Hi all, Reminder...!
If there are no concerns, I'll send the patch after adding the required changes in ipsec-secgw as well. Thanks, Anoob > -----Original Message----- > From: Anoob Joseph <ano...@marvell.com> > Sent: Friday, August 2, 2019 11:05 AM > To: Anoob Joseph <ano...@marvell.com>; Akhil Goyal > <akhil.go...@nxp.com>; Adrien Mazarguil <adrien.mazarg...@6wind.com>; > Declan Doherty <declan.dohe...@intel.com>; Pablo de Lara > <pablo.de.lara.gua...@intel.com>; Thomas Monjalon > <tho...@monjalon.net> > Cc: Jerin Jacob Kollanukkaran <jer...@marvell.com>; Narayana Prasad Raju > Athreya <pathr...@marvell.com>; Ankur Dwivedi > <adwiv...@marvell.com>; Shahaf Shuler <shah...@mellanox.com>; > Hemant Agrawal <hemant.agra...@nxp.com>; Matan Azrad > <ma...@mellanox.com>; Yongseok Koh <ys...@mellanox.com>; Wenzhuo > Lu <wenzhuo...@intel.com>; Konstantin Ananyev > <konstantin.anan...@intel.com>; Radu Nicolau <radu.nico...@intel.com>; > dev@dpdk.org > Subject: RE: [RFC] ethdev: allow multiple security sessions to use one rte > flow > > Hi Akhil, Adrien, Declan, Pablo, > > Can you review this proposal and share your feedback? > > Thanks, > Anoob > > > -----Original Message----- > > From: Anoob Joseph <ano...@marvell.com> > > Sent: Wednesday, July 24, 2019 7:47 PM > > To: Akhil Goyal <akhil.go...@nxp.com>; Adrien Mazarguil > > <adrien.mazarg...@6wind.com>; Declan Doherty > > <declan.dohe...@intel.com>; Pablo de Lara > > <pablo.de.lara.gua...@intel.com>; Thomas Monjalon > > <tho...@monjalon.net> > > Cc: Anoob Joseph <ano...@marvell.com>; Jerin Jacob Kollanukkaran > > <jer...@marvell.com>; Narayana Prasad Raju Athreya > > <pathr...@marvell.com>; Ankur Dwivedi <adwiv...@marvell.com>; > Shahaf > > Shuler <shah...@mellanox.com>; Hemant Agrawal > > <hemant.agra...@nxp.com>; Matan Azrad <ma...@mellanox.com>; > Yongseok > > Koh <ys...@mellanox.com>; Wenzhuo Lu <wenzhuo...@intel.com>; > > Konstantin Ananyev <konstantin.anan...@intel.com>; Radu Nicolau > > <radu.nico...@intel.com>; dev@dpdk.org > > Subject: [RFC] ethdev: allow multiple security sessions to use one rte > > flow > > > > The rte_security API which enables inline protocol/crypto feature > > mandates that for every security session an rte_flow is created. This > > would internally translate to a rule in the hardware which would do packet > classification. > > > > In rte_securty, one SA would be one security session. And if an > > rte_flow need to be created for every session, the number of SAs > > supported by an inline implementation would be limited by the number > > of rte_flows the PMD would be able to support. > > > > If the fields SPI & IP addresses are allowed to be a range, then this > > limitation can be overcome. Multiple flows will be able to use one > > rule for SECURITY processing. In this case, the security session provided as > conf would be NULL. > > > > Application should do an rte_flow_validate() to make sure the flow is > > supported on the PMD. > > > > Signed-off-by: Anoob Joseph <ano...@marvell.com> > > --- > > lib/librte_ethdev/rte_flow.h | 6 ++++++ > > 1 file changed, 6 insertions(+) > > > > diff --git a/lib/librte_ethdev/rte_flow.h > > b/lib/librte_ethdev/rte_flow.h index f3a8fb1..4977d3c 100644 > > --- a/lib/librte_ethdev/rte_flow.h > > +++ b/lib/librte_ethdev/rte_flow.h > > @@ -1879,6 +1879,12 @@ struct rte_flow_action_meter { > > * direction. > > * > > * Multiple flows can be configured to use the same security session. > > + * > > + * The NULL value is allowed for security session. If security > > + session is NULL, > > + * then SPI field in ESP flow item and IP addresses in flow items > > + 'IPv4' and > > + * 'IPv6' will be allowed to be a range. The rule thus created can > > + enable > > + * SECURITY processing on multiple flows. > > + * > > */ > > struct rte_flow_action_security { > > void *security_session; /**< Pointer to security session structure. > > */ > > -- > > 2.7.4