From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 607A2A0613 for ; Fri, 27 Sep 2019 11:11:45 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 647EF3237; Fri, 27 Sep 2019 11:11:43 +0200 (CEST) Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by dpdk.org (Postfix) with ESMTP id 3EDC52D13 for ; Fri, 27 Sep 2019 11:11:39 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Sep 2019 02:11:36 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,554,1559545200"; d="scan'208";a="204124751" Received: from msmoczyx-mobl.ger.corp.intel.com ([10.103.104.109]) by fmsmga001.fm.intel.com with ESMTP; 27 Sep 2019 02:11:34 -0700 From: Marcin Smoczynski To: anoobj@marvell.com, akhil.goyal@nxp.com, konstantin.ananyev@intel.com Cc: dev@dpdk.org, Marcin Smoczynski Date: Fri, 27 Sep 2019 11:10:24 +0200 Message-Id: <20190927091028.19316-1-marcinx.smoczynski@intel.com> X-Mailer: git-send-email 2.21.0.windows.1 In-Reply-To: <20190923114415.17932-1-marcinx.smoczynski@intel.com> References: <20190923114415.17932-1-marcinx.smoczynski@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-dev] [PATCH v4 0/4] add fallback session X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add fallback session feature allowing to process packets that inline processor is unable to handle (e.g. fragmented traffic). Processing takes place in a secondary session defined for SA in a configuration file. This feature is limited to ingress IPsec traffic only. IPsec anti-replay window and ESN are supported in conjunction with fallback session when following conditions are met: * primary session is 'inline-crypto-offload, * fallback sessions is 'lookaside-none'. Due to different processing times of inline and lookaside modes, fallback session introduces some packet reordering, therefore when using with IPsec window, its value should be increased. v3 to v4 changes: - add info about packet reordering to the documentation regarding fallback session - add patch with --frag-ttl command line option which allows to change fragment lifetime v2 to v3 changes: - doc and commit log update - explicitly state feature limitations v1 to v2 changes: - disable fallback offload for outbound SAs - add test scripts Marcin Smoczynski (4): examples/ipsec-secgw: ipsec_sa structure cleanup examples/ipsec-secgw: add fallback session feature examples/ipsec-secgw: add frag TTL cmdline option examples/ipsec-secgw: add offload fallback tests doc/guides/sample_app_ug/ipsec_secgw.rst | 31 +++- examples/ipsec-secgw/esp.c | 35 ++-- examples/ipsec-secgw/ipsec-secgw.c | 56 ++++-- examples/ipsec-secgw/ipsec.c | 99 ++++++----- examples/ipsec-secgw/ipsec.h | 61 +++++-- examples/ipsec-secgw/ipsec_process.c | 113 +++++++----- examples/ipsec-secgw/sa.c | 164 +++++++++++++----- .../test/trs_aesgcm_common_defs.sh | 4 +- .../trs_aesgcm_inline_crypto_fallback_defs.sh | 5 + .../test/tun_aesgcm_common_defs.sh | 6 +- .../tun_aesgcm_inline_crypto_fallback_defs.sh | 5 + 11 files changed, 402 insertions(+), 177 deletions(-) create mode 100644 examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_fallback_defs.sh create mode 100644 examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_fallback_defs.sh -- 2.17.1