[dpdk-dev] [EXT] [PATCH v3] examples/ipsec-secgw: support flow director feature

[Shetty, Praveen]

-----Original Message-----
From: Akhil Goyal <akhil.goyal at nxp.com> 
Sent: Friday, April 3, 2020 11:22 AM
To: Anoob Joseph <anoobj at marvell.com>; Shetty, Praveen <praveen.shetty at intel.com>; dev at dpdk.org; Doherty, Declan <declan.doherty at intel.com>
Cc: Iremonger, Bernard <bernard.iremonger at intel.com>; Ananyev, Konstantin <konstantin.ananyev at intel.com>
Subject: RE: [EXT] [PATCH v3] examples/ipsec-secgw: support flow director feature

> > > diff --git a/examples/ipsec-secgw/ipsec.c 
> > > b/examples/ipsec-secgw/ipsec.c index d40657102..76ee9dbcf 100644
> > > --- a/examples/ipsec-secgw/ipsec.c
> > > +++ b/examples/ipsec-secgw/ipsec.c
> > > @@ -418,6 +418,73 @@ create_inline_session(struct socket_ctx 
> > > *skt_ctx, struct ipsec_sa *sa,
> > >  	return 0;
> > >  }
> > >
> > > +int
> > > +create_ipsec_esp_flow(struct ipsec_sa *sa) {
> > > +	int ret = 0;
> > > +	struct rte_flow_error err;
> > > +	if (sa->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS)
> > > +		return 0; /* No Flow director rules for Egress traffic */
> >
> > [Anoob] Any reason why this is not relevant for Egress.
> >
> > [Praveen] we don't see an use case for load distribution across 
> > ingress queues for outbound IPsec traffic therefore we have limited 
> > this configuration to inbound IPsec processing, as this is the only use case we can verify.
> 
> [Anoob] Why do you say load distribution for ingress queues is not 
> required but is required for egress? I would say the use case is the same in either direction.
> 
> Said that, adding just egress should be fine. I leave this to Akhil's judgement.
> 

I believe it does not matter for EGRESS in most hardwares, INGRESS flows should have distribution. I think your comments are just reverse but The code is inline with my understanding.

[Praveen] 
Current implementation is only for ingress traffic load distribution therefore it is applicable only for inbound IPsec traffic.