From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-bl2nam02on0062.outbound.protection.outlook.com [104.47.38.62]) by dpdk.org (Postfix) with ESMTP id 37B627CE5 for ; Tue, 12 Dec 2017 15:04:41 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=CAVIUMNETWORKS.onmicrosoft.com; s=selector1-cavium-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=i7RUzpBbxuC8fIyqR5DCFnBnZfr/aAkCGvdv/ibaa9I=; b=Pjmv2QQoj25HOx/uo3A65ZrNj4FlBdN7i1E7a/Swt7jGFU5D6kTlU2BTf9oXAPHtKDTiWnKTimXd5xSg2gIWayu0iMH5ojPqHpxyLGBOjv7Evx6IZIj7oDiQw+QhM/UyOSlV5bZe/0u4isw6M2t71QqFtAD49GNglRYbqVJEHLY= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Anoob.Joseph@cavium.com; Received: from hyd1ajoseph-dt.caveonetworks.com (115.113.156.2) by CY4PR0701MB3633.namprd07.prod.outlook.com (2603:10b6:910:92::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.302.9; Tue, 12 Dec 2017 14:04:38 +0000 Cc: anoob.joseph@caviumnetworks.com, Sergio Gonzalez Monroy , Radu Nicolau , dev@dpdk.org To: Nelio Laranjeiro References: <5d3fdd0c05d5f8afd3f8e38ca03eaf25187d5c98.1513000931.git.nelio.laranjeiro@6wind.com> <5777791b-3dd6-f746-aa37-d572c108f042@caviumnetworks.com> <20171212134456.4x3uaus2poovddlf@laranjeiro-vm.dev.6wind.com> From: Anoob Joseph Message-ID: Date: Tue, 12 Dec 2017 19:34:31 +0530 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: <20171212134456.4x3uaus2poovddlf@laranjeiro-vm.dev.6wind.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-Originating-IP: [115.113.156.2] X-ClientProxiedBy: CY4PR1101CA0010.namprd11.prod.outlook.com (2603:10b6:910:15::20) To CY4PR0701MB3633.namprd07.prod.outlook.com (2603:10b6:910:92::35) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 23675d48-582e-47ad-6434-08d541694958 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(5600026)(4604075)(4534020)(4602075)(7168020)(4627115)(201703031133081)(201702281549075)(2017052603307); SRVR:CY4PR0701MB3633; X-Microsoft-Exchange-Diagnostics: 1; CY4PR0701MB3633; 3:JWgC/X3TUPnI2FMWjYdn1sMftftPgeFZt0E7D8AuofDfEANcR0wRwcw+NvPJDNr+dPN0pqccSIiBGYcMih6DQrrRq1rQ3XLpr5rFyMaB8MtkNA4Z0bawkGPdWdCvrAzp72dS+x60vdK0zp5vnG3ziPzhl38ONCOREYkkddptpaPs9Opl0WiJx0GqhFthQ3eoA4CoeaOkU3g8g3HL5KyLP1IxLaa140/g5aeh5ar0Lazx6VU0itd29oQHAEpZrz9L; 25:kOWJKMv/pQ7wO1PpfcoXY+2FNBP7CmXd//wDBUucABV0OXDo29//aGQyXKnmRpAb7Hl8cKpOlh7+Ns/+ocD8PBbPf77J6uAebRVzpjTb+9Z+rbaSiOyAKdLMLkvY+vu3uxm/yyqQ+rFZjiUdQ4hDpavSvgN5a0yRIdYQE06fivKUOhv9aG1jPPwXvot4KRurzKJQw4pIpYUSM+ZeB73+5TdUCyoDxlCse4eLD5+VmvRBRTGW+aJ+KTW434t3X0XfJm1k4SEiXfQkQ0CKyTtA0Tj/BcAo8FDukgQjSlurAGgzrtUUAvvLbSsAZ3BnRphyyyjnqdaPP+HJOFBBIRLfdg==; 31:epxx3YNnrVec9Ct8kBO7+I++288hPnt67MzKaUlojUswGFQ3W3r9Jq1YjX28QAvPRVgbaZk8qXeyy4Ze62EpoS0jP/6L2krzokwtc7PFYAC5CALR5q/hQ1mkkqZv+GZsMDNJcQ+loF/KoKt8ZSwyMddJchb3OJBlw5OKBQU8VlmUuUE5juDJ3+OlHQbX4sQ0x7fE71kSczf4wlzXOxth+gmZ0OM5v7fJ7PozJGjwqNc= X-MS-TrafficTypeDiagnostic: CY4PR0701MB3633: X-Microsoft-Exchange-Diagnostics: 1; CY4PR0701MB3633; 20:hpcxMS+31mlE2jigmxhY4FPh3wy2ssJ4NzpHh/K41j3F9ydeVJGLavM0Q9mpIFRZJ94R/72HcKsQ8GMjDRvGo8xEEhQaVSlBrIG2R7CJJpfJRStqlb9JBCDfWY1Xgj86sFruuR0MW7sVibIhrXO0VqTtCTOXpAgLCLUf11O/7iAs5Oao/hV2P9iUaQ1y6NALsHmEvwbrNCgRx+ou4TQJMzmhpAKIdLY3G+/qbh8AXjMK0bMhHzkAKruvPyuqV9GTx6yNbHkOFOm1b9RuduqdoVfkRBh/w3OjtLiKKYlLxzhKWdNMyviuZLDp6n3S2ZTKrT2FPquSecsEePb+fbFGbB5ddd6jsuH1CxqO309XxbMWq7RcCLC2xbFeMYsDVgZXbgCbNzXs8xZllsZepL9fsrCxpqXtVfLpFyBg4UMRLXAwhP7rX0kKWb/LZTwpSCgMZ+8tC3tUeM4o1HYVly7wR5rNQsOfxe951Od4x9dRmVrWjf/LUxgmPYCKKz3Jhmp5etRwaLHepiJgMxX5U0uN9RlTw91XRUWINRxUdg8CqUtjG352TvIncsj4trVCa2TU2GBPpfoAiJhf9KRndVfDL+ILX5QNSvU/yCYg23eXYjg=; 4:bYfJpN3KvJ5xzwcLOpn6ChhSV9UWYbyCEM9xwlRaXcxyRbpfXIcY/MUQ77+lKJOd2fAQHe/yVqt293hf0qcwmcHBV6nstbqC/VUCGOy18bUKNHjWLmJ/DrPGTPZ3q5hp25PxvRt4Hlyu92VEQn9zU9eMv9dzPUbTwTY5a2zN29sWb114gJwpP7kkrzNT3K4pvkoQWFpQ9jy9tNzEp5jFE1EVX0uYlnzwwZKGf7NGE28SyXB6HU/8E7W+sgRaqzcqCWMqIyT2tYHbwv5vl3+stMulIjTtkUmp1/5PQuWzA+X9HQCGnQF4bKnFdb/xR53z X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(192374486261705); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(5005006)(8121501046)(93006095)(10201501046)(3231023)(3002001)(6041248)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123558100)(20161123555025)(20161123562025)(6072148)(201708071742011); SRVR:CY4PR0701MB3633; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:CY4PR0701MB3633; X-Forefront-PRVS: 051900244E X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(979002)(346002)(376002)(366004)(199004)(52314003)(189003)(24454002)(81166006)(81156014)(68736007)(8676002)(50466002)(8936002)(76176011)(3846002)(478600001)(6512007)(97736004)(72206003)(53546010)(4326008)(83506002)(6116002)(31696002)(64126003)(230700001)(2906002)(69596002)(59450400001)(25786009)(6666003)(6246003)(105586002)(66066001)(65956001)(47776003)(65806001)(106356001)(67846002)(2486003)(55236003)(23676004)(52146003)(31686004)(36756003)(53416004)(305945005)(7736002)(316002)(93886005)(6916009)(52116002)(6486002)(58126008)(42882006)(6506006)(54906003)(5660300001)(2950100002)(65826007)(16526018)(229853002)(53936002)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR0701MB3633; H:hyd1ajoseph-dt.caveonetworks.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: cavium.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTRQUjA3MDFNQjM2MzM7MjM6RDhwYWMyRnNjUVVQZS9nSVhEWHVZdGwv?= =?utf-8?B?aUZzNWhtMHBYYkFGR09Wb2JqZWs1RkVUZmpkdlhDdHBCVzdkQkVsM1BlWFZZ?= =?utf-8?B?TGZxM1Z4dnhrTlRkQWJyV0E3emp4bHR3eVJRZ2lsOXRlaURsV2ZhcmJOM2sy?= =?utf-8?B?cWl4VnBxVE5CMWZvd00vbGYrVnJ5djBCN04rT3prZjZ5S0NiM1k1d0t2aFVG?= =?utf-8?B?b0czcUNUcVpGSGloMEdaQml4S1NvWHF4bHhFMWVHdEhrMm1EOFE0SkpkZWht?= =?utf-8?B?UkM5akVDZFdCQjQySjU2dm0vRm9tUHprNEdCMnZQWFNoMjdaY0NDQTIzeVY0?= =?utf-8?B?SUUycU5ZTFR1VitqQ2ZwUm1RY2JEZzVhVzBoSE42VW1DN0svaGhlRVlBVWc3?= =?utf-8?B?THp1YWZJblZJRTRVRTI3M2h0cTZ4YnV2dm1lSnpIRXZOalorRVlmTXVNVFNH?= =?utf-8?B?aTUyY2F0cjRNNGNTTHhkbFp4ZG03bzA3QTNOQ1FxNTJIZCttdVBRZFVtNk1M?= =?utf-8?B?djliUk1QMlpMYm5rbytHVDdXSEhmcVovVHA3NzdMWVF5eDFrTitPV05sK0Mz?= =?utf-8?B?bEFPeWJyaVpuRERHOXFIT0NLbDBnTUkvUVVpMFplWkFYd0xGNTV6cHZXQUU1?= =?utf-8?B?cHlKSzV2ZUsrbzBXMTBoSGcyUXZHTUx6OUEzengzKytSWTkyQnhIWmpvRGZG?= =?utf-8?B?aUphUWY4N0dGU1FNNVYwbWYzMDRnU0owaEN5TWxyZm9LL1pMdUxVdkRCT0x6?= =?utf-8?B?UjlVOXFqSXFJSWNCTHM0VzRMdlZZcEM1QVEvS282ZmZrUFhlRzNoY0szVUE5?= =?utf-8?B?NGFKdXZEa3IvYkpHanlpVDNscXdTL0hwSmhJYng4Y0JXK1ViSHZaV3Y5bGFr?= =?utf-8?B?Q2xvWGV1UnowZHZYY1Y4RDZMenNtNE9VMHp1MVNTamYrbzY3OVVublJ2VHc3?= =?utf-8?B?cytvUWl5ejZnYzdOZkZvTG5maEM5ZEp2cTlGNmNlY20wRC8yN0QxOUUvK3lW?= =?utf-8?B?TG92YlBMb0Zabm8xZC8xTGdPTTBoemlNWHJHYURkOUZSM0tBODZEUlplaU9l?= =?utf-8?B?M2ZhRTR5cHJvWEtYQVdMSHVUU00rc1FxckRuZEtuU1ZhZGJiQThDNy82YzIy?= =?utf-8?B?c0RYQ2JIYnNGSjZDZGR6UkdxUEg1MVhaTEMvY1NGL2o5bGlGY1VLb3dVMldH?= =?utf-8?B?SUc1cnlyZXdQWGxSS2RqT2gyODhveUYxUGNYY0NOd3RMdTFkeXNMaFYzQjF6?= =?utf-8?B?Y2IzcFBFSzVKNEdxQ0drMEtxbThmK0c3QU9IRkd0WDlieGZRZG5lV1pCL1J2?= =?utf-8?B?dWNuam5BM0s5NU9Eem5KWXNraUkwUWRCa2x6RVdLWjE1ZllIU2didE85MnpK?= =?utf-8?B?bEYzS3pKZFM5aktNM2NRM0dBVlM3TmNRWjhtc2ErWXgreEtPWUhHemJjOHdI?= =?utf-8?B?ZGxkWWlUMHlnK1dHQ2xOaEZyTGNWWjE1OW5PQXRqbHdtd1RNV1JoOE84ZkpJ?= =?utf-8?B?cWJhUTdLWGw5VjV0S1RCZE9yWExLUUV0b2k3Rzd3c1FnSnVSdERhM0E2bFhD?= =?utf-8?B?WS9tdVRTOWhXN01mYkhieHFVcXdGZ1VOc2JBOEdlWVdTTUExQk1mMzZ4dldy?= =?utf-8?B?SkpoTS9Wdk9jSDlxbzVRMDdxaFppMUhBbUNPcGRaME5SRXEyUCsvUjVZVVM1?= =?utf-8?B?bWJ1bm5iaEd6cjhYNFIzYXNFeW5WZUNvOVN1WlRKVWxjZFU1ejZzZTIxNFAy?= =?utf-8?B?UGZmTG5vaTBGVzc0dWRYcDJyZ29ITzMxRzBHR0dGaS9nNGpRUlJJWkpIQmZu?= =?utf-8?B?Z1g2QUh0eGY1WUo2T0d6WXVOZ0c5QVo2SDNndTZSNlVIMUg4QjB5RjdOMkNX?= =?utf-8?B?NUloZzdVNnVJSFIxOE9mdGU5R2s4bHVNaFBPa0JGajNMQ2FtRzFQRE5DSnFm?= =?utf-8?B?ckxqSnRabEgrb2pxcTd4dkgrRGV4M1haMTBiVjVLUzY1VHozRFpmTDRpODZ5?= =?utf-8?B?WGZQbFdlWC8wRlNISFViNXkycEp5Wmp1dFlldXg1WVUrcTVJZUZVZHhsQ2Zv?= =?utf-8?Q?d4iMm1ozPdnLSElX6E+QNN5zuOU?= X-Microsoft-Exchange-Diagnostics: 1; CY4PR0701MB3633; 6:6J28otqTcs855G8mGFUQ9SxM6SuXg117zMhUdEOjORlHqhogwAXKwgC3LSrkTpfHM4rjvtSttzZ4mVx8WLMCk9Cv8yQY473Oc4AqUxNevwgxAGUMc+KGsHswwbTgC7xwsv+xEItiVbBIk+KxbAr4dUACt1hBHRNmAdkVAFkk/F1EHhUOGHFOHoKGHN4p1cVnY+3th8LTaDTES5opwE88DQx87S4/6pZHp2JMd0ST7YCzM9U/1cmbouVfhulcsUQgpOMQRVdcVXUqVlw4X5oJbP2RHeCor9voHdAmqN1zIGMZF3fW0iqN6tbKTP4386+uE1gEj0AdaQ3rxNtBnYnXB6pwbG6+0p7FDIxSj7z4EOA=; 5:Zbij8bYQG4e31r4dp3UC5DSTbDQOV2IYMKL9BPj/XMqZpkkvUjFnArPPHt6kHsZe12DRoHXknvN2aj104q0r2dO1NRWsCgFGPFoiFPSUDevACKnB2y7EPTHDhb9iYw4LzbCs4ucXzf25G7FA8WobQZqegxWQXUYb2WCmILGV4JE=; 24:PXjTvH+QQmRVJZMYwdb3voT1vXcAUlEe23VZ8wQohoDLnIUkcspstYdOUoItjU178BVgfHa+/8PPXTNkfSUMyF8wZq+hPNyetCapBdUAT04=; 7:IFO7YtED1oZ+cg5hcEWqUUORvRPVb2b0/uk4cg7La+4Rzi2k9v21RWYrhMqthVVRNC+IdKNZ2tHw/qePfqCwoyh4RzjmJk5Hl8KB+zCVJBvc3RoR2cD8mvAWJ/2gUmF35ilmIuLROAFDZeHDTEPC9OX8ekxO1LLfOMY6nJk+V65KjzOMrcYqU0tPbDTBbqrlfUM8wo/17U1nNeN98W/tiI4PvdBLOuKIZ4u/B83v7YJGZrhTUj6OmrjcvpPJb+0T SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: caviumnetworks.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Dec 2017 14:04:38.3194 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 23675d48-582e-47ad-6434-08d541694958 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 711e4ccf-2e9b-4bcf-a551-4094005b6194 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR0701MB3633 Subject: Re: [dpdk-dev] [PATCH v3 2/2] examples/ipsec-secgw: add target queues in flow actions X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2017 14:04:42 -0000 Hi Nelio, On 12/12/2017 07:14 PM, Nelio Laranjeiro wrote: > Hi Anoob, > > On Tue, Dec 12, 2017 at 06:13:08PM +0530, Anoob Joseph wrote: >> Hi Nelio, >> >> >> On 12/11/2017 07:34 PM, Nelio Laranjeiro wrote: >>> Mellanox INNOVA NIC needs to have final target queue actions to perform >>> inline crypto. >>> >>> Signed-off-by: Nelio Laranjeiro >>> >>> --- >>> >>> Changes in v3: >>> >>> * removed PASSTHRU test for ingress. >>> * removed check on configured queues for the queue action. >>> >>> Changes in v2: >>> >>> * Test the rule by PASSTHRU/RSS/QUEUE and apply the first one validated. >>> --- >>> examples/ipsec-secgw/ipsec.c | 57 ++++++++++++++++++++++++++++++++++++++++++-- >>> examples/ipsec-secgw/ipsec.h | 2 +- >>> 2 files changed, 56 insertions(+), 3 deletions(-) >>> >>> diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c >>> index 17bd7620d..1b8b251c8 100644 >>> --- a/examples/ipsec-secgw/ipsec.c >>> +++ b/examples/ipsec-secgw/ipsec.c >>> @@ -142,6 +142,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa) >>> rte_eth_dev_get_sec_ctx( >>> sa->portid); >>> const struct rte_security_capability *sec_cap; >>> + int ret = 0; >>> sa->sec_session = rte_security_session_create(ctx, >>> &sess_conf, ipsec_ctx->session_pool); >>> @@ -201,15 +202,67 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa) >>> sa->action[0].type = RTE_FLOW_ACTION_TYPE_SECURITY; >>> sa->action[0].conf = sa->sec_session; >>> - sa->action[1].type = RTE_FLOW_ACTION_TYPE_END; >>> - >>> sa->attr.egress = (sa->direction == >>> RTE_SECURITY_IPSEC_SA_DIR_EGRESS); >>> sa->attr.ingress = (sa->direction == >>> RTE_SECURITY_IPSEC_SA_DIR_INGRESS); >>> + if (sa->attr.ingress) { >>> + uint8_t rss_key[40]; >>> + struct rte_eth_rss_conf rss_conf = { >>> + .rss_key = rss_key, >>> + .rss_key_len = 40, >>> + }; >>> + struct rte_eth_dev *eth_dev; >>> + union { >>> + struct rte_flow_action_rss rss; >>> + struct { >>> + const struct rte_eth_rss_conf *rss_conf; >>> + uint16_t num; >>> + uint16_t queue[RTE_MAX_QUEUES_PER_PORT]; >>> + } local; >>> + } action_rss; >>> + unsigned int i; >>> + unsigned int j; >>> + >>> + sa->action[2].type = RTE_FLOW_ACTION_TYPE_END; >>> + /* Try RSS. */ >>> + sa->action[1].type = RTE_FLOW_ACTION_TYPE_RSS; >>> + sa->action[1].conf = &action_rss; >>> + eth_dev = ctx->device; >>> + rte_eth_dev_rss_hash_conf_get(sa->portid, >>> + &rss_conf); >>> + for (i = 0, j = 0; >>> + i < eth_dev->data->nb_rx_queues; ++i) >>> + if (eth_dev->data->rx_queues[i]) >>> + action_rss.local.queue[j++] = i; >>> + action_rss.local.num = j; >>> + action_rss.local.rss_conf = &rss_conf; >>> + ret = rte_flow_validate(sa->portid, &sa->attr, >>> + sa->pattern, sa->action, >>> + &err); >>> + if (!ret) >>> + goto flow_create; >>> + /* Try Queue. */ >>> + sa->action[1].type = RTE_FLOW_ACTION_TYPE_QUEUE; >>> + sa->action[1].conf = >>> + &(struct rte_flow_action_queue){ >>> + .index = 0, >>> + }; >>> + ret = rte_flow_validate(sa->portid, &sa->attr, >>> + sa->pattern, sa->action, >>> + &err); >>> + if (ret) >>> + goto flow_create_failure; >>> + } else { >>> + sa->action[1].type = >>> + RTE_FLOW_ACTION_TYPE_PASSTHRU; >>> + sa->action[2].type = RTE_FLOW_ACTION_TYPE_END; >> We would need flow validate here also. And, for egress, the application will >> be able to set metadata (set_pkt_metadata API) per packet. So flow may not >> be required for such cases. But if the flow create fails, the session create >> would also fail. It might be better if we check whether the PMD would need >> metadata (part of the sec_cap->ol_flags). > Seems what you are describing is outside of this scope which is only > related to correctly implement the generic flow API with terminal > actions. Since SECURITY+PASSTHRU won't be terminal, this code segment might be misleading. > I'll suggest to add it in another patch. > > Anyway, the flow validate is useful in the ingress to select the best > behavior RSS/Queue, if the flow validate may fail, the flow create > should also fail for the same reasons. > >> If the driver doesn't need metadata and the flow create fails, then >> the create session should fail. Any thoughts? > How the create_session() can fail without having all the informations > (pattern, metadata, ...) the application wants to offload? Is flow mandatory for the egress traffic? My understanding is, it's not. "set_pkt_metadata" API gives application the ability to do the lookup and pass the info along with the packet. In such cases, flow creation is not necessary. I do agree that this is outside the scope of this patch, but I was just curious about the behavior since you touched the topic. > >>> + } >>> +flow_create: >>> sa->flow = rte_flow_create(sa->portid, >>> &sa->attr, sa->pattern, sa->action, &err); >>> if (sa->flow == NULL) { >>> +flow_create_failure: >>> RTE_LOG(ERR, IPSEC, >>> "Failed to create ipsec flow msg: %s\n", >>> err.message); >>> diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h >>> index 775b316ff..3c367d392 100644 >>> --- a/examples/ipsec-secgw/ipsec.h >>> +++ b/examples/ipsec-secgw/ipsec.h >>> @@ -133,7 +133,7 @@ struct ipsec_sa { >>> uint32_t ol_flags; >>> #define MAX_RTE_FLOW_PATTERN (4) >>> -#define MAX_RTE_FLOW_ACTIONS (2) >>> +#define MAX_RTE_FLOW_ACTIONS (3) >>> struct rte_flow_item pattern[MAX_RTE_FLOW_PATTERN]; >>> struct rte_flow_action action[MAX_RTE_FLOW_ACTIONS]; >>> struct rte_flow_attr attr; > Thanks, >