[dpdk-dev] [PATCH v3 2/3] examples/ipsec-secgw: add fallback session feature

Ananyev, Konstantin konstantin.ananyev at intel.com
Mon Sep 23 18:49:21 CEST 2019



> 
> Inline processing is limited to a specified subset of traffic. It is
> often unable to handle more complicated situations, such as fragmented
> traffic. When using inline processing such traffic is dropped.
> 
> Introduce fallback session for inline processing allowing processing
> packets that normally would be dropped. A fallback session is
> configured by adding 'fallback' keyword with 'lookaside-none' or
> 'lookaside-protocol' parameter to an SA configuration.
> 
> Using IPsec anti-replay window or ESN feature with fallback session is
> not yet supported when primary session is of type
> 'inline-protocol-offload' or fallback session is 'lookaside-protocol'
> because SA sequence number is not synchronized between software and
> hardware sessions. Fallback sessions are also limited to ingress IPsec
> traffic.
> 
> Fallback session feature is not available in the legacy mode.
> 
> Signed-off-by: Marcin Smoczynski <marcinx.smoczynski at intel.com>
> ---

Acked-by: Konstantin Ananyev <konstantin.ananyev at intel.com>

> 2.17.1



More information about the dev mailing list