[dpdk-dev] [PATCH 2/2] ethdev: update documentation for security action

Boris Pismenny borisp at mellanox.com
Sun Sep 17 14:06:31 CEST 2017

Previous message: [dpdk-dev] [PATCH 1/2] doc: add details of rte_flow security actions
Next message: [dpdk-dev] [PATCH 2/2] ethdev: update documentation for security action
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Signed-off-by: Boris Pismenny <borisp at mellanox.com>
---
 lib/librte_ether/rte_flow.h | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/lib/librte_ether/rte_flow.h b/lib/librte_ether/rte_flow.h
index dce92ca..48d4fca 100644
--- a/lib/librte_ether/rte_flow.h
+++ b/lib/librte_ether/rte_flow.h
@@ -1043,19 +1043,27 @@ struct rte_flow_action_vf {
 /**
  * RTE_FLOW_ACTION_TYPE_SECURITY
  *
- * Perform security action on define flow as specified by security session.
- * The security session specified in the action must be created on the same port
- * as the flow action that is being specified.
+ * Perform the security action on flows matched by the pattern items
+ * according to the configuration of the security session.
+ *
+ * This action modifies the payload of matched flows. For INLINE_CRYPTO, the
+ * security protocol headers and IV are fully provided by the application as
+ * specified in the flow pattern. The payload of matching packets is
+ * encrypted on egress, and decrypted and authenticated on ingress.
+ * For INLINE_PROTOCOL, the security protocol is fully offloaded to HW,
+ * providing full encapsulation and decapsulation of packets in security
+ * protocols. The flow pattern specifies both the outer security header fields
+ * and the inner packet fields. The security session specified in the action
+ * must match the pattern parameters.
+ *
+ * The security session specified in the action must be created on the same
+ * port as the flow action that is being specified.
  *
  * The ingress/egress flow attribute should match that specified in the
  * security session if the security session supports the definition of the
  * direction.
  *
- * Multiple flows can be configured to use the same security session. For
- * example if the security session specifies an egress IPsec SA, then multiple
- * flows can be specified to that SA. In the case of an ingress IPsec SA then
- * it is only valid to have a single flow to map to that security session.
- *
+ * Multiple flows can be configured to use the same security session.
  *
  * Non-terminating by default.
  */
-- 
1.8.3.1

Previous message: [dpdk-dev] [PATCH 1/2] doc: add details of rte_flow security actions
Next message: [dpdk-dev] [PATCH 2/2] ethdev: update documentation for security action
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list