[dpdk-dev] [RFC 3/7] ethdev: add rte flow action for crypto

Boris Pismenny borisp at mellanox.com
Mon Jul 10 09:35:13 CEST 2017

Previous message: [dpdk-dev] [RFC PATCH 0/1] IPSec Inline and look aside crypto offload
Next message: [dpdk-dev] [RFC 4/7] cryptodev: add ipsec xform
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The crypto action is specified by an application to request
crypto offload for a flow.

Signed-off-by: Boris Pismenny <borisp at mellanox.com>
Signed-off-by: Aviad Yehezkel <aviadye at mellanox.com>
---
 lib/Makefile                |  1 +
 lib/librte_ether/rte_flow.h | 26 ++++++++++++++++++++++++++
 2 files changed, 27 insertions(+)

diff --git a/lib/Makefile b/lib/Makefile
index 07e1fd0..26c8c29 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -48,6 +48,7 @@ DEPDIRS-librte_cmdline := librte_eal
 DIRS-$(CONFIG_RTE_LIBRTE_ETHER) += librte_ether
 DEPDIRS-librte_ether := librte_net librte_eal librte_mempool librte_ring
 DEPDIRS-librte_ether += librte_mbuf
+DEPDIRS-librte_ether += librte_cryptodev
 DIRS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += librte_cryptodev
 DEPDIRS-librte_cryptodev := librte_eal librte_mempool librte_ring librte_mbuf
 DEPDIRS-librte_cryptodev += librte_kvargs
diff --git a/lib/librte_ether/rte_flow.h b/lib/librte_ether/rte_flow.h
index 4b78b66..d3f75e7 100644
--- a/lib/librte_ether/rte_flow.h
+++ b/lib/librte_ether/rte_flow.h
@@ -51,6 +51,7 @@
 #include <rte_udp.h>
 #include <rte_byteorder.h>
 #include <rte_esp.h>
+#include <rte_crypto_sym.h>
 
 #ifdef __cplusplus
 extern "C" {
@@ -905,6 +906,14 @@ enum rte_flow_action_type {
 	 * See struct rte_flow_action_vf.
 	 */
 	RTE_FLOW_ACTION_TYPE_VF,
+
+	/**
+	 * Encrypts or decrypts packets matching this flow. Must be either egress
+	 * or ingress, but not both.
+	 *
+	 * See struct rte_flow_action_crypto.
+	 */
+	RTE_FLOW_ACTION_TYPE_CRYPTO,
 };
 
 /**
@@ -998,6 +1007,23 @@ struct rte_flow_action_vf {
 };
 
 /**
+ * RTE_FLOW_ACTION_TYPE_CRYPTO
+ *
+ * Encrypts or decrypts packets matching this flow. Must be either egress
+ * or ingress, but not both.
+ *
+ * Packets matched by IPsec SA lookup, which includes at least the following:
+ * Destination IP and ESP SPI, but it may include Source IP, UDP ports, etc.
+ * Packets are encrypted in the outgoing direction and decrypted in the incoming
+ * direction.
+ *
+ * Non-terminating by default.
+ */
+struct rte_flow_action_crypto {
+	struct rte_crypto_sym_xform xform; /* applied crypto transform */
+};
+
+/**
  * Definition of a single action.
  *
  * A list of actions is terminated by a END action.
-- 
1.8.3.1

Previous message: [dpdk-dev] [RFC PATCH 0/1] IPSec Inline and look aside crypto offload
Next message: [dpdk-dev] [RFC 4/7] cryptodev: add ipsec xform
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list