diff mbox

[dpdk-dev,v4,07/12] ethdev: add rte flow action for crypto

Message ID 20171014221734.15511-8-akhil.goyal@nxp.com (mailing list archive)
State Superseded, archived
Headers

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/Intel-compilation fail apply patch file failure

Commit Message

Akhil Goyal Oct. 14, 2017, 10:17 p.m. UTC 
  From: Boris Pismenny <borisp@mellanox.com>

The crypto action is specified by an application to request
crypto offload for a flow.

Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
---
 lib/librte_ether/rte_flow.h | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

Comments

Aviad Yehezkel Oct. 15, 2017, 12:49 p.m. UTC | #1 
On 10/15/2017 1:17 AM, Akhil Goyal wrote:
> From: Boris Pismenny <borisp@mellanox.com>
>
> The crypto action is specified by an application to request
> crypto offload for a flow.
>
> Signed-off-by: Boris Pismenny <borisp@mellanox.com>
> Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
> ---
>   lib/librte_ether/rte_flow.h | 38 ++++++++++++++++++++++++++++++++++++++
>   1 file changed, 38 insertions(+)
>
> diff --git a/lib/librte_ether/rte_flow.h b/lib/librte_ether/rte_flow.h
> index 7c89089..39f66c2 100644
> --- a/lib/librte_ether/rte_flow.h
> +++ b/lib/librte_ether/rte_flow.h
> @@ -993,6 +993,13 @@ enum rte_flow_action_type {
>   	 * See struct rte_flow_action_vf.
>   	 */
>   	RTE_FLOW_ACTION_TYPE_VF,
> +	/**
> +	 * Redirects packets to security engine of current device for security
> +	 * processing as specified by security session.
> +	 *
> +	 * See struct rte_flow_action_security.
> +	 */
> +	RTE_FLOW_ACTION_TYPE_SECURITY
>   };
>   
>   /**
> @@ -1086,6 +1093,37 @@ struct rte_flow_action_vf {
>   };
>   
>   /**
> + * RTE_FLOW_ACTION_TYPE_SECURITY
> + *
> + * Perform the security action on flows matched by the pattern items
> + * according to the configuration of the security session.
> + *
> + * This action modifies the payload of matched flows. For INLINE_CRYPTO, the
> + * security protocol headers and IV are fully provided by the application as
> + * specified in the flow pattern. The payload of matching packets is
> + * encrypted on egress, and decrypted and authenticated on ingress.
> + * For INLINE_PROTOCOL, the security protocol is fully offloaded to HW,
> + * providing full encapsulation and decapsulation of packets in security
> + * protocols. The flow pattern specifies both the outer security header fields
> + * and the inner packet fields. The security session specified in the action
> + * must match the pattern parameters.
> + *
> + * The security session specified in the action must be created on the same
> + * port as the flow action that is being specified.
> + *
> + * The ingress/egress flow attribute should match that specified in the
> + * security session if the security session supports the definition of the
> + * direction.
> + *
> + * Multiple flows can be configured to use the same security session.
> + *
> + * Non-terminating by default.
> + */
> +struct rte_flow_action_security {
> +	void *security_session; /**< Pointer to security session structure. */
> +};
> +
> +/**
>    * Definition of a single action.
>    *
>    * A list of actions is terminated by a END action.

Tested-by: Aviad Yehezkel <aviadye@mellanox.com>
diff mbox

Patch

diff --git a/lib/librte_ether/rte_flow.h b/lib/librte_ether/rte_flow.h
index 7c89089..39f66c2 100644
--- a/lib/librte_ether/rte_flow.h
+++ b/lib/librte_ether/rte_flow.h
@@ -993,6 +993,13 @@  enum rte_flow_action_type {
 	 * See struct rte_flow_action_vf.
 	 */
 	RTE_FLOW_ACTION_TYPE_VF,
+	/**
+	 * Redirects packets to security engine of current device for security
+	 * processing as specified by security session.
+	 *
+	 * See struct rte_flow_action_security.
+	 */
+	RTE_FLOW_ACTION_TYPE_SECURITY
 };
 
 /**
@@ -1086,6 +1093,37 @@  struct rte_flow_action_vf {
 };
 
 /**
+ * RTE_FLOW_ACTION_TYPE_SECURITY
+ *
+ * Perform the security action on flows matched by the pattern items
+ * according to the configuration of the security session.
+ *
+ * This action modifies the payload of matched flows. For INLINE_CRYPTO, the
+ * security protocol headers and IV are fully provided by the application as
+ * specified in the flow pattern. The payload of matching packets is
+ * encrypted on egress, and decrypted and authenticated on ingress.
+ * For INLINE_PROTOCOL, the security protocol is fully offloaded to HW,
+ * providing full encapsulation and decapsulation of packets in security
+ * protocols. The flow pattern specifies both the outer security header fields
+ * and the inner packet fields. The security session specified in the action
+ * must match the pattern parameters.
+ *
+ * The security session specified in the action must be created on the same
+ * port as the flow action that is being specified.
+ *
+ * The ingress/egress flow attribute should match that specified in the
+ * security session if the security session supports the definition of the
+ * direction.
+ *
+ * Multiple flows can be configured to use the same security session.
+ *
+ * Non-terminating by default.
+ */
+struct rte_flow_action_security {
+	void *security_session; /**< Pointer to security session structure. */
+};
+
+/**
  * Definition of a single action.
  *
  * A list of actions is terminated by a END action.