From: Boris Pismenny <borisp@mellanox.com>
To: dev@dpdk.org
Cc: akhil.goyal@nxp.com, declan.doherty@intel.com,
pablo.de.lara.guarch@intel.com, hemant.agrawal@nxp.com,
radu.nicolau@intel.com, borisp@mellanox.com,
aviadye@mellanox.com, thomas@monjalon.net, sandeep.malik@nxp.com,
jerin.jacob@caviumnetworks.com, nelio.laranjeiro@6wind.com,
liranl@mellanox.com
Subject: [dpdk-dev] [PATCH 0/2] Document rte_flow security action
Date: Sun, 17 Sep 2017 15:06:29 +0300 [thread overview]
Message-ID: <1505649991-3463-1-git-send-email-borisp@mellanox.com> (raw)
This series updates the documentation regarding the use of rte_flow
security actions for configuring crypto offload. This documentation
attempts to provide guidelines for the use of security sessions with
inline and protocol offloads.
The documentation relfects my understanding of the current status of
inline crypto offload. I've added some documentation for full protocol
offload as well, even though I am not familiar with any existing
implementation.
Full protocol offload is the first encap/decap action in rte_flow.
For example, in IPsec it implies ESP encap/decap. As an encap/decap
offload, it offloads header construction to hardware.
This raises the following question:
Should the rte_flow pattern hold the pattern of headers to add/remove
by hardware?
My answer is yes, because it allows us to describe more complex
encapsulation offloads and their order - [GRE | ESP | TCP] vs.
[ESP | GRE | TCP]. By providing the full pattern we resolve the
ambiguity and define the order of encapsulation. While actions describe
the encapsulation operation related to each header.
The patches are based on the integration branch of dpdk-draft-ipsec.
Boris Pismenny (2):
doc: add details of rte_flow security actions
ethdev: update documentation for security action
doc/guides/prog_guide/rte_flow.rst | 83 +++++++++++++++++++++++++++++++++++++-
lib/librte_ether/rte_flow.h | 24 +++++++----
2 files changed, 97 insertions(+), 10 deletions(-)
--
1.8.3.1
next reply other threads:[~2017-09-17 12:12 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-17 12:06 Boris Pismenny [this message]
2017-09-17 12:06 ` [dpdk-dev] [PATCH 1/2] doc: add details of rte_flow security actions Boris Pismenny
2017-09-18 11:14 ` Mcnamara, John
2017-09-17 12:06 ` [dpdk-dev] [PATCH 2/2] ethdev: update documentation for security action Boris Pismenny
2017-09-18 11:18 ` Mcnamara, John
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1505649991-3463-1-git-send-email-borisp@mellanox.com \
--to=borisp@mellanox.com \
--cc=akhil.goyal@nxp.com \
--cc=aviadye@mellanox.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=hemant.agrawal@nxp.com \
--cc=jerin.jacob@caviumnetworks.com \
--cc=liranl@mellanox.com \
--cc=nelio.laranjeiro@6wind.com \
--cc=pablo.de.lara.guarch@intel.com \
--cc=radu.nicolau@intel.com \
--cc=sandeep.malik@nxp.com \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).