[dpdk-dev] [PATCH v2] example/ipsec-secgw: ipsec security gateway

De Lara Guarch, Pablo pablo.de.lara.guarch at intel.com
Fri Mar 11 03:12:05 CET 2016

Previous message: [dpdk-dev] [PATCH v2] example/ipsec-secgw: ipsec security gateway
Next message: [dpdk-dev] [PATCH v3] example/ipsec-secgw: ipsec security gateway
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

> -----Original Message-----
> From: dev [mailto:dev-bounces at dpdk.org] On Behalf Of Sergio Gonzalez
> Monroy
> Sent: Friday, March 11, 2016 1:39 AM
> To: dev at dpdk.org
> Subject: [dpdk-dev] [PATCH v2] example/ipsec-secgw: ipsec security gateway
> 
> Sample app implementing an IPsec Security Geteway.
> The main goal of this app is to show the use of cryptodev framework
> in a "real world" application.
> 
> Currently only supported static IPv4 ESP IPsec tunnels for the following
> algorithms:
> - Cipher: AES-CBC, NULL
> - Authentication: HMAC-SHA1, NULL
> 
> Not supported:
> - SA auto negotiation (No IKE implementation)
> - chained mbufs
> 
> Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy at intel.com>
> ---
> 
> v2:
>  - Update to use new cryptodev API
>  - NULL PMD support
>    * dependency on "null_crypto_pmd: PMD to support null crypto
> operations"
>    http://dpdk.org/dev/patchwork/patch/11428/
>  - Added --single-sa option to bypass SP/ACL
>  - Removed option for QAT/AESNI and instead expects vdev to be created
>    through EAL with command line options.
>    * dependency on "cryptodev: add capabilities discovery mechanism"
>    http://dpdk.org/dev/patchwork/patch/11434/
>  - fixed inbound traffic bug
>  - fixed bug with single core bi-directional traffic (inbound and outbound)
> 
>  MAINTAINERS                              |    4 +
>  doc/guides/rel_notes/release_16_04.rst   |    3 +
>  doc/guides/sample_app_ug/index.rst       |    1 +
>  doc/guides/sample_app_ug/ipsec_secgw.rst |  524 ++++++++++++
>  examples/Makefile                        |    2 +
>  examples/ipsec-secgw/Makefile            |   58 ++
>  examples/ipsec-secgw/esp.c               |  250 ++++++
>  examples/ipsec-secgw/esp.h               |   66 ++
>  examples/ipsec-secgw/ipip.h              |  103 +++
>  examples/ipsec-secgw/ipsec-secgw.c       | 1360
> ++++++++++++++++++++++++++++++
>  examples/ipsec-secgw/ipsec.c             |  203 +++++
>  examples/ipsec-secgw/ipsec.h             |  192 +++++
>  examples/ipsec-secgw/rt.c                |  144 ++++
>  examples/ipsec-secgw/sa.c                |  438 ++++++++++
>  examples/ipsec-secgw/sp.c                |  364 ++++++++
>  15 files changed, 3712 insertions(+)
>  create mode 100644 doc/guides/sample_app_ug/ipsec_secgw.rst
>  create mode 100644 examples/ipsec-secgw/Makefile
>  create mode 100644 examples/ipsec-secgw/esp.c
>  create mode 100644 examples/ipsec-secgw/esp.h
>  create mode 100644 examples/ipsec-secgw/ipip.h
>  create mode 100644 examples/ipsec-secgw/ipsec-secgw.c
>  create mode 100644 examples/ipsec-secgw/ipsec.c
>  create mode 100644 examples/ipsec-secgw/ipsec.h
>  create mode 100644 examples/ipsec-secgw/rt.c
>  create mode 100644 examples/ipsec-secgw/sa.c
>  create mode 100644 examples/ipsec-secgw/sp.c
> 


> diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst
> b/doc/guides/sample_app_ug/ipsec_secgw.rst
> new file mode 100644
> index 0000000..bc41ea8
> --- /dev/null
> +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
> @@ -0,0 +1,524 @@
> +..  BSD LICENSE
> +    Copyright(c) 2010-2016 Intel Corporation. All rights reserved.
> +    All rights reserved.

Copyright dates should be 2016, not from 2010.

> +
> +    Redistribution and use in source and binary forms, with or without
> +    modification, are permitted provided that the following conditions
> +    are met:
> +
> +    * Redistributions of source code must retain the above copyright
> +    notice, this list of conditions and the following disclaimer.
> +    * Redistributions in binary form must reproduce the above copyright
> +    notice, this list of conditions and the following disclaimer in
> +    the documentation and/or other materials provided with the
> +    distribution.

[...]

> +static inline void
> +process_pkts(struct lcore_conf *qconf, struct rte_mbuf **pkts,
> +		uint8_t nb_pkts, uint8_t portid)
> +{
> +	struct ipsec_traffic traffic = { 0 };

Clang complains here.

> +
> +	prepare_traffic(pkts, &traffic, nb_pkts);
> +
> +	if (single_sa) {
> +		if (UNPROTECTED_PORT(portid))
> +			process_pkts_inbound_nosp(&qconf->inbound,
> &traffic);
> +		else
> +			process_pkts_outbound_nosp(&qconf->outbound,
> &traffic);
> +	} else {
> +		if (UNPROTECTED_PORT(portid))
> +			process_pkts_inbound(&qconf->inbound, &traffic);
> +		else
> +			process_pkts_outbound(&qconf->outbound,
> &traffic);
> +	}
> +
> +	route_pkts(qconf->rt_ctx, traffic.ipv4.pkts, traffic.ipv4.num);
> +}
> +

Previous message: [dpdk-dev] [PATCH v2] example/ipsec-secgw: ipsec security gateway
Next message: [dpdk-dev] [PATCH v3] example/ipsec-secgw: ipsec security gateway
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list