From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 2E872A04F3; Tue, 24 Dec 2019 14:13:29 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 9FB291C01; Tue, 24 Dec 2019 14:13:27 +0100 (CET) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by dpdk.org (Postfix) with ESMTP id 9039EF72 for ; Tue, 24 Dec 2019 14:13:25 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 24 Dec 2019 05:13:24 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.69,351,1571727600"; d="scan'208";a="249823272" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by fmsmga002.fm.intel.com with ESMTP; 24 Dec 2019 05:13:24 -0800 Received: from fmsmsx156.amr.corp.intel.com (10.18.116.74) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.439.0; Tue, 24 Dec 2019 05:13:24 -0800 Received: from FMSEDG002.ED.cps.intel.com (10.1.192.134) by fmsmsx156.amr.corp.intel.com (10.18.116.74) with Microsoft SMTP Server (TLS) id 14.3.439.0; Tue, 24 Dec 2019 05:13:09 -0800 Received: from NAM04-SN1-obe.outbound.protection.outlook.com (104.47.44.53) by edgegateway.intel.com (192.55.55.69) with Microsoft SMTP Server (TLS) id 14.3.439.0; Tue, 24 Dec 2019 05:13:08 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LvLxMusfN7+RoxqzptBVzfOmKKFFJN8NdCpzWs6DBFyggJKuxJovZvJA8G+vDoX712YyFgf+/2zU2J+hiqzw/tJ5CQxsQ1zJodMrlVYINucdzOtJMAByYLEv/nAkM6kIe0ZExTG7swXDs+WPv3TUatEg58BYMxb6dEm2BsTfvfZ8fhpv3rmbNu+rIaSG4ftgjDUScbSbTqLb7J7tJpV7cSO4Jjogchy8J+EPUBaODSiyN1qC1kNCN1dXz+QHLL0fbrjW1Qs+FY2ZYAwTqwhUfqdot9h9tULoFHcailZkJjmh+VJSR2IIhaA68dmggV7c4+Byi7u1TXdndJ8sfwvE3w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1TFVK4Vp4luQ6AKWdNwTYM3i3MbtyhiQezXEbqLOG3A=; b=UgYZ3stwZcZNFvlV5Pvu2mTLM6SNTat6NnOCuUXYTq09CP9AwwaFMDVu2WfKg9dN5N0ds2rBlqB9pg1GU8O4U1TyJcdfO/DaBRwoVVUgFhJvk2Ba26abslXLU29iPIZzmKZMRWIXV1e5utK1ZrOOZ+9dOhQ7dlv6YVq6UrzQiy6wODEv9cj4LCXMCaCvgfI8jRALhOT9hk2ud9Thi5xrEYS4SeqbKy2PYDMINu51GaFgXh1m2Z0/ASpkaD9fQClqtF/XtVvaMqLKBYinR1Tc0bQWD7B8bthcaZxgHtP1yaBiP/xi5H6VJWIouSDq0KCXdVDTJKTeIoLDMo5laHAlqg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1TFVK4Vp4luQ6AKWdNwTYM3i3MbtyhiQezXEbqLOG3A=; b=U3ZhWX+liK7sRq4cdsx2BykbofFs31xTjw9NHz+2Rx2iZYkU6Lau+Pa3PPCEaQswwZj/sTHx/4FeRwET5h92P3NRUOLUEBJkRv8wZbaTr5/+Vi3AW1NyTAhPP48BQuZlhetgUI8GEOrAyqy33+eQM7UGz9RWZE/4JcB/f54ZldM= Received: from SN6PR11MB2558.namprd11.prod.outlook.com (52.135.94.19) by SN6PR11MB3088.namprd11.prod.outlook.com (52.135.124.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2559.13; Tue, 24 Dec 2019 13:13:07 +0000 Received: from SN6PR11MB2558.namprd11.prod.outlook.com ([fe80::4d86:362a:13c3:8386]) by SN6PR11MB2558.namprd11.prod.outlook.com ([fe80::4d86:362a:13c3:8386%7]) with mapi id 15.20.2559.017; Tue, 24 Dec 2019 13:13:06 +0000 From: "Ananyev, Konstantin" To: Anoob Joseph , Akhil Goyal , "Nicolau, Radu" , Thomas Monjalon CC: Lukasz Bartosik , Jerin Jacob , Narayana Prasad , Ankur Dwivedi , Archana Muniganti , Tejasree Kondoj , Vamsi Attunuru , "dev@dpdk.org" Thread-Topic: [PATCH 11/14] examples/ipsec-secgw: add app processing code Thread-Index: AQHVrcOadPqTP1DsRkKLTgq8QBAlEKfJVg1w Date: Tue, 24 Dec 2019 13:13:06 +0000 Message-ID: References: <1575808249-31135-1-git-send-email-anoobj@marvell.com> <1575808249-31135-12-git-send-email-anoobj@marvell.com> In-Reply-To: <1575808249-31135-12-git-send-email-anoobj@marvell.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMTY0ZDE0YWUtZWY5YS00ZDZlLWE3M2MtYTgzMmEzYjI4OWQ0IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoicGlXQ1I5VU9KaUMrbFBnNXgyRGxpQmt2U1RwdkQwdVJkQnlvc2FFUnFja2ptMFM0a1VydW9vUks0c0tJbU5XNSJ9 dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.2.0.6 x-ctpclassification: CTP_NT authentication-results: spf=none (sender IP is ) smtp.mailfrom=konstantin.ananyev@intel.com; x-originating-ip: [192.198.151.176] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: b4e29c2c-40b8-480b-8d1e-08d788730437 x-ms-traffictypediagnostic: SN6PR11MB3088: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7691; x-forefront-prvs: 0261CCEEDF x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(39860400002)(366004)(396003)(346002)(136003)(189003)(199004)(81156014)(64756008)(8676002)(66446008)(33656002)(66946007)(8936002)(4326008)(9686003)(76116006)(7416002)(55016002)(52536014)(66556008)(5660300002)(66476007)(478600001)(81166006)(2906002)(86362001)(186003)(110136005)(316002)(6506007)(26005)(7696005)(71200400001)(54906003); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR11MB3088; H:SN6PR11MB2558.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: pOvJW/GMHU8Rj8yeVJ0JP46+JkDXmHag57NP3WI6pEC/e+LQsn39i4WUwdyYuM0fPgTg1QOkxQ9CDt2CDb91GOCvlURBGdQrBd29riXeQfOd/pvINCfZZEHXG/cCDNMcC0Bot0aJ9Ll+UC/lZtrSLPamHVlaH2nwBeM5Bs9e6Am0Grjghy9C9PYxtqKj0Bv2NmmmzPBTzbJYAgiC+KlNKCM4gy5KUBGnQdVZy1DEGmw0af6XHaR9sR6hncyHJuunsusVt+UIl8SU6cX0VPsPTWW1UyuTNmmpA+4nyv5obqQnSkLTfAfbQ5eUsNolXOZxqDsKHFpcjxjfMIUoW8sjzU8nEin0uil3xFzriiI/Fvqzzjio5T1IyekGPfTMBKUYzIcUDJxu8072G3ihAA9bSQjxsx+9LwNUxHPJWVcHvw19SkzuNr6znyyLzN8J8xS3 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: b4e29c2c-40b8-480b-8d1e-08d788730437 X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Dec 2019 13:13:06.7521 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: vBQrJxZeKHpUeUmQ5+b1+NKC7u8bu0SbZxse9p+PYrxgHl8+xpBh81qOuZrbzQPnjazMOLmAml28zLNgrn3TM5/qUuHyBfYUEU26IEZCQXs= X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR11MB3088 X-OriginatorOrg: intel.com Subject: Re: [dpdk-dev] [PATCH 11/14] examples/ipsec-secgw: add app processing code X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" > --- a/examples/ipsec-secgw/ipsec_worker.c > +++ b/examples/ipsec-secgw/ipsec_worker.c > @@ -15,6 +15,7 @@ > #include > #include >=20 > +#include > #include > #include > #include > @@ -29,12 +30,51 @@ > #include > #include > #include > +#include > +#include >=20 > #include "ipsec.h" > +#include "ipsec_worker.h" > #include "event_helper.h" >=20 > extern volatile bool force_quit; >=20 > +static inline enum pkt_type > +process_ipsec_get_pkt_type(struct rte_mbuf *pkt, uint8_t **nlp) > +{ > + struct rte_ether_hdr *eth; > + > + eth =3D rte_pktmbuf_mtod(pkt, struct rte_ether_hdr *); > + if (eth->ether_type =3D=3D rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4)) { > + *nlp =3D RTE_PTR_ADD(eth, RTE_ETHER_HDR_LEN + > + offsetof(struct ip, ip_p)); > + if (**nlp =3D=3D IPPROTO_ESP) > + return PKT_TYPE_IPSEC_IPV4; > + else > + return PKT_TYPE_PLAIN_IPV4; > + } else if (eth->ether_type =3D=3D rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6)= ) { > + *nlp =3D RTE_PTR_ADD(eth, RTE_ETHER_HDR_LEN + > + offsetof(struct ip6_hdr, ip6_nxt)); > + if (**nlp =3D=3D IPPROTO_ESP) > + return PKT_TYPE_IPSEC_IPV6; > + else > + return PKT_TYPE_PLAIN_IPV6; > + } > + > + /* Unknown/Unsupported type */ > + return PKT_TYPE_INVALID; > +} Looking though that file, it seems like you choose to create your own set o= f helper functions, instead of trying to reuse existing ones:=20 process_ipsec_get_pkt_type() VS prepare_one_packet() update_mac_addrs() VS prepare_tx_pkt() check_sp() VS inbound_sp_sa() Obviously there is nothing good in code (and possible bugs) duplication. Any reason why you can't reuse existing functions and need to reinvent your= own? =20 > + > +static inline void > +update_mac_addrs(struct rte_mbuf *pkt, uint16_t portid) > +{ > + struct rte_ether_hdr *ethhdr; > + > + ethhdr =3D rte_pktmbuf_mtod(pkt, struct rte_ether_hdr *); > + memcpy(ðhdr->s_addr, ðaddr_tbl[portid].src, RTE_ETHER_ADDR_LEN); > + memcpy(ðhdr->d_addr, ðaddr_tbl[portid].dst, RTE_ETHER_ADDR_LEN); > +} > + > static inline void > ipsec_event_pre_forward(struct rte_mbuf *m, unsigned int port_id) > { > @@ -45,6 +85,177 @@ ipsec_event_pre_forward(struct rte_mbuf *m, unsigned = int port_id) > rte_event_eth_tx_adapter_txq_set(m, 0); > } >=20 > +static inline int > +check_sp(struct sp_ctx *sp, const uint8_t *nlp, uint32_t *sa_idx) > +{ > + uint32_t res; > + > + if (unlikely(sp =3D=3D NULL)) > + return 0; > + > + rte_acl_classify((struct rte_acl_ctx *)sp, &nlp, &res, 1, > + DEFAULT_MAX_CATEGORIES); > + > + if (unlikely(res =3D=3D 0)) { > + /* No match */ > + return 0; > + } > + > + if (res =3D=3D DISCARD) > + return 0; > + else if (res =3D=3D BYPASS) { > + *sa_idx =3D 0; > + return 1; > + } > + > + *sa_idx =3D SPI2IDX(res); > + if (*sa_idx < IPSEC_SA_MAX_ENTRIES) > + return 1; > + > + /* Invalid SA IDX */ > + return 0; > +} > + > +static inline uint16_t > +route4_pkt(struct rte_mbuf *pkt, struct rt_ctx *rt_ctx) > +{ > + uint32_t dst_ip; > + uint16_t offset; > + uint32_t hop; > + int ret; > + > + offset =3D RTE_ETHER_HDR_LEN + offsetof(struct ip, ip_dst); > + dst_ip =3D *rte_pktmbuf_mtod_offset(pkt, uint32_t *, offset); > + dst_ip =3D rte_be_to_cpu_32(dst_ip); > + > + ret =3D rte_lpm_lookup((struct rte_lpm *)rt_ctx, dst_ip, &hop); > + > + if (ret =3D=3D 0) { > + /* We have a hit */ > + return hop; > + } > + > + /* else */ > + return RTE_MAX_ETHPORTS; > +} > + > +/* TODO: To be tested */ > +static inline uint16_t > +route6_pkt(struct rte_mbuf *pkt, struct rt_ctx *rt_ctx) > +{ > + uint8_t dst_ip[16]; > + uint8_t *ip6_dst; > + uint16_t offset; > + uint32_t hop; > + int ret; > + > + offset =3D RTE_ETHER_HDR_LEN + offsetof(struct ip6_hdr, ip6_dst); > + ip6_dst =3D rte_pktmbuf_mtod_offset(pkt, uint8_t *, offset); > + memcpy(&dst_ip[0], ip6_dst, 16); > + > + ret =3D rte_lpm6_lookup((struct rte_lpm6 *)rt_ctx, dst_ip, &hop); > + > + if (ret =3D=3D 0) { > + /* We have a hit */ > + return hop; > + } > + > + /* else */ > + return RTE_MAX_ETHPORTS; > +} > + > +static inline uint16_t > +get_route(struct rte_mbuf *pkt, struct route_table *rt, enum pkt_type ty= pe) > +{ > + if (type =3D=3D PKT_TYPE_PLAIN_IPV4 || type =3D=3D PKT_TYPE_IPSEC_IPV4) > + return route4_pkt(pkt, rt->rt4_ctx); > + else if (type =3D=3D PKT_TYPE_PLAIN_IPV6 || type =3D=3D PKT_TYPE_IPSEC_= IPV6) > + return route6_pkt(pkt, rt->rt6_ctx); > + > + return RTE_MAX_ETHPORTS; > +} > + > +static inline int > +process_ipsec_ev_inbound(struct ipsec_ctx *ctx, struct route_table *rt, > + struct rte_event *ev) > +{ > + struct ipsec_sa *sa =3D NULL; > + struct rte_mbuf *pkt; > + uint16_t port_id =3D 0; > + enum pkt_type type; > + uint32_t sa_idx; > + uint8_t *nlp; > + > + /* Get pkt from event */ > + pkt =3D ev->mbuf; > + > + /* Check the packet type */ > + type =3D process_ipsec_get_pkt_type(pkt, &nlp); > + > + switch (type) { > + case PKT_TYPE_PLAIN_IPV4: > + if (pkt->ol_flags & PKT_RX_SEC_OFFLOAD) > + sa =3D (struct ipsec_sa *) pkt->udata64; > + > + /* Check if we have a match */ > + if (check_sp(ctx->sp4_ctx, nlp, &sa_idx) =3D=3D 0) { > + /* No valid match */ > + goto drop_pkt_and_exit; > + } > + break; > + > + case PKT_TYPE_PLAIN_IPV6: > + if (pkt->ol_flags & PKT_RX_SEC_OFFLOAD) > + sa =3D (struct ipsec_sa *) pkt->udata64; > + > + /* Check if we have a match */ > + if (check_sp(ctx->sp6_ctx, nlp, &sa_idx) =3D=3D 0) { > + /* No valid match */ > + goto drop_pkt_and_exit; > + } > + break; > + > + default: > + RTE_LOG(ERR, IPSEC, "Unsupported packet type =3D %d\n", type); > + goto drop_pkt_and_exit; > + } > + > + /* Check if the packet has to be bypassed */ > + if (sa_idx =3D=3D 0) > + goto route_and_send_pkt; > + > + /* Else the packet has to be protected with SA */ > + > + /* If the packet was IPsec processed, then SA pointer should be set */ > + if (sa =3D=3D NULL) > + goto drop_pkt_and_exit; > + > + /* SPI on the packet should match with the one in SA */ > + if (unlikely(sa->spi !=3D sa_idx)) > + goto drop_pkt_and_exit; > + > +route_and_send_pkt: > + port_id =3D get_route(pkt, rt, type); > + if (unlikely(port_id =3D=3D RTE_MAX_ETHPORTS)) { > + /* no match */ > + goto drop_pkt_and_exit; > + } > + /* else, we have a matching route */ > + > + /* Update mac addresses */ > + update_mac_addrs(pkt, port_id); > + > + /* Update the event with the dest port */ > + ipsec_event_pre_forward(pkt, port_id); > + return 1; > + > +drop_pkt_and_exit: > + RTE_LOG(ERR, IPSEC, "Inbound packet dropped\n"); > + rte_pktmbuf_free(pkt); > + ev->mbuf =3D NULL; > + return 0; > +} > + > /* > * Event mode exposes various operating modes depending on the > * capabilities of the event device and the operating mode > @@ -134,11 +345,11 @@ static void > ipsec_wrkr_non_burst_int_port_app_mode_inb(struct eh_event_link_info *li= nks, > uint8_t nb_links) > { > + struct lcore_conf_ev_tx_int_port_wrkr lconf; > unsigned int nb_rx =3D 0; > - unsigned int port_id; > - struct rte_mbuf *pkt; > struct rte_event ev; > uint32_t lcore_id; > + int32_t socket_id; >=20 > /* Check if we have links registered for this lcore */ > if (nb_links =3D=3D 0) { > @@ -151,6 +362,21 @@ ipsec_wrkr_non_burst_int_port_app_mode_inb(struct eh= _event_link_info *links, > /* Get core ID */ > lcore_id =3D rte_lcore_id(); >=20 > + /* Get socket ID */ > + socket_id =3D rte_lcore_to_socket_id(lcore_id); > + > + /* Save routing table */ > + lconf.rt.rt4_ctx =3D socket_ctx[socket_id].rt_ip4; > + lconf.rt.rt6_ctx =3D socket_ctx[socket_id].rt_ip6; > + lconf.inbound.sp4_ctx =3D socket_ctx[socket_id].sp_ip4_in; > + lconf.inbound.sp6_ctx =3D socket_ctx[socket_id].sp_ip6_in; > + lconf.inbound.sa_ctx =3D socket_ctx[socket_id].sa_in; > + lconf.inbound.session_pool =3D socket_ctx[socket_id].session_pool; > + lconf.outbound.sp4_ctx =3D socket_ctx[socket_id].sp_ip4_out; > + lconf.outbound.sp6_ctx =3D socket_ctx[socket_id].sp_ip6_out; > + lconf.outbound.sa_ctx =3D socket_ctx[socket_id].sa_out; > + lconf.outbound.session_pool =3D socket_ctx[socket_id].session_pool; > + > RTE_LOG(INFO, IPSEC, > "Launching event mode worker (non-burst - Tx internal port - " > "app mode - inbound) on lcore %d\n", lcore_id); > @@ -175,13 +401,11 @@ ipsec_wrkr_non_burst_int_port_app_mode_inb(struct e= h_event_link_info *links, > if (nb_rx =3D=3D 0) > continue; >=20 > - port_id =3D ev.queue_id; > - pkt =3D ev.mbuf; > - > - rte_prefetch0(rte_pktmbuf_mtod(pkt, void *)); > - > - /* Process packet */ > - ipsec_event_pre_forward(pkt, port_id); > + if (process_ipsec_ev_inbound(&lconf.inbound, > + &lconf.rt, &ev) !=3D 1) { > + /* The pkt has been dropped */ > + continue; > + } >=20 > /* > * Since tx internal port is available, events can be > diff --git a/examples/ipsec-secgw/ipsec_worker.h b/examples/ipsec-secgw/i= psec_worker.h > new file mode 100644 > index 0000000..fd18a2e > --- /dev/null > +++ b/examples/ipsec-secgw/ipsec_worker.h > @@ -0,0 +1,39 @@ > +/* SPDX-License-Identifier: BSD-3-Clause > + * Copyright(c) 2018 Cavium, Inc > + */ > +#ifndef _IPSEC_WORKER_H_ > +#define _IPSEC_WORKER_H_ > + > +#include "ipsec.h" > + > +enum pkt_type { > + PKT_TYPE_PLAIN_IPV4 =3D 1, > + PKT_TYPE_IPSEC_IPV4, > + PKT_TYPE_PLAIN_IPV6, > + PKT_TYPE_IPSEC_IPV6, > + PKT_TYPE_INVALID > +}; > + > +struct route_table { > + struct rt_ctx *rt4_ctx; > + struct rt_ctx *rt6_ctx; > +}; > + > +/* > + * Conf required by event mode worker with tx internal port > + */ > +struct lcore_conf_ev_tx_int_port_wrkr { > + struct ipsec_ctx inbound; > + struct ipsec_ctx outbound; > + struct route_table rt; > +} __rte_cache_aligned; > + > +/* TODO > + * > + * Move this function to ipsec_worker.c > + */ > +void ipsec_poll_mode_worker(void); > + > +int ipsec_launch_one_lcore(void *args); > + > +#endif /* _IPSEC_WORKER_H_ */ > diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c > index 7f046e3..9e17ba0 100644 > --- a/examples/ipsec-secgw/sa.c > +++ b/examples/ipsec-secgw/sa.c > @@ -772,17 +772,6 @@ print_one_sa_rule(const struct ipsec_sa *sa, int inb= ound) > printf("\n"); > } >=20 > -struct sa_ctx { > - void *satbl; /* pointer to array of rte_ipsec_sa objects*/ > - struct ipsec_sa sa[IPSEC_SA_MAX_ENTRIES]; > - union { > - struct { > - struct rte_crypto_sym_xform a; > - struct rte_crypto_sym_xform b; > - }; > - } xf[IPSEC_SA_MAX_ENTRIES]; > -}; > - > static struct sa_ctx * > sa_create(const char *name, int32_t socket_id) > { > -- > 2.7.4