From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by dpdk.org (Postfix) with ESMTP id 5671E2BBE for ; Fri, 15 Sep 2017 15:14:35 +0200 (CEST) Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga104.jf.intel.com with ESMTP; 15 Sep 2017 06:14:34 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.42,396,1500966000"; d="scan'208";a="312077424" Received: from dwdohert-mobl.ger.corp.intel.com (HELO [10.252.175.245]) ([10.252.175.245]) by fmsmga004.fm.intel.com with ESMTP; 15 Sep 2017 06:14:27 -0700 To: Hemant Agrawal , Akhil Goyal , dev@dpdk.org Cc: pablo.de.lara.guarch@intel.com, radu.nicolau@intel.com, borisp@mellanox.com, aviadye@mellanox.com, thomas@monjalon.net, sandeep.malik@nxp.com, jerin.jacob@caviumnetworks.com References: <20170914082651.26232-1-akhil.goyal@nxp.com> <20170914082651.26232-10-akhil.goyal@nxp.com> From: "Doherty, Declan" Message-ID: <8886d571-1708-1710-14fd-69e03a5e427c@intel.com> Date: Fri, 15 Sep 2017 14:14:26 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US Subject: Re: [dpdk-dev] [PATCH 09/11] net/ixgbe: enable inline ipsec X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Sep 2017 13:14:36 -0000 On 15/09/2017 5:48 AM, Hemant Agrawal wrote: > Hi Radu, > > On 9/14/2017 1:56 PM, Akhil Goyal wrote: > >> +static const struct rte_security_capability >> ixgbe_security_capabilities[] = { >> +    { /* IPsec Inline Crypto AH Transport Egress */ >> +        .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO, >> +        .protocol = RTE_SECURITY_PROTOCOL_IPSEC, >> +        .ipsec = { >> +            .proto = RTE_SECURITY_IPSEC_SA_PROTO_AH, > > You are supporting AH, however only ESP is proposed in other patch for > addition to rte_flow? Hemant, this was a mistake on my part when defining the capabilities, although the ixgbe is capable of supporting AH we haven't done the enablement of that yet.  I'll update this file to remove the AH capabilities for the moment, until we have time to implement and test fully. > >> +            .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT, >> +            .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, >> +            .options = { 0 }, >> +        }, >> +        .crypto_capabilities = aes_gmac_crypto_capabilities >> +    }, >> +    { /* IPsec Inline Crypto ESP Transport Egress */ >> +        .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO, >> +        .protocol = RTE_SECURITY_PROTOCOL_IPSEC, >> +        .ipsec = { >> +            .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, >> +            .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT, >> +            .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, >> +            .options = { 0 } >> +        }, >> +        .crypto_capabilities = aes_gcm_gmac_crypto_capabilities >> +    }, >> +    { /* IPsec Inline Crypto AH Transport Ingress */ >> +        .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO, >> +        .protocol = RTE_SECURITY_PROTOCOL_IPSEC, >> +        .ipsec = { >> +            .proto = RTE_SECURITY_IPSEC_SA_PROTO_AH, >> +            .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT, >> +            .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, >> +            .options = { 0 } >> +        }, >> +        .crypto_capabilities = aes_gmac_crypto_capabilities >> +    }, >> +    { /* IPsec Inline Crypto AH Tunnel Ingress */ >> +        .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO, >> +        .protocol = RTE_SECURITY_PROTOCOL_IPSEC, >> +        .ipsec = { >> +            .proto = RTE_SECURITY_IPSEC_SA_PROTO_AH, >> +            .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, >> +            .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, >> +            .options = { 0 } >> +        }, >> +        .crypto_capabilities = aes_gmac_crypto_capabilities >> +    }, >> +    { /* IPsec Inline Crypto ESP Transport Ingress */ >> +        .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO, >> +        .protocol = RTE_SECURITY_PROTOCOL_IPSEC, >> +        .ipsec = { >> +            .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, >> +            .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT, >> +            .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, >> +            .options = { 0 } >> +        }, >> +        .crypto_capabilities = aes_gcm_gmac_crypto_capabilities >> +    }, >> +    { /* IPsec Inline Crypto ESP Tunnel Ingress */ >> +        .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO, >> +        .protocol = RTE_SECURITY_PROTOCOL_IPSEC, >> +        .ipsec = { >> +            .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, >> +            .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, >> +            .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, >> +            .options = { 0 } >> +        }, >> +        .crypto_capabilities = aes_gcm_gmac_crypto_capabilities >> +    }, >> +    { >> +        .action = RTE_SECURITY_ACTION_TYPE_NONE >> +    } >> +}; > >