> -----Original Message----- > Subject: Re: [dpdk-dev] [PATCH] ethdev: allow multiple security sessions to > use one rte flow > > On Sun, Dec 8, 2019 at 4:19 PM Anoob Joseph <ano...@marvell.com> wrote: > > > > The rte_security API which enables inline protocol/crypto feature > > mandates that for every security session an rte_flow is created. This > > would internally translate to a rule in the hardware which would do > > packet classification. > > > > In rte_securty, one SA would be one security session. And if an rte_flow > > need to be created for every session, the number of SAs supported by an > > inline implementation would be limited by the number of rte_flows the > > PMD would be able to support. > > > > If the fields SPI & IP addresses are allowed to be a range, then this > > limitation can be overcome. Multiple flows will be able to use one rule > > for SECURITY processing. In this case, the security session provided as > > conf would be NULL. > > > > Application should do an rte_flow_validate() to make sure the flow is > > supported on the PMD. > > > > Signed-off-by: Anoob Joseph <ano...@marvell.com> > > Reviewed-by: Jerin Jacob <jer...@marvell.com> > > > > ---
Acked-by: Ori Kam <or...@mellanox.com> Thanks, Ori
