[dpdk-dev] [PATCH v7 0/4] add fallback session

Akhil Goyal akhil.goyal at nxp.com
Tue Nov 5 13:20:30 CET 2019

Previous message: [dpdk-dev] [PATCH v2] net/ice: fix FDIR tunnel profile existence check
Next message: [dpdk-dev] [PATCH] net/mlx5: introdue mlx5 hash list
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> 
> Add fallback session feature allowing to process packets that inline
> processor is unable to handle (e.g. fragmented traffic). Processing
> takes place in a secondary session defined for SA in a configuration
> file.
> 
> This feature is limited to ingress IPsec traffic only. IPsec
> anti-replay window and ESN are supported in conjunction with fallback
> session when following conditions are met:
>  * primary session is 'inline-crypto-offload,
>  * fallback sessions is 'lookaside-none'.
> Due to different processing times of inline and lookaside modes,
> fallback session introduces some packet reordering, therefore when
> using with IPsec window, its value should be increased.
> 
> v6 to v7 changes:
>  - remove partial support for "*-protocol" fall-back session types
>  - rebase on master (31b798a)
> 
> v5 to v6 changes:
>  - add sanity check: fail to parse SA configuration if fallback session
>    is configured but primary session is not inline crypto
>  - update documentation for ipsec-secgw tests (MULTI_SEG_TESTS var
>    described)
>  - add release notes
>  - minor commit log changes
> 
> v4 to v5 changes:
>  - fix build errors related to frag TTL command line option and
>    parse_decimal method
> 
> v3 to v4 changes:
>  - add info about packet reordering to the documentation regarding
>    fallback session
>  - add patch with --frag-ttl command line option which allows to change
>    fragment lifetime
> 
> v2 to v3 changes:
>  - doc and commit log update - explicitly state feature limitations
> 
> v1 to v2 changes:
>  - disable fallback offload for outbound SAs
>  - add test scripts
> 
> Marcin Smoczynski (4):
>   examples/ipsec-secgw: sa structure cleanup
>   examples/ipsec-secgw: add fallback session feature
>   examples/ipsec-secgw: add frag TTL cmdline option
>   examples/ipsec-secgw: add offload fallback tests
> 
>  doc/guides/rel_notes/release_19_11.rst        |   8 +
>  doc/guides/sample_app_ug/ipsec_secgw.rst      |  34 +++-
>  examples/ipsec-secgw/esp.c                    |  35 ++--
>  examples/ipsec-secgw/ipsec-secgw.c            |  56 ++++--
>  examples/ipsec-secgw/ipsec.c                  | 101 +++++------
>  examples/ipsec-secgw/ipsec.h                  |  61 +++++--
>  examples/ipsec-secgw/ipsec_process.c          | 113 ++++++++-----
>  examples/ipsec-secgw/sa.c                     | 159 +++++++++++++-----
>  .../test/trs_aesgcm_common_defs.sh            |   4 +-
>  .../trs_aesgcm_inline_crypto_fallback_defs.sh |   5 +
>  .../test/tun_aesgcm_common_defs.sh            |   6 +-
>  .../tun_aesgcm_inline_crypto_fallback_defs.sh |   5 +
>  12 files changed, 409 insertions(+), 178 deletions(-)
>  create mode 100644 examples/ipsec-
> secgw/test/trs_aesgcm_inline_crypto_fallback_defs.sh
>  create mode 100644 examples/ipsec-
> secgw/test/tun_aesgcm_inline_crypto_fallback_defs.sh
> 
> --
> 2.17.1
Series Acked-by: Akhil Goyal <akhil.goyal at nxp.com>

Applied to dpdk-next-crypto
Release notes update merged with previous entry of IPsec changes.

Thanks.

Previous message: [dpdk-dev] [PATCH v2] net/ice: fix FDIR tunnel profile existence check
Next message: [dpdk-dev] [PATCH] net/mlx5: introdue mlx5 hash list
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list