On Wed, Dec 2, 2015 at 1:12 PM, Sowmini Varadhan <sowmini.varadhan@xxxxxxxxxx> wrote: > On (12/02/15 13:07), Tom Herbert wrote: >> That's easy enough to add to flow dissector, but is SPI really >> intended to be used an L4 entropy value? We would need to consider the > > yes. To quote https://en.wikipedia.org/wiki/Security_Parameter_Index > "This works like port numbers in TCP and UDP connections. What it means > is that there could be different SAs used to provide security to one > connection. An SA could therefore act as a set of rules." > >> effects of running multiple TCP connections over an IPsec. Also, you >> might want to try IPv6, the flow label should provide a good L4 hash >> for RPS/RFS, it would be interesting to see what the effects are with >> IPsec processing. (ESP/UDP could also if RSS/ECMP is critical) > > IPv6 would be an interesting academic exercise, but it's going > to be a while before we get RDS-TCP to go over IPv6. > Huh? Who said anything about RDS-TCP? I thought you were trying to improve IPsec performance... -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html