'ip xfrm policy add flag pcpu' set XFRM_POLICY_CPU_ACQUIRE to the policy required only for the out policy. 'ip xfrm state add cpu <n>' add XFRMA_SA_PCPU <n> to the SA. n starts from CPU 0. This is only required for outgoing SA. At the receive a CPU is choosen based on other rules such as SPI and RSS/RFS ip x s add src 192.168.1.1 dst 192.168.1.2 proto esp spi 2 reqid 2 mode tunnel aead 'rfc4106(gcm(aes))' 0x2222222222222222222222222222222222222222 96 replay-window 32 cpu 18 ip x s src 192.168.1.1 dst 192.168.1.2 proto esp spi 0x00000002 reqid 2 mode tunnel replay-window 32 aead rfc4106(gcm(aes)) 0x2222222222222222222222222222222222222222 96 anti-replay context: seq 0x0, oseq 0x0, bitmap 0x00000000 cpu 0x12 To delete a PCPU SA use spi as the id. Signed-off-by: Antony Antony <antony.antony@secunet.com>
e95aab7