[dpdk-dev] [PATCH v7 0/4] add fallback session
Marcin Smoczynski
marcinx.smoczynski at intel.com
Mon Oct 14 15:48:38 CEST 2019
Add fallback session feature allowing to process packets that inline
processor is unable to handle (e.g. fragmented traffic). Processing
takes place in a secondary session defined for SA in a configuration
file.
This feature is limited to ingress IPsec traffic only. IPsec
anti-replay window and ESN are supported in conjunction with fallback
session when following conditions are met:
* primary session is 'inline-crypto-offload,
* fallback sessions is 'lookaside-none'.
Due to different processing times of inline and lookaside modes,
fallback session introduces some packet reordering, therefore when
using with IPsec window, its value should be increased.
v6 to v7 changes:
- remove partial support for "*-protocol" fall-back session types
- rebase on master (31b798a)
v5 to v6 changes:
- add sanity check: fail to parse SA configuration if fallback session
is configured but primary session is not inline crypto
- update documentation for ipsec-secgw tests (MULTI_SEG_TESTS var
described)
- add release notes
- minor commit log changes
v4 to v5 changes:
- fix build errors related to frag TTL command line option and
parse_decimal method
v3 to v4 changes:
- add info about packet reordering to the documentation regarding
fallback session
- add patch with --frag-ttl command line option which allows to change
fragment lifetime
v2 to v3 changes:
- doc and commit log update - explicitly state feature limitations
v1 to v2 changes:
- disable fallback offload for outbound SAs
- add test scripts
Marcin Smoczynski (4):
examples/ipsec-secgw: sa structure cleanup
examples/ipsec-secgw: add fallback session feature
examples/ipsec-secgw: add frag TTL cmdline option
examples/ipsec-secgw: add offload fallback tests
doc/guides/rel_notes/release_19_11.rst | 8 +
doc/guides/sample_app_ug/ipsec_secgw.rst | 34 +++-
examples/ipsec-secgw/esp.c | 35 ++--
examples/ipsec-secgw/ipsec-secgw.c | 56 ++++--
examples/ipsec-secgw/ipsec.c | 101 +++++------
examples/ipsec-secgw/ipsec.h | 61 +++++--
examples/ipsec-secgw/ipsec_process.c | 113 ++++++++-----
examples/ipsec-secgw/sa.c | 159 +++++++++++++-----
.../test/trs_aesgcm_common_defs.sh | 4 +-
.../trs_aesgcm_inline_crypto_fallback_defs.sh | 5 +
.../test/tun_aesgcm_common_defs.sh | 6 +-
.../tun_aesgcm_inline_crypto_fallback_defs.sh | 5 +
12 files changed, 409 insertions(+), 178 deletions(-)
create mode 100644 examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_fallback_defs.sh
create mode 100644 examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_fallback_defs.sh
--
2.17.1
More information about the dev
mailing list