[dpdk-dev] [PATCH v5 2/4] examples/ipsec-secgw: add fallback session feature
Iremonger, Bernard
bernard.iremonger at intel.com
Thu Oct 3 18:36:48 CEST 2019
> -----Original Message-----
> From: dev [mailto:dev-bounces at dpdk.org] On Behalf Of Marcin Smoczynski
> Sent: Friday, September 27, 2019 4:55 PM
> To: anoobj at marvell.com; akhil.goyal at nxp.com; Ananyev, Konstantin
> <konstantin.ananyev at intel.com>
> Cc: dev at dpdk.org; Smoczynski, MarcinX <marcinx.smoczynski at intel.com>
> Subject: [dpdk-dev] [PATCH v5 2/4] examples/ipsec-secgw: add fallback
> session feature
>
> Inline processing is limited to a specified subset of traffic. It is often unable to
> handle more complicated situations, such as fragmented traffic. When using
> inline processing such traffic is dropped.
>
> Introduce fallback session for inline processing allowing processing packets
> that normally would be dropped. A fallback session is configured by adding
> 'fallback' keyword with 'lookaside-none' or 'lookaside-protocol' parameter to
> an SA configuration.
>
> Using IPsec anti-replay window or ESN feature with fallback session is not yet
> supported when primary session is of type 'inline-protocol-offload' or
> fallback session is 'lookaside-protocol'
> because SA sequence number is not synchronized between software and
> hardware sessions. Fallback sessions are also limited to ingress IPsec traffic.
>
> Fallback session feature is not available in the legacy mode.
>
> Acked-by: Konstantin Ananyev <konstantin.ananyev at intel.com>
> Signed-off-by: Marcin Smoczynski <marcinx.smoczynski at intel.com>
Tested-by: Bernard Iremonger <bernard.iremonger at intel.com>
More information about the dev
mailing list