[vpp-dev] There is bug in patch

Guangming Mon, 26 Sep 2022 19:57:07 -0700

Hi, Zach
     I think there is a bug in patch : perf improvement of ipsec4_input_node 
using flow cache (https://gerrit.fd.io/r/c/vpp/+/32903).
Based on current code ,  multiple spd  rules were created  that include  some 
bypass or discard rule . When one ESP packet was received , we expect it match 
the protect  rule, 
but it is possible that  will match  the bypass or  discard rule by  flow cache 
.
    For exampl, on NAT-T scene,  there is a bypass rule that need forward the 
IKE packet to IKE daemon ,  the  data  packet EPS over UDP that will  match 
this rule.


     [8] priority 2147483647 action bypass type ip4-inbound-bypass protocol UDP
     local addr range 0.0.0.0 - 255.255.255.255 port range 4500 - 4500
     remote addr range 0.0.0.0 - 255.255.255.255 port range 0 - 65535
     packets 0 bytes 0
 

Thanks 
     Guangming


[email protected]

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#21931): https://lists.fd.io/g/vpp-dev/message/21931
Mute This Topic: https://lists.fd.io/mt/93942743/21656
Group Owner: [email protected]
Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/1480452/21656/631435203/xyzzy 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] There is bug in patch

Reply via email to