From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id BB855A057B; Wed, 1 Apr 2020 15:27:01 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 61766375B; Wed, 1 Apr 2020 15:27:01 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by dpdk.org (Postfix) with ESMTP id 59709F12 for ; Wed, 1 Apr 2020 15:26:59 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 031DQNPN027702; Wed, 1 Apr 2020 06:26:58 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=pfpt0818; bh=KkkKC6oMcTwgdhOSyJ4isnAGfGZqyglsR6jWwWG4LbM=; b=tw3xAvUt0bNDzlIvFh5vD+ww6aCR8R6aX2/0nR+kUcBfwA5k008g5HbW7lcMPF8HVJoT jrpnywq4jFdQM/N0kwV24juD0PBKuxxskVFVVrwPWGRBceQBaoOjMviRNEumVjMYzd50 eIzTQmJZpGkv+rqJ20pchMMZ0/m5Ei8bQwxsFUytC/FACxdGMjTffkqC+hXjVfKWAuu2 cjVom8/K+Ug8BLT0H5Y+aq9zmSgrMJ5wQ6iS26nbPlmyUkuZSJgrvBax3elV4UMlSGLi Km3CG/CmuNHmGTFB02rGoPDPZY5T4T6tCnFXVScrslWz6No8ayKzcbq6rsT0CSCzUu0M hQ== Received: from sc-exch03.marvell.com ([199.233.58.183]) by mx0a-0016f401.pphosted.com with ESMTP id 304855n3kd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 01 Apr 2020 06:26:58 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by SC-EXCH03.marvell.com (10.93.176.83) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 1 Apr 2020 06:26:56 -0700 Received: from SC-EXCH03.marvell.com (10.93.176.83) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 1 Apr 2020 06:26:56 -0700 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.105) by SC-EXCH03.marvell.com (10.93.176.83) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Wed, 1 Apr 2020 06:26:55 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=T0lJDls3DL9cWrwdAvmMxhJfKEkpvdiSHkScDuV5/dgHTbmkXcxzh8WBv+CeW1+qgCKAuJbnJaesanbLeZPpuwxAG8/P5i7h8IX4gybv3uX6HfMaaNHTl5LMN5HHS8R7FTmmNzlHZulr8/8ApkE+QSBWWw1Fyq/sSq8vMVsx5iPEJU1+XGaYEVVy04zfJ5bVwvImn55fkb+RiKNEUezLuM9PEy9Luf6+C85dw7NAQ21dI41yqF5q96nHzV4cZwBHJhYVDhZFsl6k9XgeFhLKdnQztSyyTdPSSdXJOj5eNFhvnVLv40bPkzc+MhTunrhnYBhUThladyqlW4V9/91OHQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KkkKC6oMcTwgdhOSyJ4isnAGfGZqyglsR6jWwWG4LbM=; b=dYp2zurqWrgz54SXcEobMPUMq3UVpUS5iPXb/wGF7cocX1LjsThGnao5d/3SKtgAc+tH2l7i+gRJZg+B0Ql9Xlw+L6qz9RupoizKhZk9qeoys6gtohbVZwBO+pGHPryLGQzHZT3JhWjVDFxuMOrBhTX7dhOmLNUvrbZUWB2GhXzQYIejy+LYweBhKtMUSnfgOrXK7pePVCYZ716NXIICoevsrdLlAiwMbN0fKdpbsSKP35mQHSbD3mQQUl8J6DvQjYWPQPdxg8Sv0Fh7XfSXUrXn4yz4+OfGvAjr27YS+1GK3h2zmNTcGzF4MjqHaJY+p9P2aaO6tU6REwenYm8rJg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com; dkim=pass header.d=marvell.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.onmicrosoft.com; s=selector1-marvell-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KkkKC6oMcTwgdhOSyJ4isnAGfGZqyglsR6jWwWG4LbM=; b=pD80v66L1UvhDg8YS51DA/OKJKaRy9fdjiI5Wt9EPI71rTCoHK+NVw4Pj+Gm7ZCXqjdG/yl/yB+/YvKrwxLTKAcS8KDkh97/aW6Z7T0Da8+3Q1t1DwQfYagLLBXCde7eM8RMk1YAh1yiFbE3Rn4qbZpgKC/Kk/3Zaqq/AlVwXwA= Received: from MN2PR18MB2877.namprd18.prod.outlook.com (2603:10b6:208:3b::26) by MN2PR18MB2703.namprd18.prod.outlook.com (2603:10b6:208:3f::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2856.20; Wed, 1 Apr 2020 13:26:54 +0000 Received: from MN2PR18MB2877.namprd18.prod.outlook.com ([fe80::648f:e7fa:f95e:191b]) by MN2PR18MB2877.namprd18.prod.outlook.com ([fe80::648f:e7fa:f95e:191b%2]) with mapi id 15.20.2856.019; Wed, 1 Apr 2020 13:26:54 +0000 From: Anoob Joseph To: Akhil Goyal , Praveen Shetty , "dev@dpdk.org" , "declan.doherty@intel.com" CC: "bernard.iremonger@intel.com" , "konstantin.ananyev@intel.com" Thread-Topic: [dpdk-dev] [PATCH v3] examples/ipsec-secgw: support flow director feature Thread-Index: AQHWCCg+6aHYiYJkN06iD2MB1/AmRKhkQOmA Date: Wed, 1 Apr 2020 13:26:54 +0000 Message-ID: References: <20200319162145.28906-1-praveen.shetty@intel.com> <20200331130211.24761-1-praveen.shetty@intel.com> In-Reply-To: Accept-Language: en-IN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [34.98.205.117] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: ebf558d5-c521-4fe9-fbae-08d7d6405866 x-ms-traffictypediagnostic: MN2PR18MB2703: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2958; x-forefront-prvs: 03607C04F0 x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR18MB2877.namprd18.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(136003)(396003)(376002)(366004)(346002)(39860400002)(478600001)(6506007)(7696005)(71200400001)(30864003)(86362001)(4326008)(5660300002)(53546011)(186003)(316002)(64756008)(52536014)(26005)(81166006)(66446008)(66946007)(81156014)(55016002)(54906003)(110136005)(9686003)(33656002)(76116006)(66476007)(66556008)(8936002)(2906002); DIR:OUT; SFP:1101; received-spf: None (protection.outlook.com: marvell.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: nsRhJXxI+9Zr2/3Bmdozhdmzhegm2JqUSb23bF2WaPc598UlqPILPtTKke5u44McdpmvaCmfLK5HmRQINRBZfJg/kF5DMf1sQ4hqDPOrawuCPGQ/i1u7rx5y7m5djWecl/zBr88EVkzJrGjJjxOVPLQd40l+KKhCY/8B/GgHquDKR3xmlpkFAaKhbANh0AXFRmUAcpYy1NsQS9pQRiU0+HD6/gynlt5Nvc79d030APCni5BZED0Yu4Xr61oQwwKwH4BcinivuM0anme3ZSOOJbjOAe1qsFJAdwG3qnvKl9sHESGViqDHcWjC7KCwHaZBBYklwIcGJO9EBOslYrg+KzN2i2eC5w0+TZ26XHcKCeUg32SdhpqAff0y5NqXKwzy/yFdFFyZSfphJP9HC+Y1eLI+BJahwMMdBtuCsLGeMTKCtXRiMDKzPlCRA+ePGpEB x-ms-exchange-antispam-messagedata: fNi+AJ55Gwhn4PRzy4o7quAPTP366CD39sAbfTLOYaGg5O8qWZ5tUaq7DdUk1PdMWZXghNQl2fewvJPp5w9x75XJ1lQjqUXgwGjH4DshV2FcopJiC61IB83zM6jXRsJ9783GezHucN2/KW9tVlMDPQ== x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: ebf558d5-c521-4fe9-fbae-08d7d6405866 X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Apr 2020 13:26:54.4680 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: bKpOobjDyaPbVhXsly2wJ55JdEnB8zuORMLgfklUCkHrnJ9jZb+bvNlyuEYt002xRzOE8TVmCclefuHoBSoB6g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR18MB2703 X-OriginatorOrg: marvell.com X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.676 definitions=2020-04-01_01:2020-03-31, 2020-03-31 signatures=0 Subject: Re: [dpdk-dev] [PATCH v3] examples/ipsec-secgw: support flow director feature X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Akhil, Praveen, Can't rte_flow and RSS co-exist? In rte_flow there is an ACTION type RSS in= addition to QUEUE. With this patch, if rte_flow is enabled on any SA, then= RSS would be disabled for the entire port. Is that the right behavior? And= if we have to address this later, what would be the course of action? Also, is flow director the right name we should use? Internally it is rte_f= low, right?=20 Thanks, Anoob > -----Original Message----- > From: Akhil Goyal > Sent: Wednesday, April 1, 2020 6:50 PM > To: Praveen Shetty ; dev@dpdk.org; > declan.doherty@intel.com; Anoob Joseph > Cc: bernard.iremonger@intel.com; konstantin.ananyev@intel.com > Subject: [EXT] RE: [dpdk-dev] [PATCH v3] examples/ipsec-secgw: support fl= ow > director feature >=20 > External Email >=20 > ---------------------------------------------------------------------- > Hi Praveen, >=20 > Sorry for being late to reply on this, Please delegate the patches proper= ly from > next time in patchworks. > This patch was neither delegated to me, nor I was in to/cc. So it got mis= sed. >=20 > > > > Support load distribution in security gateway application using NIC > > load distribution feature(Flow Director). > > Flow Director is used to redirect the specified inbound ipsec flow to > > a specified queue.This is achieved by extending the SA rule syntax to > > support specification by adding new action_type of to > > a specified . > > >=20 > Please add documentation (doc/guides/sample_app_ug/ipsec_secgw.rst) > changes to explain the new parameter. >=20 > > Signed-off-by: Praveen Shetty > > --- > > v3 changes: > > Incorporated Anoob review comments on v2. > > >=20 >=20 >=20 > > diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec- > > secgw/ipsec-secgw.c index ce36e6d9c..4400b075c 100644 > > --- a/examples/ipsec-secgw/ipsec-secgw.c > > +++ b/examples/ipsec-secgw/ipsec-secgw.c > > @@ -246,6 +246,30 @@ static struct rte_eth_conf port_conf =3D { > > .txmode =3D { > > .mq_mode =3D ETH_MQ_TX_NONE, > > }, > > + .fdir_conf =3D { >=20 > Fdir_conf is a deprecated parameter. It is not good to introduce Somethin= g new > in the application with a deprecated parameter. > Please use the recommended way to configure flows. >=20 > > + .mode =3D RTE_FDIR_MODE_NONE, > > + .pballoc =3D RTE_FDIR_PBALLOC_64K, > > + .status =3D RTE_FDIR_REPORT_STATUS, > > + .mask =3D { > > + .vlan_tci_mask =3D 0xFFEF, > > + .ipv4_mask =3D { > > + .src_ip =3D 0xFFFFFFFF, > > + .dst_ip =3D 0xFFFFFFFF, > > + }, > > + .ipv6_mask =3D { > > + .src_ip =3D {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, > > + 0xFFFFFFFF}, > > + .dst_ip =3D {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, > > + 0xFFFFFFFF}, > > + }, > > + .src_port_mask =3D 0xFFFF, > > + .dst_port_mask =3D 0xFFFF, > > + .mac_addr_byte_mask =3D 0xFF, > > + .tunnel_type_mask =3D 1, > > + .tunnel_id_mask =3D 0xFFFFFFFF, > > + }, > > + .drop_queue =3D 127, > > + } > > }; > > > > struct socket_ctx socket_ctx[NB_SOCKETS]; @@ -1183,6 +1207,28 @@ > > ipsec_poll_mode_worker(void) > > } > > } > > > > +int > > +check_flow_params(uint16_t fdir_portid, uint8_t fdir_qid) { > > + uint16_t i; > > + uint16_t portid; > > + uint8_t queueid; > > + > > + for (i =3D 0; i < nb_lcore_params; ++i) { > > + portid =3D lcore_params_array[i].port_id; > > + if (portid =3D=3D fdir_portid) { > > + queueid =3D lcore_params_array[i].queue_id; > > + if (queueid =3D=3D fdir_qid) > > + break; > > + } > > + > > + if (i =3D=3D nb_lcore_params - 1) > > + return -1; > > + } > > + > > + return 1; > > +} > > + > > static int32_t > > check_poll_mode_params(struct eh_conf *eh_conf) { @@ -2813,6 > > +2859,15 @@ main(int32_t argc, char **argv) > > > > sa_check_offloads(portid, &req_rx_offloads[portid], > > &req_tx_offloads[portid]); > > + /* check if FDIR is configured on the port */ > > + if (check_fdir_configured(portid)) { > > + /* Enable FDIR */ > > + port_conf.fdir_conf.mode =3D > > RTE_FDIR_MODE_PERFECT; > > + /* Disable RSS */ > > + port_conf.rxmode.mq_mode =3D ETH_MQ_RX_NONE; > > + port_conf.rx_adv_conf.rss_conf.rss_hf =3D 0; > > + port_conf.rx_adv_conf.rss_conf.rss_key =3D NULL; > > + } > > port_init(portid, req_rx_offloads[portid], > > req_tx_offloads[portid]); > > } > > diff --git a/examples/ipsec-secgw/ipsec.c > > b/examples/ipsec-secgw/ipsec.c index d40657102..76ee9dbcf 100644 > > --- a/examples/ipsec-secgw/ipsec.c > > +++ b/examples/ipsec-secgw/ipsec.c > > @@ -418,6 +418,73 @@ create_inline_session(struct socket_ctx *skt_ctx, > > struct ipsec_sa *sa, > > return 0; > > } > > > > +int > > +create_ipsec_esp_flow(struct ipsec_sa *sa) { > > + int ret =3D 0; > > + struct rte_flow_error err; > > + if (sa->direction =3D=3D RTE_SECURITY_IPSEC_SA_DIR_EGRESS) > > + return 0; /* No Flow director rules for Egress traffic */ > > + if (sa->flags =3D=3D TRANSPORT) { > > + RTE_LOG(ERR, IPSEC, > > + "No Flow director rule for transport mode:"); > > + return -1; > > + } > > + sa->action[0].type =3D RTE_FLOW_ACTION_TYPE_QUEUE; > > + sa->pattern[0].type =3D RTE_FLOW_ITEM_TYPE_ETH; > > + sa->action[0].conf =3D > > + &(struct rte_flow_action_queue){ > > + .index =3D sa->fdir_qid, > > + }; > > + sa->attr.egress =3D 0; > > + sa->attr.ingress =3D 1; > > + if (IS_IP6(sa->flags)) { > > + sa->pattern[1].mask =3D &rte_flow_item_ipv6_mask; > > + sa->pattern[1].type =3D RTE_FLOW_ITEM_TYPE_IPV6; > > + sa->pattern[1].spec =3D &sa->ipv6_spec; > > + memcpy(sa->ipv6_spec.hdr.dst_addr, > > + sa->dst.ip.ip6.ip6_b, sizeof(sa->dst.ip.ip6.ip6_b)); > > + memcpy(sa->ipv6_spec.hdr.src_addr, > > + sa->src.ip.ip6.ip6_b, sizeof(sa->src.ip.ip6.ip6_b)); > > + sa->pattern[2].type =3D RTE_FLOW_ITEM_TYPE_ESP; > > + sa->pattern[2].spec =3D &sa->esp_spec; > > + sa->pattern[2].mask =3D &rte_flow_item_esp_mask; > > + sa->esp_spec.hdr.spi =3D rte_cpu_to_be_32(sa->spi); > > + sa->pattern[3].type =3D RTE_FLOW_ITEM_TYPE_END; > > + } else if (IS_IP4(sa->flags)) { > > + sa->pattern[1].mask =3D &rte_flow_item_ipv4_mask; > > + sa->pattern[1].type =3D RTE_FLOW_ITEM_TYPE_IPV4; > > + sa->pattern[1].spec =3D &sa->ipv4_spec; > > + sa->ipv4_spec.hdr.dst_addr =3D sa->dst.ip.ip4; > > + sa->ipv4_spec.hdr.src_addr =3D sa->src.ip.ip4; > > + sa->pattern[2].type =3D RTE_FLOW_ITEM_TYPE_ESP; > > + sa->pattern[2].spec =3D &sa->esp_spec; > > + sa->pattern[2].mask =3D &rte_flow_item_esp_mask; > > + sa->esp_spec.hdr.spi =3D rte_cpu_to_be_32(sa->spi); > > + sa->pattern[3].type =3D RTE_FLOW_ITEM_TYPE_END; > > + } > > + sa->action[1].type =3D RTE_FLOW_ACTION_TYPE_END; > > + > > + ret =3D rte_flow_validate(sa->portid, &sa->attr, > > + sa->pattern, sa->action, > > + &err); > > + if (ret < 0) { > > + RTE_LOG(ERR, IPSEC, > > + "Flow Validation failed\n"); > > + return ret; > > + } > > + sa->flow =3D rte_flow_create(sa->portid, > > + &sa->attr, sa->pattern, sa->action, > > + &err); > > + if (!sa->flow) { > > + RTE_LOG(ERR, IPSEC, > > + "Flow Creation failed\n"); > > + return -1; > > + } > > + > > + return 0; > > +} > > + > > /* > > * queue crypto-ops into PMD queue. > > */ > > diff --git a/examples/ipsec-secgw/ipsec.h > > b/examples/ipsec-secgw/ipsec.h index f8f29f9b1..b0e9f45cb 100644 > > --- a/examples/ipsec-secgw/ipsec.h > > +++ b/examples/ipsec-secgw/ipsec.h > > @@ -144,6 +144,8 @@ struct ipsec_sa { > > }; > > enum rte_security_ipsec_sa_direction direction; > > uint16_t portid; > > + uint8_t fdir_qid; > > + uint8_t fdir_flag; > > > > #define MAX_RTE_FLOW_PATTERN (4) > > #define MAX_RTE_FLOW_ACTIONS (3) > > @@ -408,5 +410,12 @@ create_lookaside_session(struct ipsec_ctx > > *ipsec_ctx, struct ipsec_sa *sa, int create_inline_session(struct > > socket_ctx *skt_ctx, struct ipsec_sa *sa, > > struct rte_ipsec_session *ips); > > +int > > +check_flow_params(uint16_t fdir_portid, uint8_t fdir_qid); > > + > > +int > > +create_ipsec_esp_flow(struct ipsec_sa *sa); > > > > +int > > +check_fdir_configured(uint16_t portid); > > #endif /* __IPSEC_H__ */ > > diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c > > index 0eb52d141..ddd275142 100644 > > --- a/examples/ipsec-secgw/sa.c > > +++ b/examples/ipsec-secgw/sa.c > > @@ -271,6 +271,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens, > > uint32_t type_p =3D 0; > > uint32_t portid_p =3D 0; > > uint32_t fallback_p =3D 0; > > + int16_t status_p =3D 0; > > > > if (strcmp(tokens[0], "in") =3D=3D 0) { > > ri =3D &nb_sa_in; > > @@ -295,6 +296,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens, > > if (atoi(tokens[1]) =3D=3D INVALID_SPI) > > return; > > rule->spi =3D atoi(tokens[1]); > > + rule->portid =3D UINT16_MAX; > > ips =3D ipsec_get_primary_session(rule); > > > > for (ti =3D 2; ti < n_tokens; ti++) { > > @@ -636,9 +638,14 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens, > > INCREMENT_TOKEN_INDEX(ti, n_tokens, status); > > if (status->status < 0) > > return; > > - rule->portid =3D atoi(tokens[ti]); > > - if (status->status < 0) > > + if (rule->portid =3D=3D UINT16_MAX) > > + rule->portid =3D atoi(tokens[ti]); > > + else if (rule->portid !=3D atoi(tokens[ti])) { > > + APP_CHECK(0, status, "portid %s " > > + "not matching with already assigned portid > %u", > > + tokens[ti], rule->portid); > > return; > > + } > > portid_p =3D 1; > > continue; > > } > > @@ -681,6 +688,43 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens, > > fallback_p =3D 1; > > continue; > > } > > + if (strcmp(tokens[ti], "flow-direction") =3D=3D 0) { > > + if (ips->type =3D=3D > > + > > RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL || > > + ips->type =3D=3D > > + > > RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL || > > + ips->type =3D=3D > > + > > RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) { > > + APP_CHECK(0, status, "Flow Director not " > > + "supported for security session " > > + "type:%d", ips->type); > > + return; > > + } > It means it is supported in cpu crypto as well? Better to have a check fo= r the > supported Action types, as in the future there may be some other action t= ypes. >=20 > > + rule->fdir_flag =3D 1; > > + INCREMENT_TOKEN_INDEX(ti, n_tokens, status); > > + if (status->status < 0) > > + return; > > + if (rule->portid =3D=3D UINT16_MAX) > > + rule->portid =3D atoi(tokens[ti]); > > + else if (rule->portid !=3D atoi(tokens[ti])) { > > + APP_CHECK(0, status, "portid %s " > > + "not matching with already assigned portid > %u", > > + tokens[ti], rule->portid); > > + return; > > + } > > + INCREMENT_TOKEN_INDEX(ti, n_tokens, status); > > + if (status->status < 0) > > + return; > > + rule->fdir_qid =3D atoi(tokens[ti]); > > + /* validating portid and queueid */ > > + status_p =3D check_flow_params(rule->portid, > > + rule->fdir_qid); > > + if (status_p < 0) { > > + printf("port id %u / queue id %u is not valid\n", > > + rule->portid, rule->fdir_qid); > > + } > > + continue; > > + } > > > > /* unrecognizeable input */ > > APP_CHECK(0, status, "unrecognized input \"%s\"", @@ -719,7 > +763,6 > > @@ parse_sa_tokens(char **tokens, uint32_t n_tokens, > > if (!type_p || (!portid_p && ips->type !=3D > > RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO)) { > > ips->type =3D RTE_SECURITY_ACTION_TYPE_NONE; > > - rule->portid =3D -1; > > } > > > > *ri =3D *ri + 1; > > @@ -823,6 +866,9 @@ print_one_sa_rule(const struct ipsec_sa *sa, int > inbound) > > break; > > } > > } > > + if (sa->fdir_flag =3D=3D 1) > > + printf("flow-direction %d %d", sa->portid, sa->fdir_qid); >=20 > Better to print like below. > printf("flow-direction port %d queue %d ", sa->portid, sa->fdir_qid) >=20 > > + > > printf("\n"); > > } > >