From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sergio.gonzalez.monroy@intel.com>
Received: from mga02.intel.com (mga02.intel.com [134.134.136.20])
 by dpdk.org (Postfix) with ESMTP id 764D8F72
 for <dev@dpdk.org>; Thu, 10 Mar 2016 00:54:53 +0100 (CET)
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
 by orsmga101.jf.intel.com with ESMTP; 09 Mar 2016 15:54:51 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.24,313,1455004800"; d="scan'208";a="933424267"
Received: from halfanda-mobl2.ger.corp.intel.com (HELO [10.252.5.215])
 ([10.252.5.215])
 by fmsmga002.fm.intel.com with ESMTP; 09 Mar 2016 15:54:52 -0800
To: Jerin Jacob <jerin.jacob@caviumnetworks.com>
References: <1454099352-29040-1-git-send-email-sergio.gonzalez.monroy@intel.com>
 <20160131143918.GA12763@localhost.localdomain> <56AF3CDC.5090105@intel.com>
 <20160201112646.GA10490@localhost.localdomain>
From: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Message-ID: <56E0B7CA.8010204@intel.com>
Date: Wed, 9 Mar 2016 23:54:50 +0000
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <20160201112646.GA10490@localhost.localdomain>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Cc: dev@dpdk.org
Subject: Re: [dpdk-dev] [PATCH] example/ipsec-secgw: ipsec security gateway
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Mar 2016 23:54:54 -0000

On 01/02/2016 11:26, Jerin Jacob wrote:
> On Mon, Feb 01, 2016 at 11:09:16AM +0000, Sergio Gonzalez Monroy wrote:
>> On 31/01/2016 14:39, Jerin Jacob wrote:
>>> On Fri, Jan 29, 2016 at 08:29:12PM +0000, Sergio Gonzalez Monroy wrote:
>>>

>>> IMO, an option for single SA based outbound processing would be useful
>>> measuring performance bottlenecks with SA lookup.
>>>
>> Hi Jerin,
>>
>> Are you suggesting to have an option so we basically encrypt all traffic
>> using
>> a single SA bypassing the SP/ACL ?
> Yes. Basicaly an option to bypass  "rte_acl_classify" if its for single
> SA use case.
>
>

Hi Jerin,

After re-reading your comment regarding the single SA I just want to 
double check
that I understood correctly what you were suggesting.

Basically an option that we can provide a single SA to use for outbound,
skipping rte_acl_classify in outbound path.
That same option would also skip rte_acl_classify in inbound path 
without checking
that we accept specific traffic for an SA.

Is that correct?

Sergio