[dpdk-dev,RFC,3/7] ethdev: add rte flow action for crypto
Checks
Commit Message
The crypto action is specified by an application to request
crypto offload for a flow.
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
---
lib/Makefile | 1 +
lib/librte_ether/rte_flow.h | 26 ++++++++++++++++++++++++++
2 files changed, 27 insertions(+)
@@ -48,6 +48,7 @@ DEPDIRS-librte_cmdline := librte_eal
DIRS-$(CONFIG_RTE_LIBRTE_ETHER) += librte_ether
DEPDIRS-librte_ether := librte_net librte_eal librte_mempool librte_ring
DEPDIRS-librte_ether += librte_mbuf
+DEPDIRS-librte_ether += librte_cryptodev
DIRS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += librte_cryptodev
DEPDIRS-librte_cryptodev := librte_eal librte_mempool librte_ring librte_mbuf
DEPDIRS-librte_cryptodev += librte_kvargs
@@ -51,6 +51,7 @@
#include <rte_udp.h>
#include <rte_byteorder.h>
#include <rte_esp.h>
+#include <rte_crypto_sym.h>
#ifdef __cplusplus
extern "C" {
@@ -905,6 +906,14 @@ enum rte_flow_action_type {
* See struct rte_flow_action_vf.
*/
RTE_FLOW_ACTION_TYPE_VF,
+
+ /**
+ * Encrypts or decrypts packets matching this flow. Must be either egress
+ * or ingress, but not both.
+ *
+ * See struct rte_flow_action_crypto.
+ */
+ RTE_FLOW_ACTION_TYPE_CRYPTO,
};
/**
@@ -998,6 +1007,23 @@ struct rte_flow_action_vf {
};
/**
+ * RTE_FLOW_ACTION_TYPE_CRYPTO
+ *
+ * Encrypts or decrypts packets matching this flow. Must be either egress
+ * or ingress, but not both.
+ *
+ * Packets matched by IPsec SA lookup, which includes at least the following:
+ * Destination IP and ESP SPI, but it may include Source IP, UDP ports, etc.
+ * Packets are encrypted in the outgoing direction and decrypted in the incoming
+ * direction.
+ *
+ * Non-terminating by default.
+ */
+struct rte_flow_action_crypto {
+ struct rte_crypto_sym_xform xform; /* applied crypto transform */
+};
+
+/**
* Definition of a single action.
*
* A list of actions is terminated by a END action.