DPDK patches and discussions
 help / color / mirror / Atom feed
* [dpdk-dev] [PATCH 0/2] examples/ipsec-secgw: set default
@ 2019-08-29  8:59 Bernard Iremonger
  2019-08-29  8:59 ` [dpdk-dev] [PATCH 1/2] examples/ipsec-secgw: set default to IPsec library mode Bernard Iremonger
                   ` (5 more replies)
  0 siblings, 6 replies; 34+ messages in thread
From: Bernard Iremonger @ 2019-08-29  8:59 UTC (permalink / raw)
  To: dev, konstantin.ananyev, akhil.goyal; +Cc: Bernard Iremonger

This patch set, sets the default code path in the ipsec-secgw
application to use the librte_ipsec.
The _old test scripts have been modified to use the legacy code
patch

Bernard Iremonger (2):
  examples/ipsec-secgw: set default to IPsec library mode
  examples/ipsec-secgw: add -l 0 parameter to old scripts

 doc/guides/rel_notes/release_19_11.rst             |  8 ++++
 doc/guides/sample_app_ug/ipsec_secgw.rst           |  6 ++-
 examples/ipsec-secgw/ipsec-secgw.c                 | 44 ++++++++++++++--------
 .../ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh  |  2 +-
 .../ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh   |  2 +-
 .../ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh   |  2 +-
 .../test/trs_aesgcm_inline_crypto_old_defs.sh      |  2 +-
 examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh   |  2 +-
 .../ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh  |  2 +-
 .../ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh   |  2 +-
 .../ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh   |  2 +-
 .../test/tun_aesgcm_inline_crypto_old_defs.sh      |  2 +-
 examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh   |  2 +-
 13 files changed, 50 insertions(+), 28 deletions(-)

-- 
2.7.4


^ permalink raw reply	[flat|nested] 34+ messages in thread

* [dpdk-dev] [PATCH 1/2] examples/ipsec-secgw: set default to IPsec library mode
  2019-08-29  8:59 [dpdk-dev] [PATCH 0/2] examples/ipsec-secgw: set default Bernard Iremonger
@ 2019-08-29  8:59 ` Bernard Iremonger
  2019-09-26 13:47   ` Ananyev, Konstantin
  2019-08-29  8:59 ` [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: add -l 0 parameter to old scripts Bernard Iremonger
                   ` (4 subsequent siblings)
  5 siblings, 1 reply; 34+ messages in thread
From: Bernard Iremonger @ 2019-08-29  8:59 UTC (permalink / raw)
  To: dev, konstantin.ananyev, akhil.goyal; +Cc: Bernard Iremonger

Set the default code path to librte_ipsec mode.
Add parameter 0 | 1 to -l option
Check for conflicting options, -w -a -e and reassembly options are
not supported in legacy mode.
Show fragment table size.
Update print_usage.
Update the ipsec-secgw guide.
Update the release notes.

Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
---
 doc/guides/rel_notes/release_19_11.rst   |  8 ++++++
 doc/guides/sample_app_ug/ipsec_secgw.rst |  6 +++--
 examples/ipsec-secgw/ipsec-secgw.c       | 44 ++++++++++++++++++++------------
 3 files changed, 40 insertions(+), 18 deletions(-)

diff --git a/doc/guides/rel_notes/release_19_11.rst b/doc/guides/rel_notes/release_19_11.rst
index 8490d89..70143c5 100644
--- a/doc/guides/rel_notes/release_19_11.rst
+++ b/doc/guides/rel_notes/release_19_11.rst
@@ -56,6 +56,14 @@ New Features
      Also, make sure to start the actual text at the margin.
      =========================================================
 
+* **Updated the IPsec Security Gateway application.**
+
+  The ``librte_ipsec`` code path is now the default code path in
+  ``ipsec-secgw``
+
+  * The ``-l`` command line option has been extended to take a 0 | 1 argument.
+    0 enables the code path that uses legacy code.
+    1 enables the code path that uses ``librte_ipsec``.
 
 Removed Items
 -------------
diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst
index ad2d79e..17b00c0 100644
--- a/doc/guides/sample_app_ug/ipsec_secgw.rst
+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
@@ -92,7 +92,7 @@ The application has a number of command line options::
 
    ./build/ipsec-secgw [EAL options] --
                         -p PORTMASK -P -u PORTMASK -j FRAMESIZE
-                        -l -w REPLAY_WINOW_SIZE -e -a
+                        -l 0 -w REPLAY_WINOW_SIZE -e -a
                         --config (port,queue,lcore)[,(port,queue,lcore]
                         --single-sa SAIDX
                         --rxoffload MASK
@@ -120,7 +120,9 @@ Where:
     Minimum value: RTE_MBUF_DEFAULT_BUF_SIZE (2176)
     Maximum value: UINT16_MAX (65535).
 
-*   ``-l``: enables code-path that uses librte_ipsec.
+*   ``-l 0 | 1``: Default is ``librte_ipsec`` code path.
+    0 enables the code path that uses legacy code.
+    1 enables the code path that uses ``librte_ipsec``.
 
 *   ``-w REPLAY_WINOW_SIZE``: specifies the IPsec sequence number replay window
     size for each Security Association (available only with librte_ipsec
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 0d1fd6a..3e4b9e0 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -188,7 +188,7 @@ static uint32_t frame_buf_size = RTE_MBUF_DEFAULT_BUF_SIZE;
 static uint32_t mtu_size = RTE_ETHER_MTU;
 
 /* application wide librte_ipsec/SA parameters */
-struct app_sa_prm app_sa_prm = {.enable = 0};
+struct app_sa_prm app_sa_prm = {.enable = 1};
 
 struct lcore_rx_queue {
 	uint16_t port_id;
@@ -1259,7 +1259,7 @@ print_usage(const char *prgname)
 		" [-P]"
 		" [-u PORTMASK]"
 		" [-j FRAMESIZE]"
-		" [-l]"
+		" [-l 0 | 1]"
 		" [-w REPLAY_WINDOW_SIZE]"
 		" [-e]"
 		" [-a]"
@@ -1277,7 +1277,8 @@ print_usage(const char *prgname)
 		"  -u PORTMASK: Hexadecimal bitmask of unprotected ports\n"
 		"  -j FRAMESIZE: Data buffer size, minimum (and default)\n"
 		"     value: RTE_MBUF_DEFAULT_BUF_SIZE\n"
-		"  -l enables code-path that uses librte_ipsec\n"
+		"  -l 0 enables code-path that uses the legacy code\n"
+		"  -l 1 enables code-path that uses librte_ipsec\n"
 		"  -w REPLAY_WINDOW_SIZE specifies IPsec SQN replay window\n"
 		"     size for each SA\n"
 		"  -e enables ESN\n"
@@ -1418,6 +1419,7 @@ print_app_sa_prm(const struct app_sa_prm *prm)
 	printf("replay window size: %u\n", prm->window_size);
 	printf("ESN: %s\n", (prm->enable_esn == 0) ? "disabled" : "enabled");
 	printf("SA flags: %#" PRIx64 "\n", prm->flags);
+	printf("Fragment Table size %u\n", frag_tbl_sz);
 }
 
 static int32_t
@@ -1431,7 +1433,7 @@ parse_args(int32_t argc, char **argv)
 
 	argvopt = argv;
 
-	while ((opt = getopt_long(argc, argvopt, "aelp:Pu:f:j:w:",
+	while ((opt = getopt_long(argc, argvopt, "aep:Pu:f:j:w:l:",
 				lgopts, &option_index)) != EOF) {
 
 		switch (opt) {
@@ -1483,18 +1485,28 @@ parse_args(int32_t argc, char **argv)
 			printf("Custom frame buffer size %u\n", frame_buf_size);
 			break;
 		case 'l':
-			app_sa_prm.enable = 1;
+			ret = parse_decimal(optarg);
+			if (ret == -1) {
+				printf("Invalid argument l %s\n", optarg);
+				print_usage(prgname);
+				return -1;
+			} else if (ret == 0)
+				app_sa_prm.enable = 0;
+			else if (ret == 1)
+				app_sa_prm.enable = 1;
+			else {
+				printf("Invalid argument l %d\n", ret);
+				print_usage(prgname);
+				return -1;
+			}
 			break;
 		case 'w':
-			app_sa_prm.enable = 1;
 			app_sa_prm.window_size = parse_decimal(optarg);
 			break;
 		case 'e':
-			app_sa_prm.enable = 1;
 			app_sa_prm.enable_esn = 1;
 			break;
 		case 'a':
-			app_sa_prm.enable = 1;
 			app_sa_prm.flags |= RTE_IPSEC_SAFLAG_SQN_ATOM;
 			break;
 		case CMD_LINE_OPT_CONFIG_NUM:
@@ -1579,14 +1591,14 @@ parse_args(int32_t argc, char **argv)
 		return -1;
 	}
 
-	/* check do we need to enable multi-seg support */
-	if (multi_seg_required()) {
-		/* legacy mode doesn't support multi-seg */
-		app_sa_prm.enable = 1;
-		printf("frame buf size: %u, mtu: %u, "
-			"number of reassemble entries: %u\n"
-			"multi-segment support is required\n",
-			frame_buf_size, mtu_size, frag_tbl_sz);
+	if (app_sa_prm.enable == 0 &&
+			(app_sa_prm.window_size > 0 ||
+					app_sa_prm.enable_esn ||
+					app_sa_prm.flags != 0 ||
+					multi_seg_required())) {
+		printf("-w -e -a and reassembly options are not "
+				"supported in legacy mode\n");
+		return -1;
 	}
 
 	print_app_sa_prm(&app_sa_prm);
-- 
2.7.4


^ permalink raw reply	[flat|nested] 34+ messages in thread

* [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: add -l 0 parameter to old scripts
  2019-08-29  8:59 [dpdk-dev] [PATCH 0/2] examples/ipsec-secgw: set default Bernard Iremonger
  2019-08-29  8:59 ` [dpdk-dev] [PATCH 1/2] examples/ipsec-secgw: set default to IPsec library mode Bernard Iremonger
@ 2019-08-29  8:59 ` Bernard Iremonger
  2019-09-26 13:43   ` Ananyev, Konstantin
  2019-10-01 15:17 ` [dpdk-dev] [PATCH v2 0/3] examples/ipsec-secgw: set default Bernard Iremonger
                   ` (3 subsequent siblings)
  5 siblings, 1 reply; 34+ messages in thread
From: Bernard Iremonger @ 2019-08-29  8:59 UTC (permalink / raw)
  To: dev, konstantin.ananyev, akhil.goyal; +Cc: Bernard Iremonger

enable legacy mode in *_old scripts

Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
---
 examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh         | 2 +-
 examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh          | 2 +-
 examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh          | 2 +-
 examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_old_defs.sh | 2 +-
 examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh               | 2 +-
 examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh         | 2 +-
 examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh          | 2 +-
 examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh          | 2 +-
 examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_old_defs.sh | 2 +-
 examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh               | 2 +-
 10 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh b/examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh
index ffd945b..1f3a9f4 100644
--- a/examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh
+++ b/examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh
@@ -2,4 +2,4 @@
 
 . ${DIR}/trs_3descbc_sha1_defs.sh
 
-SGW_CMD_XPRM=
+SGW_CMD_XPRM='-l 0'
diff --git a/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh b/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh
index a3abb61..093b0c9 100644
--- a/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh
+++ b/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh
@@ -2,4 +2,4 @@
 
 . ${DIR}/trs_aescbc_sha1_defs.sh
 
-SGW_CMD_XPRM=
+SGW_CMD_XPRM='-l 0'
diff --git a/examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh b/examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh
index 3aa0712..c6e8851 100644
--- a/examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh
+++ b/examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh
@@ -2,4 +2,4 @@
 
 . ${DIR}/trs_aesctr_sha1_defs.sh
 
-SGW_CMD_XPRM=
+SGW_CMD_XPRM='-l 0'
diff --git a/examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_old_defs.sh b/examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_old_defs.sh
index 0523049..e9fc4d8 100644
--- a/examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_old_defs.sh
+++ b/examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_old_defs.sh
@@ -2,4 +2,4 @@
 
 . ${DIR}/trs_aesgcm_inline_crypto_defs.sh
 
-SGW_CMD_XPRM=
+SGW_CMD_XPRM='-l 0'
diff --git a/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh b/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh
index 951e6b6..1653d29 100644
--- a/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh
+++ b/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh
@@ -2,4 +2,4 @@
 
 . ${DIR}/trs_aesgcm_defs.sh
 
-SGW_CMD_XPRM=
+SGW_CMD_XPRM='-l 0'
diff --git a/examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh b/examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh
index eaf248a..8fec47a 100644
--- a/examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh
+++ b/examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh
@@ -2,4 +2,4 @@
 
 . ${DIR}/tun_3descbc_sha1_defs.sh
 
-SGW_CMD_XPRM=
+SGW_CMD_XPRM='-l 0'
diff --git a/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh b/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh
index 3c0d8d1..9ff08f1 100644
--- a/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh
+++ b/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh
@@ -2,4 +2,4 @@
 
 . ${DIR}/tun_aescbc_sha1_defs.sh
 
-SGW_CMD_XPRM=
+SGW_CMD_XPRM='-l 0'
diff --git a/examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh b/examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh
index 26f0d02..b23f0db 100644
--- a/examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh
+++ b/examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh
@@ -2,4 +2,4 @@
 
 . ${DIR}/tun_aesctr_sha1_defs.sh
 
-SGW_CMD_XPRM=
+SGW_CMD_XPRM='-l 0'
diff --git a/examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_old_defs.sh b/examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_old_defs.sh
index de65961..7574618 100644
--- a/examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_old_defs.sh
+++ b/examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_old_defs.sh
@@ -2,4 +2,4 @@
 
 . ${DIR}/tun_aesgcm_inline_crypto_defs.sh
 
-SGW_CMD_XPRM=
+SGW_CMD_XPRM='-l 0'
diff --git a/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh b/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh
index e0a015e..fabfe63 100644
--- a/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh
+++ b/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh
@@ -2,4 +2,4 @@
 
 . ${DIR}/tun_aesgcm_defs.sh
 
-SGW_CMD_XPRM=
+SGW_CMD_XPRM='-l 0'
-- 
2.7.4


^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: add -l 0 parameter to old scripts
  2019-08-29  8:59 ` [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: add -l 0 parameter to old scripts Bernard Iremonger
@ 2019-09-26 13:43   ` Ananyev, Konstantin
  2019-09-26 13:46     ` Iremonger, Bernard
  0 siblings, 1 reply; 34+ messages in thread
From: Ananyev, Konstantin @ 2019-09-26 13:43 UTC (permalink / raw)
  To: Iremonger, Bernard, dev, akhil.goyal

Hi Bernard,


> 
> enable legacy mode in *_old scripts
> 
> Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
> ---
>  examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh         | 2 +-
>  examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh          | 2 +-
>  examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh          | 2 +-
>  examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_old_defs.sh | 2 +-
>  examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh               | 2 +-
>  examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh         | 2 +-
>  examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh          | 2 +-
>  examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh          | 2 +-
>  examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_old_defs.sh | 2 +-
>  examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh               | 2 +-
>  10 files changed, 10 insertions(+), 10 deletions(-)

examples/ipsec-secgw/test/run_test.sh -p fails.
I think you need to update examples/ipsec-secgw/test/pkttest.sh too.
Konstantin

> 
> diff --git a/examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh b/examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh
> index ffd945b..1f3a9f4 100644
> --- a/examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh
> +++ b/examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh
> @@ -2,4 +2,4 @@
> 
>  . ${DIR}/trs_3descbc_sha1_defs.sh
> 
> -SGW_CMD_XPRM=
> +SGW_CMD_XPRM='-l 0'
> diff --git a/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh b/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh
> index a3abb61..093b0c9 100644
> --- a/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh
> +++ b/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh
> @@ -2,4 +2,4 @@
> 
>  . ${DIR}/trs_aescbc_sha1_defs.sh
> 
> -SGW_CMD_XPRM=
> +SGW_CMD_XPRM='-l 0'
> diff --git a/examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh b/examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh
> index 3aa0712..c6e8851 100644
> --- a/examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh
> +++ b/examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh
> @@ -2,4 +2,4 @@
> 
>  . ${DIR}/trs_aesctr_sha1_defs.sh
> 
> -SGW_CMD_XPRM=
> +SGW_CMD_XPRM='-l 0'
> diff --git a/examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_old_defs.sh b/examples/ipsec-
> secgw/test/trs_aesgcm_inline_crypto_old_defs.sh
> index 0523049..e9fc4d8 100644
> --- a/examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_old_defs.sh
> +++ b/examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_old_defs.sh
> @@ -2,4 +2,4 @@
> 
>  . ${DIR}/trs_aesgcm_inline_crypto_defs.sh
> 
> -SGW_CMD_XPRM=
> +SGW_CMD_XPRM='-l 0'
> diff --git a/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh b/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh
> index 951e6b6..1653d29 100644
> --- a/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh
> +++ b/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh
> @@ -2,4 +2,4 @@
> 
>  . ${DIR}/trs_aesgcm_defs.sh
> 
> -SGW_CMD_XPRM=
> +SGW_CMD_XPRM='-l 0'
> diff --git a/examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh b/examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh
> index eaf248a..8fec47a 100644
> --- a/examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh
> +++ b/examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh
> @@ -2,4 +2,4 @@
> 
>  . ${DIR}/tun_3descbc_sha1_defs.sh
> 
> -SGW_CMD_XPRM=
> +SGW_CMD_XPRM='-l 0'
> diff --git a/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh b/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh
> index 3c0d8d1..9ff08f1 100644
> --- a/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh
> +++ b/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh
> @@ -2,4 +2,4 @@
> 
>  . ${DIR}/tun_aescbc_sha1_defs.sh
> 
> -SGW_CMD_XPRM=
> +SGW_CMD_XPRM='-l 0'
> diff --git a/examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh b/examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh
> index 26f0d02..b23f0db 100644
> --- a/examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh
> +++ b/examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh
> @@ -2,4 +2,4 @@
> 
>  . ${DIR}/tun_aesctr_sha1_defs.sh
> 
> -SGW_CMD_XPRM=
> +SGW_CMD_XPRM='-l 0'
> diff --git a/examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_old_defs.sh b/examples/ipsec-
> secgw/test/tun_aesgcm_inline_crypto_old_defs.sh
> index de65961..7574618 100644
> --- a/examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_old_defs.sh
> +++ b/examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_old_defs.sh
> @@ -2,4 +2,4 @@
> 
>  . ${DIR}/tun_aesgcm_inline_crypto_defs.sh
> 
> -SGW_CMD_XPRM=
> +SGW_CMD_XPRM='-l 0'
> diff --git a/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh b/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh
> index e0a015e..fabfe63 100644
> --- a/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh
> +++ b/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh
> @@ -2,4 +2,4 @@
> 
>  . ${DIR}/tun_aesgcm_defs.sh
> 
> -SGW_CMD_XPRM=
> +SGW_CMD_XPRM='-l 0'
> --
> 2.7.4


^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: add -l 0 parameter to old scripts
  2019-09-26 13:43   ` Ananyev, Konstantin
@ 2019-09-26 13:46     ` Iremonger, Bernard
  0 siblings, 0 replies; 34+ messages in thread
From: Iremonger, Bernard @ 2019-09-26 13:46 UTC (permalink / raw)
  To: Ananyev, Konstantin, dev, akhil.goyal

Hi Konstantin,


> -----Original Message-----
> From: Ananyev, Konstantin
> Sent: Thursday, September 26, 2019 2:43 PM
> To: Iremonger, Bernard <bernard.iremonger@intel.com>; dev@dpdk.org;
> akhil.goyal@nxp.com
> Subject: RE: [PATCH 2/2] examples/ipsec-secgw: add -l 0 parameter to old
> scripts
> 
> Hi Bernard,
> 
> 
> >
> > enable legacy mode in *_old scripts
> >
> > Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
> > ---
> >  examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh         | 2 +-
> >  examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh          | 2 +-
> >  examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh          | 2 +-
> >  examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_old_defs.sh | 2 +-
> >  examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh               | 2 +-
> >  examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh         | 2 +-
> >  examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh          | 2 +-
> >  examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh          | 2 +-
> >  examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_old_defs.sh | 2 +-
> >  examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh               | 2 +-
> >  10 files changed, 10 insertions(+), 10 deletions(-)
> 
> examples/ipsec-secgw/test/run_test.sh -p fails.
> I think you need to update examples/ipsec-secgw/test/pkttest.sh too.
> Konstantin

I will check it.

> > diff --git a/examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh
> > b/examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh
> > index ffd945b..1f3a9f4 100644
> > --- a/examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh
> > +++ b/examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh
> > @@ -2,4 +2,4 @@
> >
> >  . ${DIR}/trs_3descbc_sha1_defs.sh
> >
> > -SGW_CMD_XPRM=
> > +SGW_CMD_XPRM='-l 0'
> > diff --git a/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh
> > b/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh
> > index a3abb61..093b0c9 100644
> > --- a/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh
> > +++ b/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh
> > @@ -2,4 +2,4 @@
> >
> >  . ${DIR}/trs_aescbc_sha1_defs.sh
> >
> > -SGW_CMD_XPRM=
> > +SGW_CMD_XPRM='-l 0'
> > diff --git a/examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh
> > b/examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh
> > index 3aa0712..c6e8851 100644
> > --- a/examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh
> > +++ b/examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh
> > @@ -2,4 +2,4 @@
> >
> >  . ${DIR}/trs_aesctr_sha1_defs.sh
> >
> > -SGW_CMD_XPRM=
> > +SGW_CMD_XPRM='-l 0'
> > diff --git
> > a/examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_old_defs.sh
> > b/examples/ipsec- secgw/test/trs_aesgcm_inline_crypto_old_defs.sh
> > index 0523049..e9fc4d8 100644
> > --- a/examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_old_defs.sh
> > +++ b/examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_old_defs.sh
> > @@ -2,4 +2,4 @@
> >
> >  . ${DIR}/trs_aesgcm_inline_crypto_defs.sh
> >
> > -SGW_CMD_XPRM=
> > +SGW_CMD_XPRM='-l 0'
> > diff --git a/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh
> > b/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh
> > index 951e6b6..1653d29 100644
> > --- a/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh
> > +++ b/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh
> > @@ -2,4 +2,4 @@
> >
> >  . ${DIR}/trs_aesgcm_defs.sh
> >
> > -SGW_CMD_XPRM=
> > +SGW_CMD_XPRM='-l 0'
> > diff --git a/examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh
> > b/examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh
> > index eaf248a..8fec47a 100644
> > --- a/examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh
> > +++ b/examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh
> > @@ -2,4 +2,4 @@
> >
> >  . ${DIR}/tun_3descbc_sha1_defs.sh
> >
> > -SGW_CMD_XPRM=
> > +SGW_CMD_XPRM='-l 0'
> > diff --git a/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh
> > b/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh
> > index 3c0d8d1..9ff08f1 100644
> > --- a/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh
> > +++ b/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh
> > @@ -2,4 +2,4 @@
> >
> >  . ${DIR}/tun_aescbc_sha1_defs.sh
> >
> > -SGW_CMD_XPRM=
> > +SGW_CMD_XPRM='-l 0'
> > diff --git a/examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh
> > b/examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh
> > index 26f0d02..b23f0db 100644
> > --- a/examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh
> > +++ b/examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh
> > @@ -2,4 +2,4 @@
> >
> >  . ${DIR}/tun_aesctr_sha1_defs.sh
> >
> > -SGW_CMD_XPRM=
> > +SGW_CMD_XPRM='-l 0'
> > diff --git
> > a/examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_old_defs.sh
> > b/examples/ipsec- secgw/test/tun_aesgcm_inline_crypto_old_defs.sh
> > index de65961..7574618 100644
> > --- a/examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_old_defs.sh
> > +++ b/examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_old_defs.sh
> > @@ -2,4 +2,4 @@
> >
> >  . ${DIR}/tun_aesgcm_inline_crypto_defs.sh
> >
> > -SGW_CMD_XPRM=
> > +SGW_CMD_XPRM='-l 0'
> > diff --git a/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh
> > b/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh
> > index e0a015e..fabfe63 100644
> > --- a/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh
> > +++ b/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh
> > @@ -2,4 +2,4 @@
> >
> >  . ${DIR}/tun_aesgcm_defs.sh
> >
> > -SGW_CMD_XPRM=
> > +SGW_CMD_XPRM='-l 0'
> > --
> > 2.7.4

Regards,

Bernard


^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH 1/2] examples/ipsec-secgw: set default to IPsec library mode
  2019-08-29  8:59 ` [dpdk-dev] [PATCH 1/2] examples/ipsec-secgw: set default to IPsec library mode Bernard Iremonger
@ 2019-09-26 13:47   ` Ananyev, Konstantin
  2019-09-26 13:51     ` Iremonger, Bernard
  0 siblings, 1 reply; 34+ messages in thread
From: Ananyev, Konstantin @ 2019-09-26 13:47 UTC (permalink / raw)
  To: Iremonger, Bernard, dev, akhil.goyal



> 
> Set the default code path to librte_ipsec mode.
> Add parameter 0 | 1 to -l option
> Check for conflicting options, -w -a -e and reassembly options are
> not supported in legacy mode.
> Show fragment table size.
> Update print_usage.
> Update the ipsec-secgw guide.
> Update the release notes.
> 
> Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
> ---
>  doc/guides/rel_notes/release_19_11.rst   |  8 ++++++
>  doc/guides/sample_app_ug/ipsec_secgw.rst |  6 +++--
>  examples/ipsec-secgw/ipsec-secgw.c       | 44 ++++++++++++++++++++------------
>  3 files changed, 40 insertions(+), 18 deletions(-)
> 
> diff --git a/doc/guides/rel_notes/release_19_11.rst b/doc/guides/rel_notes/release_19_11.rst
> index 8490d89..70143c5 100644
> --- a/doc/guides/rel_notes/release_19_11.rst
> +++ b/doc/guides/rel_notes/release_19_11.rst
> @@ -56,6 +56,14 @@ New Features
>       Also, make sure to start the actual text at the margin.
>       =========================================================
> 
> +* **Updated the IPsec Security Gateway application.**
> +
> +  The ``librte_ipsec`` code path is now the default code path in
> +  ``ipsec-secgw``
> +
> +  * The ``-l`` command line option has been extended to take a 0 | 1 argument.
> +    0 enables the code path that uses legacy code.
> +    1 enables the code path that uses ``librte_ipsec``.
> 
>  Removed Items
>  -------------
> diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst
> index ad2d79e..17b00c0 100644
> --- a/doc/guides/sample_app_ug/ipsec_secgw.rst
> +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
> @@ -92,7 +92,7 @@ The application has a number of command line options::
> 
>     ./build/ipsec-secgw [EAL options] --
>                          -p PORTMASK -P -u PORTMASK -j FRAMESIZE
> -                        -l -w REPLAY_WINOW_SIZE -e -a
> +                        -l 0 -w REPLAY_WINOW_SIZE -e -a
>                          --config (port,queue,lcore)[,(port,queue,lcore]
>                          --single-sa SAIDX
>                          --rxoffload MASK
> @@ -120,7 +120,9 @@ Where:
>      Minimum value: RTE_MBUF_DEFAULT_BUF_SIZE (2176)
>      Maximum value: UINT16_MAX (65535).
> 
> -*   ``-l``: enables code-path that uses librte_ipsec.
> +*   ``-l 0 | 1``: Default is ``librte_ipsec`` code path.
> +    0 enables the code path that uses legacy code.
> +    1 enables the code path that uses ``librte_ipsec``.
> 
>  *   ``-w REPLAY_WINOW_SIZE``: specifies the IPsec sequence number replay window
>      size for each Security Association (available only with librte_ipsec
> diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
> index 0d1fd6a..3e4b9e0 100644
> --- a/examples/ipsec-secgw/ipsec-secgw.c
> +++ b/examples/ipsec-secgw/ipsec-secgw.c
> @@ -188,7 +188,7 @@ static uint32_t frame_buf_size = RTE_MBUF_DEFAULT_BUF_SIZE;
>  static uint32_t mtu_size = RTE_ETHER_MTU;
> 
>  /* application wide librte_ipsec/SA parameters */
> -struct app_sa_prm app_sa_prm = {.enable = 0};
> +struct app_sa_prm app_sa_prm = {.enable = 1};
> 
>  struct lcore_rx_queue {
>  	uint16_t port_id;
> @@ -1259,7 +1259,7 @@ print_usage(const char *prgname)
>  		" [-P]"
>  		" [-u PORTMASK]"
>  		" [-j FRAMESIZE]"
> -		" [-l]"
> +		" [-l 0 | 1]"
>  		" [-w REPLAY_WINDOW_SIZE]"
>  		" [-e]"
>  		" [-a]"
> @@ -1277,7 +1277,8 @@ print_usage(const char *prgname)
>  		"  -u PORTMASK: Hexadecimal bitmask of unprotected ports\n"
>  		"  -j FRAMESIZE: Data buffer size, minimum (and default)\n"
>  		"     value: RTE_MBUF_DEFAULT_BUF_SIZE\n"
> -		"  -l enables code-path that uses librte_ipsec\n"
> +		"  -l 0 enables code-path that uses the legacy code\n"
> +		"  -l 1 enables code-path that uses librte_ipsec\n"
>  		"  -w REPLAY_WINDOW_SIZE specifies IPsec SQN replay window\n"
>  		"     size for each SA\n"
>  		"  -e enables ESN\n"
> @@ -1418,6 +1419,7 @@ print_app_sa_prm(const struct app_sa_prm *prm)
>  	printf("replay window size: %u\n", prm->window_size);
>  	printf("ESN: %s\n", (prm->enable_esn == 0) ? "disabled" : "enabled");
>  	printf("SA flags: %#" PRIx64 "\n", prm->flags);
> +	printf("Fragment Table size %u\n", frag_tbl_sz);
>  }
> 
>  static int32_t
> @@ -1431,7 +1433,7 @@ parse_args(int32_t argc, char **argv)
> 
>  	argvopt = argv;
> 
> -	while ((opt = getopt_long(argc, argvopt, "aelp:Pu:f:j:w:",
> +	while ((opt = getopt_long(argc, argvopt, "aep:Pu:f:j:w:l:",
>  				lgopts, &option_index)) != EOF) {
> 
>  		switch (opt) {
> @@ -1483,18 +1485,28 @@ parse_args(int32_t argc, char **argv)
>  			printf("Custom frame buffer size %u\n", frame_buf_size);
>  			break;
>  		case 'l':
> -			app_sa_prm.enable = 1;
> +			ret = parse_decimal(optarg);
> +			if (ret == -1) {
> +				printf("Invalid argument l %s\n", optarg);

Just as a nit, probably a bit better:
printf("Invalid argument: \'%s\' for: \'%c\' option\n", optarg, opt);
Apart from that:
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>


> +				print_usage(prgname);
> +				return -1;
> +			} else if (ret == 0)
> +				app_sa_prm.enable = 0;
> +			else if (ret == 1)
> +				app_sa_prm.enable = 1;
> +			else {
> +				printf("Invalid argument l %d\n", ret);
> +				print_usage(prgname);
> +				return -1;
> +			}
>  			break;
>  		case 'w':
> -			app_sa_prm.enable = 1;
>  			app_sa_prm.window_size = parse_decimal(optarg);
>  			break;
>  		case 'e':
> -			app_sa_prm.enable = 1;
>  			app_sa_prm.enable_esn = 1;
>  			break;
>  		case 'a':
> -			app_sa_prm.enable = 1;
>  			app_sa_prm.flags |= RTE_IPSEC_SAFLAG_SQN_ATOM;
>  			break;
>  		case CMD_LINE_OPT_CONFIG_NUM:
> @@ -1579,14 +1591,14 @@ parse_args(int32_t argc, char **argv)
>  		return -1;
>  	}
> 
> -	/* check do we need to enable multi-seg support */
> -	if (multi_seg_required()) {
> -		/* legacy mode doesn't support multi-seg */
> -		app_sa_prm.enable = 1;
> -		printf("frame buf size: %u, mtu: %u, "
> -			"number of reassemble entries: %u\n"
> -			"multi-segment support is required\n",
> -			frame_buf_size, mtu_size, frag_tbl_sz);
> +	if (app_sa_prm.enable == 0 &&
> +			(app_sa_prm.window_size > 0 ||
> +					app_sa_prm.enable_esn ||
> +					app_sa_prm.flags != 0 ||
> +					multi_seg_required())) {
> +		printf("-w -e -a and reassembly options are not "
> +				"supported in legacy mode\n");
> +		return -1;
>  	}
> 
>  	print_app_sa_prm(&app_sa_prm);
> --
> 2.7.4


^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH 1/2] examples/ipsec-secgw: set default to IPsec library mode
  2019-09-26 13:47   ` Ananyev, Konstantin
@ 2019-09-26 13:51     ` Iremonger, Bernard
  0 siblings, 0 replies; 34+ messages in thread
From: Iremonger, Bernard @ 2019-09-26 13:51 UTC (permalink / raw)
  To: Ananyev, Konstantin, dev, akhil.goyal

Hi Konstantin,

<snip>

> > Set the default code path to librte_ipsec mode.
> > Add parameter 0 | 1 to -l option
> > Check for conflicting options, -w -a -e and reassembly options are not
> > supported in legacy mode.
> > Show fragment table size.
> > Update print_usage.
> > Update the ipsec-secgw guide.
> > Update the release notes.
> >
> > Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
> > ---
> >  doc/guides/rel_notes/release_19_11.rst   |  8 ++++++
> >  doc/guides/sample_app_ug/ipsec_secgw.rst |  6 +++--
> >  examples/ipsec-secgw/ipsec-secgw.c       | 44 ++++++++++++++++++++---
> ---------
> >  3 files changed, 40 insertions(+), 18 deletions(-)
> >
> > diff --git a/doc/guides/rel_notes/release_19_11.rst
> > b/doc/guides/rel_notes/release_19_11.rst
> > index 8490d89..70143c5 100644
> > --- a/doc/guides/rel_notes/release_19_11.rst
> > +++ b/doc/guides/rel_notes/release_19_11.rst
> > @@ -56,6 +56,14 @@ New Features
> >       Also, make sure to start the actual text at the margin.
> >
> =========================================================
> >
> > +* **Updated the IPsec Security Gateway application.**
> > +
> > +  The ``librte_ipsec`` code path is now the default code path in
> > + ``ipsec-secgw``
> > +
> > +  * The ``-l`` command line option has been extended to take a 0 | 1
> argument.
> > +    0 enables the code path that uses legacy code.
> > +    1 enables the code path that uses ``librte_ipsec``.
> >
> >  Removed Items
> >  -------------
> > diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst
> > b/doc/guides/sample_app_ug/ipsec_secgw.rst
> > index ad2d79e..17b00c0 100644
> > --- a/doc/guides/sample_app_ug/ipsec_secgw.rst
> > +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
> > @@ -92,7 +92,7 @@ The application has a number of command line
> options::
> >
> >     ./build/ipsec-secgw [EAL options] --
> >                          -p PORTMASK -P -u PORTMASK -j FRAMESIZE
> > -                        -l -w REPLAY_WINOW_SIZE -e -a
> > +                        -l 0 -w REPLAY_WINOW_SIZE -e -a
> >                          --config (port,queue,lcore)[,(port,queue,lcore]
> >                          --single-sa SAIDX
> >                          --rxoffload MASK @@ -120,7 +120,9 @@ Where:
> >      Minimum value: RTE_MBUF_DEFAULT_BUF_SIZE (2176)
> >      Maximum value: UINT16_MAX (65535).
> >
> > -*   ``-l``: enables code-path that uses librte_ipsec.
> > +*   ``-l 0 | 1``: Default is ``librte_ipsec`` code path.
> > +    0 enables the code path that uses legacy code.
> > +    1 enables the code path that uses ``librte_ipsec``.
> >
> >  *   ``-w REPLAY_WINOW_SIZE``: specifies the IPsec sequence number
> replay window
> >      size for each Security Association (available only with
> > librte_ipsec diff --git a/examples/ipsec-secgw/ipsec-secgw.c
> > b/examples/ipsec-secgw/ipsec-secgw.c
> > index 0d1fd6a..3e4b9e0 100644
> > --- a/examples/ipsec-secgw/ipsec-secgw.c
> > +++ b/examples/ipsec-secgw/ipsec-secgw.c
> > @@ -188,7 +188,7 @@ static uint32_t frame_buf_size =
> > RTE_MBUF_DEFAULT_BUF_SIZE;  static uint32_t mtu_size =
> RTE_ETHER_MTU;
> >
> >  /* application wide librte_ipsec/SA parameters */ -struct app_sa_prm
> > app_sa_prm = {.enable = 0};
> > +struct app_sa_prm app_sa_prm = {.enable = 1};
> >
> >  struct lcore_rx_queue {
> >  	uint16_t port_id;
> > @@ -1259,7 +1259,7 @@ print_usage(const char *prgname)
> >  		" [-P]"
> >  		" [-u PORTMASK]"
> >  		" [-j FRAMESIZE]"
> > -		" [-l]"
> > +		" [-l 0 | 1]"
> >  		" [-w REPLAY_WINDOW_SIZE]"
> >  		" [-e]"
> >  		" [-a]"
> > @@ -1277,7 +1277,8 @@ print_usage(const char *prgname)
> >  		"  -u PORTMASK: Hexadecimal bitmask of unprotected
> ports\n"
> >  		"  -j FRAMESIZE: Data buffer size, minimum (and default)\n"
> >  		"     value: RTE_MBUF_DEFAULT_BUF_SIZE\n"
> > -		"  -l enables code-path that uses librte_ipsec\n"
> > +		"  -l 0 enables code-path that uses the legacy code\n"
> > +		"  -l 1 enables code-path that uses librte_ipsec\n"
> >  		"  -w REPLAY_WINDOW_SIZE specifies IPsec SQN replay
> window\n"
> >  		"     size for each SA\n"
> >  		"  -e enables ESN\n"
> > @@ -1418,6 +1419,7 @@ print_app_sa_prm(const struct app_sa_prm
> *prm)
> >  	printf("replay window size: %u\n", prm->window_size);
> >  	printf("ESN: %s\n", (prm->enable_esn == 0) ? "disabled" :
> "enabled");
> >  	printf("SA flags: %#" PRIx64 "\n", prm->flags);
> > +	printf("Fragment Table size %u\n", frag_tbl_sz);
> >  }
> >
> >  static int32_t
> > @@ -1431,7 +1433,7 @@ parse_args(int32_t argc, char **argv)
> >
> >  	argvopt = argv;
> >
> > -	while ((opt = getopt_long(argc, argvopt, "aelp:Pu:f:j:w:",
> > +	while ((opt = getopt_long(argc, argvopt, "aep:Pu:f:j:w:l:",
> >  				lgopts, &option_index)) != EOF) {
> >
> >  		switch (opt) {
> > @@ -1483,18 +1485,28 @@ parse_args(int32_t argc, char **argv)
> >  			printf("Custom frame buffer size %u\n",
> frame_buf_size);
> >  			break;
> >  		case 'l':
> > -			app_sa_prm.enable = 1;
> > +			ret = parse_decimal(optarg);
> > +			if (ret == -1) {
> > +				printf("Invalid argument l %s\n", optarg);
> 
> Just as a nit, probably a bit better:
> printf("Invalid argument: \'%s\' for: \'%c\' option\n", optarg, opt); Apart from
> that:
> Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>

I will send a v2.

Regards,

Bernard

<snip>

^ permalink raw reply	[flat|nested] 34+ messages in thread

* [dpdk-dev] [PATCH v2 0/3] examples/ipsec-secgw: set default
  2019-08-29  8:59 [dpdk-dev] [PATCH 0/2] examples/ipsec-secgw: set default Bernard Iremonger
  2019-08-29  8:59 ` [dpdk-dev] [PATCH 1/2] examples/ipsec-secgw: set default to IPsec library mode Bernard Iremonger
  2019-08-29  8:59 ` [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: add -l 0 parameter to old scripts Bernard Iremonger
@ 2019-10-01 15:17 ` Bernard Iremonger
  2019-10-01 17:30   ` Ananyev, Konstantin
  2019-10-11 12:40   ` Akhil Goyal
  2019-10-01 15:17 ` [dpdk-dev] [PATCH v2 1/3] examples/ipsec-secgw: set default to IPsec library mode Bernard Iremonger
                   ` (2 subsequent siblings)
  5 siblings, 2 replies; 34+ messages in thread
From: Bernard Iremonger @ 2019-10-01 15:17 UTC (permalink / raw)
  To: dev, konstantin.ananyev, akhil.goyal; +Cc: Bernard Iremonger

This patch set, sets the default code path in the ipsec-secgw
application to use the librte_ipsec.
The *_old test scripts have been modified to use the legacy code 
path.

Changes in v2:
-------------
The error messages for the -l option have been updated.
The pktest.sh script has been updated to drop the -l option.

Bernard Iremonger (3):
  examples/ipsec-secgw: set default to IPsec library mode
  examples/ipsec-secgw: add -l 0 parameter to old scripts
  examples/ipsec-secgw: update pktest.sh script

 doc/guides/rel_notes/release_19_11.rst             |  8 ++++
 doc/guides/sample_app_ug/ipsec_secgw.rst           |  6 ++-
 examples/ipsec-secgw/ipsec-secgw.c                 | 46 ++++++++++++++--------
 examples/ipsec-secgw/test/pkttest.sh               |  1 -
 .../ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh  |  2 +-
 .../ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh   |  2 +-
 .../ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh   |  2 +-
 .../test/trs_aesgcm_inline_crypto_old_defs.sh      |  2 +-
 examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh   |  2 +-
 .../ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh  |  2 +-
 .../ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh   |  2 +-
 .../ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh   |  2 +-
 .../test/tun_aesgcm_inline_crypto_old_defs.sh      |  2 +-
 examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh   |  2 +-
 14 files changed, 52 insertions(+), 29 deletions(-)

-- 
2.7.4


^ permalink raw reply	[flat|nested] 34+ messages in thread

* [dpdk-dev] [PATCH v2 1/3] examples/ipsec-secgw: set default to IPsec library mode
  2019-08-29  8:59 [dpdk-dev] [PATCH 0/2] examples/ipsec-secgw: set default Bernard Iremonger
                   ` (2 preceding siblings ...)
  2019-10-01 15:17 ` [dpdk-dev] [PATCH v2 0/3] examples/ipsec-secgw: set default Bernard Iremonger
@ 2019-10-01 15:17 ` Bernard Iremonger
  2019-10-14 13:53   ` Nicolau, Radu
  2019-10-01 15:17 ` [dpdk-dev] [PATCH v2 2/3] examples/ipsec-secgw: add -l 0 parameter to old scripts Bernard Iremonger
  2019-10-01 15:18 ` [dpdk-dev] [PATCH v2 3/3] examples/ipsec-secgw: update pktest.sh script Bernard Iremonger
  5 siblings, 1 reply; 34+ messages in thread
From: Bernard Iremonger @ 2019-10-01 15:17 UTC (permalink / raw)
  To: dev, konstantin.ananyev, akhil.goyal; +Cc: Bernard Iremonger

Set the default code path to librte_ipsec mode.
Add parameter 0 | 1 to -l option and update error message.
Check for conflicting options, -w -a -e and reassembly options are
not supported in legacy mode.
Show fragment table size.
Update print_usage.
Update the ipsec-secgw guide.
Update the release notes.

Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
---
 doc/guides/rel_notes/release_19_11.rst   |  8 ++++++
 doc/guides/sample_app_ug/ipsec_secgw.rst |  6 +++--
 examples/ipsec-secgw/ipsec-secgw.c       | 46 +++++++++++++++++++++-----------
 3 files changed, 42 insertions(+), 18 deletions(-)

diff --git a/doc/guides/rel_notes/release_19_11.rst b/doc/guides/rel_notes/release_19_11.rst
index 27cfbd9..b07e3bf 100644
--- a/doc/guides/rel_notes/release_19_11.rst
+++ b/doc/guides/rel_notes/release_19_11.rst
@@ -56,6 +56,14 @@ New Features
      Also, make sure to start the actual text at the margin.
      =========================================================
 
+* **Updated the IPsec Security Gateway application.**
+
+  The ``librte_ipsec`` code path is now the default code path in
+  ``ipsec-secgw``
+
+  * The ``-l`` command line option has been extended to take a 0 | 1 argument.
+    0 enables the code path that uses legacy code.
+    1 enables the code path that uses ``librte_ipsec``.
 
 Removed Items
 -------------
diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst
index ad2d79e..17b00c0 100644
--- a/doc/guides/sample_app_ug/ipsec_secgw.rst
+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
@@ -92,7 +92,7 @@ The application has a number of command line options::
 
    ./build/ipsec-secgw [EAL options] --
                         -p PORTMASK -P -u PORTMASK -j FRAMESIZE
-                        -l -w REPLAY_WINOW_SIZE -e -a
+                        -l 0 -w REPLAY_WINOW_SIZE -e -a
                         --config (port,queue,lcore)[,(port,queue,lcore]
                         --single-sa SAIDX
                         --rxoffload MASK
@@ -120,7 +120,9 @@ Where:
     Minimum value: RTE_MBUF_DEFAULT_BUF_SIZE (2176)
     Maximum value: UINT16_MAX (65535).
 
-*   ``-l``: enables code-path that uses librte_ipsec.
+*   ``-l 0 | 1``: Default is ``librte_ipsec`` code path.
+    0 enables the code path that uses legacy code.
+    1 enables the code path that uses ``librte_ipsec``.
 
 *   ``-w REPLAY_WINOW_SIZE``: specifies the IPsec sequence number replay window
     size for each Security Association (available only with librte_ipsec
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 0d1fd6a..0f0075a 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -188,7 +188,7 @@ static uint32_t frame_buf_size = RTE_MBUF_DEFAULT_BUF_SIZE;
 static uint32_t mtu_size = RTE_ETHER_MTU;
 
 /* application wide librte_ipsec/SA parameters */
-struct app_sa_prm app_sa_prm = {.enable = 0};
+struct app_sa_prm app_sa_prm = {.enable = 1};
 
 struct lcore_rx_queue {
 	uint16_t port_id;
@@ -1259,7 +1259,7 @@ print_usage(const char *prgname)
 		" [-P]"
 		" [-u PORTMASK]"
 		" [-j FRAMESIZE]"
-		" [-l]"
+		" [-l 0 | 1]"
 		" [-w REPLAY_WINDOW_SIZE]"
 		" [-e]"
 		" [-a]"
@@ -1277,7 +1277,8 @@ print_usage(const char *prgname)
 		"  -u PORTMASK: Hexadecimal bitmask of unprotected ports\n"
 		"  -j FRAMESIZE: Data buffer size, minimum (and default)\n"
 		"     value: RTE_MBUF_DEFAULT_BUF_SIZE\n"
-		"  -l enables code-path that uses librte_ipsec\n"
+		"  -l 0 enables code-path that uses the legacy code\n"
+		"  -l 1 enables code-path that uses librte_ipsec\n"
 		"  -w REPLAY_WINDOW_SIZE specifies IPsec SQN replay window\n"
 		"     size for each SA\n"
 		"  -e enables ESN\n"
@@ -1418,6 +1419,7 @@ print_app_sa_prm(const struct app_sa_prm *prm)
 	printf("replay window size: %u\n", prm->window_size);
 	printf("ESN: %s\n", (prm->enable_esn == 0) ? "disabled" : "enabled");
 	printf("SA flags: %#" PRIx64 "\n", prm->flags);
+	printf("Fragment Table size %u\n", frag_tbl_sz);
 }
 
 static int32_t
@@ -1431,7 +1433,7 @@ parse_args(int32_t argc, char **argv)
 
 	argvopt = argv;
 
-	while ((opt = getopt_long(argc, argvopt, "aelp:Pu:f:j:w:",
+	while ((opt = getopt_long(argc, argvopt, "aep:Pu:f:j:w:l:",
 				lgopts, &option_index)) != EOF) {
 
 		switch (opt) {
@@ -1483,18 +1485,30 @@ parse_args(int32_t argc, char **argv)
 			printf("Custom frame buffer size %u\n", frame_buf_size);
 			break;
 		case 'l':
-			app_sa_prm.enable = 1;
+			ret = parse_decimal(optarg);
+			if (ret == -1) {
+				printf("Invalid argument: \'%s\' for: \'%c\' option\n",
+					optarg, opt);
+				print_usage(prgname);
+				return -1;
+			} else if (ret == 0)
+				app_sa_prm.enable = 0;
+			else if (ret == 1)
+				app_sa_prm.enable = 1;
+			else {
+				printf("Invalid argument: \'%d\' for: \'%c\' option\n",
+					ret, opt);
+				print_usage(prgname);
+				return -1;
+			}
 			break;
 		case 'w':
-			app_sa_prm.enable = 1;
 			app_sa_prm.window_size = parse_decimal(optarg);
 			break;
 		case 'e':
-			app_sa_prm.enable = 1;
 			app_sa_prm.enable_esn = 1;
 			break;
 		case 'a':
-			app_sa_prm.enable = 1;
 			app_sa_prm.flags |= RTE_IPSEC_SAFLAG_SQN_ATOM;
 			break;
 		case CMD_LINE_OPT_CONFIG_NUM:
@@ -1579,14 +1593,14 @@ parse_args(int32_t argc, char **argv)
 		return -1;
 	}
 
-	/* check do we need to enable multi-seg support */
-	if (multi_seg_required()) {
-		/* legacy mode doesn't support multi-seg */
-		app_sa_prm.enable = 1;
-		printf("frame buf size: %u, mtu: %u, "
-			"number of reassemble entries: %u\n"
-			"multi-segment support is required\n",
-			frame_buf_size, mtu_size, frag_tbl_sz);
+	if (app_sa_prm.enable == 0 &&
+			(app_sa_prm.window_size > 0 ||
+					app_sa_prm.enable_esn ||
+					app_sa_prm.flags != 0 ||
+					multi_seg_required())) {
+		printf("-w -e -a and reassembly options are not "
+				"supported in legacy mode\n");
+		return -1;
 	}
 
 	print_app_sa_prm(&app_sa_prm);
-- 
2.7.4


^ permalink raw reply	[flat|nested] 34+ messages in thread

* [dpdk-dev] [PATCH v2 2/3] examples/ipsec-secgw: add -l 0 parameter to old scripts
  2019-08-29  8:59 [dpdk-dev] [PATCH 0/2] examples/ipsec-secgw: set default Bernard Iremonger
                   ` (3 preceding siblings ...)
  2019-10-01 15:17 ` [dpdk-dev] [PATCH v2 1/3] examples/ipsec-secgw: set default to IPsec library mode Bernard Iremonger
@ 2019-10-01 15:17 ` Bernard Iremonger
  2019-10-01 17:28   ` Ananyev, Konstantin
  2019-10-14 13:55   ` Nicolau, Radu
  2019-10-01 15:18 ` [dpdk-dev] [PATCH v2 3/3] examples/ipsec-secgw: update pktest.sh script Bernard Iremonger
  5 siblings, 2 replies; 34+ messages in thread
From: Bernard Iremonger @ 2019-10-01 15:17 UTC (permalink / raw)
  To: dev, konstantin.ananyev, akhil.goyal; +Cc: Bernard Iremonger

enable legacy mode in *_old scripts

Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
---
 examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh         | 2 +-
 examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh          | 2 +-
 examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh          | 2 +-
 examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_old_defs.sh | 2 +-
 examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh               | 2 +-
 examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh         | 2 +-
 examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh          | 2 +-
 examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh          | 2 +-
 examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_old_defs.sh | 2 +-
 examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh               | 2 +-
 10 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh b/examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh
index ffd945b..1f3a9f4 100644
--- a/examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh
+++ b/examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh
@@ -2,4 +2,4 @@
 
 . ${DIR}/trs_3descbc_sha1_defs.sh
 
-SGW_CMD_XPRM=
+SGW_CMD_XPRM='-l 0'
diff --git a/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh b/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh
index a3abb61..093b0c9 100644
--- a/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh
+++ b/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh
@@ -2,4 +2,4 @@
 
 . ${DIR}/trs_aescbc_sha1_defs.sh
 
-SGW_CMD_XPRM=
+SGW_CMD_XPRM='-l 0'
diff --git a/examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh b/examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh
index 3aa0712..c6e8851 100644
--- a/examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh
+++ b/examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh
@@ -2,4 +2,4 @@
 
 . ${DIR}/trs_aesctr_sha1_defs.sh
 
-SGW_CMD_XPRM=
+SGW_CMD_XPRM='-l 0'
diff --git a/examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_old_defs.sh b/examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_old_defs.sh
index 0523049..e9fc4d8 100644
--- a/examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_old_defs.sh
+++ b/examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_old_defs.sh
@@ -2,4 +2,4 @@
 
 . ${DIR}/trs_aesgcm_inline_crypto_defs.sh
 
-SGW_CMD_XPRM=
+SGW_CMD_XPRM='-l 0'
diff --git a/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh b/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh
index 951e6b6..1653d29 100644
--- a/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh
+++ b/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh
@@ -2,4 +2,4 @@
 
 . ${DIR}/trs_aesgcm_defs.sh
 
-SGW_CMD_XPRM=
+SGW_CMD_XPRM='-l 0'
diff --git a/examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh b/examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh
index eaf248a..8fec47a 100644
--- a/examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh
+++ b/examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh
@@ -2,4 +2,4 @@
 
 . ${DIR}/tun_3descbc_sha1_defs.sh
 
-SGW_CMD_XPRM=
+SGW_CMD_XPRM='-l 0'
diff --git a/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh b/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh
index 3c0d8d1..9ff08f1 100644
--- a/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh
+++ b/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh
@@ -2,4 +2,4 @@
 
 . ${DIR}/tun_aescbc_sha1_defs.sh
 
-SGW_CMD_XPRM=
+SGW_CMD_XPRM='-l 0'
diff --git a/examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh b/examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh
index 26f0d02..b23f0db 100644
--- a/examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh
+++ b/examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh
@@ -2,4 +2,4 @@
 
 . ${DIR}/tun_aesctr_sha1_defs.sh
 
-SGW_CMD_XPRM=
+SGW_CMD_XPRM='-l 0'
diff --git a/examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_old_defs.sh b/examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_old_defs.sh
index de65961..7574618 100644
--- a/examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_old_defs.sh
+++ b/examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_old_defs.sh
@@ -2,4 +2,4 @@
 
 . ${DIR}/tun_aesgcm_inline_crypto_defs.sh
 
-SGW_CMD_XPRM=
+SGW_CMD_XPRM='-l 0'
diff --git a/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh b/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh
index e0a015e..fabfe63 100644
--- a/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh
+++ b/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh
@@ -2,4 +2,4 @@
 
 . ${DIR}/tun_aesgcm_defs.sh
 
-SGW_CMD_XPRM=
+SGW_CMD_XPRM='-l 0'
-- 
2.7.4


^ permalink raw reply	[flat|nested] 34+ messages in thread

* [dpdk-dev] [PATCH v2 3/3] examples/ipsec-secgw: update pktest.sh script
  2019-08-29  8:59 [dpdk-dev] [PATCH 0/2] examples/ipsec-secgw: set default Bernard Iremonger
                   ` (4 preceding siblings ...)
  2019-10-01 15:17 ` [dpdk-dev] [PATCH v2 2/3] examples/ipsec-secgw: add -l 0 parameter to old scripts Bernard Iremonger
@ 2019-10-01 15:18 ` Bernard Iremonger
  2019-10-01 17:29   ` Ananyev, Konstantin
  2019-10-14 13:56   ` Nicolau, Radu
  5 siblings, 2 replies; 34+ messages in thread
From: Bernard Iremonger @ 2019-10-01 15:18 UTC (permalink / raw)
  To: dev, konstantin.ananyev, akhil.goyal; +Cc: Bernard Iremonger

Drop SGW_CMD_XPRM=l, as default is IPsec library now.

Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
---
 examples/ipsec-secgw/test/pkttest.sh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/examples/ipsec-secgw/test/pkttest.sh b/examples/ipsec-secgw/test/pkttest.sh
index 04cd96b..7c78de7 100755
--- a/examples/ipsec-secgw/test/pkttest.sh
+++ b/examples/ipsec-secgw/test/pkttest.sh
@@ -18,7 +18,6 @@ fi
 CRYPTO_DEV="--vdev=crypto_null0"
 SGW_PORT_CFG="--vdev=net_tap0,mac=fixed --vdev=net_tap1,mac=fixed"
 SGW_EAL_XPRM="--no-pci"
-SGW_CMD_XPRM=-l
 SGW_WAIT_DEV="dtap0"
 . ${DIR}/common_defs_secgw.sh
 
-- 
2.7.4


^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v2 2/3] examples/ipsec-secgw: add -l 0 parameter to old scripts
  2019-10-01 15:17 ` [dpdk-dev] [PATCH v2 2/3] examples/ipsec-secgw: add -l 0 parameter to old scripts Bernard Iremonger
@ 2019-10-01 17:28   ` Ananyev, Konstantin
  2019-10-14 13:55   ` Nicolau, Radu
  1 sibling, 0 replies; 34+ messages in thread
From: Ananyev, Konstantin @ 2019-10-01 17:28 UTC (permalink / raw)
  To: Iremonger, Bernard, dev, akhil.goyal



> -----Original Message-----
> From: Iremonger, Bernard
> Sent: Tuesday, October 1, 2019 4:18 PM
> To: dev@dpdk.org; Ananyev, Konstantin <konstantin.ananyev@intel.com>; akhil.goyal@nxp.com
> Cc: Iremonger, Bernard <bernard.iremonger@intel.com>
> Subject: [PATCH v2 2/3] examples/ipsec-secgw: add -l 0 parameter to old scripts
> 
> enable legacy mode in *_old scripts
> 
> Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
> ---

Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>

> 2.7.4


^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v2 3/3] examples/ipsec-secgw: update pktest.sh script
  2019-10-01 15:18 ` [dpdk-dev] [PATCH v2 3/3] examples/ipsec-secgw: update pktest.sh script Bernard Iremonger
@ 2019-10-01 17:29   ` Ananyev, Konstantin
  2019-10-14 13:56   ` Nicolau, Radu
  1 sibling, 0 replies; 34+ messages in thread
From: Ananyev, Konstantin @ 2019-10-01 17:29 UTC (permalink / raw)
  To: Iremonger, Bernard, dev, akhil.goyal



> -----Original Message-----
> From: Iremonger, Bernard
> Sent: Tuesday, October 1, 2019 4:18 PM
> To: dev@dpdk.org; Ananyev, Konstantin <konstantin.ananyev@intel.com>; akhil.goyal@nxp.com
> Cc: Iremonger, Bernard <bernard.iremonger@intel.com>
> Subject: [PATCH v2 3/3] examples/ipsec-secgw: update pktest.sh script
> 
> Drop SGW_CMD_XPRM=l, as default is IPsec library now.
> 
> Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
> ---
>  examples/ipsec-secgw/test/pkttest.sh | 1 -
>  1 file changed, 1 deletion(-)
> 
> diff --git a/examples/ipsec-secgw/test/pkttest.sh b/examples/ipsec-secgw/test/pkttest.sh
> index 04cd96b..7c78de7 100755
> --- a/examples/ipsec-secgw/test/pkttest.sh
> +++ b/examples/ipsec-secgw/test/pkttest.sh
> @@ -18,7 +18,6 @@ fi
>  CRYPTO_DEV="--vdev=crypto_null0"
>  SGW_PORT_CFG="--vdev=net_tap0,mac=fixed --vdev=net_tap1,mac=fixed"
>  SGW_EAL_XPRM="--no-pci"
> -SGW_CMD_XPRM=-l
>  SGW_WAIT_DEV="dtap0"
>  . ${DIR}/common_defs_secgw.sh
> 
> --

Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>

> 2.7.4


^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/3] examples/ipsec-secgw: set default
  2019-10-01 15:17 ` [dpdk-dev] [PATCH v2 0/3] examples/ipsec-secgw: set default Bernard Iremonger
@ 2019-10-01 17:30   ` Ananyev, Konstantin
  2019-10-02  8:59     ` Iremonger, Bernard
  2019-10-11 12:40   ` Akhil Goyal
  1 sibling, 1 reply; 34+ messages in thread
From: Ananyev, Konstantin @ 2019-10-01 17:30 UTC (permalink / raw)
  To: Iremonger, Bernard, dev, akhil.goyal


Hi Bernard,

> 
> This patch set, sets the default code path in the ipsec-secgw
> application to use the librte_ipsec.
> The *_old test scripts have been modified to use the legacy code
> path.
> 
> Changes in v2:
> -------------
> The error messages for the -l option have been updated.
> The pktest.sh script has been updated to drop the -l option.

The patches looks good to me.
Just one thing - shouldn't we also update the docs (AG for ipsec-secgw)?
Konstantin

> 
> Bernard Iremonger (3):
>   examples/ipsec-secgw: set default to IPsec library mode
>   examples/ipsec-secgw: add -l 0 parameter to old scripts
>   examples/ipsec-secgw: update pktest.sh script
> 
>  doc/guides/rel_notes/release_19_11.rst             |  8 ++++
>  doc/guides/sample_app_ug/ipsec_secgw.rst           |  6 ++-
>  examples/ipsec-secgw/ipsec-secgw.c                 | 46 ++++++++++++++--------
>  examples/ipsec-secgw/test/pkttest.sh               |  1 -
>  .../ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh  |  2 +-
>  .../ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh   |  2 +-
>  .../ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh   |  2 +-
>  .../test/trs_aesgcm_inline_crypto_old_defs.sh      |  2 +-
>  examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh   |  2 +-
>  .../ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh  |  2 +-
>  .../ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh   |  2 +-
>  .../ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh   |  2 +-
>  .../test/tun_aesgcm_inline_crypto_old_defs.sh      |  2 +-
>  examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh   |  2 +-
>  14 files changed, 52 insertions(+), 29 deletions(-)
> 
> --
> 2.7.4


^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/3] examples/ipsec-secgw: set default
  2019-10-01 17:30   ` Ananyev, Konstantin
@ 2019-10-02  8:59     ` Iremonger, Bernard
  2019-10-02  9:11       ` Ananyev, Konstantin
  0 siblings, 1 reply; 34+ messages in thread
From: Iremonger, Bernard @ 2019-10-02  8:59 UTC (permalink / raw)
  To: Ananyev, Konstantin, dev, akhil.goyal

Hi Konstantin,

> -----Original Message-----
> From: Ananyev, Konstantin
> Sent: Tuesday, October 1, 2019 6:31 PM
> To: Iremonger, Bernard <bernard.iremonger@intel.com>; dev@dpdk.org;
> akhil.goyal@nxp.com
> Subject: RE: [PATCH v2 0/3] examples/ipsec-secgw: set default
> 
> 
> Hi Bernard,
> 
> >
> > This patch set, sets the default code path in the ipsec-secgw
> > application to use the librte_ipsec.
> > The *_old test scripts have been modified to use the legacy code path.
> >
> > Changes in v2:
> > -------------
> > The error messages for the -l option have been updated.
> > The pktest.sh script has been updated to drop the -l option.
> 
> The patches looks good to me.
> Just one thing - shouldn't we also update the docs (AG for ipsec-secgw)?
> Konstantin

The 19.11 release notes and the sample application guide for ipsec-secgw have been updated.
The updates are in the first patch (0001) with ipsec-secgw.c updates.


> > Bernard Iremonger (3):
> >   examples/ipsec-secgw: set default to IPsec library mode
> >   examples/ipsec-secgw: add -l 0 parameter to old scripts
> >   examples/ipsec-secgw: update pktest.sh script
> >
> >  doc/guides/rel_notes/release_19_11.rst             |  8 ++++
> >  doc/guides/sample_app_ug/ipsec_secgw.rst           |  6 ++-
> >  examples/ipsec-secgw/ipsec-secgw.c                 | 46 ++++++++++++++-------
> -
> >  examples/ipsec-secgw/test/pkttest.sh               |  1 -
> >  .../ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh  |  2 +-
> >  .../ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh   |  2 +-
> >  .../ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh   |  2 +-
> >  .../test/trs_aesgcm_inline_crypto_old_defs.sh      |  2 +-
> >  examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh   |  2 +-
> >  .../ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh  |  2 +-
> >  .../ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh   |  2 +-
> >  .../ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh   |  2 +-
> >  .../test/tun_aesgcm_inline_crypto_old_defs.sh      |  2 +-
> >  examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh   |  2 +-
> >  14 files changed, 52 insertions(+), 29 deletions(-)
> >
> > --
> > 2.7.4

Regards,

Bernard.

^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/3] examples/ipsec-secgw: set default
  2019-10-02  8:59     ` Iremonger, Bernard
@ 2019-10-02  9:11       ` Ananyev, Konstantin
  0 siblings, 0 replies; 34+ messages in thread
From: Ananyev, Konstantin @ 2019-10-02  9:11 UTC (permalink / raw)
  To: Iremonger, Bernard, dev, akhil.goyal



> -----Original Message-----
> From: Iremonger, Bernard
> Sent: Wednesday, October 2, 2019 10:00 AM
> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>; dev@dpdk.org; akhil.goyal@nxp.com
> Subject: RE: [PATCH v2 0/3] examples/ipsec-secgw: set default
> 
> Hi Konstantin,
> 
> > -----Original Message-----
> > From: Ananyev, Konstantin
> > Sent: Tuesday, October 1, 2019 6:31 PM
> > To: Iremonger, Bernard <bernard.iremonger@intel.com>; dev@dpdk.org;
> > akhil.goyal@nxp.com
> > Subject: RE: [PATCH v2 0/3] examples/ipsec-secgw: set default
> >
> >
> > Hi Bernard,
> >
> > >
> > > This patch set, sets the default code path in the ipsec-secgw
> > > application to use the librte_ipsec.
> > > The *_old test scripts have been modified to use the legacy code path.
> > >
> > > Changes in v2:
> > > -------------
> > > The error messages for the -l option have been updated.
> > > The pktest.sh script has been updated to drop the -l option.
> >
> > The patches looks good to me.
> > Just one thing - shouldn't we also update the docs (AG for ipsec-secgw)?
> > Konstantin
> 
> The 19.11 release notes and the sample application guide for ipsec-secgw have been updated.
> The updates are in the first patch (0001) with ipsec-secgw.c updates.

Ah, ok sorry for the noise then :)
Konstantin

> 
> 
> > > Bernard Iremonger (3):
> > >   examples/ipsec-secgw: set default to IPsec library mode
> > >   examples/ipsec-secgw: add -l 0 parameter to old scripts
> > >   examples/ipsec-secgw: update pktest.sh script
> > >
> > >  doc/guides/rel_notes/release_19_11.rst             |  8 ++++
> > >  doc/guides/sample_app_ug/ipsec_secgw.rst           |  6 ++-
> > >  examples/ipsec-secgw/ipsec-secgw.c                 | 46 ++++++++++++++-------
> > -
> > >  examples/ipsec-secgw/test/pkttest.sh               |  1 -
> > >  .../ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh  |  2 +-
> > >  .../ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh   |  2 +-
> > >  .../ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh   |  2 +-
> > >  .../test/trs_aesgcm_inline_crypto_old_defs.sh      |  2 +-
> > >  examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh   |  2 +-
> > >  .../ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh  |  2 +-
> > >  .../ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh   |  2 +-
> > >  .../ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh   |  2 +-
> > >  .../test/tun_aesgcm_inline_crypto_old_defs.sh      |  2 +-
> > >  examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh   |  2 +-
> > >  14 files changed, 52 insertions(+), 29 deletions(-)
> > >
> > > --
> > > 2.7.4
> 
> Regards,
> 
> Bernard.

^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/3] examples/ipsec-secgw: set default
  2019-10-01 15:17 ` [dpdk-dev] [PATCH v2 0/3] examples/ipsec-secgw: set default Bernard Iremonger
  2019-10-01 17:30   ` Ananyev, Konstantin
@ 2019-10-11 12:40   ` Akhil Goyal
  2019-10-11 15:13     ` Iremonger, Bernard
                       ` (2 more replies)
  1 sibling, 3 replies; 34+ messages in thread
From: Akhil Goyal @ 2019-10-11 12:40 UTC (permalink / raw)
  To: Bernard Iremonger, dev, konstantin.ananyev, anoobj, jerinj,
	'Thomas Monjalon'

Hi All,

This patchset would need ack from more vendors as it will impact user experience
on a key example application which is normally demonstrated to customers.

IPSec library is still evolving and there are new functionality added every release.
Atleast from NXP side we are not OK with this change.

I would hold this patch till RC2 atleast.

Regards,
Akhil

> -----Original Message-----
> From: Bernard Iremonger <bernard.iremonger@intel.com>
> Sent: Tuesday, October 1, 2019 8:48 PM
> To: dev@dpdk.org; konstantin.ananyev@intel.com; Akhil Goyal
> <akhil.goyal@nxp.com>
> Cc: Bernard Iremonger <bernard.iremonger@intel.com>
> Subject: [PATCH v2 0/3] examples/ipsec-secgw: set default
> 
> This patch set, sets the default code path in the ipsec-secgw
> application to use the librte_ipsec.
> The *_old test scripts have been modified to use the legacy code
> path.
> 
> Changes in v2:
> -------------
> The error messages for the -l option have been updated.
> The pktest.sh script has been updated to drop the -l option.
> 
> Bernard Iremonger (3):
>   examples/ipsec-secgw: set default to IPsec library mode
>   examples/ipsec-secgw: add -l 0 parameter to old scripts
>   examples/ipsec-secgw: update pktest.sh script
> 
>  doc/guides/rel_notes/release_19_11.rst             |  8 ++++
>  doc/guides/sample_app_ug/ipsec_secgw.rst           |  6 ++-
>  examples/ipsec-secgw/ipsec-secgw.c                 | 46 ++++++++++++++--------
>  examples/ipsec-secgw/test/pkttest.sh               |  1 -
>  .../ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh  |  2 +-
>  .../ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh   |  2 +-
>  .../ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh   |  2 +-
>  .../test/trs_aesgcm_inline_crypto_old_defs.sh      |  2 +-
>  examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh   |  2 +-
>  .../ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh  |  2 +-
>  .../ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh   |  2 +-
>  .../ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh   |  2 +-
>  .../test/tun_aesgcm_inline_crypto_old_defs.sh      |  2 +-
>  examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh   |  2 +-
>  14 files changed, 52 insertions(+), 29 deletions(-)
> 
> --
> 2.7.4


^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/3] examples/ipsec-secgw: set default
  2019-10-11 12:40   ` Akhil Goyal
@ 2019-10-11 15:13     ` Iremonger, Bernard
  2019-10-11 15:23     ` Thomas Monjalon
  2019-10-16  4:18     ` Anoob Joseph
  2 siblings, 0 replies; 34+ messages in thread
From: Iremonger, Bernard @ 2019-10-11 15:13 UTC (permalink / raw)
  To: Akhil Goyal, dev, Ananyev, Konstantin, anoobj, jerinj,
	'Thomas Monjalon'
  Cc: Iremonger, Bernard

Hi Akhil,

With this patch applied the legacy code path in the ipsec-secgw application is still available. The default code path is now to use librte_ipsec.
The "-l 0" option at startup allows the legacy code path to be used.
Both code paths are still available.

Regards,

Bernard 

> -----Original Message-----
> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> Sent: Friday, October 11, 2019 1:40 PM
> To: Iremonger, Bernard <bernard.iremonger@intel.com>; dev@dpdk.org;
> Ananyev, Konstantin <konstantin.ananyev@intel.com>;
> anoobj@marvell.com; jerinj@marvell.com; 'Thomas Monjalon'
> <thomas@monjalon.net>
> Subject: RE: [PATCH v2 0/3] examples/ipsec-secgw: set default
> 
> Hi All,
> 
> This patchset would need ack from more vendors as it will impact user
> experience on a key example application which is normally demonstrated to
> customers.
> 
> IPSec library is still evolving and there are new functionality added every
> release.
> Atleast from NXP side we are not OK with this change.
> 
> I would hold this patch till RC2 atleast.
> 
> Regards,
> Akhil
> 
> > -----Original Message-----
> > From: Bernard Iremonger <bernard.iremonger@intel.com>
> > Sent: Tuesday, October 1, 2019 8:48 PM
> > To: dev@dpdk.org; konstantin.ananyev@intel.com; Akhil Goyal
> > <akhil.goyal@nxp.com>
> > Cc: Bernard Iremonger <bernard.iremonger@intel.com>
> > Subject: [PATCH v2 0/3] examples/ipsec-secgw: set default
> >
> > This patch set, sets the default code path in the ipsec-secgw
> > application to use the librte_ipsec.
> > The *_old test scripts have been modified to use the legacy code path.
> >
> > Changes in v2:
> > -------------
> > The error messages for the -l option have been updated.
> > The pktest.sh script has been updated to drop the -l option.
> >
> > Bernard Iremonger (3):
> >   examples/ipsec-secgw: set default to IPsec library mode
> >   examples/ipsec-secgw: add -l 0 parameter to old scripts
> >   examples/ipsec-secgw: update pktest.sh script
> >
> >  doc/guides/rel_notes/release_19_11.rst             |  8 ++++
> >  doc/guides/sample_app_ug/ipsec_secgw.rst           |  6 ++-
> >  examples/ipsec-secgw/ipsec-secgw.c                 | 46 ++++++++++++++-------
> -
> >  examples/ipsec-secgw/test/pkttest.sh               |  1 -
> >  .../ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh  |  2 +-
> >  .../ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh   |  2 +-
> >  .../ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh   |  2 +-
> >  .../test/trs_aesgcm_inline_crypto_old_defs.sh      |  2 +-
> >  examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh   |  2 +-
> >  .../ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh  |  2 +-
> >  .../ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh   |  2 +-
> >  .../ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh   |  2 +-
> >  .../test/tun_aesgcm_inline_crypto_old_defs.sh      |  2 +-
> >  examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh   |  2 +-
> >  14 files changed, 52 insertions(+), 29 deletions(-)
> >
> > --
> > 2.7.4


^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/3] examples/ipsec-secgw: set default
  2019-10-11 12:40   ` Akhil Goyal
  2019-10-11 15:13     ` Iremonger, Bernard
@ 2019-10-11 15:23     ` Thomas Monjalon
  2019-10-15  6:42       ` Akhil Goyal
  2019-10-16  4:18     ` Anoob Joseph
  2 siblings, 1 reply; 34+ messages in thread
From: Thomas Monjalon @ 2019-10-11 15:23 UTC (permalink / raw)
  To: Akhil Goyal; +Cc: Bernard Iremonger, dev, konstantin.ananyev, anoobj, jerinj

11/10/2019 14:40, Akhil Goyal:
> Hi All,
> 
> This patchset would need ack from more vendors as it will impact user experience
> on a key example application which is normally demonstrated to customers.
> 
> IPSec library is still evolving and there are new functionality added every release.
> Atleast from NXP side we are not OK with this change.

What can be changed in the library to make it acceptable as a default in this example?



^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v2 1/3] examples/ipsec-secgw: set default to IPsec library mode
  2019-10-01 15:17 ` [dpdk-dev] [PATCH v2 1/3] examples/ipsec-secgw: set default to IPsec library mode Bernard Iremonger
@ 2019-10-14 13:53   ` Nicolau, Radu
  0 siblings, 0 replies; 34+ messages in thread
From: Nicolau, Radu @ 2019-10-14 13:53 UTC (permalink / raw)
  To: Bernard Iremonger, dev, konstantin.ananyev, akhil.goyal


On 10/1/2019 4:17 PM, Bernard Iremonger wrote:
> Set the default code path to librte_ipsec mode.
> Add parameter 0 | 1 to -l option and update error message.
> Check for conflicting options, -w -a -e and reassembly options are
> not supported in legacy mode.
> Show fragment table size.
> Update print_usage.
> Update the ipsec-secgw guide.
> Update the release notes.
>
> Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
> Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> ---

Acked-by: Radu Nicolau <radu.nicolau@intel.com 
<mailto:radu.nicolau@intel.com>>


^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v2 2/3] examples/ipsec-secgw: add -l 0 parameter to old scripts
  2019-10-01 15:17 ` [dpdk-dev] [PATCH v2 2/3] examples/ipsec-secgw: add -l 0 parameter to old scripts Bernard Iremonger
  2019-10-01 17:28   ` Ananyev, Konstantin
@ 2019-10-14 13:55   ` Nicolau, Radu
  1 sibling, 0 replies; 34+ messages in thread
From: Nicolau, Radu @ 2019-10-14 13:55 UTC (permalink / raw)
  To: Bernard Iremonger, dev, konstantin.ananyev, akhil.goyal


On 10/1/2019 4:17 PM, Bernard Iremonger wrote:
> enable legacy mode in *_old scripts
>
> Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
> ---
>   

Acked-by: Radu Nicolau <radu.nicolau@intel.com 
<mailto:radu.nicolau@intel.com>>


^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v2 3/3] examples/ipsec-secgw: update pktest.sh script
  2019-10-01 15:18 ` [dpdk-dev] [PATCH v2 3/3] examples/ipsec-secgw: update pktest.sh script Bernard Iremonger
  2019-10-01 17:29   ` Ananyev, Konstantin
@ 2019-10-14 13:56   ` Nicolau, Radu
  1 sibling, 0 replies; 34+ messages in thread
From: Nicolau, Radu @ 2019-10-14 13:56 UTC (permalink / raw)
  To: Bernard Iremonger, dev, konstantin.ananyev, akhil.goyal


On 10/1/2019 4:18 PM, Bernard Iremonger wrote:
> Drop SGW_CMD_XPRM=l, as default is IPsec library now.
>
> Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
> ---

Acked-by: Radu Nicolau <radu.nicolau@intel.com 
<mailto:radu.nicolau@intel.com>>


^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/3] examples/ipsec-secgw: set default
  2019-10-11 15:23     ` Thomas Monjalon
@ 2019-10-15  6:42       ` Akhil Goyal
  2019-10-15  8:54         ` Iremonger, Bernard
  0 siblings, 1 reply; 34+ messages in thread
From: Akhil Goyal @ 2019-10-15  6:42 UTC (permalink / raw)
  To: Thomas Monjalon
  Cc: Bernard Iremonger, dev, konstantin.ananyev, anoobj, jerinj


> 
> 11/10/2019 14:40, Akhil Goyal:
> > Hi All,
> >
> > This patchset would need ack from more vendors as it will impact user
> experience
> > on a key example application which is normally demonstrated to customers.
> >
> > IPSec library is still evolving and there are new functionality added every
> release.
> > Atleast from NXP side we are not OK with this change.
> 
> What can be changed in the library to make it acceptable as a default in this
> example?
> 

We are observing performance issues with ipsec library. So would request other
Vendors to confirm if they are OK with the performance numbers.

^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/3] examples/ipsec-secgw: set default
  2019-10-15  6:42       ` Akhil Goyal
@ 2019-10-15  8:54         ` Iremonger, Bernard
  2019-10-15 15:05           ` Akhil Goyal
  0 siblings, 1 reply; 34+ messages in thread
From: Iremonger, Bernard @ 2019-10-15  8:54 UTC (permalink / raw)
  To: Akhil Goyal, Thomas Monjalon; +Cc: dev, Ananyev, Konstantin, anoobj, jerinj

Hi Akhil,

> -----Original Message-----
> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> Sent: Tuesday, October 15, 2019 7:43 AM
> To: Thomas Monjalon <thomas@monjalon.net>
> Cc: Iremonger, Bernard <bernard.iremonger@intel.com>; dev@dpdk.org;
> Ananyev, Konstantin <konstantin.ananyev@intel.com>;
> anoobj@marvell.com; jerinj@marvell.com
> Subject: RE: [PATCH v2 0/3] examples/ipsec-secgw: set default
> 
> 
> >
> > 11/10/2019 14:40, Akhil Goyal:
> > > Hi All,
> > >
> > > This patchset would need ack from more vendors as it will impact
> > > user
> > experience
> > > on a key example application which is normally demonstrated to
> customers.
> > >
> > > IPSec library is still evolving and there are new functionality
> > > added every
> > release.
> > > Atleast from NXP side we are not OK with this change.
> >
> > What can be changed in the library to make it acceptable as a default
> > in this example?
> >
> 
> We are observing performance issues with ipsec library. So would request
> other Vendors to confirm if they are OK with the performance numbers.

Could you give some details on the performance issues you are seeing.

Regards,

Bernard.


^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/3] examples/ipsec-secgw: set default
  2019-10-15  8:54         ` Iremonger, Bernard
@ 2019-10-15 15:05           ` Akhil Goyal
  2019-10-16 10:44             ` Ananyev, Konstantin
  2019-10-30  9:29             ` Iremonger, Bernard
  0 siblings, 2 replies; 34+ messages in thread
From: Akhil Goyal @ 2019-10-15 15:05 UTC (permalink / raw)
  To: Iremonger, Bernard, Thomas Monjalon
  Cc: dev, Ananyev, Konstantin, anoobj, jerinj



> > >
> > > 11/10/2019 14:40, Akhil Goyal:
> > > > Hi All,
> > > >
> > > > This patchset would need ack from more vendors as it will impact
> > > > user
> > > experience
> > > > on a key example application which is normally demonstrated to
> > customers.
> > > >
> > > > IPSec library is still evolving and there are new functionality
> > > > added every
> > > release.
> > > > Atleast from NXP side we are not OK with this change.
> > >
> > > What can be changed in the library to make it acceptable as a default
> > > in this example?
> > >
> >
> > We are observing performance issues with ipsec library. So would request
> > other Vendors to confirm if they are OK with the performance numbers.
> 
> Could you give some details on the performance issues you are seeing.
> 

We were observing about 4-5% drop when using the ipsec-lib instead of the
Legacy code path. We would again measure it on RC1. That is why I say, I will
Hold this patch till RC2, unless some other vendor also confirms that.

^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/3] examples/ipsec-secgw: set default
  2019-10-11 12:40   ` Akhil Goyal
  2019-10-11 15:13     ` Iremonger, Bernard
  2019-10-11 15:23     ` Thomas Monjalon
@ 2019-10-16  4:18     ` Anoob Joseph
  2 siblings, 0 replies; 34+ messages in thread
From: Anoob Joseph @ 2019-10-16  4:18 UTC (permalink / raw)
  To: Akhil Goyal, Bernard Iremonger, dev, konstantin.ananyev,
	Jerin Jacob Kollanukkaran, 'Thomas Monjalon'

Hi Akhil,

Marvell is NOT OK with this change in this cycle. The library is still emerging and the boundary between ipsec-secgw and lib ipsec still hasn't emerged clearly. Moreover, lib_ipsec mode isn't even working with the default conf (I believe the fix for this still in discussion. The issue was reported by a Marvell engineer some time back). There are questionable features getting pushed, for which Marvell's concerns were subdued.

I would expect this taken up after lib ipsec is found stable for atleast one release cycle.

As for the performance, we found 2-3% drop with the lib ipsec in the last release (lookaside crypto mode). Yet to try out with latest codebase. With some of the recent submissions, I expect an even higher performance hit. Also, eventmode ipsec-secgw (already submitted RFC) is using non lib ipsec mode. We don't have plans to move that to lib ipsec mode until lib ipsec is made stable.

Thanks,
Anoob

> -----Original Message-----
> From: Akhil Goyal <akhil.goyal@nxp.com>
> Sent: Friday, October 11, 2019 6:10 PM
> To: Bernard Iremonger <bernard.iremonger@intel.com>; dev@dpdk.org;
> konstantin.ananyev@intel.com; Anoob Joseph <anoobj@marvell.com>;
> Jerin Jacob Kollanukkaran <jerinj@marvell.com>; 'Thomas Monjalon'
> <thomas@monjalon.net>
> Subject: [EXT] RE: [PATCH v2 0/3] examples/ipsec-secgw: set default
> 
> External Email
> 
> ----------------------------------------------------------------------
> Hi All,
> 
> This patchset would need ack from more vendors as it will impact user
> experience on a key example application which is normally demonstrated to
> customers.
> 
> IPSec library is still evolving and there are new functionality added every
> release.
> Atleast from NXP side we are not OK with this change.
> 
> I would hold this patch till RC2 atleast.
> 
> Regards,
> Akhil
> 
> > -----Original Message-----
> > From: Bernard Iremonger <bernard.iremonger@intel.com>
> > Sent: Tuesday, October 1, 2019 8:48 PM
> > To: dev@dpdk.org; konstantin.ananyev@intel.com; Akhil Goyal
> > <akhil.goyal@nxp.com>
> > Cc: Bernard Iremonger <bernard.iremonger@intel.com>
> > Subject: [PATCH v2 0/3] examples/ipsec-secgw: set default
> >
> > This patch set, sets the default code path in the ipsec-secgw
> > application to use the librte_ipsec.
> > The *_old test scripts have been modified to use the legacy code path.
> >
> > Changes in v2:
> > -------------
> > The error messages for the -l option have been updated.
> > The pktest.sh script has been updated to drop the -l option.
> >
> > Bernard Iremonger (3):
> >   examples/ipsec-secgw: set default to IPsec library mode
> >   examples/ipsec-secgw: add -l 0 parameter to old scripts
> >   examples/ipsec-secgw: update pktest.sh script
> >
> >  doc/guides/rel_notes/release_19_11.rst             |  8 ++++
> >  doc/guides/sample_app_ug/ipsec_secgw.rst           |  6 ++-
> >  examples/ipsec-secgw/ipsec-secgw.c                 | 46 ++++++++++++++-------
> -
> >  examples/ipsec-secgw/test/pkttest.sh               |  1 -
> >  .../ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh  |  2 +-
> >  .../ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh   |  2 +-
> >  .../ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh   |  2 +-
> >  .../test/trs_aesgcm_inline_crypto_old_defs.sh      |  2 +-
> >  examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh   |  2 +-
> >  .../ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh  |  2 +-
> >  .../ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh   |  2 +-
> >  .../ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh   |  2 +-
> >  .../test/tun_aesgcm_inline_crypto_old_defs.sh      |  2 +-
> >  examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh   |  2 +-
> >  14 files changed, 52 insertions(+), 29 deletions(-)
> >
> > --
> > 2.7.4


^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/3] examples/ipsec-secgw: set default
  2019-10-15 15:05           ` Akhil Goyal
@ 2019-10-16 10:44             ` Ananyev, Konstantin
  2019-10-30  9:29             ` Iremonger, Bernard
  1 sibling, 0 replies; 34+ messages in thread
From: Ananyev, Konstantin @ 2019-10-16 10:44 UTC (permalink / raw)
  To: Akhil Goyal, Iremonger, Bernard, Thomas Monjalon; +Cc: dev, anoobj, jerinj


> > > > > Hi All,
> > > > >
> > > > > This patchset would need ack from more vendors as it will impact
> > > > > user
> > > > experience
> > > > > on a key example application which is normally demonstrated to
> > > customers.
> > > > >
> > > > > IPSec library is still evolving and there are new functionality
> > > > > added every
> > > > release.
> > > > > Atleast from NXP side we are not OK with this change.
> > > >
> > > > What can be changed in the library to make it acceptable as a default
> > > > in this example?
> > > >
> > >
> > > We are observing performance issues with ipsec library. So would request
> > > other Vendors to confirm if they are OK with the performance numbers.
> >
> > Could you give some details on the performance issues you are seeing.
> >
> 
> We were observing about 4-5% drop when using the ipsec-lib instead of the
> Legacy code path. We would again measure it on RC1. 

Yeh, I remember you already mentioned that few months ago...
Though we don't have access to NXP HW, so obviously we do need
some help from you guys here to address it:
configuration/test details so we can try to reproduce it
probably some insight from you what in particular causing that slowdown..
patches would be even better :)
Konstantin

> That is why I say, I will
> Hold this patch till RC2, unless some other vendor also confirms that.

^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/3] examples/ipsec-secgw: set default
  2019-10-15 15:05           ` Akhil Goyal
  2019-10-16 10:44             ` Ananyev, Konstantin
@ 2019-10-30  9:29             ` Iremonger, Bernard
  2019-11-01 13:19               ` Akhil Goyal
  1 sibling, 1 reply; 34+ messages in thread
From: Iremonger, Bernard @ 2019-10-30  9:29 UTC (permalink / raw)
  To: Akhil Goyal, Thomas Monjalon; +Cc: dev, Ananyev, Konstantin, anoobj, jerinj

Hi Akhil,

> -----Original Message-----
> From: Akhil Goyal <akhil.goyal@nxp.com>
> Sent: Tuesday, October 15, 2019 4:05 PM
> To: Iremonger, Bernard <bernard.iremonger@intel.com>; Thomas Monjalon
> <thomas@monjalon.net>
> Cc: dev@dpdk.org; Ananyev, Konstantin <konstantin.ananyev@intel.com>;
> anoobj@marvell.com; jerinj@marvell.com
> Subject: RE: [PATCH v2 0/3] examples/ipsec-secgw: set default
> 
> 
> 
> > > >
> > > > 11/10/2019 14:40, Akhil Goyal:
> > > > > Hi All,
> > > > >
> > > > > This patchset would need ack from more vendors as it will impact
> > > > > user
> > > > experience
> > > > > on a key example application which is normally demonstrated to
> > > customers.
> > > > >
> > > > > IPSec library is still evolving and there are new functionality
> > > > > added every
> > > > release.
> > > > > Atleast from NXP side we are not OK with this change.
> > > >
> > > > What can be changed in the library to make it acceptable as a
> > > > default in this example?
> > > >
> > >
> > > We are observing performance issues with ipsec library. So would
> > > request other Vendors to confirm if they are OK with the performance
> numbers.
> >
> > Could you give some details on the performance issues you are seeing.
> >
> 
> We were observing about 4-5% drop when using the ipsec-lib instead of the
> Legacy code path. We would again measure it on RC1. That is why I say, I will
> Hold this patch till RC2, unless some other vendor also confirms that.

Is there any update on performance measurements on 19.11-rc1 ?

Regards,

Bernard.


^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/3] examples/ipsec-secgw: set default
  2019-10-30  9:29             ` Iremonger, Bernard
@ 2019-11-01 13:19               ` Akhil Goyal
  2019-11-04 15:24                 ` Ananyev, Konstantin
  0 siblings, 1 reply; 34+ messages in thread
From: Akhil Goyal @ 2019-11-01 13:19 UTC (permalink / raw)
  To: Iremonger, Bernard, Thomas Monjalon
  Cc: dev, Ananyev, Konstantin, anoobj, jerinj

Hi Bernard,
> 
> Hi Akhil,
> 
> >
> >
> > > > >
> > > > > 11/10/2019 14:40, Akhil Goyal:
> > > > > > Hi All,
> > > > > >
> > > > > > This patchset would need ack from more vendors as it will impact
> > > > > > user
> > > > > experience
> > > > > > on a key example application which is normally demonstrated to
> > > > customers.
> > > > > >
> > > > > > IPSec library is still evolving and there are new functionality
> > > > > > added every
> > > > > release.
> > > > > > Atleast from NXP side we are not OK with this change.
> > > > >
> > > > > What can be changed in the library to make it acceptable as a
> > > > > default in this example?
> > > > >
> > > >
> > > > We are observing performance issues with ipsec library. So would
> > > > request other Vendors to confirm if they are OK with the performance
> > numbers.
> > >
> > > Could you give some details on the performance issues you are seeing.
> > >
> >
> > We were observing about 4-5% drop when using the ipsec-lib instead of the
> > Legacy code path. We would again measure it on RC1. That is why I say, I will
> > Hold this patch till RC2, unless some other vendor also confirms that.
> 
> Is there any update on performance measurements on 19.11-rc1 ?
> 
The performance impact of this patch is huge ~10% w.r.t. 19.11-rc1 base on NXP hardware.

We cannot merge this. Anoob also reported performance issues on Marvell hardware.



> Regards,
> 
> Bernard.


^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/3] examples/ipsec-secgw: set default
  2019-11-01 13:19               ` Akhil Goyal
@ 2019-11-04 15:24                 ` Ananyev, Konstantin
  2019-11-05  8:01                   ` Akhil Goyal
  2019-11-06 13:55                   ` Anoob Joseph
  0 siblings, 2 replies; 34+ messages in thread
From: Ananyev, Konstantin @ 2019-11-04 15:24 UTC (permalink / raw)
  To: Akhil Goyal, Iremonger, Bernard, Thomas Monjalon
  Cc: dev, anoobj, jerinj, dpdk-techboard

Hi Akhil,

> > > > > >
> > > > > > 11/10/2019 14:40, Akhil Goyal:
> > > > > > > Hi All,
> > > > > > >
> > > > > > > This patchset would need ack from more vendors as it will impact
> > > > > > > user
> > > > > > experience
> > > > > > > on a key example application which is normally demonstrated to
> > > > > customers.
> > > > > > >
> > > > > > > IPSec library is still evolving and there are new functionality
> > > > > > > added every
> > > > > > release.
> > > > > > > Atleast from NXP side we are not OK with this change.
> > > > > >
> > > > > > What can be changed in the library to make it acceptable as a
> > > > > > default in this example?
> > > > > >
> > > > >
> > > > > We are observing performance issues with ipsec library. So would
> > > > > request other Vendors to confirm if they are OK with the performance
> > > numbers.
> > > >
> > > > Could you give some details on the performance issues you are seeing.
> > > >
> > >
> > > We were observing about 4-5% drop when using the ipsec-lib instead of the
> > > Legacy code path. We would again measure it on RC1. That is why I say, I will
> > > Hold this patch till RC2, unless some other vendor also confirms that.
> >
> > Is there any update on performance measurements on 19.11-rc1 ?
> >
> The performance impact of this patch is huge ~10% w.r.t. 19.11-rc1 base on NXP hardware.
> 
> We cannot merge this. Anoob also reported performance issues on Marvell hardware.

Sure, 10% is a lot, so more than understandable.
Though, I think we do need to decide our future goals for it.
I see two main options here:
1.  Make lib code-path on par with legacy one in terms of performance,
     deprecate and then remove legacy code-path.
     Till that happen (deprecation/removal) to minimize code divergence,
      forbid to add new features to legacy code path only.
     New features should be added to both paths, or library code path.
Obviously that one looks like a preferred option to me,
but it requires some effort from all interested parties (Intel, NXP, Marvell, ...).
If everyone is ok with it, then I think it would be good to have some draft timeline here.
If you guys are not interested in this effort, then the only other approach I can think about:  
2. split ipsec-secgw app into 2 (one using librte_ipsec, second using raw devices (legacy one)).
    We probably can still try to keep some code shared by 2 apps:
    (configuration/initialization/session management (SAD, SPD)),
    but actual packet processing path will be different.
I really don't like that option, but I think we need to come-up with clear decision,
one way or another. 

Thanks
Konstantin
     
      


 

^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/3] examples/ipsec-secgw: set default
  2019-11-04 15:24                 ` Ananyev, Konstantin
@ 2019-11-05  8:01                   ` Akhil Goyal
  2019-11-05  9:10                     ` Ananyev, Konstantin
  2019-11-06 13:55                   ` Anoob Joseph
  1 sibling, 1 reply; 34+ messages in thread
From: Akhil Goyal @ 2019-11-05  8:01 UTC (permalink / raw)
  To: Ananyev, Konstantin, Iremonger, Bernard, Thomas Monjalon
  Cc: dev, anoobj, jerinj, dpdk-techboard


Hi Konstantin,

> 
> Hi Akhil,
> 
> > > > > > >
> > > > > > > 11/10/2019 14:40, Akhil Goyal:
> > > > > > > > Hi All,
> > > > > > > >
> > > > > > > > This patchset would need ack from more vendors as it will impact
> > > > > > > > user
> > > > > > > experience
> > > > > > > > on a key example application which is normally demonstrated to
> > > > > > customers.
> > > > > > > >
> > > > > > > > IPSec library is still evolving and there are new functionality
> > > > > > > > added every
> > > > > > > release.
> > > > > > > > Atleast from NXP side we are not OK with this change.
> > > > > > >
> > > > > > > What can be changed in the library to make it acceptable as a
> > > > > > > default in this example?
> > > > > > >
> > > > > >
> > > > > > We are observing performance issues with ipsec library. So would
> > > > > > request other Vendors to confirm if they are OK with the performance
> > > > numbers.
> > > > >
> > > > > Could you give some details on the performance issues you are seeing.
> > > > >
> > > >
> > > > We were observing about 4-5% drop when using the ipsec-lib instead of
> the
> > > > Legacy code path. We would again measure it on RC1. That is why I say, I
> will
> > > > Hold this patch till RC2, unless some other vendor also confirms that.
> > >
> > > Is there any update on performance measurements on 19.11-rc1 ?
> > >
> > The performance impact of this patch is huge ~10% w.r.t. 19.11-rc1 base on
> NXP hardware.
> >
> > We cannot merge this. Anoob also reported performance issues on Marvell
> hardware.
> 
> Sure, 10% is a lot, so more than understandable.
> Though, I think we do need to decide our future goals for it.
> I see two main options here:
> 1.  Make lib code-path on par with legacy one in terms of performance,
>      deprecate and then remove legacy code-path.
>      Till that happen (deprecation/removal) to minimize code divergence,
>       forbid to add new features to legacy code path only.
>      New features should be added to both paths, or library code path.
> Obviously that one looks like a preferred option to me,
> but it requires some effort from all interested parties (Intel, NXP, Marvell, ...).
> If everyone is ok with it, then I think it would be good to have some draft
> timeline here.
> If you guys are not interested in this effort, then the only other approach I can
> think about:
> 2. split ipsec-secgw app into 2 (one using librte_ipsec, second using raw devices
> (legacy one)).
>     We probably can still try to keep some code shared by 2 apps:
>     (configuration/initialization/session management (SAD, SPD)),
>     but actual packet processing path will be different.
> I really don't like that option, but I think we need to come-up with clear decision,
> one way or another.
> 

IMO, Option 1 is the only way forward. From NXP side, we can start our work on this post 19.11 release and should target in 20.02 release.

Regards,
Akhil
 

^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/3] examples/ipsec-secgw: set default
  2019-11-05  8:01                   ` Akhil Goyal
@ 2019-11-05  9:10                     ` Ananyev, Konstantin
  0 siblings, 0 replies; 34+ messages in thread
From: Ananyev, Konstantin @ 2019-11-05  9:10 UTC (permalink / raw)
  To: Akhil Goyal, Iremonger, Bernard, Thomas Monjalon
  Cc: dev, anoobj, jerinj, dpdk-techboard


Hi Akhil,
> >
> > > > > > > >
> > > > > > > > 11/10/2019 14:40, Akhil Goyal:
> > > > > > > > > Hi All,
> > > > > > > > >
> > > > > > > > > This patchset would need ack from more vendors as it will impact
> > > > > > > > > user
> > > > > > > > experience
> > > > > > > > > on a key example application which is normally demonstrated to
> > > > > > > customers.
> > > > > > > > >
> > > > > > > > > IPSec library is still evolving and there are new functionality
> > > > > > > > > added every
> > > > > > > > release.
> > > > > > > > > Atleast from NXP side we are not OK with this change.
> > > > > > > >
> > > > > > > > What can be changed in the library to make it acceptable as a
> > > > > > > > default in this example?
> > > > > > > >
> > > > > > >
> > > > > > > We are observing performance issues with ipsec library. So would
> > > > > > > request other Vendors to confirm if they are OK with the performance
> > > > > numbers.
> > > > > >
> > > > > > Could you give some details on the performance issues you are seeing.
> > > > > >
> > > > >
> > > > > We were observing about 4-5% drop when using the ipsec-lib instead of
> > the
> > > > > Legacy code path. We would again measure it on RC1. That is why I say, I
> > will
> > > > > Hold this patch till RC2, unless some other vendor also confirms that.
> > > >
> > > > Is there any update on performance measurements on 19.11-rc1 ?
> > > >
> > > The performance impact of this patch is huge ~10% w.r.t. 19.11-rc1 base on
> > NXP hardware.
> > >
> > > We cannot merge this. Anoob also reported performance issues on Marvell
> > hardware.
> >
> > Sure, 10% is a lot, so more than understandable.
> > Though, I think we do need to decide our future goals for it.
> > I see two main options here:
> > 1.  Make lib code-path on par with legacy one in terms of performance,
> >      deprecate and then remove legacy code-path.
> >      Till that happen (deprecation/removal) to minimize code divergence,
> >       forbid to add new features to legacy code path only.
> >      New features should be added to both paths, or library code path.
> > Obviously that one looks like a preferred option to me,
> > but it requires some effort from all interested parties (Intel, NXP, Marvell, ...).
> > If everyone is ok with it, then I think it would be good to have some draft
> > timeline here.
> > If you guys are not interested in this effort, then the only other approach I can
> > think about:
> > 2. split ipsec-secgw app into 2 (one using librte_ipsec, second using raw devices
> > (legacy one)).
> >     We probably can still try to keep some code shared by 2 apps:
> >     (configuration/initialization/session management (SAD, SPD)),
> >     but actual packet processing path will be different.
> > I really don't like that option, but I think we need to come-up with clear decision,
> > one way or another.
> >
> 
> IMO, Option 1 is the only way forward. From NXP side, we can start our work on this post 19.11 release and should target in 20.02 release.

Great to hear.
Thanks for clarification.
Konstantin



^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/3] examples/ipsec-secgw: set default
  2019-11-04 15:24                 ` Ananyev, Konstantin
  2019-11-05  8:01                   ` Akhil Goyal
@ 2019-11-06 13:55                   ` Anoob Joseph
  2019-11-18 13:03                     ` Ananyev, Konstantin
  1 sibling, 1 reply; 34+ messages in thread
From: Anoob Joseph @ 2019-11-06 13:55 UTC (permalink / raw)
  To: Ananyev, Konstantin, Akhil Goyal, Iremonger, Bernard, Thomas Monjalon
  Cc: dev, Jerin Jacob Kollanukkaran, dpdk-techboard

Hi Akhil, Konstantin,

Please see inline.

Thanks,
Anoob

> -----Original Message-----
> From: Ananyev, Konstantin <konstantin.ananyev@intel.com>
> Sent: Monday, November 4, 2019 8:55 PM
> To: Akhil Goyal <akhil.goyal@nxp.com>; Iremonger, Bernard
> <bernard.iremonger@intel.com>; Thomas Monjalon <thomas@monjalon.net>
> Cc: dev@dpdk.org; Anoob Joseph <anoobj@marvell.com>; Jerin Jacob
> Kollanukkaran <jerinj@marvell.com>; dpdk-techboard <techboard@dpdk.org>
> Subject: [EXT] RE: [PATCH v2 0/3] examples/ipsec-secgw: set default
> 
> External Email
> 
> ----------------------------------------------------------------------
> Hi Akhil,
> 
> > > > > > >
> > > > > > > 11/10/2019 14:40, Akhil Goyal:
> > > > > > > > Hi All,
> > > > > > > >
> > > > > > > > This patchset would need ack from more vendors as it will
> > > > > > > > impact user
> > > > > > > experience
> > > > > > > > on a key example application which is normally
> > > > > > > > demonstrated to
> > > > > > customers.
> > > > > > > >
> > > > > > > > IPSec library is still evolving and there are new
> > > > > > > > functionality added every
> > > > > > > release.
> > > > > > > > Atleast from NXP side we are not OK with this change.
> > > > > > >
> > > > > > > What can be changed in the library to make it acceptable as
> > > > > > > a default in this example?
> > > > > > >
> > > > > >
> > > > > > We are observing performance issues with ipsec library. So
> > > > > > would request other Vendors to confirm if they are OK with the
> > > > > > performance
> > > > numbers.
> > > > >
> > > > > Could you give some details on the performance issues you are seeing.
> > > > >
> > > >
> > > > We were observing about 4-5% drop when using the ipsec-lib instead
> > > > of the Legacy code path. We would again measure it on RC1. That is
> > > > why I say, I will Hold this patch till RC2, unless some other vendor also
> confirms that.
> > >
> > > Is there any update on performance measurements on 19.11-rc1 ?
> > >
> > The performance impact of this patch is huge ~10% w.r.t. 19.11-rc1 base on
> NXP hardware.
> >
> > We cannot merge this. Anoob also reported performance issues on Marvell
> hardware.
> 
> Sure, 10% is a lot, so more than understandable.
> Though, I think we do need to decide our future goals for it.
> I see two main options here:
> 1.  Make lib code-path on par with legacy one in terms of performance,
>      deprecate and then remove legacy code-path.
>      Till that happen (deprecation/removal) to minimize code divergence,
>       forbid to add new features to legacy code path only.
>      New features should be added to both paths, or library code path.
> Obviously that one looks like a preferred option to me, but it requires some
> effort from all interested parties (Intel, NXP, Marvell, ...).
> If everyone is ok with it, then I think it would be good to have some draft
> timeline here.
> If you guys are not interested in this effort, then the only other approach I can
> think about:

[Anoob] I would say this is the right option. But then, there are features getting added only to lib ipsec mode. There are features like "fallback session" or anti replay which is only added for lib ipsec mode and not for non lib ipsec mode. Such features are good to have but would cost extra cycles in the datapath. Since it is only added for lib ipsec mode, the perf divergence between lib ipsec mode and non lib ipsec mode is fairly obvious.

So what is the solution? Both the modes need to be at par if our end strategy is going to deprecate one. If we need to reach a state where we can do apples to apples comparison, new features should be added to both modes and there should be a consensus on the feature implementations.

Also, looking at the "fallback session" feature, the feature was "pushed" without properly addressing the issues. The solution was hardly suitable for inline ipsec and the comments were ignored. Marvell is not ok with adding checks in datapath for an incomplete feature. Marvell withdrew the objections when it was conveyed that the review comments were deemed invaluable. Also because it was added to lib ipsec path which is not being used currently for our benchmarks. Marvell will be submitting an RFC for supporting fallback session with few changes in the rte_security library. When we attempt that, we can take care of only non lib ipsec mode as lib ipsec mode already has one and Marvell cannot work on two different fronts, when the other contributors themselves don't care about other established modes. 

Also considering that lib ipsec is under constant change, (and is still experimental), I would not be too excited about making it the default immediately. I see that there are usages supported by the non lib ipsec mode, which is not supported by lib ipsec mode.

For example, ipv4 & ipv6 using same SPI is valid for non lib ipsec, but not for lib ipsec. Because of this, the default conf doesn't even run when launched with lib ipsec mode. I'm not sure whether we should rush with making it the default when the whole idea is still "experimental".

> 2. split ipsec-secgw app into 2 (one using librte_ipsec, second using raw devices
> (legacy one)).
>     We probably can still try to keep some code shared by 2 apps:
>     (configuration/initialization/session management (SAD, SPD)),
>     but actual packet processing path will be different.
> I really don't like that option, but I think we need to come-up with clear
> decision, one way or another.
> 
> Thanks
> Konstantin
> 
> 
> 
> 
> 

^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/3] examples/ipsec-secgw: set default
  2019-11-06 13:55                   ` Anoob Joseph
@ 2019-11-18 13:03                     ` Ananyev, Konstantin
  0 siblings, 0 replies; 34+ messages in thread
From: Ananyev, Konstantin @ 2019-11-18 13:03 UTC (permalink / raw)
  To: Anoob Joseph, Akhil Goyal, Iremonger, Bernard, Thomas Monjalon
  Cc: dev, Jerin Jacob Kollanukkaran, dpdk-techboard



> > > > > > > >
> > > > > > > > 11/10/2019 14:40, Akhil Goyal:
> > > > > > > > > Hi All,
> > > > > > > > >
> > > > > > > > > This patchset would need ack from more vendors as it will
> > > > > > > > > impact user
> > > > > > > > experience
> > > > > > > > > on a key example application which is normally
> > > > > > > > > demonstrated to
> > > > > > > customers.
> > > > > > > > >
> > > > > > > > > IPSec library is still evolving and there are new
> > > > > > > > > functionality added every
> > > > > > > > release.
> > > > > > > > > Atleast from NXP side we are not OK with this change.
> > > > > > > >
> > > > > > > > What can be changed in the library to make it acceptable as
> > > > > > > > a default in this example?
> > > > > > > >
> > > > > > >
> > > > > > > We are observing performance issues with ipsec library. So
> > > > > > > would request other Vendors to confirm if they are OK with the
> > > > > > > performance
> > > > > numbers.
> > > > > >
> > > > > > Could you give some details on the performance issues you are seeing.
> > > > > >
> > > > >
> > > > > We were observing about 4-5% drop when using the ipsec-lib instead
> > > > > of the Legacy code path. We would again measure it on RC1. That is
> > > > > why I say, I will Hold this patch till RC2, unless some other vendor also
> > confirms that.
> > > >
> > > > Is there any update on performance measurements on 19.11-rc1 ?
> > > >
> > > The performance impact of this patch is huge ~10% w.r.t. 19.11-rc1 base on
> > NXP hardware.
> > >
> > > We cannot merge this. Anoob also reported performance issues on Marvell
> > hardware.
> >
> > Sure, 10% is a lot, so more than understandable.
> > Though, I think we do need to decide our future goals for it.
> > I see two main options here:
> > 1.  Make lib code-path on par with legacy one in terms of performance,
> >      deprecate and then remove legacy code-path.
> >      Till that happen (deprecation/removal) to minimize code divergence,
> >       forbid to add new features to legacy code path only.
> >      New features should be added to both paths, or library code path.
> > Obviously that one looks like a preferred option to me, but it requires some
> > effort from all interested parties (Intel, NXP, Marvell, ...).
> > If everyone is ok with it, then I think it would be good to have some draft
> > timeline here.
> > If you guys are not interested in this effort, then the only other approach I can
> > think about:
> 
> [Anoob] I would say this is the right option. But then, there are features getting added only to lib ipsec mode. There are features like
> "fallback session" or anti replay which is only added for lib ipsec mode and not for non lib ipsec mode. Such features are good to have
> but would cost extra cycles in the datapath. Since it is only added for lib ipsec mode, the perf divergence between lib ipsec mode and
> non lib ipsec mode is fairly obvious.

AFAIK, all these features are optional and can be disabled.
For performance comparison, I'd expect we run lib mode with extra features disabled. 

> 
> So what is the solution? Both the modes need to be at par if our end strategy is going to deprecate one. If we need to reach a state
> where we can do apples to apples comparison, new features should be added to both modes and there should be a consensus on the
> feature implementations.
> 
> Also, looking at the "fallback session" feature, the feature was "pushed" without properly addressing the issues. The solution was
> hardly suitable for inline ipsec and the comments were ignored. Marvell is not ok with adding checks in datapath for an incomplete
> feature. Marvell withdrew the objections when it was conveyed that the review comments were deemed invaluable. Also because it
> was added to lib ipsec path which is not being used currently for our benchmarks. Marvell will be submitting an RFC for supporting
> fallback session with few changes in the rte_security library. When we attempt that, we can take care of only non lib ipsec mode as lib
> ipsec mode already has one and Marvell cannot work on two different fronts, when the other contributors themselves don't care
> about other established modes.
> 
> Also considering that lib ipsec is under constant change, (and is still experimental), I would not be too excited about making it the
> default immediately. I see that there are usages supported by the non lib ipsec mode, which is not supported by lib ipsec mode.
> 
> For example, ipv4 & ipv6 using same SPI is valid for non lib ipsec, but not for lib ipsec. Because of this, the default conf doesn't even
> run when launched with lib ipsec mode. I'm not sure whether we should rush with making it the default when the whole idea is still
> "experimental".
> 
> > 2. split ipsec-secgw app into 2 (one using librte_ipsec, second using raw devices
> > (legacy one)).
> >     We probably can still try to keep some code shared by 2 apps:
> >     (configuration/initialization/session management (SAD, SPD)),
> >     but actual packet processing path will be different.
> > I really don't like that option, but I think we need to come-up with clear
> > decision, one way or another.
> >
> > Thanks
> > Konstantin
> >
> >
> >
> >
> >

^ permalink raw reply	[flat|nested] 34+ messages in thread

end of thread, other threads:[~2019-11-18 13:03 UTC | newest]

Thread overview: 34+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-29  8:59 [dpdk-dev] [PATCH 0/2] examples/ipsec-secgw: set default Bernard Iremonger
2019-08-29  8:59 ` [dpdk-dev] [PATCH 1/2] examples/ipsec-secgw: set default to IPsec library mode Bernard Iremonger
2019-09-26 13:47   ` Ananyev, Konstantin
2019-09-26 13:51     ` Iremonger, Bernard
2019-08-29  8:59 ` [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: add -l 0 parameter to old scripts Bernard Iremonger
2019-09-26 13:43   ` Ananyev, Konstantin
2019-09-26 13:46     ` Iremonger, Bernard
2019-10-01 15:17 ` [dpdk-dev] [PATCH v2 0/3] examples/ipsec-secgw: set default Bernard Iremonger
2019-10-01 17:30   ` Ananyev, Konstantin
2019-10-02  8:59     ` Iremonger, Bernard
2019-10-02  9:11       ` Ananyev, Konstantin
2019-10-11 12:40   ` Akhil Goyal
2019-10-11 15:13     ` Iremonger, Bernard
2019-10-11 15:23     ` Thomas Monjalon
2019-10-15  6:42       ` Akhil Goyal
2019-10-15  8:54         ` Iremonger, Bernard
2019-10-15 15:05           ` Akhil Goyal
2019-10-16 10:44             ` Ananyev, Konstantin
2019-10-30  9:29             ` Iremonger, Bernard
2019-11-01 13:19               ` Akhil Goyal
2019-11-04 15:24                 ` Ananyev, Konstantin
2019-11-05  8:01                   ` Akhil Goyal
2019-11-05  9:10                     ` Ananyev, Konstantin
2019-11-06 13:55                   ` Anoob Joseph
2019-11-18 13:03                     ` Ananyev, Konstantin
2019-10-16  4:18     ` Anoob Joseph
2019-10-01 15:17 ` [dpdk-dev] [PATCH v2 1/3] examples/ipsec-secgw: set default to IPsec library mode Bernard Iremonger
2019-10-14 13:53   ` Nicolau, Radu
2019-10-01 15:17 ` [dpdk-dev] [PATCH v2 2/3] examples/ipsec-secgw: add -l 0 parameter to old scripts Bernard Iremonger
2019-10-01 17:28   ` Ananyev, Konstantin
2019-10-14 13:55   ` Nicolau, Radu
2019-10-01 15:18 ` [dpdk-dev] [PATCH v2 3/3] examples/ipsec-secgw: update pktest.sh script Bernard Iremonger
2019-10-01 17:29   ` Ananyev, Konstantin
2019-10-14 13:56   ` Nicolau, Radu

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).