[PATCH V6 00/11] pipeline: add IPsec support

Thomas Monjalon thomas at monjalon.net
Sun Feb 5 17:13:58 CET 2023

Previous message (by thread): [PATCH] net/mlx5: fix ESP item validation in Verbs interface
Next message (by thread): BUG: AddressSanitizer reports a buffer-overflow on rte_hash_lookup
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

26/01/2023 15:12, Cristian Dumitrescu:
> This patch set introduces a companion block for the SWX pipeline for
> IPsec support.
> 
> The IPsec block is external to the pipeline, hence it needs to be
> explicitly instantiated by the user and connected to a pipeline
> instance through the pipeline I/O ports.
> 
> Main features:
> * IPsec inbound (encrypted input packets -> clear text output packets)
> and outbound (clear text input packets -> encrypted output packets)
> processing support for tunnel and transport modes.
> 
> Interaction of the IPsec block with the pipeline:
> * Each IPsec block instance has its own set of Security Associations
> (SAs) used to process the input packets. Each SA is identified by its
> unique SA ID. The IPsec inbound and outbound SAs share the same ID
> space.
> * Each input packet is first mapped to one of the existing SAs by
> using the SA ID and then processed according to the identified SA. The
> SA ID is read from input packet. The SA ID field is typically written
> by the pipeline before sending the packet to the IPsec block.

Applied, thanks.

Previous message (by thread): [PATCH] net/mlx5: fix ESP item validation in Verbs interface
Next message (by thread): BUG: AddressSanitizer reports a buffer-overflow on rte_hash_lookup
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list