+ if (strcmp(tokens[ti], "fallback") == 0) {
+ struct rte_ipsec_session *fb;
+
+ APP_CHECK(app_sa_prm.enable, status, "Fallback session "
+ "not allowed for legacy mode.");
+ if (status->status < 0)
+ return;
+ APP_CHECK(ips->type ==
+ RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO, status,
+ "Fallback session allowed if primary session "
+ "is of type inline-crypto-offload only.");
+ if (status->status < 0)
+ return;
+ APP_CHECK(rule->direction ==
+ RTE_SECURITY_IPSEC_SA_DIR_INGRESS, status,
+ "Fallback session not allowed for egress "
+ "rule");
+ if (status->status < 0)
+ return;
+ APP_CHECK_PRESENCE(fallback_p, tokens[ti], status);
+ if (status->status < 0)
+ return;
+ INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
+ if (status->status < 0)
+ return;
+ fb = ipsec_get_fallback_session(rule);
+ if (strcmp(tokens[ti], "lookaside-none") == 0)
+ fb->type = RTE_SECURITY_ACTION_TYPE_NONE;
+ else if (strcmp(tokens[ti], "cpu-crypto") == 0)
+ fb->type = RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO;
+ else {
+ APP_CHECK(0, status, "unrecognized fallback "
+ "type %s.", tokens[ti]);
+ return;
+ }
+
+ rule->fallback_sessions = 1;
+ fallback_p = 1;
+ continue;
+ }
+ if (strcmp(tokens[ti], "flow-direction") == 0) {
+ switch (ips->type) {
+ case RTE_SECURITY_ACTION_TYPE_NONE:
+ case RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO:
+ rule->fdir_flag = 1;
+ INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
+ if (status->status < 0)
+ return;
+ if (rule->portid == UINT16_MAX)
+ rule->portid = atoi(tokens[ti]);
+ else if (rule->portid != atoi(tokens[ti])) {
+ APP_CHECK(0, status,
+ "portid %s not matching with already assigned portid %u",
+ tokens[ti], rule->portid);
+ return;
+ }
+ INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
+ if (status->status < 0)
+ return;
+ rule->fdir_qid = atoi(tokens[ti]);
+ /* validating portid and queueid */
+ status_p = check_flow_params(rule->portid,
+ rule->fdir_qid);
+ if (status_p < 0) {
+ printf("port id %u / queue id %u is "
+ "not valid\n", rule->portid,
+ rule->fdir_qid);
+ }
+ break;
+ case RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO:
+ case RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL:
+ case RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL:
+ default:
+ APP_CHECK(0, status,
+ "flow director not supported for security session type %d",
+ ips->type);
+ return;
+ }
+ continue;
+ }
+