id);
+		return;
+	}
+
+	RTE_LOG(INFO, L2FWD, "entering main loop on lcore %u\n", lcore_id);
+
+	for (i = 0; i < qconf->n_rx_port; i++) {
+
+		portid = qconf->rx_port_list[i];
+
+		RTE_LOG(INFO, L2FWD, " -- lcoreid=%u portid=%u\n", lcore_id,
+			portid);
+	}
+
+	while (!force_quit) {
+
+		/* Drains TX queue in its main loop. 8< */
+		cur_tsc = rte_rdtsc();
+
+		/*
+		 * TX burst queue drain
+		 */
+		diff_tsc = cur_tsc - prev_tsc;
+		if (unlikely(diff_tsc > drain_tsc)) {
+
+			for (i = 0; i < qconf->n_rx_port; i++) {
+
+				portid = l2fwd_dst_ports[qconf->rx_port_list[i]];
+				buffer = tx_buffer[portid];
+
+				sent = rte_eth_tx_buffer_flush(portid, 0, buffer);
+				if (sent)
+					port_statistics[portid].tx += sent;
+
+			}
+
+			/* if timer is enabled */
+			if (timer_period > 0) {
+
+				/* advance the timer */
+				timer_tsc += diff_tsc;
+
+				/* if timer has reached its timeout */
+				if (unlikely(timer_tsc >= timer_period)) {
+
+					/* do this only on main core */
+					if (lcore_id == rte_get_main_lcore()) {
+						print_stats();
+						/* reset the timer */
+						timer_tsc = 0;
+					}
+				}
+			}
+
+			prev_tsc = cur_tsc;
+		}
+		/* >8 End of draining TX queue. */
+
+		/* Read packet from RX queues. 8< */
+		for (i = 0; i < qconf->n_rx_port; i++) {
+
+			portid = qconf->rx_port_list[i];
+			nb_rx = rte_eth_rx_burst(portid, 0,
+						 pkts_burst, MAX_PKT_BURST);
+
+			if (unlikely(nb_rx == 0))
+				continue;
+
+			port_statistics[portid].rx += nb_rx;
+
+			for (j = 0; j < nb_rx; j++) {
+				m = pkts_burst[j];
+				rte_prefetch0(rte_pktmbuf_mtod(m, void *));
+				l2fwd_simple_forward(m, portid);
+			}
+		}
+		/* >8 End of read packet from RX queues. */
+	}
+	if (force_quit) {
+		for (i = 0; i < qconf->n_rx_port; i++) {
+			portid = qconf->rx_port_list[i];
+			clean_macsec_resources(portid);
+		}
+	}
+}
+static int
+l2fwd_launch_one_lcore(__rte_unused void *arg)
+{
+	l2fwd_main_loop();
+	return 0;
+}
+
+/* display usage */
+static void
+l2fwd_usage(const char *prgname)
+{
+	printf("%s [EAL options] -- -p PORTMASK [-q NQ]\n"
+	       "  -p PORTMASK: hexadecimal bitmask of ports to configure\n"
+	       "  -q NQ: number of queue (=ports) per lcore (default is 1)\n"
+	       "  -T PERIOD: statistics will be refreshed each PERIOD seconds (0 to disable, 10 default, 86400 maximum)\n"
+	       "  --mcs-tx-portmask: Hexadecimal bitmask for MACsec Tx(Encap) ports\n"
+	       "  --mcs-rx-portmask: Hexadecimal bitmask for MACsec Rx(Decap) ports\n"
+	       "  --mcs-port-config '(<port>,<src-mac>,<dst-mac>)'\n"
+	       "  --portmap: Configure forwarding port pair mapping\n"
+	       "	      Default: alternate port pairs\n\n",
+	       prgname);
+}
+
+static int
+l2fwd_parse_portmask(const char *portmask)
+{
+	char *end = NULL;
+	unsigned long pm;
+
+	/* parse hexadecimal string */
+	pm = strtoul(portmask, &end, 16);
+	if ((portmask[0] == '\0') || (end == NULL) || (*end != '\0'))
+		return 0;
+
+	return pm;
+}
+
+static int
+l2fwd_parse_port_pair_config(const char *q_arg)
+{
+	enum fieldnames {
+		FLD_PORT1 = 0,
+		FLD_PORT2,
+		_NUM_FLD
+	};
+	unsigned long int_fld[_NUM_FLD];
+	const char *p, *p0 = q_arg;
+	char *str_fld[_NUM_FLD];
+	unsigned int size;
+	char s[256];
+	char *end;
+	int i;
+
+	nb_port_pair_params = 0;
+
+	while ((p = strchr(p0, '(')) != NULL) {
+		++p;
+		p0 = strchr(p, ')');
+		if (p0 == NULL)
+			return -1;
+
+		size = p0 - p;
+		if (size >= sizeof(s))
+			return -1;
+
+		memcpy(s, p, size);
+		s[size] = '\0';
+		if (rte_strsplit(s, sizeof(s), str_fld,
+				 _NUM_FLD, ',') != _NUM_FLD)
+			return -1;
+		for (i = 0; i < _NUM_FLD; i++) {
+			errno = 0;
+			int_fld[i] = strtoul(str_fld[i], &end, 0);
+			if (errno != 0 || end == str_fld[i] ||
+			    int_fld[i] >= RTE_MAX_ETHPORTS)
+				return -1;
+		}
+		if (nb_port_pair_params >= RTE_MAX_ETHPORTS/2) {
+			printf("exceeded max number of port pair params: %hu\n",
+				nb_port_pair_params);
+			return -1;
+		}
+		port_pair_params_array[nb_port_pair_params].port[0] =
+				(uint16_t)int_fld[FLD_PORT1];
+		port_pair_params_array[nb_port_pair_params].port[1] =
+				(uint16_t)int_fld[FLD_PORT2];
+		++nb_port_pair_params;
+	}
+	port_pair_params = port_pair_params_array;
+	return 0;
+}
+
+static int
+l2fwd_parse_macsec_port_config(const char *q_arg)
+{
+	enum fieldnames {
+		FLD_PORT = 0,
+		FLD_SRC,
+		FLD_DST,
+		_NUM_FLD
+	};
+	unsigned long portid;
+	struct rte_ether_addr src, dst;
+	const char *p, *p0 = q_arg;
+	char *str_fld[_NUM_FLD];
+	unsigned int size;
+	char s[256];
+	char *end;
+
+	nb_port_pair_params = 0;
+
+	while ((p = strchr(p0, '(')) != NULL) {
+		++p;
+		p0 = strchr(p, ')');
+		if (p0 == NULL)
+			return -1;
+
+		size = p0 - p;
+		if (size >= sizeof(s))
+			return -1;
+
+		memcpy(s, p, size);
+		s[size] = '\0';
+		if (rte_strsplit(s, sizeof(s), str_fld,
+				 _NUM_FLD, ',') != _NUM_FLD)
+			return -1;
+		errno = 0;
+		portid = strtoul(str_fld[FLD_PORT], &end, 0);
+		if (errno != 0 || end == str_fld[FLD_PORT] || portid >= RTE_MAX_ETHPORTS)
+			return -1;
+		if (port_ether_hdr_config[portid].ether_type == 0x0800) {
+			printf("MACsec src-dst MAC addr already parsed for port: %lu\n",
+					portid);
+			return -1;
+		}
+		if (rte_ether_unformat_addr(str_fld[FLD_SRC], &src) ||
+				rte_ether_unformat_addr(str_fld[FLD_DST], &dst))
+			return -1;
+
+		memcpy(&port_ether_hdr_config[portid].src_addr, &src, sizeof(src));
+		memcpy(&port_ether_hdr_config[portid].dst_addr, &dst, sizeof(dst));
+		port_ether_hdr_config[portid].ether_type = 0x0800;
+	}
+
+	return 0;
+}
+
+
+static unsigned int
+l2fwd_parse_nqueue(const char *q_arg)
+{
+	char *end = NULL;
+	unsigned long n;
+
+	/* parse hexadecimal string */
+	n = strtoul(q_arg, &end, 10);
+	if ((q_arg[0] == '\0') || (end == NULL) || (*end != '\0'))
+		return 0;
+	if (n == 0)
+		return 0;
+	if (n >= MAX_RX_QUEUE_PER_LCORE)
+		return 0;
+
+	return n;
+}
+
+static int
+l2fwd_parse_timer_period(const char *q_arg)
+{
+	char *end = NULL;
+	int n;
+
+	/* parse number string */
+	n = strtol(q_arg, &end, 10);
+	if ((q_arg[0] == '\0') || (end == NULL) || (*end != '\0'))
+		return -1;
+	if (n >= MAX_TIMER_PERIOD)
+		return -1;
+
+	return n;
+}
+
+static const char short_options[] =
+	"p:"  /* portmask */
+	"P"   /* promiscuous */
+	"q:"  /* number of queues */
+	"T:"  /* timer period */
+	;
+
+#define CMD_LINE_OPT_NO_MAC_UPDATING	"no-mac-updating"
+#define CMD_LINE_OPT_PORTMAP_CONFIG	"portmap"
+#define CMD_LINE_OPT_MACSEC_TX_PORTMASK	"mcs-tx-portmask"
+#define CMD_LINE_OPT_MACSEC_RX_PORTMASK	"mcs-rx-portmask"
+#define CMD_LINE_OPT_MACSEC_PORT_CONFIG	"mcs-port-config"
+
+enum {
+	/* Long options mapped to a short option.
+	 * First long only option value must be >= 256,
+	 * so that we won't conflict with short options.
+	 */
+	CMD_LINE_OPT_NO_MAC_UPDATING_NUM = 256,
+	CMD_LINE_OPT_PORTMAP_NUM,
+	CMD_LINE_OPT_MACSEC_TX_PORTMASK_NUM,
+	CMD_LINE_OPT_MACSEC_RX_PORTMASK_NUM,
+	CMD_LINE_OPT_MACSEC_PORT_CFG_NUM,
+};
+
+static const struct option lgopts[] = {
+	{ CMD_LINE_OPT_NO_MAC_UPDATING, no_argument, 0,
+		CMD_LINE_OPT_NO_MAC_UPDATING_NUM},
+	{ CMD_LINE_OPT_PORTMAP_CONFIG, 1, 0, CMD_LINE_OPT_PORTMAP_NUM},
+	{ CMD_LINE_OPT_MACSEC_TX_PORTMASK, required_argument, 0,
+		CMD_LINE_OPT_MACSEC_TX_PORTMASK_NUM},
+	{ CMD_LINE_OPT_MACSEC_RX_PORTMASK, required_argument, 0,
+		CMD_LINE_OPT_MACSEC_RX_PORTMASK_NUM},
+	{ CMD_LINE_OPT_MACSEC_PORT_CONFIG, 1, 0, CMD_LINE_OPT_MACSEC_PORT_CFG_NUM},
+	{NULL, 0, 0, 0}
+};
+
+/** Generate default options for application. */
+static void
+l2fwd_macsec_default_options(struct l2fwd_macsec_options *options)
+{
+	uint16_t portid;
+	uint8_t salt[MCS_SALT_LEN] = {0};
+	uint8_t key[16] = {
+			0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE,
+			0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82
+		};
+
+	options->portmask = 0xffffffff;
+	options->nb_ports_per_lcore = 1;
+	options->single_lcore = 0;
+
+	RTE_ETH_FOREACH_DEV(portid) {
+		if ((l2fwd_enabled_port_mask & (1 << portid)) == 0)
+			continue;
+		if ((options->tx_portmask & (1 << portid)) != 0)
+			mcs_port_params[portid].dir = RTE_SECURITY_MACSEC_DIR_TX;
+
+		if ((options->rx_portmask & (1 << portid)) != 0)
+			mcs_port_params[portid].dir = RTE_SECURITY_MACSEC_DIR_RX;
+
+		mcs_port_params[portid].alg = RTE_SECURITY_MACSEC_ALG_GCM_128;
+		memcpy(mcs_port_params[portid].sa_key.data, key, 16);
+		mcs_port_params[portid].sa_key.len = 16;
+		memcpy(mcs_port_params[portid].salt, salt, MCS_SALT_LEN);
+
+		memcpy(mcs_port_params[portid].eth_hdr, &port_ether_hdr_config[portid],
+				RTE_ETHER_HDR_LEN);
+
+		mcs_port_params[portid].ssci = 0;
+		mcs_port_params[portid].pn_threshold = 0xffffffffffffffff;
+		mcs_port_params[portid].xpn = 0;
+		mcs_port_params[portid].next_pn = 1;
+		mcs_port_params[portid].mtu = 1500;
+		mcs_port_params[portid].sectag_insert_mode = 1;
+		mcs_port_params[portid].encrypt = true;
+		mcs_port_params[portid].protect_frames = true;
+		mcs_port_params[portid].replay_protect = false;
+		mcs_port_params[portid].val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT;
+		mcs_port_params[portid].send_sci = true;
+		mcs_port_params[portid].end_station = false;
+		mcs_port_params[portid].scb = false;
+	}
+}
+
+/* Parse the argument given in the command line of the application */
+static int
+l2fwd_parse_args(struct l2fwd_macsec_options *options,
+		int argc, char **argv)
+{
+	int opt, ret, timer_secs;
+	char **argvopt;
+	int option_index;
+	char *prgname = argv[0];
+
+	argvopt = argv;
+	port_pair_params = NULL;
+
+	while ((opt = getopt_long(argc, argvopt, short_options,
+				  lgopts, &option_index)) != EOF) {
+
+		switch (opt) {
+		/* portmask */
+		case 'p':
+			l2fwd_enabled_port_mask = l2fwd_parse_portmask(optarg);
+			if (l2fwd_enabled_port_mask == 0) {
+				printf("invalid portmask\n");
+				l2fwd_usage(prgname);
+				return -1;
+			}
+			break;
+		case 'P':
+			promiscuous_on = 1;
+			break;
+
+		/* nqueue */
+		case 'q':
+			l2fwd_rx_queue_per_lcore = l2fwd_parse_nqueue(optarg);
+			if (l2fwd_rx_queue_per_lcore == 0) {
+				printf("invalid queue number\n");
+				l2fwd_usage(prgname);
+				return -1;
+			}
+			break;
+
+		/* timer period */
+		case 'T':
+			timer_secs = l2fwd_parse_timer_period(optarg);
+			if (timer_secs < 0) {
+				printf("invalid timer period\n");
+				l2fwd_usage(prgname);
+				return -1;
+			}
+			timer_period = timer_secs;
+			break;
+
+		/* long options */
+		case CMD_LINE_OPT_PORTMAP_NUM:
+			ret = l2fwd_parse_port_pair_config(optarg);
+			if (ret) {
+				fprintf(stderr, "Invalid config\n");
+				l2fwd_usage(prgname);
+				return -1;
+			}
+			break;
+
+		case CMD_LINE_OPT_NO_MAC_UPDATING_NUM:
+			mac_updating = 0;
+			break;
+
+		case CMD_LINE_OPT_MACSEC_TX_PORTMASK_NUM:
+			options->tx_portmask = l2fwd_parse_portmask(optarg);
+			if (options->tx_portmask == 0) {
+				l2fwd_usage(prgname);
+				return -1;
+			}
+			break;
+
+		case CMD_LINE_OPT_MACSEC_RX_PORTMASK_NUM:
+			options->rx_portmask = l2fwd_parse_portmask(optarg);
+			if (options->rx_portmask == 0) {
+				l2fwd_usage(prgname);
+				return -1;
+			}
+			break;
+
+		case CMD_LINE_OPT_MACSEC_PORT_CFG_NUM:
+			ret = l2fwd_parse_macsec_port_config(optarg);
+			if (ret) {
+				fprintf(stderr, "Invalid MACsec port config\n");
+				l2fwd_usage(prgname);
+				return -1;
+			}
+			break;
+
+		default:
+			l2fwd_usage(prgname);
+			return -1;
+		}
+	}
+	l2fwd_macsec_default_options(options);
+
+	if (optind >= 0)
+		argv[optind-1] = prgname;
+
+	ret = optind-1;
+	optind = 1; /* reset getopt lib */
+	return ret;
+}
+
+/*
+ * Check port pair config with enabled port mask,
+ * and for valid port pair combinations.
+ */
+static int
+check_port_pair_config(void)
+{
+	uint32_t port_pair_config_mask = 0;
+	uint32_t port_pair_mask = 0;
+	uint16_t index, i, portid;
+
+	for (index = 0; index < nb_port_pair_params; index++) {
+		port_pair_mask = 0;
+
+		for (i = 0; i < NUM_PORTS; i++)  {
+			portid = port_pair_params[index].port[i];
+			if ((l2fwd_enabled_port_mask & (1 << portid)) == 0) {
+				printf("port %u is not enabled in port mask\n",
+				       portid);
+				return -1;
+			}
+			if (!rte_eth_dev_is_valid_port(portid)) {
+				printf("port %u is not present on the board\n",
+				       portid);
+				return -1;
+			}
+
+			port_pair_mask |= 1 << portid;
+		}
+
+		if (port_pair_config_mask & port_pair_mask) {
+			printf("port %u is used in other port pairs\n", portid);
+			return -1;
+		}
+		port_pair_config_mask |= port_pair_mask;
+	}
+
+	l2fwd_enabled_port_mask &= port_pair_config_mask;
+
+	return 0;
+}
+
+/* Check the link status of all ports in up to 9s, and print them finally */
+static void
+check_all_ports_link_status(uint32_t port_mask)
+{
+#define CHECK_INTERVAL 100 /* 100ms */
+#define MAX_CHECK_TIME 90 /* 9s (90 * 100ms) in total */
+	uint16_t portid;
+	uint8_t count, all_ports_up, print_flag = 0;
+	struct rte_eth_link link;
+	int ret;
+	char link_status_text[RTE_ETH_LINK_MAX_STR_LEN];
+
+	printf("\nChecking link status");
+	fflush(stdout);
+	for (count = 0; count <= MAX_CHECK_TIME; count++) {
+		if (force_quit)
+			return;
+		all_ports_up = 1;
+		RTE_ETH_FOREACH_DEV(portid) {
+			if (force_quit)
+				return;
+			if ((port_mask & (1 << portid)) == 0)
+				continue;
+			memset(&link, 0, sizeof(link));
+			ret = rte_eth_link_get_nowait(portid, &link);
+			if (ret < 0) {
+				all_ports_up = 0;
+				if (print_flag == 1)
+					printf("Port %u link get failed: %s\n",
+						portid, rte_strerror(-ret));
+				continue;
+			}
+			/* print link status if flag set */
+			if (print_flag == 1) {
+				rte_eth_link_to_str(link_status_text,
+					sizeof(link_status_text), &link);
+				printf("Port %d %s\n", portid,
+				       link_status_text);
+				continue;
+			}
+			/* clear all_ports_up flag if any link down */
+			if (link.link_status == RTE_ETH_LINK_DOWN) {
+				all_ports_up = 0;
+				break;
+			}
+		}
+		/* after finally printing all link status, get out */
+		if (print_flag == 1)
+			break;
+
+		if (all_ports_up == 0) {
+			printf(".");
+			fflush(stdout);
+			rte_delay_ms(CHECK_INTERVAL);
+		}
+
+		/* set the print_flag if all ports up or timeout */
+		if (all_ports_up == 1 || count == (MAX_CHECK_TIME - 1)) {
+			print_flag = 1;
+			printf("done\n");
+		}
+	}
+}
+
+static void
+signal_handler(int signum)
+{
+	if (signum == SIGINT || signum == SIGTERM) {
+		printf("\n\nSignal %d received, preparing to exit...\n",
+				signum);
+		force_quit = true;
+	}
+}
+
+int
+main(int argc, char **argv)
+{
+	struct l2fwd_macsec_options options = {0};
+	struct lcore_queue_conf *qconf;
+	int ret;
+	uint16_t nb_ports;
+	uint16_t nb_ports_available = 0;
+	uint16_t portid, last_port;
+	unsigned int lcore_id, rx_lcore_id;
+	unsigned int nb_ports_in_mask = 0;
+	unsigned int nb_lcores = 0;
+	unsigned int nb_mbufs;
+	uint16_t nb_sess = 512;
+	uint32_t sess_sz;
+	char s[64];
+
+	/* Init EAL. 8< */
+	ret = rte_eal_init(argc, argv);
+	if (ret < 0)
+		rte_exit(EXIT_FAILURE, "Invalid EAL arguments\n");
+	argc -= ret;
+	argv += ret;
+
+	force_quit = false;
+	signal(SIGINT, signal_handler);
+	signal(SIGTERM, signal_handler);
+
+	/* parse application arguments (after the EAL ones) */
+	ret = l2fwd_parse_args(&options, argc, argv);
+	if (ret < 0)
+		rte_exit(EXIT_FAILURE, "Invalid L2FWD arguments\n");
+	/* >8 End of init EAL. */
+
+	printf("MAC updating %s\n", mac_updating ? "enabled" : "disabled");
+
+	/* convert to number of cycles */
+	timer_period *= rte_get_timer_hz();
+
+	nb_ports = rte_eth_dev_count_avail();
+	if (nb_ports == 0)
+		rte_exit(EXIT_FAILURE, "No Ethernet ports - bye\n");
+
+	if (port_pair_params != NULL) {
+		if (check_port_pair_config() < 0)
+			rte_exit(EXIT_FAILURE, "Invalid port pair config\n");
+	}
+
+	/* check port mask to possible port mask */
+	if (l2fwd_enabled_port_mask & ~((1 << nb_ports) - 1))
+		rte_exit(EXIT_FAILURE, "Invalid portmask; possible (0x%x)\n",
+			(1 << nb_ports) - 1);
+
+	/* Initialization of the driver. 8< */
+
+	/* reset l2fwd_dst_ports */
+	for (portid = 0; portid < RTE_MAX_ETHPORTS; portid++)
+		l2fwd_dst_ports[portid] = 0;
+	last_port = 0;
+
+	/* populate destination port details */
+	if (port_pair_params != NULL) {
+		uint16_t idx, p;
+
+		for (idx = 0; idx < (nb_port_pair_params << 1); idx++) {
+			p = idx & 1;
+			portid = port_pair_params[idx >> 1].port[p];
+			l2fwd_dst_ports[portid] =
+				port_pair_params[idx >> 1].port[p ^ 1];
+		}
+	} else {
+		RTE_ETH_FOREACH_DEV(portid) {
+			/* skip ports that are not enabled */
+			if ((l2fwd_enabled_port_mask & (1 << portid)) == 0)
+				continue;
+
+			if (nb_ports_in_mask % 2) {
+				l2fwd_dst_ports[portid] = last_port;
+				l2fwd_dst_ports[last_port] = portid;
+			} else {
+				last_port = portid;
+			}
+
+			nb_ports_in_mask++;
+		}
+		if (nb_ports_in_mask % 2) {
+			printf("Notice: odd number of ports in portmask.\n");
+			l2fwd_dst_ports[last_port] = last_port;
+		}
+	}
+	/* >8 End of initialization of the driver. */
+
+	rx_lcore_id = 0;
+	qconf = NULL;
+
+	/* Initialize the port/queue configuration of each logical core */
+	RTE_ETH_FOREACH_DEV(portid) {
+		/* skip ports that are not enabled */
+		if ((l2fwd_enabled_port_mask & (1 << portid)) == 0)
+			continue;
+
+		/* get the lcore_id for this port */
+		while (rte_lcore_is_enabled(rx_lcore_id) == 0 ||
+		       lcore_queue_conf[rx_lcore_id].n_rx_port ==
+		       l2fwd_rx_queue_per_lcore) {
+			rx_lcore_id++;
+			if (rx_lcore_id >= RTE_MAX_LCORE)
+				rte_exit(EXIT_FAILURE, "Not enough cores\n");
+		}
+
+		if (qconf != &lcore_queue_conf[rx_lcore_id]) {
+			/* Assigned a new logical core in the loop above. */
+			qconf = &lcore_queue_conf[rx_lcore_id];
+			nb_lcores++;
+		}
+
+		qconf->rx_port_list[qconf->n_rx_port] = portid;
+		qconf->n_rx_port++;
+		printf("Lcore %u: RX port %u TX port %u\n", rx_lcore_id,
+		       portid, l2fwd_dst_ports[portid]);
+	}
+
+	nb_mbufs = RTE_MAX(nb_ports * (nb_rxd + nb_txd + MAX_PKT_BURST +
+		nb_lcores * MEMPOOL_CACHE_SIZE), 8192U);
+
+	/* Create the mbuf pool. 8< */
+	l2fwd_pktmbuf_pool = rte_pktmbuf_pool_create("mbuf_pool", nb_mbufs,
+		MEMPOOL_CACHE_SIZE, 0, RTE_MBUF_DEFAULT_BUF_SIZE,
+		rte_socket_id());
+	if (l2fwd_pktmbuf_pool == NULL)
+		rte_exit(EXIT_FAILURE, "Cannot init mbuf pool\n");
+	/* >8 End of create the mbuf pool. */
+
+	/* Initialise each port */
+	RTE_ETH_FOREACH_DEV(portid) {
+		struct rte_eth_rxconf rxq_conf;
+		struct rte_eth_txconf txq_conf;
+		struct rte_eth_conf local_port_conf = port_conf;
+		struct rte_eth_dev_info dev_info;
+
+		/* skip ports that are not enabled */
+		if ((l2fwd_enabled_port_mask & (1 << portid)) == 0) {
+			printf("Skipping disabled port %u\n", portid);
+			continue;
+		}
+		nb_ports_available++;
+
+		/* init port */
+		printf("Initializing port %u... ", portid);
+		fflush(stdout);
+
+		ret = rte_eth_dev_info_get(portid, &dev_info);
+		if (ret != 0)
+			rte_exit(EXIT_FAILURE,
+				"Error during getting device (port %u) info: %s\n",
+				portid, strerror(-ret));
+
+		if (dev_info.tx_offload_capa & RTE_ETH_TX_OFFLOAD_MBUF_FAST_FREE)
+			local_port_conf.txmode.offloads |=
+				RTE_ETH_TX_OFFLOAD_MBUF_FAST_FREE;
+		/* Configure the number of queues for a port. */
+		ret = rte_eth_dev_configure(portid, 1, 1, &local_port_conf);
+		if (ret < 0)
+			rte_exit(EXIT_FAILURE, "Cannot configure device: err=%d, port=%u\n",
+				  ret, portid);
+		/* >8 End of configuration of the number of queues for a port. */
+
+		ret = rte_eth_dev_adjust_nb_rx_tx_desc(portid, &nb_rxd,
+						       &nb_txd);
+		if (ret < 0)
+			rte_exit(EXIT_FAILURE,
+				 "Cannot adjust number of descriptors: err=%d, port=%u\n",
+				 ret, portid);
+
+		ret = rte_eth_macaddr_get(portid,
+					  &l2fwd_ports_eth_addr[portid]);
+		if (ret < 0)
+			rte_exit(EXIT_FAILURE,
+				 "Cannot get MAC address: err=%d, port=%u\n",
+				 ret, portid);
+
+		/* init one RX queue */
+		fflush(stdout);
+		rxq_conf = dev_info.default_rxconf;
+		rxq_conf.offloads = local_port_conf.rxmode.offloads;
+		/* RX queue setup. 8< */
+		ret = rte_eth_rx_queue_setup(portid, 0, nb_rxd,
+					     rte_eth_dev_socket_id(portid),
+					     &rxq_conf,
+					     l2fwd_pktmbuf_pool);
+		if (ret < 0)
+			rte_exit(EXIT_FAILURE, "rte_eth_rx_queue_setup:err=%d, port=%u\n",
+				  ret, portid);
+		/* >8 End of RX queue setup. */
+
+		/* Init one TX queue on each port. 8< */
+		fflush(stdout);
+		txq_conf = dev_info.default_txconf;
+		txq_conf.offloads = local_port_conf.txmode.offloads;
+		ret = rte_eth_tx_queue_setup(portid, 0, nb_txd,
+				rte_eth_dev_socket_id(portid),
+				&txq_conf);
+		if (ret < 0)
+			rte_exit(EXIT_FAILURE, "rte_eth_tx_queue_setup:err=%d, port=%u\n",
+				ret, portid);
+		/* >8 End of init one TX queue on each port. */
+
+		/* Initialize TX buffers */
+		tx_buffer[portid] = rte_zmalloc_socket("tx_buffer",
+				RTE_ETH_TX_BUFFER_SIZE(MAX_PKT_BURST), 0,
+				rte_eth_dev_socket_id(portid));
+		if (tx_buffer[portid] == NULL)
+			rte_exit(EXIT_FAILURE, "Cannot allocate buffer for tx on port %u\n",
+					portid);
+
+		rte_eth_tx_buffer_init(tx_buffer[portid], MAX_PKT_BURST);
+
+		ret = rte_eth_tx_buffer_set_err_callback(tx_buffer[portid],
+				rte_eth_tx_buffer_count_callback,
+				&port_statistics[portid].dropped);
+		if (ret < 0)
+			rte_exit(EXIT_FAILURE,
+			"Cannot set error callback for tx buffer on port %u\n",
+				 portid);
+
+		ret = rte_eth_dev_set_ptypes(portid, RTE_PTYPE_UNKNOWN, NULL,
+					     0);
+		if (ret < 0)
+			printf("Port %u, Failed to disable Ptype parsing\n",
+					portid);
+		/* Start device */
+		ret = rte_eth_dev_start(portid);
+		if (ret < 0)
+			rte_exit(EXIT_FAILURE, "rte_eth_dev_start:err=%d, port=%u\n",
+				  ret, portid);
+
+		printf("done:\n");
+		if (promiscuous_on) {
+			ret = rte_eth_promiscuous_enable(portid);
+			if (ret != 0)
+				rte_exit(EXIT_FAILURE,
+					"rte_eth_promiscuous_enable:err=%s, port=%u\n",
+					rte_strerror(-ret), portid);
+		}
+
+		printf("Port %u, MAC address: " RTE_ETHER_ADDR_PRT_FMT "\n\n",
+			portid,
+			RTE_ETHER_ADDR_BYTES(&l2fwd_ports_eth_addr[portid]));
+
+		/* initialize port stats */
+		memset(&port_statistics, 0, sizeof(port_statistics));
+
+		mcs_port_params[portid].sec_ctx = rte_eth_dev_get_sec_ctx(portid);
+		if (mcs_port_params[portid].sec_ctx == NULL)
+			rte_exit(EXIT_FAILURE, "Device does not support Security ctx\n");
+
+		sess_sz = rte_security_session_get_size(mcs_port_params[portid].sec_ctx);
+		if (mcs_port_params[portid].sess_pool == NULL) {
+			snprintf(s, sizeof(s), "sess_pool_p%d", portid);
+			mcs_port_params[portid].sess_pool = rte_mempool_create(s,
+							nb_sess, sess_sz,
+							SESSION_POOL_CACHE_SIZE, 0,
+							NULL, NULL, NULL, NULL,
+							SOCKET_ID_ANY, 0);
+			if (mcs_port_params[portid].sess_pool == NULL)
+				rte_exit(EXIT_FAILURE, "Cannot init sess pool\n");
+
+			printf("Allocated sess pool\n");
+		}
+
+		if (((options.tx_portmask & (1 << portid)) != 0) ||
+				((options.rx_portmask & (1 << portid)) != 0)) {
+			ret = initialize_macsec_session(portid);
+			if (ret < 0)
+				rte_exit(EXIT_FAILURE,
+					"Failed to initialize MACsec session for port: %d\n",
+					portid);
+		}
+	}
+
+	if (!nb_ports_available) {
+		rte_exit(EXIT_FAILURE,
+			"All available ports are disabled. Please set portmask.\n");
+	}
+
+	check_all_ports_link_status(l2fwd_enabled_port_mask);
+
+	ret = 0;
+	/* launch per-lcore init on every lcore */
+	rte_eal_mp_remote_launch(l2fwd_launch_one_lcore, NULL, CALL_MAIN);
+	RTE_LCORE_FOREACH_WORKER(lcore_id) {
+		if (rte_eal_wait_lcore(lcore_id) < 0) {
+			ret = -1;
+			break;
+		}
+	}
+
+	RTE_ETH_FOREACH_DEV(portid) {
+		if ((l2fwd_enabled_port_mask & (1 << portid)) == 0)
+			continue;
+		printf("Closing port %d...", portid);
+		ret = rte_eth_dev_stop(portid);
+		if (ret != 0)
+			printf("rte_eth_dev_stop: err=%d, port=%d\n",
+			       ret, portid);
+		rte_eth_dev_close(portid);
+		printf(" Done\n");
+	}
+
+	/* clean up the EAL */
+	rte_eal_cleanup();
+	printf("Bye...\n");
+
+	return ret;
+}
diff --git a/examples/l2fwd-macsec/meson.build b/examples/l2fwd-macsec/meson.build
new file mode 100644
index 0000000000..673d91e4f7
--- /dev/null
+++ b/examples/l2fwd-macsec/meson.build
@@ -0,0 +1,13 @@
+# SPDX-License-Identifier: BSD-3-Clause
+# Copyright(C) 2023 Marvell.
+
+# meson file, for building this example as part of a main DPDK build.
+#
+# To build this example as a standalone application with an already-installed
+# DPDK instance, use 'make'
+
+deps += ['security']
+allow_experimental_apis = true
+sources = files(
+        'main.c',
+)
diff --git a/examples/meson.build b/examples/meson.build
index 55ba8847a0..b252928a47 100644
--- a/examples/meson.build
+++ b/examples/meson.build
@@ -30,6 +30,7 @@ all_examples = [
         'l2fwd-event',
         'l2fwd-jobstats',
         'l2fwd-keepalive',
+        'l2fwd-macsec',
         'l3fwd',
         'l3fwd-graph',
         'l3fwd-power',
-- 
2.25.1


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2023-11-13  5:04 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-07-27 13:20 [PATCH] examples/l2fwd-macsec: add MACsec forwarding application Akhil Goyal
2023-10-31 18:44 ` [PATCH v2] " Akhil Goyal
2023-11-03  7:32   ` [PATCH v3] " Akhil Goyal
2023-11-09 21:01     ` [PATCH v4] " Akhil Goyal
2023-11-09 22:28       ` Thomas Monjalon
2023-11-13  5:03         ` [EXT] " Akhil Goyal

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).