DPDK patches and discussions
 help / color / mirror / Atom feed
* [dpdk-dev] [RFC] ethdev: allow multiple security sessions to use one rte flow
@ 2019-07-24 14:17 Anoob Joseph
  2019-08-02  5:35 ` Anoob Joseph
  0 siblings, 1 reply; 13+ messages in thread
From: Anoob Joseph @ 2019-07-24 14:17 UTC (permalink / raw)
  To: Akhil Goyal, Adrien Mazarguil, Declan Doherty, Pablo de Lara,
	Thomas Monjalon
  Cc: Anoob Joseph, Jerin Jacob, Narayana Prasad, Ankur Dwivedi,
	Shahaf Shuler, Hemant Agrawal, Matan Azrad, Yongseok Koh,
	Wenzhuo Lu, Konstantin Ananyev, Radu Nicolau, dev

The rte_security API which enables inline protocol/crypto feature
mandates that for every security session an rte_flow is created. This
would internally translate to a rule in the hardware which would do
packet classification.

In rte_securty, one SA would be one security session. And if an rte_flow
need to be created for every session, the number of SAs supported by an
inline implementation would be limited by the number of rte_flows the
PMD would be able to support.

If the fields SPI & IP addresses are allowed to be a range, then this
limitation can be overcome. Multiple flows will be able to use one rule
for SECURITY processing. In this case, the security session provided as
conf would be NULL.

Application should do an rte_flow_validate() to make sure the flow is
supported on the PMD.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
 lib/librte_ethdev/rte_flow.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/librte_ethdev/rte_flow.h b/lib/librte_ethdev/rte_flow.h
index f3a8fb1..4977d3c 100644
--- a/lib/librte_ethdev/rte_flow.h
+++ b/lib/librte_ethdev/rte_flow.h
@@ -1879,6 +1879,12 @@ struct rte_flow_action_meter {
  * direction.
  *
  * Multiple flows can be configured to use the same security session.
+ *
+ * The NULL value is allowed for security session. If security session is NULL,
+ * then SPI field in ESP flow item and IP addresses in flow items 'IPv4' and
+ * 'IPv6' will be allowed to be a range. The rule thus created can enable
+ * SECURITY processing on multiple flows.
+ *
  */
 struct rte_flow_action_security {
 	void *security_session; /**< Pointer to security session structure. */
-- 
2.7.4


^ permalink raw reply	[flat|nested] 13+ messages in thread

end of thread, other threads:[~2019-12-03  5:32 UTC | newest]

Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-07-24 14:17 [dpdk-dev] [RFC] ethdev: allow multiple security sessions to use one rte flow Anoob Joseph
2019-08-02  5:35 ` Anoob Joseph
2019-08-14  9:22   ` Anoob Joseph
2019-08-14 11:07     ` Akhil Goyal
2019-08-15  6:49       ` Anoob Joseph
2019-08-15  9:48         ` Ananyev, Konstantin
2019-08-16  3:24           ` Anoob Joseph
2019-08-16  8:32         ` Akhil Goyal
2019-08-16 10:12           ` Anoob Joseph
2019-08-19  7:09             ` Akhil Goyal
2019-10-08 13:00               ` Yigit, Ferruh
2019-10-09 10:55                 ` [dpdk-dev] [EXT] " Anoob Joseph
2019-12-03  5:32                   ` Anoob Joseph

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).