From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by dpdk.org (Postfix) with ESMTP id 81C9E2BFD for ; Fri, 11 Mar 2016 03:12:07 +0100 (CET) Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga101.fm.intel.com with ESMTP; 10 Mar 2016 18:12:07 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.24,318,1455004800"; d="scan'208";a="934367554" Received: from irsmsx154.ger.corp.intel.com ([163.33.192.96]) by fmsmga002.fm.intel.com with ESMTP; 10 Mar 2016 18:12:05 -0800 Received: from irsmsx108.ger.corp.intel.com ([169.254.11.13]) by IRSMSX154.ger.corp.intel.com ([169.254.12.174]) with mapi id 14.03.0248.002; Fri, 11 Mar 2016 02:12:05 +0000 From: "De Lara Guarch, Pablo" To: "Gonzalez Monroy, Sergio" , "dev@dpdk.org" Thread-Topic: [dpdk-dev] [PATCH v2] example/ipsec-secgw: ipsec security gateway Thread-Index: AQHRezban4Fsi2yqwEq+6NP95/DNTp9Tf05A Date: Fri, 11 Mar 2016 02:12:05 +0000 Message-ID: References: <1454099352-29040-1-git-send-email-sergio.gonzalez.monroy@intel.com> <1457660333-95971-1-git-send-email-sergio.gonzalez.monroy@intel.com> In-Reply-To: <1457660333-95971-1-git-send-email-sergio.gonzalez.monroy@intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiN2Q4MGIzYzktYzcxYy00YmM1LWFiYjktYTU3ZDg5YTcyNGRjIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX0lDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE1LjkuNi42IiwiVHJ1c3RlZExhYmVsSGFzaCI6ImI2UUxvdXlwOXNOaDZtYkpWdVRTZ2k3Q3RsNmRSb3Q2RXFiY1E3bmlRZVU9In0= x-ctpclassification: CTP_IC x-originating-ip: [163.33.239.181] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dpdk-dev] [PATCH v2] example/ipsec-secgw: ipsec security gateway X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Mar 2016 02:12:08 -0000 Hi, > -----Original Message----- > From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Sergio Gonzalez > Monroy > Sent: Friday, March 11, 2016 1:39 AM > To: dev@dpdk.org > Subject: [dpdk-dev] [PATCH v2] example/ipsec-secgw: ipsec security gatewa= y >=20 > Sample app implementing an IPsec Security Geteway. > The main goal of this app is to show the use of cryptodev framework > in a "real world" application. >=20 > Currently only supported static IPv4 ESP IPsec tunnels for the following > algorithms: > - Cipher: AES-CBC, NULL > - Authentication: HMAC-SHA1, NULL >=20 > Not supported: > - SA auto negotiation (No IKE implementation) > - chained mbufs >=20 > Signed-off-by: Sergio Gonzalez Monroy > --- >=20 > v2: > - Update to use new cryptodev API > - NULL PMD support > * dependency on "null_crypto_pmd: PMD to support null crypto > operations" > http://dpdk.org/dev/patchwork/patch/11428/ > - Added --single-sa option to bypass SP/ACL > - Removed option for QAT/AESNI and instead expects vdev to be created > through EAL with command line options. > * dependency on "cryptodev: add capabilities discovery mechanism" > http://dpdk.org/dev/patchwork/patch/11434/ > - fixed inbound traffic bug > - fixed bug with single core bi-directional traffic (inbound and outboun= d) >=20 > MAINTAINERS | 4 + > doc/guides/rel_notes/release_16_04.rst | 3 + > doc/guides/sample_app_ug/index.rst | 1 + > doc/guides/sample_app_ug/ipsec_secgw.rst | 524 ++++++++++++ > examples/Makefile | 2 + > examples/ipsec-secgw/Makefile | 58 ++ > examples/ipsec-secgw/esp.c | 250 ++++++ > examples/ipsec-secgw/esp.h | 66 ++ > examples/ipsec-secgw/ipip.h | 103 +++ > examples/ipsec-secgw/ipsec-secgw.c | 1360 > ++++++++++++++++++++++++++++++ > examples/ipsec-secgw/ipsec.c | 203 +++++ > examples/ipsec-secgw/ipsec.h | 192 +++++ > examples/ipsec-secgw/rt.c | 144 ++++ > examples/ipsec-secgw/sa.c | 438 ++++++++++ > examples/ipsec-secgw/sp.c | 364 ++++++++ > 15 files changed, 3712 insertions(+) > create mode 100644 doc/guides/sample_app_ug/ipsec_secgw.rst > create mode 100644 examples/ipsec-secgw/Makefile > create mode 100644 examples/ipsec-secgw/esp.c > create mode 100644 examples/ipsec-secgw/esp.h > create mode 100644 examples/ipsec-secgw/ipip.h > create mode 100644 examples/ipsec-secgw/ipsec-secgw.c > create mode 100644 examples/ipsec-secgw/ipsec.c > create mode 100644 examples/ipsec-secgw/ipsec.h > create mode 100644 examples/ipsec-secgw/rt.c > create mode 100644 examples/ipsec-secgw/sa.c > create mode 100644 examples/ipsec-secgw/sp.c >=20 > diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst > b/doc/guides/sample_app_ug/ipsec_secgw.rst > new file mode 100644 > index 0000000..bc41ea8 > --- /dev/null > +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst > @@ -0,0 +1,524 @@ > +.. BSD LICENSE > + Copyright(c) 2010-2016 Intel Corporation. All rights reserved. > + All rights reserved. Copyright dates should be 2016, not from 2010. > + > + Redistribution and use in source and binary forms, with or without > + modification, are permitted provided that the following conditions > + are met: > + > + * Redistributions of source code must retain the above copyright > + notice, this list of conditions and the following disclaimer. > + * Redistributions in binary form must reproduce the above copyright > + notice, this list of conditions and the following disclaimer in > + the documentation and/or other materials provided with the > + distribution. [...] > +static inline void > +process_pkts(struct lcore_conf *qconf, struct rte_mbuf **pkts, > + uint8_t nb_pkts, uint8_t portid) > +{ > + struct ipsec_traffic traffic =3D { 0 }; Clang complains here. > + > + prepare_traffic(pkts, &traffic, nb_pkts); > + > + if (single_sa) { > + if (UNPROTECTED_PORT(portid)) > + process_pkts_inbound_nosp(&qconf->inbound, > &traffic); > + else > + process_pkts_outbound_nosp(&qconf->outbound, > &traffic); > + } else { > + if (UNPROTECTED_PORT(portid)) > + process_pkts_inbound(&qconf->inbound, &traffic); > + else > + process_pkts_outbound(&qconf->outbound, > &traffic); > + } > + > + route_pkts(qconf->rt_ctx, traffic.ipv4.pkts, traffic.ipv4.num); > +} > +