From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 4035DA2EEB for ; Mon, 7 Oct 2019 15:03:22 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 02B721C1B1; Mon, 7 Oct 2019 15:03:22 +0200 (CEST) Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by dpdk.org (Postfix) with ESMTP id 278261C1AE for ; Mon, 7 Oct 2019 15:03:19 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Oct 2019 06:03:19 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.67,268,1566889200"; d="scan'208";a="222900660" Received: from msmoczyx-mobl.ger.corp.intel.com ([10.103.104.110]) by fmsmga002.fm.intel.com with ESMTP; 07 Oct 2019 06:03:17 -0700 From: Marcin Smoczynski To: anoobj@marvell.com, akhil.goyal@nxp.com, konstantin.ananyev@intel.com Cc: dev@dpdk.org, Marcin Smoczynski Date: Mon, 7 Oct 2019 15:02:50 +0200 Message-Id: <20191007130254.3064-1-marcinx.smoczynski@intel.com> X-Mailer: git-send-email 2.21.0.windows.1 In-Reply-To: <20190927155446.19136-1-marcinx.smoczynski@intel.com> References: <20190927155446.19136-1-marcinx.smoczynski@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-dev] [PATCH v6 0/4] add fallback session X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add fallback session feature allowing to process packets that inline processor is unable to handle (e.g. fragmented traffic). Processing takes place in a secondary session defined for SA in a configuration file. This feature is limited to ingress IPsec traffic only. IPsec anti-replay window and ESN are supported in conjunction with fallback session when following conditions are met: * primary session is 'inline-crypto-offload, * fallback sessions is 'lookaside-none'. Due to different processing times of inline and lookaside modes, fallback session introduces some packet reordering, therefore when using with IPsec window, its value should be increased. v5 to v6 changes: - add sanity check: fail to parse SA configuration if fallback session is configured but primary session is not inline crypto - update documentation for ipsec-secgw tests (MULTI_SEG_TESTS var described) - add release notes - minor commit log changes v4 to v5 changes: - fix build errors related to frag TTL command line option and parse_decimal method v3 to v4 changes: - add info about packet reordering to the documentation regarding fallback session - add patch with --frag-ttl command line option which allows to change fragment lifetime v2 to v3 changes: - doc and commit log update - explicitly state feature limitations v1 to v2 changes: - disable fallback offload for outbound SAs - add test scripts Marcin Smoczynski (4): examples/ipsec-secgw: sa structure cleanup examples/ipsec-secgw: add fallback session feature examples/ipsec-secgw: add frag TTL cmdline option examples/ipsec-secgw: add offload fallback tests doc/guides/rel_notes/release_19_11.rst | 8 + doc/guides/sample_app_ug/ipsec_secgw.rst | 36 +++- examples/ipsec-secgw/esp.c | 35 ++-- examples/ipsec-secgw/ipsec-secgw.c | 56 ++++-- examples/ipsec-secgw/ipsec.c | 99 +++++----- examples/ipsec-secgw/ipsec.h | 61 +++++-- examples/ipsec-secgw/ipsec_process.c | 113 +++++++----- examples/ipsec-secgw/sa.c | 170 +++++++++++++----- .../test/trs_aesgcm_common_defs.sh | 4 +- .../trs_aesgcm_inline_crypto_fallback_defs.sh | 5 + .../test/tun_aesgcm_common_defs.sh | 6 +- .../tun_aesgcm_inline_crypto_fallback_defs.sh | 5 + 12 files changed, 421 insertions(+), 177 deletions(-) create mode 100644 examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_fallback_defs.sh create mode 100644 examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_fallback_defs.sh -- 2.17.1