[dpdk-dev] [PATCH 09/11] net/ixgbe: enable inline ipsec

[Doherty, Declan]

On 15/09/2017 5:48 AM, Hemant Agrawal wrote:
> Hi Radu,
>
> On 9/14/2017 1:56 PM, Akhil Goyal wrote:
>
>> +static const struct rte_security_capability 
>> ixgbe_security_capabilities[] = {
>> +    { /* IPsec Inline Crypto AH Transport Egress */
>> +        .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
>> +        .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
>> +        .ipsec = {
>> +            .proto = RTE_SECURITY_IPSEC_SA_PROTO_AH,
>
> You are supporting AH, however only ESP is proposed in other patch for 
> addition to rte_flow?

Hemant, this was a mistake on my part when defining the capabilities, 
although the ixgbe is capable of supporting AH we haven't done the 
enablement of that yet.  I'll update this file to remove the AH 
capabilities for the moment, until we have time to implement and test fully.
>
>> +            .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
>> +            .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
>> +            .options = { 0 },
>> +        },
>> +        .crypto_capabilities = aes_gmac_crypto_capabilities
>> +    },
>> +    { /* IPsec Inline Crypto ESP Transport Egress */
>> +        .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
>> +        .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
>> +        .ipsec = {
>> +            .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
>> +            .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
>> +            .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
>> +            .options = { 0 }
>> +        },
>> +        .crypto_capabilities = aes_gcm_gmac_crypto_capabilities
>> +    },
>> +    { /* IPsec Inline Crypto AH Transport Ingress */
>> +        .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
>> +        .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
>> +        .ipsec = {
>> +            .proto = RTE_SECURITY_IPSEC_SA_PROTO_AH,
>> +            .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
>> +            .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
>> +            .options = { 0 }
>> +        },
>> +        .crypto_capabilities = aes_gmac_crypto_capabilities
>> +    },
>> +    { /* IPsec Inline Crypto AH Tunnel Ingress */
>> +        .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
>> +        .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
>> +        .ipsec = {
>> +            .proto = RTE_SECURITY_IPSEC_SA_PROTO_AH,
>> +            .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
>> +            .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
>> +            .options = { 0 }
>> +        },
>> +        .crypto_capabilities = aes_gmac_crypto_capabilities
>> +    },
>> +    { /* IPsec Inline Crypto ESP Transport Ingress */
>> +        .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
>> +        .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
>> +        .ipsec = {
>> +            .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
>> +            .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
>> +            .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
>> +            .options = { 0 }
>> +        },
>> +        .crypto_capabilities = aes_gcm_gmac_crypto_capabilities
>> +    },
>> +    { /* IPsec Inline Crypto ESP Tunnel Ingress */
>> +        .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
>> +        .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
>> +        .ipsec = {
>> +            .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
>> +            .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
>> +            .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
>> +            .options = { 0 }
>> +        },
>> +        .crypto_capabilities = aes_gcm_gmac_crypto_capabilities
>> +    },
>> +    {
>> +        .action = RTE_SECURITY_ACTION_TYPE_NONE
>> +    }
>> +};
>
>