From patchwork Wed Jul 24 14:17:28 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 57034 X-Patchwork-Delegate: ferruh.yigit@amd.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 6FB391C1F0; Wed, 24 Jul 2019 16:18:05 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by dpdk.org (Postfix) with ESMTP id 1B2F41C1E3 for ; Wed, 24 Jul 2019 16:18:03 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x6OEFJ83014299; Wed, 24 Jul 2019 07:18:02 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding : content-type; s=pfpt0818; bh=DSOkBpijSTl6FeEhCrj0iMfssH3YzJrooU/iUxhqI8k=; b=W48ja1e4T7k//vYn4h+BFQ4XiBEelBYWZTLh1fcm3P5EHIQi/163C4TVFH6Izxtrs9MY eosdHSAzLe8MD2rhkhnwWj+towNDzCcBhsLoue1xp9Kx6uKvfXGi44cCP0bhFMnpQl9w p+tyCavGW5oHu0xWDvzDEC0bEluegF8cnJKwXuacORbEHwolfUQCMhPUlVSCR5Jnl70t IolTEyHFpYKihyzV+RqoIMoQE8hnhoahgaFX+VSyQo7GuhS8VJeGgO52SSdphPPty6a7 P5n5IOpiO45TUr0cPwrU9RM7jfMTGUqsVMEaI5qbaellWVHj8tiwNWPMVhGP4vJKXM7k eg== Received: from sc-exch03.marvell.com ([199.233.58.183]) by mx0a-0016f401.pphosted.com with ESMTP id 2tx61rcenb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 24 Jul 2019 07:18:02 -0700 Received: from SC-EXCH01.marvell.com (10.93.176.81) by SC-EXCH03.marvell.com (10.93.176.83) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Wed, 24 Jul 2019 07:18:00 -0700 Received: from maili.marvell.com (10.93.176.43) by SC-EXCH01.marvell.com (10.93.176.81) with Microsoft SMTP Server id 15.0.1367.3 via Frontend Transport; Wed, 24 Jul 2019 07:18:00 -0700 Received: from ajoseph83.caveonetworks.com.com (unknown [10.29.45.56]) by maili.marvell.com (Postfix) with ESMTP id 7DCCC3F703F; Wed, 24 Jul 2019 07:17:55 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Adrien Mazarguil , Declan Doherty , Pablo de Lara , Thomas Monjalon CC: Anoob Joseph , Jerin Jacob , Narayana Prasad , Ankur Dwivedi , Shahaf Shuler , Hemant Agrawal , Matan Azrad , Yongseok Koh , Wenzhuo Lu , Konstantin Ananyev , Radu Nicolau , Date: Wed, 24 Jul 2019 19:47:28 +0530 Message-ID: <1563977848-30101-1-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:5.22.84,1.0.8 definitions=2019-07-24_05:2019-07-24,2019-07-24 signatures=0 Subject: [dpdk-dev] [RFC] ethdev: allow multiple security sessions to use one rte flow X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" The rte_security API which enables inline protocol/crypto feature mandates that for every security session an rte_flow is created. This would internally translate to a rule in the hardware which would do packet classification. In rte_securty, one SA would be one security session. And if an rte_flow need to be created for every session, the number of SAs supported by an inline implementation would be limited by the number of rte_flows the PMD would be able to support. If the fields SPI & IP addresses are allowed to be a range, then this limitation can be overcome. Multiple flows will be able to use one rule for SECURITY processing. In this case, the security session provided as conf would be NULL. Application should do an rte_flow_validate() to make sure the flow is supported on the PMD. Signed-off-by: Anoob Joseph --- lib/librte_ethdev/rte_flow.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/librte_ethdev/rte_flow.h b/lib/librte_ethdev/rte_flow.h index f3a8fb1..4977d3c 100644 --- a/lib/librte_ethdev/rte_flow.h +++ b/lib/librte_ethdev/rte_flow.h @@ -1879,6 +1879,12 @@ struct rte_flow_action_meter { * direction. * * Multiple flows can be configured to use the same security session. + * + * The NULL value is allowed for security session. If security session is NULL, + * then SPI field in ESP flow item and IP addresses in flow items 'IPv4' and + * 'IPv6' will be allowed to be a range. The rule thus created can enable + * SECURITY processing on multiple flows. + * */ struct rte_flow_action_security { void *security_session; /**< Pointer to security session structure. */