Hi Marcin, > > diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst > b/doc/guides/sample_app_ug/ipsec_secgw.rst > index ad2d79e75..21b4b4418 100644 > --- a/doc/guides/sample_app_ug/ipsec_secgw.rst > +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst > @@ -401,7 +401,7 @@ The SA rule syntax is shown as follows: > .. code-block:: console > > sa <dir> <spi> <cipher_algo> <cipher_key> <auth_algo> <auth_key> > - <mode> <src_ip> <dst_ip> <action_type> <port_id> > + <mode> <src_ip> <dst_ip> <action_type> <port_id> <fallback> > > where each options means: > > @@ -573,6 +573,28 @@ where each options means: > > * *port_id X* X is a valid device number in decimal > > + ``<fallback>`` > + > + * Action type for ingress IPsec packets that inline processor failed to > + process. IPsec anti-replay window and ESN is supported with fallback > + processing session only when primary session is *lookaside-crypto-offload*
You probably meant here 'inline-crypto-offload'? > + and fallback session is *lookaside-none*.
