diff options
Diffstat (limited to 'doc/guides/sample_app_ug')
-rw-r--r-- | doc/guides/sample_app_ug/ipsec_secgw.rst | 10 | ||||
-rw-r--r-- | doc/guides/sample_app_ug/keep_alive.rst | 2 |
2 files changed, 10 insertions, 2 deletions
diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst index d6cfdbf7..ae18acdd 100644 --- a/doc/guides/sample_app_ug/ipsec_secgw.rst +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst @@ -61,6 +61,12 @@ In case of complete protocol offload, the processing of headers(ESP and outer IP header) is done by the hardware and the application does not need to add/remove them during outbound/inbound processing. +For inline offloaded outbound traffic, the application will not do the LPM +lookup for routing, as the port on which the packet has to be forwarded will be +part of the SA. Security parameters will be configured on that port only, and +sending the packet on other ports could result in unencrypted packets being +sent out. + The Path for IPsec Inbound traffic is: * Read packets from the port. @@ -543,7 +549,9 @@ where each options means: ``<port_id>`` * Port/device ID of the ethernet/crypto accelerator for which the SA is - configured. This option is used when *type* is NOT *no-offload* + configured. For *inline-crypto-offload* and *inline-protocol-offload*, this + port will be used for routing. The routing table will not be referred in + this case. * Optional: No, if *type* is not *no-offload* diff --git a/doc/guides/sample_app_ug/keep_alive.rst b/doc/guides/sample_app_ug/keep_alive.rst index 9b8be489..6c131a86 100644 --- a/doc/guides/sample_app_ug/keep_alive.rst +++ b/doc/guides/sample_app_ug/keep_alive.rst @@ -168,5 +168,5 @@ The rte_keepalive_mark_alive function simply sets the core state to alive. static inline void rte_keepalive_mark_alive(struct rte_keepalive *keepcfg) { - keepcfg->state_flags[rte_lcore_id()] = ALIVE; + keepcfg->live_data[rte_lcore_id()].core_state = RTE_KA_STATE_ALIVE; } |