[dpdk-dev] [PATCH v7 0/4] add fallback session
Akhil Goyal
akhil.goyal at nxp.com
Tue Nov 5 13:20:30 CET 2019
>
> Add fallback session feature allowing to process packets that inline
> processor is unable to handle (e.g. fragmented traffic). Processing
> takes place in a secondary session defined for SA in a configuration
> file.
>
> This feature is limited to ingress IPsec traffic only. IPsec
> anti-replay window and ESN are supported in conjunction with fallback
> session when following conditions are met:
> * primary session is 'inline-crypto-offload,
> * fallback sessions is 'lookaside-none'.
> Due to different processing times of inline and lookaside modes,
> fallback session introduces some packet reordering, therefore when
> using with IPsec window, its value should be increased.
>
> v6 to v7 changes:
> - remove partial support for "*-protocol" fall-back session types
> - rebase on master (31b798a)
>
> v5 to v6 changes:
> - add sanity check: fail to parse SA configuration if fallback session
> is configured but primary session is not inline crypto
> - update documentation for ipsec-secgw tests (MULTI_SEG_TESTS var
> described)
> - add release notes
> - minor commit log changes
>
> v4 to v5 changes:
> - fix build errors related to frag TTL command line option and
> parse_decimal method
>
> v3 to v4 changes:
> - add info about packet reordering to the documentation regarding
> fallback session
> - add patch with --frag-ttl command line option which allows to change
> fragment lifetime
>
> v2 to v3 changes:
> - doc and commit log update - explicitly state feature limitations
>
> v1 to v2 changes:
> - disable fallback offload for outbound SAs
> - add test scripts
>
> Marcin Smoczynski (4):
> examples/ipsec-secgw: sa structure cleanup
> examples/ipsec-secgw: add fallback session feature
> examples/ipsec-secgw: add frag TTL cmdline option
> examples/ipsec-secgw: add offload fallback tests
>
> doc/guides/rel_notes/release_19_11.rst | 8 +
> doc/guides/sample_app_ug/ipsec_secgw.rst | 34 +++-
> examples/ipsec-secgw/esp.c | 35 ++--
> examples/ipsec-secgw/ipsec-secgw.c | 56 ++++--
> examples/ipsec-secgw/ipsec.c | 101 +++++------
> examples/ipsec-secgw/ipsec.h | 61 +++++--
> examples/ipsec-secgw/ipsec_process.c | 113 ++++++++-----
> examples/ipsec-secgw/sa.c | 159 +++++++++++++-----
> .../test/trs_aesgcm_common_defs.sh | 4 +-
> .../trs_aesgcm_inline_crypto_fallback_defs.sh | 5 +
> .../test/tun_aesgcm_common_defs.sh | 6 +-
> .../tun_aesgcm_inline_crypto_fallback_defs.sh | 5 +
> 12 files changed, 409 insertions(+), 178 deletions(-)
> create mode 100644 examples/ipsec-
> secgw/test/trs_aesgcm_inline_crypto_fallback_defs.sh
> create mode 100644 examples/ipsec-
> secgw/test/tun_aesgcm_inline_crypto_fallback_defs.sh
>
> --
> 2.17.1
Series Acked-by: Akhil Goyal <akhil.goyal at nxp.com>
Applied to dpdk-next-crypto
Release notes update merged with previous entry of IPsec changes.
Thanks.
More information about the dev
mailing list