From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sergio.gonzalez.monroy@intel.com>
Received: from mga02.intel.com (mga02.intel.com [134.134.136.20])
 by dpdk.org (Postfix) with ESMTP id 4C7562B86
 for <dev@dpdk.org>; Tue, 19 Jul 2016 10:19:45 +0200 (CEST)
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
 by orsmga101.jf.intel.com with ESMTP; 19 Jul 2016 01:19:44 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.28,388,1464678000"; d="scan'208";a="1024613671"
Received: from smonroyx-mobl.ger.corp.intel.com (HELO [10.237.220.44])
 ([10.237.220.44])
 by fmsmga002.fm.intel.com with ESMTP; 19 Jul 2016 01:19:43 -0700
To: Fan Zhang <roy.fan.zhang@intel.com>, dev@dpdk.org
References: <1468248213-13100-1-git-send-email-roy.fan.zhang@intel.com>
 <1468316684-220669-1-git-send-email-roy.fan.zhang@intel.com>
 <1468316684-220669-2-git-send-email-roy.fan.zhang@intel.com>
From: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Message-ID: <fdacf328-77c2-aef6-7cd1-c3b7c983e5c9@intel.com>
Date: Tue, 19 Jul 2016 09:19:43 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.1.1
MIME-Version: 1.0
In-Reply-To: <1468316684-220669-2-git-send-email-roy.fan.zhang@intel.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [dpdk-dev] [PATCH v3 1/2] examples/ipsec-secgw: add
 configuration file support
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jul 2016 08:19:45 -0000

On 12/07/2016 10:44, Fan Zhang wrote:
> This patch adds the configuration file support to ipsec_secgw
> sample application. Instead of hard-coded rules, the users can
> specify their own SP, SA, and routing rules in the configuration
> file. An command line option "-f" is added to pass the
> configuration file location to the application.
>
> Configuration item formats:
>
> SP rule format:
> sp <ip_ver> <dir> esp <action> <priority> <src_ip> <dst_ip> \
> <proto> <sport> <dport>
>
> SA rule format:
> sa <dir> <spi> <cipher_algo> <auth_algo> <mode> <src_ip> <dst_ip>

I think we should be able to set the key also on config file for both 
cipher and auth.
Then we can check that the key size is the expected by the chosen 
cipher/auth algo.

I think we should also create and set the xforms dynamically instead of 
static as
they currently are (sa_add_rules function).

Sergio

> Routing rule format:
> rt <ip_ver> <src_ip> <dst_ip> <port>
>
> Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
> ---