From: Boris Pismenny <borisp@mellanox.com>
To: dev@dpdk.org
Cc: akhil.goyal@nxp.com, declan.doherty@intel.com,
pablo.de.lara.guarch@intel.com, hemant.agrawal@nxp.com,
radu.nicolau@intel.com, borisp@mellanox.com,
aviadye@mellanox.com, thomas@monjalon.net, sandeep.malik@nxp.com,
jerin.jacob@caviumnetworks.com, nelio.laranjeiro@6wind.com,
liranl@mellanox.com
Subject: [dpdk-dev] [PATCH 2/2] ethdev: update documentation for security action
Date: Sun, 17 Sep 2017 15:06:31 +0300 [thread overview]
Message-ID: <1505649991-3463-3-git-send-email-borisp@mellanox.com> (raw)
In-Reply-To: <1505649991-3463-1-git-send-email-borisp@mellanox.com>
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
---
lib/librte_ether/rte_flow.h | 24 ++++++++++++++++--------
1 file changed, 16 insertions(+), 8 deletions(-)
diff --git a/lib/librte_ether/rte_flow.h b/lib/librte_ether/rte_flow.h
index dce92ca..48d4fca 100644
--- a/lib/librte_ether/rte_flow.h
+++ b/lib/librte_ether/rte_flow.h
@@ -1043,19 +1043,27 @@ struct rte_flow_action_vf {
/**
* RTE_FLOW_ACTION_TYPE_SECURITY
*
- * Perform security action on define flow as specified by security session.
- * The security session specified in the action must be created on the same port
- * as the flow action that is being specified.
+ * Perform the security action on flows matched by the pattern items
+ * according to the configuration of the security session.
+ *
+ * This action modifies the payload of matched flows. For INLINE_CRYPTO, the
+ * security protocol headers and IV are fully provided by the application as
+ * specified in the flow pattern. The payload of matching packets is
+ * encrypted on egress, and decrypted and authenticated on ingress.
+ * For INLINE_PROTOCOL, the security protocol is fully offloaded to HW,
+ * providing full encapsulation and decapsulation of packets in security
+ * protocols. The flow pattern specifies both the outer security header fields
+ * and the inner packet fields. The security session specified in the action
+ * must match the pattern parameters.
+ *
+ * The security session specified in the action must be created on the same
+ * port as the flow action that is being specified.
*
* The ingress/egress flow attribute should match that specified in the
* security session if the security session supports the definition of the
* direction.
*
- * Multiple flows can be configured to use the same security session. For
- * example if the security session specifies an egress IPsec SA, then multiple
- * flows can be specified to that SA. In the case of an ingress IPsec SA then
- * it is only valid to have a single flow to map to that security session.
- *
+ * Multiple flows can be configured to use the same security session.
*
* Non-terminating by default.
*/
--
1.8.3.1
next prev parent reply other threads:[~2017-09-17 12:12 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-17 12:06 [dpdk-dev] [PATCH 0/2] Document rte_flow " Boris Pismenny
2017-09-17 12:06 ` [dpdk-dev] [PATCH 1/2] doc: add details of rte_flow security actions Boris Pismenny
2017-09-18 11:14 ` Mcnamara, John
2017-09-17 12:06 ` Boris Pismenny [this message]
2017-09-18 11:18 ` [dpdk-dev] [PATCH 2/2] ethdev: update documentation for security action Mcnamara, John
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1505649991-3463-3-git-send-email-borisp@mellanox.com \
--to=borisp@mellanox.com \
--cc=akhil.goyal@nxp.com \
--cc=aviadye@mellanox.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=hemant.agrawal@nxp.com \
--cc=jerin.jacob@caviumnetworks.com \
--cc=liranl@mellanox.com \
--cc=nelio.laranjeiro@6wind.com \
--cc=pablo.de.lara.guarch@intel.com \
--cc=radu.nicolau@intel.com \
--cc=sandeep.malik@nxp.com \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).