[v7,0/4] add fallback session
Message ID | 20191014134842.3084-1-marcinx.smoczynski@intel.com (mailing list archive) |
---|---|
Headers |
Return-Path: <dev-bounces@dpdk.org> X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 830C81C232; Mon, 14 Oct 2019 15:48:52 +0200 (CEST) Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by dpdk.org (Postfix) with ESMTP id 9BA051C0DC for <dev@dpdk.org>; Mon, 14 Oct 2019 15:48:47 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 14 Oct 2019 06:48:46 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.67,295,1566889200"; d="scan'208";a="207970608" Received: from msmoczyx-mobl.ger.corp.intel.com ([10.103.104.110]) by fmsmga001.fm.intel.com with ESMTP; 14 Oct 2019 06:48:45 -0700 From: Marcin Smoczynski <marcinx.smoczynski@intel.com> To: anoobj@marvell.com, akhil.goyal@nxp.com, konstantin.ananyev@intel.com Cc: dev@dpdk.org, Marcin Smoczynski <marcinx.smoczynski@intel.com> Date: Mon, 14 Oct 2019 15:48:38 +0200 Message-Id: <20191014134842.3084-1-marcinx.smoczynski@intel.com> X-Mailer: git-send-email 2.21.0.windows.1 In-Reply-To: <20191007130254.3064-1-marcinx.smoczynski@intel.com> References: <20191007130254.3064-1-marcinx.smoczynski@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-dev] [PATCH v7 0/4] add fallback session X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions <dev.dpdk.org> List-Unsubscribe: <https://mails.dpdk.org/options/dev>, <mailto:dev-request@dpdk.org?subject=unsubscribe> List-Archive: <http://mails.dpdk.org/archives/dev/> List-Post: <mailto:dev@dpdk.org> List-Help: <mailto:dev-request@dpdk.org?subject=help> List-Subscribe: <https://mails.dpdk.org/listinfo/dev>, <mailto:dev-request@dpdk.org?subject=subscribe> Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org> |
Message
Marcin Smoczynski
Oct. 14, 2019, 1:48 p.m. UTC
Add fallback session feature allowing to process packets that inline processor is unable to handle (e.g. fragmented traffic). Processing takes place in a secondary session defined for SA in a configuration file. This feature is limited to ingress IPsec traffic only. IPsec anti-replay window and ESN are supported in conjunction with fallback session when following conditions are met: * primary session is 'inline-crypto-offload, * fallback sessions is 'lookaside-none'. Due to different processing times of inline and lookaside modes, fallback session introduces some packet reordering, therefore when using with IPsec window, its value should be increased. v6 to v7 changes: - remove partial support for "*-protocol" fall-back session types - rebase on master (31b798a) v5 to v6 changes: - add sanity check: fail to parse SA configuration if fallback session is configured but primary session is not inline crypto - update documentation for ipsec-secgw tests (MULTI_SEG_TESTS var described) - add release notes - minor commit log changes v4 to v5 changes: - fix build errors related to frag TTL command line option and parse_decimal method v3 to v4 changes: - add info about packet reordering to the documentation regarding fallback session - add patch with --frag-ttl command line option which allows to change fragment lifetime v2 to v3 changes: - doc and commit log update - explicitly state feature limitations v1 to v2 changes: - disable fallback offload for outbound SAs - add test scripts Marcin Smoczynski (4): examples/ipsec-secgw: sa structure cleanup examples/ipsec-secgw: add fallback session feature examples/ipsec-secgw: add frag TTL cmdline option examples/ipsec-secgw: add offload fallback tests doc/guides/rel_notes/release_19_11.rst | 8 + doc/guides/sample_app_ug/ipsec_secgw.rst | 34 +++- examples/ipsec-secgw/esp.c | 35 ++-- examples/ipsec-secgw/ipsec-secgw.c | 56 ++++-- examples/ipsec-secgw/ipsec.c | 101 +++++------ examples/ipsec-secgw/ipsec.h | 61 +++++-- examples/ipsec-secgw/ipsec_process.c | 113 ++++++++----- examples/ipsec-secgw/sa.c | 159 +++++++++++++----- .../test/trs_aesgcm_common_defs.sh | 4 +- .../trs_aesgcm_inline_crypto_fallback_defs.sh | 5 + .../test/tun_aesgcm_common_defs.sh | 6 +- .../tun_aesgcm_inline_crypto_fallback_defs.sh | 5 + 12 files changed, 409 insertions(+), 178 deletions(-) create mode 100644 examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_fallback_defs.sh create mode 100644 examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_fallback_defs.sh -- 2.17.1