[dpdk-dev] [EXT] [PATCH v3] examples/ipsec-secgw: support flow director feature
Shetty, Praveen
praveen.shetty at intel.com
Fri Apr 3 12:21:28 CEST 2020
-----Original Message-----
From: Akhil Goyal <akhil.goyal at nxp.com>
Sent: Friday, April 3, 2020 11:22 AM
To: Anoob Joseph <anoobj at marvell.com>; Shetty, Praveen <praveen.shetty at intel.com>; dev at dpdk.org; Doherty, Declan <declan.doherty at intel.com>
Cc: Iremonger, Bernard <bernard.iremonger at intel.com>; Ananyev, Konstantin <konstantin.ananyev at intel.com>
Subject: RE: [EXT] [PATCH v3] examples/ipsec-secgw: support flow director feature
> > > diff --git a/examples/ipsec-secgw/ipsec.c
> > > b/examples/ipsec-secgw/ipsec.c index d40657102..76ee9dbcf 100644
> > > --- a/examples/ipsec-secgw/ipsec.c
> > > +++ b/examples/ipsec-secgw/ipsec.c
> > > @@ -418,6 +418,73 @@ create_inline_session(struct socket_ctx
> > > *skt_ctx, struct ipsec_sa *sa,
> > > return 0;
> > > }
> > >
> > > +int
> > > +create_ipsec_esp_flow(struct ipsec_sa *sa) {
> > > + int ret = 0;
> > > + struct rte_flow_error err;
> > > + if (sa->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS)
> > > + return 0; /* No Flow director rules for Egress traffic */
> >
> > [Anoob] Any reason why this is not relevant for Egress.
> >
> > [Praveen] we don't see an use case for load distribution across
> > ingress queues for outbound IPsec traffic therefore we have limited
> > this configuration to inbound IPsec processing, as this is the only use case we can verify.
>
> [Anoob] Why do you say load distribution for ingress queues is not
> required but is required for egress? I would say the use case is the same in either direction.
>
> Said that, adding just egress should be fine. I leave this to Akhil's judgement.
>
I believe it does not matter for EGRESS in most hardwares, INGRESS flows should have distribution. I think your comments are just reverse but The code is inline with my understanding.
[Praveen]
Current implementation is only for ingress traffic load distribution therefore it is applicable only for inbound IPsec traffic.
More information about the dev
mailing list