[dpdk-dev] [PATCH v2 0/3] examples/ipsec-secgw: add fallback session

Ananyev, Konstantin konstantin.ananyev at intel.com
Wed Sep 18 10:46:07 CEST 2019


Hi Anoob,

> 
> Hi Marcin,
> 
> Sorry for the late response. But how do you plan to handle "inline protocol" processed packets?

Right now that feature is supported for "inline crypto" only.
For the case when SA doesn't enable replay window and/or ESN
current patch should also work for "inline proto" too,
but this is just my understanding (not tested, etc.). 
Konstantin

> 
> Thanks,
> Anoob
> 
> > -----Original Message-----
> > From: dev <dev-bounces at dpdk.org> On Behalf Of Marcin Smoczynski
> > Sent: Wednesday, September 4, 2019 7:47 PM
> > To: konstantin.ananyev at intel.com; akhil.goyal at nxp.com
> > Cc: dev at dpdk.org; Marcin Smoczynski <marcinx.smoczynski at intel.com>
> > Subject: [dpdk-dev] [PATCH v2 0/3] examples/ipsec-secgw: add fallback
> > session
> >
> > Inline processing is limited to a specified subset of traffic. It is often unable to
> > handle more complicated situations, such as fragmented traffic. When using
> > inline processing such traffic is dropped.
> >
> > Introduce multiple sessions per SA allowing to configure a fallback lookaside
> > session for packets that normally would be dropped.
> > A fallback session type in the SA configuration by adding 'fallback'
> > with 'lookaside-none' or 'lookaside-protocol' parameter to determine type of
> > session.
> >
> > Fallback session feature is available only when using librte_ipsec.
> >
> > v1 to v2 changes:
> >  - disable fallback offload for outbound SAs
> >  - add test scripts
> >
> > Marcin Smoczynski (3):
> >   examples/ipsec-secgw: ipsec_sa structure cleanup
> >   examples/ipsec-secgw: add fallback session feature
> >   examples/ipsec-secgw: add offload fallback tests
> >
> >  doc/guides/sample_app_ug/ipsec_secgw.rst      |  17 +-
> >  examples/ipsec-secgw/esp.c                    |  35 ++--
> >  examples/ipsec-secgw/ipsec-secgw.c            |  16 +-
> >  examples/ipsec-secgw/ipsec.c                  |  99 ++++++-----
> >  examples/ipsec-secgw/ipsec.h                  |  61 +++++--
> >  examples/ipsec-secgw/ipsec_process.c          | 113 +++++++-----
> >  examples/ipsec-secgw/sa.c                     | 164 +++++++++++++-----
> >  .../test/trs_aesgcm_common_defs.sh            |   4 +-
> >  .../trs_aesgcm_inline_crypto_fallback_defs.sh |   5 +
> >  .../test/tun_aesgcm_common_defs.sh            |   6 +-
> >  .../tun_aesgcm_inline_crypto_fallback_defs.sh |   5 +
> >  11 files changed, 358 insertions(+), 167 deletions(-)  create mode 100644
> > examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_fallback_defs.sh
> >  create mode 100644 examples/ipsec-
> > secgw/test/tun_aesgcm_inline_crypto_fallback_defs.sh
> >
> > --
> > 2.21.0.windows.1



More information about the dev mailing list