From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 28DE0A3160 for ; Fri, 11 Oct 2019 16:40:56 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 11E261EAFD; Fri, 11 Oct 2019 16:40:55 +0200 (CEST) Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70080.outbound.protection.outlook.com [40.107.7.80]) by dpdk.org (Postfix) with ESMTP id 38FF91EAED for ; Fri, 11 Oct 2019 16:40:53 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=d0yzstzHjOdSR1NR/uVgobqlUjDcidn97nwM+VvaPx3WN2sD0fwWkD1Ch1W1YICEhXCXWfAUf46xJ8KN7BQJ6uTzHptoZNBU96ad37d21pCUc6CuDErR3ZoqE16vVBKsDHI49tsbrZDAOa88ktXRX2AVUCtuD+HS3jAHDvi1z0utZlmkltgs54ZSpEZa228C1X0wZJDG5d1pzLnPGbVXP+lKbuBw74ixEw4fu+/FmtrjVTA6WVtlCNQqd54yNqJKs++ECXohlr3kiXe+weaTgJ2MrQ5yYTs+2Xb/AeJ976OOvdl4mEYVlhA51JXosk5jXKaZj88v7Vaixe+IjC+PPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UZYESrTWTC+LdFvkU9xuKn+m/F+zHM4Cq8DDvgd4uJQ=; b=Oc82XNV+HjKrPLaZDb+8E3w5T8xlX6itzwGoazz3/w25xi18xYALBtCtPIZxssOkRNflF3o1yu8Wcs9NpUGc8cXROC/9AmQ2xUKLUB4EBEDtVMslnEV4no1Fapc9BAZdiNc+0IhtOC3i5qIKJsrCsj6/XtSEcFNyrXm0CEWSTS93zmO9pEOA3HIClkwxT1VUbKrWQy/VrOguW2A1fIyDGoFYL2/8swMhpK9mCoacTjonKrMGrq6a/6xc2eQTUnL4abTNwDttzxEDbz+fTeJ/LlcFN1ZZj05CZGmGaV+UcKXZp0qFKRA8qeZIpRuxv4BZ6RLPtBAvojVbw+/ht5NQmg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UZYESrTWTC+LdFvkU9xuKn+m/F+zHM4Cq8DDvgd4uJQ=; b=rUD/YAw7BbB5gilTpCoV4MTcJdA6D/shph1kVFRJ7o2aRlBd8zeYIxmrlMyQ5XINAfrIjZ6jhSG2bv4KmkOW8VlL0keep4w99J7MembfEI/fG2GAew7vlnqUJ2wPEDr2ZYBvGgwR7bjTuSfj/kk7zwb3J74Zx6KMeYwG/T1I9MQ= Received: from VE1PR04MB6639.eurprd04.prod.outlook.com (10.255.118.11) by VE1PR04MB6734.eurprd04.prod.outlook.com (20.179.234.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.16; Fri, 11 Oct 2019 14:40:52 +0000 Received: from VE1PR04MB6639.eurprd04.prod.outlook.com ([fe80::c045:5df2:ba1f:c3ee]) by VE1PR04MB6639.eurprd04.prod.outlook.com ([fe80::c045:5df2:ba1f:c3ee%5]) with mapi id 15.20.2347.021; Fri, 11 Oct 2019 14:40:52 +0000 From: Akhil Goyal To: Marcin Smoczynski , "anoobj@marvell.com" , "konstantin.ananyev@intel.com" CC: "dev@dpdk.org" , Bernard Iremonger Thread-Topic: [PATCH v6 2/4] examples/ipsec-secgw: add fallback session feature Thread-Index: AQHVfQ+f6n+h9q1Je0OlT9XliJfw5KdVg9MA Date: Fri, 11 Oct 2019 14:40:52 +0000 Message-ID: References: <20190927155446.19136-1-marcinx.smoczynski@intel.com> <20191007130254.3064-1-marcinx.smoczynski@intel.com> <20191007130254.3064-3-marcinx.smoczynski@intel.com> In-Reply-To: <20191007130254.3064-3-marcinx.smoczynski@intel.com> Accept-Language: en-IN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=akhil.goyal@nxp.com; x-originating-ip: [92.120.1.65] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: bf223a23-62ba-495c-5e19-08d74e5903fe x-ms-office365-filtering-ht: Tenant x-ms-traffictypediagnostic: VE1PR04MB6734: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 0187F3EA14 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(39860400002)(396003)(366004)(136003)(376002)(53754006)(199004)(189003)(110136005)(76176011)(54906003)(14454004)(25786009)(316002)(2501003)(33656002)(52536014)(86362001)(2201001)(478600001)(5660300002)(6246003)(4326008)(81156014)(74316002)(7696005)(8936002)(81166006)(66946007)(102836004)(8676002)(305945005)(64756008)(76116006)(66066001)(486006)(99286004)(6506007)(256004)(2906002)(55016002)(66446008)(11346002)(446003)(9686003)(476003)(44832011)(3846002)(6116002)(66556008)(71200400001)(6436002)(26005)(66476007)(186003)(71190400001)(7736002)(229853002); DIR:OUT; SFP:1101; SCL:1; SRVR:VE1PR04MB6734; H:VE1PR04MB6639.eurprd04.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: nxp.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: cLkJ9Z4wxbBBFE3zNqmD2MjWpxH8dlACTDvZAPGWWdN/uZ0pEf9kuKHTCgZ5ssOa6QLU0VcnXAEovytxIGStOd3QEU0aj0ygFcTWkF31m1KEDYEfDroIqLwIWHNwF2UXx899LIMOQ1OIPVNwTRN8GxJcPTvHYDy6qPG7dDbdYSKM4f7kJFtlKPj6s4Za/+TL8Hie3F3+LU5Ez1VBCJZENlEpzdQF9cLYjpXezq9fzVg91mQTdEh3wV/aE8SPIolPPi6hD2WiDGmseMluZRANcIJ9D9G+YoGTA6r9Nh+wJ8XsnXVGQxBWL91wCKrnGJaWLIO1ybi08OoTU64tBASGPZQZoxYpggLxShxtZKOWY0h6PUlnU7tAlvCVeHY3DRCvFNbgLsXIsQg9iOPrEnrmfsHr0NIKg03XR5aZBL4Mq+g= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: bf223a23-62ba-495c-5e19-08d74e5903fe X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Oct 2019 14:40:52.1262 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: eddimioyZt40fVPz6v6aaeF7LoBnnL4doLNnWSbkej3yow7PH/D8SikNOGG1vijRL8rrpnaOvhgfEVf7860nAA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR04MB6734 Subject: Re: [dpdk-dev] [PATCH v6 2/4] examples/ipsec-secgw: add fallback session feature X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi All, >=20 > Inline processing is limited to a specified subset of traffic. It is > often unable to handle more complicated situations, such as fragmented > traffic. When using inline processing such traffic is dropped. >=20 > Introduce fallback session for inline processing allowing processing > packets that normally would be dropped. A fallback session is > configured by adding 'fallback' keyword with 'lookaside-none' or > 'lookaside-protocol' parameter to an SA configuration. >=20 > Using IPsec anti-replay window or ESN feature with fallback session is > not yet supported when primary session is of type > 'inline-protocol-offload' or fallback session is 'lookaside-protocol' > because SA sequence number is not synchronized between software and > hardware sessions. Fallback sessions are also limited to ingress IPsec > traffic. >=20 > Fallback session feature is not available in the legacy mode. >=20 I started looking this patch, but some initial thoughts looking at the patc= h description. When you say a fallback session will be a lookaside none or lookaside proto= col, the packet will be processed asynchronously and might as well reorder. The best possible solution for this would be the synchronous API which are = in talks in another patchset or use a SW PMD(eg. Openssl etc.) session and wait till= you get the packet dequeued. So effectively async APIs will be used to behave synchronously. You can not use hardware PMD session as it will perform very badly for fall= back packets Because you have to wait till the packet is not getting dequeued back. Having said that, you won't find a device or a scenario where you can use Inline crypto as primary and lookaside proto as fallback. It can only be like inline crypto as primary and lookaside none as fallback= . BTW, I am ok with Patch 1/4 and 3/4. If no objections from the community, I= can pick those. -Akhil > Acked-by: Konstantin Ananyev > Tested-by: Bernard Iremonger > Signed-off-by: Marcin Smoczynski > ---