From: Radu Nicolau <radu.nicolau@intel.com>
To: dev@dpdk.org
Cc: thomas@monjalon.net, ferruh.yigit@intel.com,
wenzhuo.lu@intel.com, konstantin.ananyev@intel.com,
pablo.de.lara.guarch@intel.com,
Radu Nicolau <radu.nicolau@intel.com>
Subject: [dpdk-dev] [PATCH v2] doc: added inline crypto feature
Date: Thu, 9 Nov 2017 12:23:02 +0000 [thread overview]
Message-ID: <1510230182-9550-1-git-send-email-radu.nicolau@intel.com> (raw)
In-Reply-To: <1510147619-8701-1-git-send-email-radu.nicolau@intel.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
---
v2: removed useless anchor and updated ixgbe doc
doc/guides/nics/features.rst | 15 +++++++++++++++
doc/guides/nics/features/default.ini | 1 +
doc/guides/nics/features/ixgbe.ini | 2 ++
doc/guides/nics/features/ixgbe_vec.ini | 2 ++
doc/guides/nics/features/ixgbe_vf.ini | 2 ++
doc/guides/nics/features/ixgbe_vf_vec.ini | 2 ++
doc/guides/nics/ixgbe.rst | 15 +++++++++++++++
7 files changed, 39 insertions(+)
diff --git a/doc/guides/nics/features.rst b/doc/guides/nics/features.rst
index bfeae80..c1c3907 100644
--- a/doc/guides/nics/features.rst
+++ b/doc/guides/nics/features.rst
@@ -900,6 +900,21 @@ Documentation describes performance values.
See ``dpdk.org/doc/perf/*``.
+Inline crypto
+-------------
+
+Supports inline crypto processing (eg. inline IPsec). See Security library and PMD documentation for more details.
+
+* **[uses] rte_eth_rxconf,rte_eth_rxmode**: ``offloads:DEV_RX_OFFLOAD_SECURITY``,
+* **[uses] rte_eth_txconf,rte_eth_txmode**: ``offloads:DEV_TX_OFFLOAD_SECURITY``.
+* **[implements] rte_security_ops**: ``session_create``, ``session_update``,
+ ``session_stats_get``, ``session_destroy``, ``set_pkt_metadata``, ``capabilities_get``.
+* **[provides] rte_eth_dev_info**: ``rx_offload_capa,rx_queue_offload_capa:DEV_RX_OFFLOAD_SECURITY``,
+ ``tx_offload_capa,tx_queue_offload_capa:DEV_TX_OFFLOAD_SECURITY``.
+* **[provides] mbuf**: ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD``,
+ ``mbuf.ol_flags:PKT_TX_SEC_OFFLOAD``, ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD_FAILED``.
+
+
.. _nic_features_other:
diff --git a/doc/guides/nics/features/default.ini b/doc/guides/nics/features/default.ini
index dc527dd..9ef6a2a 100644
--- a/doc/guides/nics/features/default.ini
+++ b/doc/guides/nics/features/default.ini
@@ -77,3 +77,4 @@ Usage doc =
Design doc =
Perf doc =
Mbuf fast free =
+Inline crypto =
diff --git a/doc/guides/nics/features/ixgbe.ini b/doc/guides/nics/features/ixgbe.ini
index 9ff5d8f..900840f 100644
--- a/doc/guides/nics/features/ixgbe.ini
+++ b/doc/guides/nics/features/ixgbe.ini
@@ -58,3 +58,5 @@ Linux VFIO = Y
ARMv8 = Y
x86-32 = Y
x86-64 = Y
+Inline crypto = Y
+
diff --git a/doc/guides/nics/features/ixgbe_vec.ini b/doc/guides/nics/features/ixgbe_vec.ini
index 4d56df4..5e32c08 100644
--- a/doc/guides/nics/features/ixgbe_vec.ini
+++ b/doc/guides/nics/features/ixgbe_vec.ini
@@ -47,3 +47,5 @@ Linux VFIO = Y
ARMv8 = Y
x86-32 = Y
x86-64 = Y
+Inline crypto = Y
+
diff --git a/doc/guides/nics/features/ixgbe_vf.ini b/doc/guides/nics/features/ixgbe_vf.ini
index b63e32c..f217b09 100644
--- a/doc/guides/nics/features/ixgbe_vf.ini
+++ b/doc/guides/nics/features/ixgbe_vf.ini
@@ -37,3 +37,5 @@ Linux VFIO = Y
ARMv8 = Y
x86-32 = Y
x86-64 = Y
+Inline crypto = Y
+
diff --git a/doc/guides/nics/features/ixgbe_vf_vec.ini b/doc/guides/nics/features/ixgbe_vf_vec.ini
index c994857..9549aab 100644
--- a/doc/guides/nics/features/ixgbe_vf_vec.ini
+++ b/doc/guides/nics/features/ixgbe_vf_vec.ini
@@ -29,3 +29,5 @@ Linux VFIO = Y
ARMv8 = Y
x86-32 = Y
x86-64 = Y
+Inline crypto = Y
+
diff --git a/doc/guides/nics/ixgbe.rst b/doc/guides/nics/ixgbe.rst
index c687c63..19716c2 100644
--- a/doc/guides/nics/ixgbe.rst
+++ b/doc/guides/nics/ixgbe.rst
@@ -239,6 +239,21 @@ There is no RTE API to add a VF's MAC address from the PF. On ixgbe, the
as a workaround.
+Inline crypto processing support
+---------------------------
+
+Inline IPsec processing is supported for ``RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO``
+mode for ESP packets only:
+
+- ESP authentication only: AES-128-GMAC (128-bit key)
+- ESP encryption and authentication: AES-128-GCM (128-bit key)
+
+IPsec Security Gateway Sample Application supports inline IPsec processing for
+ixgbe PMD.
+For more details see the IPsec Security Gateway Sample Application and Security
+library documentation.
+
+
Supported Chipsets and NICs
---------------------------
--
2.7.5
next prev parent reply other threads:[~2017-11-09 12:27 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-08 13:26 [dpdk-dev] [PATCH] " Radu Nicolau
2017-11-08 14:22 ` Thomas Monjalon
2017-11-08 14:31 ` Radu Nicolau
2017-11-08 15:13 ` Thomas Monjalon
2017-11-08 15:40 ` Radu Nicolau
2017-11-09 12:23 ` Radu Nicolau [this message]
2017-11-09 12:29 ` [dpdk-dev] [PATCH v3] " Radu Nicolau
2017-11-12 3:33 ` Thomas Monjalon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1510230182-9550-1-git-send-email-radu.nicolau@intel.com \
--to=radu.nicolau@intel.com \
--cc=dev@dpdk.org \
--cc=ferruh.yigit@intel.com \
--cc=konstantin.ananyev@intel.com \
--cc=pablo.de.lara.guarch@intel.com \
--cc=thomas@monjalon.net \
--cc=wenzhuo.lu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).