From: Radu Nicolau <radu.nicolau@intel.com>
To: Anoob Joseph <anoob.joseph@cavium.com>,
Akhil Goyal <akhil.goyal@nxp.com>,
Declan Doherty <declan.doherty@intel.com>,
Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Cc: narayanaprasad.athreya@cavium.com,
jerin.jacobkollanukkaran@cavium.com, dev@dpdk.org
Subject: Re: [dpdk-dev] [PATCH] examples/ipsec-secgw: fix usage of incorrect port
Date: Mon, 13 Nov 2017 17:23:07 +0000 [thread overview]
Message-ID: <4fa0314b-a402-6588-621a-9374d3b90fa4@intel.com> (raw)
In-Reply-To: <1510589635-8868-1-git-send-email-anoob.joseph@cavium.com>
Hi,
Comments below
On 11/13/2017 4:13 PM, Anoob Joseph wrote:
> When security offload is enabled, the packet should be forwarded on the
> port configured in the SA. Security session will be configured on that
> port only, and sending the packet on other ports could result in
> unencrypted packets being sent out.
With a properly configured SP, SA and routing rule this will not happen,
so we don't need to do this fix to make up for a wrongly written
configuration file.
I'm almost sure that the app will behave in the same way (i.e. forward
unencrypted) for lookaside crypto if the configuration is incorrect.
>
> This would have performance improvements too, as the per packet LPM
> lookup would be avoided for IPsec packets, in inline mode.
Yes, there will be some performance gain, but not sure how much
considering that LPM lookup is reasonably fast.
So I'm not sure if ack or nack, maybe Sergio can give a second opinion.
But if ack, you will have to update the patch to include in the doc this
behavior, the port configured in the SA takes precedence over the one in
the routing rule.
Regards,
Radu
next prev parent reply other threads:[~2017-11-13 17:23 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-13 16:13 Anoob Joseph
2017-11-13 17:23 ` Radu Nicolau [this message]
2017-11-13 19:24 ` Anoob Joseph
2017-11-14 12:01 ` Nicolau, Radu
2017-11-14 15:37 ` [dpdk-dev] [PATCH v2] " Anoob Joseph
2017-11-14 16:16 ` Radu Nicolau
2017-11-15 9:41 ` [dpdk-dev] [PATCH v3] " Anoob Joseph
2017-11-24 9:28 ` Akhil Goyal
2017-11-24 9:58 ` Anoob
2017-11-24 10:49 ` Akhil Goyal
2017-11-29 4:21 ` Anoob Joseph
2017-12-04 7:49 ` Akhil Goyal
2017-12-06 11:08 ` Anoob
2017-12-11 10:26 ` Radu Nicolau
2017-12-11 10:38 ` Anoob Joseph
2017-12-11 15:35 ` [dpdk-dev] [PATCH v4] " Anoob Joseph
2017-12-12 6:54 ` Anoob Joseph
2017-12-12 7:34 ` Akhil Goyal
2017-12-12 8:32 ` [dpdk-dev] [PATCH v5] " Anoob Joseph
2017-12-12 11:27 ` Radu Nicolau
2017-12-14 9:01 ` De Lara Guarch, Pablo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4fa0314b-a402-6588-621a-9374d3b90fa4@intel.com \
--to=radu.nicolau@intel.com \
--cc=akhil.goyal@nxp.com \
--cc=anoob.joseph@cavium.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=jerin.jacobkollanukkaran@cavium.com \
--cc=narayanaprasad.athreya@cavium.com \
--cc=sergio.gonzalez.monroy@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).