From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pablo.de.lara.guarch@intel.com>
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
 by dpdk.org (Postfix) with ESMTP id 81C9E2BFD
 for <dev@dpdk.org>; Fri, 11 Mar 2016 03:12:07 +0100 (CET)
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
 by fmsmga101.fm.intel.com with ESMTP; 10 Mar 2016 18:12:07 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.24,318,1455004800"; d="scan'208";a="934367554"
Received: from irsmsx154.ger.corp.intel.com ([163.33.192.96])
 by fmsmga002.fm.intel.com with ESMTP; 10 Mar 2016 18:12:05 -0800
Received: from irsmsx108.ger.corp.intel.com ([169.254.11.13]) by
 IRSMSX154.ger.corp.intel.com ([169.254.12.174]) with mapi id 14.03.0248.002;
 Fri, 11 Mar 2016 02:12:05 +0000
From: "De Lara Guarch, Pablo" <pablo.de.lara.guarch@intel.com>
To: "Gonzalez Monroy, Sergio" <sergio.gonzalez.monroy@intel.com>,
 "dev@dpdk.org" <dev@dpdk.org>
Thread-Topic: [dpdk-dev] [PATCH v2] example/ipsec-secgw: ipsec security gateway
Thread-Index: AQHRezban4Fsi2yqwEq+6NP95/DNTp9Tf05A
Date: Fri, 11 Mar 2016 02:12:05 +0000
Message-ID: <E115CCD9D858EF4F90C690B0DCB4D8973C8C87BF@IRSMSX108.ger.corp.intel.com>
References: <1454099352-29040-1-git-send-email-sergio.gonzalez.monroy@intel.com>
 <1457660333-95971-1-git-send-email-sergio.gonzalez.monroy@intel.com>
In-Reply-To: <1457660333-95971-1-git-send-email-sergio.gonzalez.monroy@intel.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiN2Q4MGIzYzktYzcxYy00YmM1LWFiYjktYTU3ZDg5YTcyNGRjIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX0lDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE1LjkuNi42IiwiVHJ1c3RlZExhYmVsSGFzaCI6ImI2UUxvdXlwOXNOaDZtYkpWdVRTZ2k3Q3RsNmRSb3Q2RXFiY1E3bmlRZVU9In0=
x-ctpclassification: CTP_IC
x-originating-ip: [163.33.239.181]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [dpdk-dev] [PATCH v2] example/ipsec-secgw: ipsec security
 gateway
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Mar 2016 02:12:08 -0000

Hi,

> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Sergio Gonzalez
> Monroy
> Sent: Friday, March 11, 2016 1:39 AM
> To: dev@dpdk.org
> Subject: [dpdk-dev] [PATCH v2] example/ipsec-secgw: ipsec security gatewa=
y
>=20
> Sample app implementing an IPsec Security Geteway.
> The main goal of this app is to show the use of cryptodev framework
> in a "real world" application.
>=20
> Currently only supported static IPv4 ESP IPsec tunnels for the following
> algorithms:
> - Cipher: AES-CBC, NULL
> - Authentication: HMAC-SHA1, NULL
>=20
> Not supported:
> - SA auto negotiation (No IKE implementation)
> - chained mbufs
>=20
> Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
> ---
>=20
> v2:
>  - Update to use new cryptodev API
>  - NULL PMD support
>    * dependency on "null_crypto_pmd: PMD to support null crypto
> operations"
>    http://dpdk.org/dev/patchwork/patch/11428/
>  - Added --single-sa option to bypass SP/ACL
>  - Removed option for QAT/AESNI and instead expects vdev to be created
>    through EAL with command line options.
>    * dependency on "cryptodev: add capabilities discovery mechanism"
>    http://dpdk.org/dev/patchwork/patch/11434/
>  - fixed inbound traffic bug
>  - fixed bug with single core bi-directional traffic (inbound and outboun=
d)
>=20
>  MAINTAINERS                              |    4 +
>  doc/guides/rel_notes/release_16_04.rst   |    3 +
>  doc/guides/sample_app_ug/index.rst       |    1 +
>  doc/guides/sample_app_ug/ipsec_secgw.rst |  524 ++++++++++++
>  examples/Makefile                        |    2 +
>  examples/ipsec-secgw/Makefile            |   58 ++
>  examples/ipsec-secgw/esp.c               |  250 ++++++
>  examples/ipsec-secgw/esp.h               |   66 ++
>  examples/ipsec-secgw/ipip.h              |  103 +++
>  examples/ipsec-secgw/ipsec-secgw.c       | 1360
> ++++++++++++++++++++++++++++++
>  examples/ipsec-secgw/ipsec.c             |  203 +++++
>  examples/ipsec-secgw/ipsec.h             |  192 +++++
>  examples/ipsec-secgw/rt.c                |  144 ++++
>  examples/ipsec-secgw/sa.c                |  438 ++++++++++
>  examples/ipsec-secgw/sp.c                |  364 ++++++++
>  15 files changed, 3712 insertions(+)
>  create mode 100644 doc/guides/sample_app_ug/ipsec_secgw.rst
>  create mode 100644 examples/ipsec-secgw/Makefile
>  create mode 100644 examples/ipsec-secgw/esp.c
>  create mode 100644 examples/ipsec-secgw/esp.h
>  create mode 100644 examples/ipsec-secgw/ipip.h
>  create mode 100644 examples/ipsec-secgw/ipsec-secgw.c
>  create mode 100644 examples/ipsec-secgw/ipsec.c
>  create mode 100644 examples/ipsec-secgw/ipsec.h
>  create mode 100644 examples/ipsec-secgw/rt.c
>  create mode 100644 examples/ipsec-secgw/sa.c
>  create mode 100644 examples/ipsec-secgw/sp.c
>=20


> diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst
> b/doc/guides/sample_app_ug/ipsec_secgw.rst
> new file mode 100644
> index 0000000..bc41ea8
> --- /dev/null
> +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
> @@ -0,0 +1,524 @@
> +..  BSD LICENSE
> +    Copyright(c) 2010-2016 Intel Corporation. All rights reserved.
> +    All rights reserved.

Copyright dates should be 2016, not from 2010.

> +
> +    Redistribution and use in source and binary forms, with or without
> +    modification, are permitted provided that the following conditions
> +    are met:
> +
> +    * Redistributions of source code must retain the above copyright
> +    notice, this list of conditions and the following disclaimer.
> +    * Redistributions in binary form must reproduce the above copyright
> +    notice, this list of conditions and the following disclaimer in
> +    the documentation and/or other materials provided with the
> +    distribution.

[...]

> +static inline void
> +process_pkts(struct lcore_conf *qconf, struct rte_mbuf **pkts,
> +		uint8_t nb_pkts, uint8_t portid)
> +{
> +	struct ipsec_traffic traffic =3D { 0 };

Clang complains here.

> +
> +	prepare_traffic(pkts, &traffic, nb_pkts);
> +
> +	if (single_sa) {
> +		if (UNPROTECTED_PORT(portid))
> +			process_pkts_inbound_nosp(&qconf->inbound,
> &traffic);
> +		else
> +			process_pkts_outbound_nosp(&qconf->outbound,
> &traffic);
> +	} else {
> +		if (UNPROTECTED_PORT(portid))
> +			process_pkts_inbound(&qconf->inbound, &traffic);
> +		else
> +			process_pkts_outbound(&qconf->outbound,
> &traffic);
> +	}
> +
> +	route_pkts(qconf->rt_ctx, traffic.ipv4.pkts, traffic.ipv4.num);
> +}
> +