diff mbox

[dpdk-dev,2/2] ethdev: update documentation for security action

Message ID 1505649991-3463-3-git-send-email-borisp@mellanox.com (mailing list archive)
State Superseded, archived
Headers

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/Intel-compilation fail apply patch file failure

Commit Message

Boris Pismenny Sept. 17, 2017, 12:06 p.m. UTC 
  Signed-off-by: Boris Pismenny <borisp@mellanox.com>
---
 lib/librte_ether/rte_flow.h | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

Comments

John McNamara Sept. 18, 2017, 11:18 a.m. UTC | #1 
> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Boris Pismenny
> Sent: Sunday, September 17, 2017 1:07 PM
> To: dev@dpdk.org
> Cc: akhil.goyal@nxp.com; Doherty, Declan <declan.doherty@intel.com>; De
> Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>;
> hemant.agrawal@nxp.com; Nicolau, Radu <radu.nicolau@intel.com>;
> borisp@mellanox.com; aviadye@mellanox.com; thomas@monjalon.net;
> sandeep.malik@nxp.com; jerin.jacob@caviumnetworks.com;
> nelio.laranjeiro@6wind.com; liranl@mellanox.com
> Subject: [dpdk-dev] [PATCH 2/2] ethdev: update documentation for security
> action
> 
> Signed-off-by: Boris Pismenny <borisp@mellanox.com>

Acked-by: John McNamara <john.mcnamara@intel.com>
diff mbox

Patch

diff --git a/lib/librte_ether/rte_flow.h b/lib/librte_ether/rte_flow.h
index dce92ca..48d4fca 100644
--- a/lib/librte_ether/rte_flow.h
+++ b/lib/librte_ether/rte_flow.h
@@ -1043,19 +1043,27 @@  struct rte_flow_action_vf {
 /**
  * RTE_FLOW_ACTION_TYPE_SECURITY
  *
- * Perform security action on define flow as specified by security session.
- * The security session specified in the action must be created on the same port
- * as the flow action that is being specified.
+ * Perform the security action on flows matched by the pattern items
+ * according to the configuration of the security session.
+ *
+ * This action modifies the payload of matched flows. For INLINE_CRYPTO, the
+ * security protocol headers and IV are fully provided by the application as
+ * specified in the flow pattern. The payload of matching packets is
+ * encrypted on egress, and decrypted and authenticated on ingress.
+ * For INLINE_PROTOCOL, the security protocol is fully offloaded to HW,
+ * providing full encapsulation and decapsulation of packets in security
+ * protocols. The flow pattern specifies both the outer security header fields
+ * and the inner packet fields. The security session specified in the action
+ * must match the pattern parameters.
+ *
+ * The security session specified in the action must be created on the same
+ * port as the flow action that is being specified.
  *
  * The ingress/egress flow attribute should match that specified in the
  * security session if the security session supports the definition of the
  * direction.
  *
- * Multiple flows can be configured to use the same security session. For
- * example if the security session specifies an egress IPsec SA, then multiple
- * flows can be specified to that SA. In the case of an ingress IPsec SA then
- * it is only valid to have a single flow to map to that security session.
- *
+ * Multiple flows can be configured to use the same security session.
  *
  * Non-terminating by default.
  */