From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 859C1A04F1;
	Mon,  9 Dec 2019 08:37:28 +0100 (CET)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 590542C12;
	Mon,  9 Dec 2019 08:37:28 +0100 (CET)
Received: from mail-il1-f195.google.com (mail-il1-f195.google.com
 [209.85.166.195]) by dpdk.org (Postfix) with ESMTP id B7DD123D
 for <dev@dpdk.org>; Mon,  9 Dec 2019 08:37:26 +0100 (CET)
Received: by mail-il1-f195.google.com with SMTP id u16so11845361ilg.10
 for <dev@dpdk.org>; Sun, 08 Dec 2019 23:37:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=Cn+I9bCsrDgzAkXXWb8GwozPFgMQOyu41ineooZ/xag=;
 b=kLOQUTvtaLfq26QQlFP8WCH/CBChNCPlFK9DbNnZp2zNKIjRMqf9/BxCqEr2vkmx97
 oMYmAVqFtr+yTyFGD2XebvReKIHnueVLG6JSUvDD21DqxPV/DzUwmExE/SRtO+kWc3P0
 JDS6ck9NYdw4xB22tUzx0fv97rS/sKuebXpVOKbY13Tp6rXkVGmBKATLuVxYx3hFnlWY
 TeCdpgRo5j0Jq+j0gZWX8OIaaib/9vt192ogsp/JVIHCn+ix1hwhwZz4aL+1yp+qM3YV
 qF8YZjAAplJOztNKPz3yD7OUdFb9hYnMhoIeAMTigf1GVrca5CbesFEXReJ31NNr8gmL
 t77A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=Cn+I9bCsrDgzAkXXWb8GwozPFgMQOyu41ineooZ/xag=;
 b=mRdMI3+p9fE6Mi6DHQV9wj3LfNpIgmctAYo4e15hCnvYQ2gsDGJhi2rPg83HhqdXhA
 89x7V9GKTt9ekhK+gi3SRvI1vf6LtMDvXRk8YB33Ki0rRW7LItvP0ynQOmJGXWhdx1Uk
 lJaOp+OBKhyOb68pHWL/5LqDMGB0TnfBx0+pIERAu9dlhvBj8QnVp2RZkAGmNSYxK3Ox
 YJWFFgYrkxH2XJKdvVpUK5rsME/oiKNpmHkNhbI+zW4NFvCeDtvzwxRQ7toAqPtemL+H
 eLAcnkhpHcXLhKtguViksyqc5H7cXdHEhTeNuoFv+y2pX1wk0uAsQetnumZpkyWbY9DC
 jUng==
X-Gm-Message-State: APjAAAX7bSYHqgSzsb9nVE+bsSYkuV9rpAnH0hZuhT3iDn/lk1vnXXxi
 62dUOtCZuTvkG9S+kfYKBymMbUehRDaK463Thyc=
X-Google-Smtp-Source: APXvYqxsGL1CVYbjrNB2moG8dW6dKyDB0RbxFiAlYaofbMEaMZw7sqh05amQM3FW9BBNrrqmChAhHFerFX7EU9CNtbQ=
X-Received: by 2002:a92:aa4d:: with SMTP id j74mr27370862ili.271.1575877045829; 
 Sun, 08 Dec 2019 23:37:25 -0800 (PST)
MIME-Version: 1.0
References: <1575801683-27269-1-git-send-email-anoobj@marvell.com>
In-Reply-To: <1575801683-27269-1-git-send-email-anoobj@marvell.com>
From: Jerin Jacob <jerinjacobk@gmail.com>
Date: Mon, 9 Dec 2019 13:07:09 +0530
Message-ID: <CALBAE1OyQJ=V253rCv5dSsyxKBkPGH+qinghDCd0A+y-db7VBw@mail.gmail.com>
To: Anoob Joseph <anoobj@marvell.com>
Cc: Akhil Goyal <akhil.goyal@nxp.com>,
 Adrien Mazarguil <adrien.mazarguil@6wind.com>, 
 Declan Doherty <declan.doherty@intel.com>,
 Ferruh Yigit <ferruh.yigit@intel.com>, 
 Jerin Jacob <jerinj@marvell.com>, Thomas Monjalon <thomas@monjalon.net>, 
 Ankur Dwivedi <adwivedi@marvell.com>, Hemant Agrawal <hemant.agrawal@nxp.com>, 
 Konstantin Ananyev <konstantin.ananyev@intel.com>,
 Matan Azrad <matan@mellanox.com>, 
 Radu Nicolau <radu.nicolau@intel.com>, Shahaf Shuler <shahafs@mellanox.com>, 
 Narayana Prasad <pathreya@marvell.com>, dpdk-dev <dev@dpdk.org>
Content-Type: text/plain; charset="UTF-8"
Subject: Re: [dpdk-dev] [PATCH] ethdev: allow multiple security sessions to
 use one rte flow
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

On Sun, Dec 8, 2019 at 4:19 PM Anoob Joseph <anoobj@marvell.com> wrote:
>
> The rte_security API which enables inline protocol/crypto feature
> mandates that for every security session an rte_flow is created. This
> would internally translate to a rule in the hardware which would do
> packet classification.
>
> In rte_securty, one SA would be one security session. And if an rte_flow
> need to be created for every session, the number of SAs supported by an
> inline implementation would be limited by the number of rte_flows the
> PMD would be able to support.
>
> If the fields SPI & IP addresses are allowed to be a range, then this
> limitation can be overcome. Multiple flows will be able to use one rule
> for SECURITY processing. In this case, the security session provided as
> conf would be NULL.
>
> Application should do an rte_flow_validate() to make sure the flow is
> supported on the PMD.
>
> Signed-off-by: Anoob Joseph <anoobj@marvell.com>

Reviewed-by: Jerin Jacob <jerinj@marvell.com>


> ---
>  lib/librte_ethdev/rte_flow.h | 6 ++++++
>  1 file changed, 6 insertions(+)
>
> diff --git a/lib/librte_ethdev/rte_flow.h b/lib/librte_ethdev/rte_flow.h
> index 452d359..21fa7ed 100644
> --- a/lib/librte_ethdev/rte_flow.h
> +++ b/lib/librte_ethdev/rte_flow.h
> @@ -2239,6 +2239,12 @@ struct rte_flow_action_meter {
>   * direction.
>   *
>   * Multiple flows can be configured to use the same security session.
> + *
> + * The NULL value is allowed for security session. If security session is NULL,
> + * then SPI field in ESP flow item and IP addresses in flow items 'IPv4' and
> + * 'IPv6' will be allowed to be a range. The rule thus created can enable
> + * SECURITY processing on multiple flows.
> + *
>   */
>  struct rte_flow_action_security {
>         void *security_session; /**< Pointer to security session structure. */
> --
> 2.7.4
>