[dpdk-dev] [PATCH v2] example/ipsec-secgw: ipsec security gateway
De Lara Guarch, Pablo
pablo.de.lara.guarch at intel.com
Fri Mar 11 03:12:05 CET 2016
Hi,
> -----Original Message-----
> From: dev [mailto:dev-bounces at dpdk.org] On Behalf Of Sergio Gonzalez
> Monroy
> Sent: Friday, March 11, 2016 1:39 AM
> To: dev at dpdk.org
> Subject: [dpdk-dev] [PATCH v2] example/ipsec-secgw: ipsec security gateway
>
> Sample app implementing an IPsec Security Geteway.
> The main goal of this app is to show the use of cryptodev framework
> in a "real world" application.
>
> Currently only supported static IPv4 ESP IPsec tunnels for the following
> algorithms:
> - Cipher: AES-CBC, NULL
> - Authentication: HMAC-SHA1, NULL
>
> Not supported:
> - SA auto negotiation (No IKE implementation)
> - chained mbufs
>
> Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy at intel.com>
> ---
>
> v2:
> - Update to use new cryptodev API
> - NULL PMD support
> * dependency on "null_crypto_pmd: PMD to support null crypto
> operations"
> http://dpdk.org/dev/patchwork/patch/11428/
> - Added --single-sa option to bypass SP/ACL
> - Removed option for QAT/AESNI and instead expects vdev to be created
> through EAL with command line options.
> * dependency on "cryptodev: add capabilities discovery mechanism"
> http://dpdk.org/dev/patchwork/patch/11434/
> - fixed inbound traffic bug
> - fixed bug with single core bi-directional traffic (inbound and outbound)
>
> MAINTAINERS | 4 +
> doc/guides/rel_notes/release_16_04.rst | 3 +
> doc/guides/sample_app_ug/index.rst | 1 +
> doc/guides/sample_app_ug/ipsec_secgw.rst | 524 ++++++++++++
> examples/Makefile | 2 +
> examples/ipsec-secgw/Makefile | 58 ++
> examples/ipsec-secgw/esp.c | 250 ++++++
> examples/ipsec-secgw/esp.h | 66 ++
> examples/ipsec-secgw/ipip.h | 103 +++
> examples/ipsec-secgw/ipsec-secgw.c | 1360
> ++++++++++++++++++++++++++++++
> examples/ipsec-secgw/ipsec.c | 203 +++++
> examples/ipsec-secgw/ipsec.h | 192 +++++
> examples/ipsec-secgw/rt.c | 144 ++++
> examples/ipsec-secgw/sa.c | 438 ++++++++++
> examples/ipsec-secgw/sp.c | 364 ++++++++
> 15 files changed, 3712 insertions(+)
> create mode 100644 doc/guides/sample_app_ug/ipsec_secgw.rst
> create mode 100644 examples/ipsec-secgw/Makefile
> create mode 100644 examples/ipsec-secgw/esp.c
> create mode 100644 examples/ipsec-secgw/esp.h
> create mode 100644 examples/ipsec-secgw/ipip.h
> create mode 100644 examples/ipsec-secgw/ipsec-secgw.c
> create mode 100644 examples/ipsec-secgw/ipsec.c
> create mode 100644 examples/ipsec-secgw/ipsec.h
> create mode 100644 examples/ipsec-secgw/rt.c
> create mode 100644 examples/ipsec-secgw/sa.c
> create mode 100644 examples/ipsec-secgw/sp.c
>
> diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst
> b/doc/guides/sample_app_ug/ipsec_secgw.rst
> new file mode 100644
> index 0000000..bc41ea8
> --- /dev/null
> +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
> @@ -0,0 +1,524 @@
> +.. BSD LICENSE
> + Copyright(c) 2010-2016 Intel Corporation. All rights reserved.
> + All rights reserved.
Copyright dates should be 2016, not from 2010.
> +
> + Redistribution and use in source and binary forms, with or without
> + modification, are permitted provided that the following conditions
> + are met:
> +
> + * Redistributions of source code must retain the above copyright
> + notice, this list of conditions and the following disclaimer.
> + * Redistributions in binary form must reproduce the above copyright
> + notice, this list of conditions and the following disclaimer in
> + the documentation and/or other materials provided with the
> + distribution.
[...]
> +static inline void
> +process_pkts(struct lcore_conf *qconf, struct rte_mbuf **pkts,
> + uint8_t nb_pkts, uint8_t portid)
> +{
> + struct ipsec_traffic traffic = { 0 };
Clang complains here.
> +
> + prepare_traffic(pkts, &traffic, nb_pkts);
> +
> + if (single_sa) {
> + if (UNPROTECTED_PORT(portid))
> + process_pkts_inbound_nosp(&qconf->inbound,
> &traffic);
> + else
> + process_pkts_outbound_nosp(&qconf->outbound,
> &traffic);
> + } else {
> + if (UNPROTECTED_PORT(portid))
> + process_pkts_inbound(&qconf->inbound, &traffic);
> + else
> + process_pkts_outbound(&qconf->outbound,
> &traffic);
> + }
> +
> + route_pkts(qconf->rt_ctx, traffic.ipv4.pkts, traffic.ipv4.num);
> +}
> +
More information about the dev
mailing list