Hi everyone,
For 19.05 we plan to extend librte_ipsec with proper support of construction/updating inner/outer ipv4/ipv6 fields as described in https://tools.ietf.org/html/rfc4301#section-5.1.2. So few questions regarding struct rte_security_ipsec_sa_options fields. 1. dec_ttl - as I can see there is no PMD that supports this option right now. I wonder are there any plans to add support for it? If yes, what is expected HW/PMD behavior when TTL reaches zero? Would the packet will be silently dropped by HW/PMD, or would some sort of error returned to the user (via mbuf->ol_flags)? From SW point of view - it probably much easier/cleaner to remove that option and let upper layer to decrement TTL if needed (as it is inner IP header only). 2. It seems there is no fields to configure ECN construction/update settings. Hopefully there would be no generic objections to add some new field(s) here for ECN? Thanks Konstantin
