[dpdk-dev] [PATCH v5 2/4] examples/ipsec-secgw: add fallback session feature

Iremonger, Bernard bernard.iremonger at intel.com
Thu Oct 3 18:36:48 CEST 2019


> -----Original Message-----
> From: dev [mailto:dev-bounces at dpdk.org] On Behalf Of Marcin Smoczynski
> Sent: Friday, September 27, 2019 4:55 PM
> To: anoobj at marvell.com; akhil.goyal at nxp.com; Ananyev, Konstantin
> <konstantin.ananyev at intel.com>
> Cc: dev at dpdk.org; Smoczynski, MarcinX <marcinx.smoczynski at intel.com>
> Subject: [dpdk-dev] [PATCH v5 2/4] examples/ipsec-secgw: add fallback
> session feature
> 
> Inline processing is limited to a specified subset of traffic. It is often unable to
> handle more complicated situations, such as fragmented traffic. When using
> inline processing such traffic is dropped.
> 
> Introduce fallback session for inline processing allowing processing packets
> that normally would be dropped. A fallback session is configured by adding
> 'fallback' keyword with 'lookaside-none' or 'lookaside-protocol' parameter to
> an SA configuration.
> 
> Using IPsec anti-replay window or ESN feature with fallback session is not yet
> supported when primary session is of type 'inline-protocol-offload' or
> fallback session is 'lookaside-protocol'
> because SA sequence number is not synchronized between software and
> hardware sessions. Fallback sessions are also limited to ingress IPsec traffic.
> 
> Fallback session feature is not available in the legacy mode.
> 
> Acked-by: Konstantin Ananyev <konstantin.ananyev at intel.com>
> Signed-off-by: Marcin Smoczynski <marcinx.smoczynski at intel.com>

Tested-by: Bernard Iremonger <bernard.iremonger at intel.com>



More information about the dev mailing list