From patchwork Thu Aug 29 08:35:30 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Iremonger, Bernard" X-Patchwork-Id: 58241 Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 502FC1D405; Thu, 29 Aug 2019 10:35:42 +0200 (CEST) Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by dpdk.org (Postfix) with ESMTP id E4EEE1D3F0 for ; Thu, 29 Aug 2019 10:35:39 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 29 Aug 2019 01:35:38 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,442,1559545200"; d="scan'208";a="175198742" Received: from sivswdev08.ir.intel.com (HELO localhost.localdomain) ([10.237.217.47]) by orsmga008.jf.intel.com with ESMTP; 29 Aug 2019 01:35:35 -0700 From: Bernard Iremonger To: dev@dpdk.org, konstantin.ananyev@intel.com, akhil.goyal@nxp.com Cc: Bernard Iremonger Date: Thu, 29 Aug 2019 09:35:30 +0100 Message-Id: <1567067731-28352-1-git-send-email-bernard.iremonger@intel.com> X-Mailer: git-send-email 1.7.0.7 Subject: [dpdk-dev] [PATCH 1/2] examples/ipsec-secgw: set default to IPsec library mode X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Set the default code path to librte_ipsec mode. Add parameter 0 | 1 to -l option Check for conflicting options, -w -a -e and reassembly options are not supported in legacy mode. Show fragment table size. Update print_usage. Update the ipsec-secgw guide. Update the release notes. Signed-off-by: Bernard Iremonger --- doc/guides/rel_notes/release_19_11.rst | 8 ++++++ doc/guides/sample_app_ug/ipsec_secgw.rst | 6 +++-- examples/ipsec-secgw/ipsec-secgw.c | 44 ++++++++++++++++++++------------ 3 files changed, 40 insertions(+), 18 deletions(-) diff --git a/doc/guides/rel_notes/release_19_11.rst b/doc/guides/rel_notes/release_19_11.rst index 8490d89..70143c5 100644 --- a/doc/guides/rel_notes/release_19_11.rst +++ b/doc/guides/rel_notes/release_19_11.rst @@ -56,6 +56,14 @@ New Features Also, make sure to start the actual text at the margin. ========================================================= +* **Updated the IPsec Security Gateway application.** + + The ``librte_ipsec`` code path is now the default code path in + ``ipsec-secgw`` + + * The ``-l`` command line option has been extended to take a 0 | 1 argument. + 0 enables the code path that uses legacy code. + 1 enables the code path that uses ``librte_ipsec``. Removed Items ------------- diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst index ad2d79e..17b00c0 100644 --- a/doc/guides/sample_app_ug/ipsec_secgw.rst +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst @@ -92,7 +92,7 @@ The application has a number of command line options:: ./build/ipsec-secgw [EAL options] -- -p PORTMASK -P -u PORTMASK -j FRAMESIZE - -l -w REPLAY_WINOW_SIZE -e -a + -l 0 -w REPLAY_WINOW_SIZE -e -a --config (port,queue,lcore)[,(port,queue,lcore] --single-sa SAIDX --rxoffload MASK @@ -120,7 +120,9 @@ Where: Minimum value: RTE_MBUF_DEFAULT_BUF_SIZE (2176) Maximum value: UINT16_MAX (65535). -* ``-l``: enables code-path that uses librte_ipsec. +* ``-l 0 | 1``: Default is ``librte_ipsec`` code path. + 0 enables the code path that uses legacy code. + 1 enables the code path that uses ``librte_ipsec``. * ``-w REPLAY_WINOW_SIZE``: specifies the IPsec sequence number replay window size for each Security Association (available only with librte_ipsec diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c index 0d1fd6a..3e4b9e0 100644 --- a/examples/ipsec-secgw/ipsec-secgw.c +++ b/examples/ipsec-secgw/ipsec-secgw.c @@ -188,7 +188,7 @@ static uint32_t frame_buf_size = RTE_MBUF_DEFAULT_BUF_SIZE; static uint32_t mtu_size = RTE_ETHER_MTU; /* application wide librte_ipsec/SA parameters */ -struct app_sa_prm app_sa_prm = {.enable = 0}; +struct app_sa_prm app_sa_prm = {.enable = 1}; struct lcore_rx_queue { uint16_t port_id; @@ -1259,7 +1259,7 @@ print_usage(const char *prgname) " [-P]" " [-u PORTMASK]" " [-j FRAMESIZE]" - " [-l]" + " [-l 0 | 1]" " [-w REPLAY_WINDOW_SIZE]" " [-e]" " [-a]" @@ -1277,7 +1277,8 @@ print_usage(const char *prgname) " -u PORTMASK: Hexadecimal bitmask of unprotected ports\n" " -j FRAMESIZE: Data buffer size, minimum (and default)\n" " value: RTE_MBUF_DEFAULT_BUF_SIZE\n" - " -l enables code-path that uses librte_ipsec\n" + " -l 0 enables code-path that uses the legacy code\n" + " -l 1 enables code-path that uses librte_ipsec\n" " -w REPLAY_WINDOW_SIZE specifies IPsec SQN replay window\n" " size for each SA\n" " -e enables ESN\n" @@ -1418,6 +1419,7 @@ print_app_sa_prm(const struct app_sa_prm *prm) printf("replay window size: %u\n", prm->window_size); printf("ESN: %s\n", (prm->enable_esn == 0) ? "disabled" : "enabled"); printf("SA flags: %#" PRIx64 "\n", prm->flags); + printf("Fragment Table size %u\n", frag_tbl_sz); } static int32_t @@ -1431,7 +1433,7 @@ parse_args(int32_t argc, char **argv) argvopt = argv; - while ((opt = getopt_long(argc, argvopt, "aelp:Pu:f:j:w:", + while ((opt = getopt_long(argc, argvopt, "aep:Pu:f:j:w:l:", lgopts, &option_index)) != EOF) { switch (opt) { @@ -1483,18 +1485,28 @@ parse_args(int32_t argc, char **argv) printf("Custom frame buffer size %u\n", frame_buf_size); break; case 'l': - app_sa_prm.enable = 1; + ret = parse_decimal(optarg); + if (ret == -1) { + printf("Invalid argument l %s\n", optarg); + print_usage(prgname); + return -1; + } else if (ret == 0) + app_sa_prm.enable = 0; + else if (ret == 1) + app_sa_prm.enable = 1; + else { + printf("Invalid argument l %d\n", ret); + print_usage(prgname); + return -1; + } break; case 'w': - app_sa_prm.enable = 1; app_sa_prm.window_size = parse_decimal(optarg); break; case 'e': - app_sa_prm.enable = 1; app_sa_prm.enable_esn = 1; break; case 'a': - app_sa_prm.enable = 1; app_sa_prm.flags |= RTE_IPSEC_SAFLAG_SQN_ATOM; break; case CMD_LINE_OPT_CONFIG_NUM: @@ -1579,14 +1591,14 @@ parse_args(int32_t argc, char **argv) return -1; } - /* check do we need to enable multi-seg support */ - if (multi_seg_required()) { - /* legacy mode doesn't support multi-seg */ - app_sa_prm.enable = 1; - printf("frame buf size: %u, mtu: %u, " - "number of reassemble entries: %u\n" - "multi-segment support is required\n", - frame_buf_size, mtu_size, frag_tbl_sz); + if (app_sa_prm.enable == 0 && + (app_sa_prm.window_size > 0 || + app_sa_prm.enable_esn || + app_sa_prm.flags != 0 || + multi_seg_required())) { + printf("-w -e -a and reassembly options are not " + "supported in legacy mode\n"); + return -1; } print_app_sa_prm(&app_sa_prm); From patchwork Thu Aug 29 08:35:31 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Iremonger, Bernard" X-Patchwork-Id: 58242 Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id A19521D416; Thu, 29 Aug 2019 10:35:44 +0200 (CEST) Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by dpdk.org (Postfix) with ESMTP id C08D51D40F for ; Thu, 29 Aug 2019 10:35:42 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 29 Aug 2019 01:35:42 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,442,1559545200"; d="scan'208";a="175198761" Received: from sivswdev08.ir.intel.com (HELO localhost.localdomain) ([10.237.217.47]) by orsmga008.jf.intel.com with ESMTP; 29 Aug 2019 01:35:39 -0700 From: Bernard Iremonger To: dev@dpdk.org, konstantin.ananyev@intel.com, akhil.goyal@nxp.com Cc: Bernard Iremonger Date: Thu, 29 Aug 2019 09:35:31 +0100 Message-Id: <1567067731-28352-2-git-send-email-bernard.iremonger@intel.com> X-Mailer: git-send-email 1.7.0.7 In-Reply-To: <1567067731-28352-1-git-send-email-bernard.iremonger@intel.com> References: <1567067731-28352-1-git-send-email-bernard.iremonger@intel.com> Subject: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: add -l 0 parameter to old scripts X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" enable legacy mode in *_old scripts Signed-off-by: Bernard Iremonger --- examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh | 2 +- examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh | 2 +- examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh | 2 +- examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_old_defs.sh | 2 +- examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh | 2 +- examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh | 2 +- examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh | 2 +- examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh | 2 +- examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_old_defs.sh | 2 +- examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh b/examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh index ffd945b..1f3a9f4 100644 --- a/examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh +++ b/examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh @@ -2,4 +2,4 @@ . ${DIR}/trs_3descbc_sha1_defs.sh -SGW_CMD_XPRM= +SGW_CMD_XPRM='-l 0' diff --git a/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh b/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh index a3abb61..093b0c9 100644 --- a/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh +++ b/examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh @@ -2,4 +2,4 @@ . ${DIR}/trs_aescbc_sha1_defs.sh -SGW_CMD_XPRM= +SGW_CMD_XPRM='-l 0' diff --git a/examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh b/examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh index 3aa0712..c6e8851 100644 --- a/examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh +++ b/examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh @@ -2,4 +2,4 @@ . ${DIR}/trs_aesctr_sha1_defs.sh -SGW_CMD_XPRM= +SGW_CMD_XPRM='-l 0' diff --git a/examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_old_defs.sh b/examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_old_defs.sh index 0523049..e9fc4d8 100644 --- a/examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_old_defs.sh +++ b/examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_old_defs.sh @@ -2,4 +2,4 @@ . ${DIR}/trs_aesgcm_inline_crypto_defs.sh -SGW_CMD_XPRM= +SGW_CMD_XPRM='-l 0' diff --git a/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh b/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh index 951e6b6..1653d29 100644 --- a/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh +++ b/examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh @@ -2,4 +2,4 @@ . ${DIR}/trs_aesgcm_defs.sh -SGW_CMD_XPRM= +SGW_CMD_XPRM='-l 0' diff --git a/examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh b/examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh index eaf248a..8fec47a 100644 --- a/examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh +++ b/examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh @@ -2,4 +2,4 @@ . ${DIR}/tun_3descbc_sha1_defs.sh -SGW_CMD_XPRM= +SGW_CMD_XPRM='-l 0' diff --git a/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh b/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh index 3c0d8d1..9ff08f1 100644 --- a/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh +++ b/examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh @@ -2,4 +2,4 @@ . ${DIR}/tun_aescbc_sha1_defs.sh -SGW_CMD_XPRM= +SGW_CMD_XPRM='-l 0' diff --git a/examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh b/examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh index 26f0d02..b23f0db 100644 --- a/examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh +++ b/examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh @@ -2,4 +2,4 @@ . ${DIR}/tun_aesctr_sha1_defs.sh -SGW_CMD_XPRM= +SGW_CMD_XPRM='-l 0' diff --git a/examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_old_defs.sh b/examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_old_defs.sh index de65961..7574618 100644 --- a/examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_old_defs.sh +++ b/examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_old_defs.sh @@ -2,4 +2,4 @@ . ${DIR}/tun_aesgcm_inline_crypto_defs.sh -SGW_CMD_XPRM= +SGW_CMD_XPRM='-l 0' diff --git a/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh b/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh index e0a015e..fabfe63 100644 --- a/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh +++ b/examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh @@ -2,4 +2,4 @@ . ${DIR}/tun_aesgcm_defs.sh -SGW_CMD_XPRM= +SGW_CMD_XPRM='-l 0'