[dpdk-dev] [PATCH] examples/ipsec-secgw: fix usage of incorrect port

Radu Nicolau radu.nicolau at intel.com
Mon Nov 13 18:23:07 CET 2017

Previous message: [dpdk-dev] [PATCH v3] net/virtio-user: fix unchecked return value
Next message: [dpdk-dev] [PATCH] examples/ipsec-secgw: fix usage of incorrect port
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Comments below

On 11/13/2017 4:13 PM, Anoob Joseph wrote:
> When security offload is enabled, the packet should be forwarded on the
> port configured in the SA. Security session will be configured on that
> port only, and sending the packet on other ports could result in
> unencrypted packets being sent out.
With a properly configured SP, SA and routing rule this will not happen, 
so we don't need to do this fix to make up for a wrongly written 
configuration file.
I'm almost sure that the app will behave in the same way (i.e. forward 
unencrypted) for lookaside crypto if the configuration is incorrect.
>
> This would have performance improvements too, as the per packet LPM
> lookup would be avoided for IPsec packets, in inline mode.
Yes, there will be some performance gain, but not sure how much 
considering that LPM lookup is reasonably fast.

So I'm not sure if ack or nack, maybe Sergio can give a second opinion.
But if ack, you will have to update the patch to include in the doc this 
behavior, the port configured in the SA takes precedence over the one in 
the routing rule.

Regards,
Radu

Previous message: [dpdk-dev] [PATCH v3] net/virtio-user: fix unchecked return value
Next message: [dpdk-dev] [PATCH] examples/ipsec-secgw: fix usage of incorrect port
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list