26/01/2023 15:12, Cristian Dumitrescu: > This patch set introduces a companion block for the SWX pipeline for > IPsec support. > > The IPsec block is external to the pipeline, hence it needs to be > explicitly instantiated by the user and connected to a pipeline > instance through the pipeline I/O ports. > > Main features: > * IPsec inbound (encrypted input packets -> clear text output packets) > and outbound (clear text input packets -> encrypted output packets) > processing support for tunnel and transport modes. > > Interaction of the IPsec block with the pipeline: > * Each IPsec block instance has its own set of Security Associations > (SAs) used to process the input packets. Each SA is identified by its > unique SA ID. The IPsec inbound and outbound SAs share the same ID > space. > * Each input packet is first mapped to one of the existing SAs by > using the SA ID and then processed according to the identified SA. The > SA ID is read from input packet. The SA ID field is typically written > by the pipeline before sending the packet to the IPsec block.
Applied, thanks.
