Re: [dpdk-dev] [EXT] Re: [PATCH] doc: add inline protocol in feature list

[Ferruh Yigit <ferruh.yigit@intel.com>]

On 2/12/2020 10:25 AM, Akhil Goyal wrote:
> Hi Anoob,
>>>>>
>>>>> Hi Anoob,
>>>>>
>>>>> What is the difference between "Inline crypto" in that document and
>>>>> this "Inline protocol"? Both seems providing same outpout.
>>>>
>>>> [Anoob] Yes. It is partly because the description of "inline crypto" is not
>>> accurate. The feature, "inline crypto" is not ipsec aware but would do crypto
>>> operation in the ipsec. This summary points to the security documentation
>>> for further details and that doc clearly explains the difference between both
>>> modes.
>>>>
>>>>> Is there a way to differentiate them more clearly?
>>>>
>>>> [Anoob] There are two options I can think of, 1. Update the feature
>>>> list to describe the difference between the two. Have a line like,
>>>> 	"As compared to inline crypto, inline protocol will handle the entire
>>> protocol offload in addition to the crypto operation."
>>>> 2. Both inline crypto and inline protocol falls under security. So could even
>>> rename "Inline crypto" to "Inline security offload" and we should be good to
>>> go. Also, under inline protocol, there are various protocols possible. Say,
>>> tomorrow when we add MACSEC support, the same question would arise (as
>>> in whether it's a new feature or would it be under "inline protocol").
> 
> Please re-phrase the description of inline crypto as well so that there is a clear 
> Differentiation between the two modes. Referring to rte_security is not enough.
> 
> It can be something like
> For Inline crypto: An operation defined in rte_security lib to perform only crypto
> Operations of the security protocol while the packet is received at NIC. NIC is not aware
> of the protocol operations. See Security library and PMD documentation for more details.
> 
> For Inline protocol : An operation defined in rte_security lib to perform protocol processing for
> the security protocol (e.g. IPSEC, MACSEC) while the packet is received at the NIC. The NIC is capable
> to understand the security protocol operations. See Security library and PMD documentation for more details.

Since both using the rte_security, for a PMD isn't there a way to say if it is
supporting any one of them or both? If so what do you think documenting it too?

> 
> 
>>>
>>> Hi Anoob,
>>>
>>> These seems security related and I don't know enough to comment if this is
>>> correct thing to do. I have cc'ed a few more people for comment.
>>>
>>> @Akhil, would you mind if I assign this to you?
>>>
>>> Thanks,
>>> ferruh
>>>
>>>>
>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>> Anoob
>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: dev <dev-bounces@dpdk.org> On Behalf Of Anoob Joseph
>>>>>>> Sent: Tuesday, December 10, 2019 12:23 PM
>>>>>>> To: John McNamara <john.mcnamara@intel.com>; Marko Kovacevic
>>>>>>> <marko.kovacevic@intel.com>; Ferruh Yigit <ferruh.yigit@intel.com>
>>>>>>> Cc: Anoob Joseph <anoobj@marvell.com>; Jerin Jacob Kollanukkaran
>>>>>>> <jerinj@marvell.com>; Narayana Prasad Raju Athreya
>>>>>>> <pathreya@marvell.com>; dev@dpdk.org
>>>>>>> Subject: [dpdk-dev] [PATCH] doc: add inline protocol in feature
>>>>>>> list
>>>>>>>
>>>>>>> Update feature list to include inline protocol offload.
>>>>>>>
>>>>>>> Signed-off-by: Anoob Joseph <anoobj@marvell.com>
>>>>>>> ---
>>>>>>>  doc/guides/nics/features.rst         | 18 ++++++++++++++++++
>>>>>>>  doc/guides/nics/features/default.ini |  1 +
>>>>>>>  2 files changed, 19 insertions(+)
>>>>>>>
>>>>>>> diff --git a/doc/guides/nics/features.rst
>>>>>>> b/doc/guides/nics/features.rst index
>>>>>>> 8394a65..f4eb2a9 100644
>>>>>>> --- a/doc/guides/nics/features.rst
>>>>>>> +++ b/doc/guides/nics/features.rst
>>>>>>> @@ -433,6 +433,24 @@ Supports inline crypto processing (e.g. inline
>>>>>>> IPsec). See Security library and
>>>>>>>    ``mbuf.ol_flags:PKT_TX_SEC_OFFLOAD``,
>>>>>>> ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD_FAILED``.
>>>>>>>
>>>>>>>
>>>>>>> +.. _nic_features_inline_protocol_doc:
>>>>>>> +
>>>>>>> +Inline protocol
>>>>>>> +---------------
>>>>>>> +
>>>>>>> +Supports inline protocol processing (e.g. inline IPsec). See
>>>>>>> +Security library and
>>>>>>> PMD documentation for more details.
>>>>>>> +
>>>>>>> +* **[uses]       rte_eth_rxconf,rte_eth_rxmode**:
>>>>>>> ``offloads:DEV_RX_OFFLOAD_SECURITY``,
>>>>>>> +* **[uses]       rte_eth_txconf,rte_eth_txmode**:
>>>>>>> ``offloads:DEV_TX_OFFLOAD_SECURITY``.
>>>>>>> +* **[implements] rte_security_ops**: ``session_create``,
>>>>>>> +``session_update``,
>>>>>>> +  ``session_stats_get``, ``session_destroy``,
>>>>>>> +``set_pkt_metadata``, ``get_userdata``,
>>>>>>> +  ``capabilities_get``.
>>>>>>> +* **[provides] rte_eth_dev_info**:
>>>>>>>
>>>>>
>>> +``rx_offload_capa,rx_queue_offload_capa:DEV_RX_OFFLOAD_SECURITY``,
>>>>>>> +
>>>>>
>>> ``tx_offload_capa,tx_queue_offload_capa:DEV_TX_OFFLOAD_SECURITY``.
>>>>>>> +* **[provides]   mbuf**: ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD``,
>>>>>>> +  ``mbuf.ol_flags:PKT_TX_SEC_OFFLOAD``,
>>>>>>> ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD_FAILED``.
>>>>>>> +
>>>>>>> +
>>>>>>>  .. _nic_features_crc_offload:
>>>>>>>
>>>>>>>  CRC offload
>>>>>>> diff --git a/doc/guides/nics/features/default.ini
>>>>>>> b/doc/guides/nics/features/default.ini
>>>>>>> index 91ec619..4d0ad32 100644
>>>>>>> --- a/doc/guides/nics/features/default.ini
>>>>>>> +++ b/doc/guides/nics/features/default.ini
>>>>>>> @@ -42,6 +42,7 @@ Flow API             =
>>>>>>>  Rate limitation      =
>>>>>>>  Traffic mirroring    =
>>>>>>>  Inline crypto        =
>>>>>>> +Inline protocol      =
>>>>>>>  CRC offload          =
>>>>>>>  VLAN offload         =
>>>>>>>  QinQ offload         =
>>>>>>> --
>>>>>>> 2.7.4
>>>>>>
>>>>
>