From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mellanox.co.il (mail-il-dmz.mellanox.com [193.47.165.129]) by dpdk.org (Postfix) with ESMTP id D98F51AEEB for ; Sun, 17 Sep 2017 14:12:46 +0200 (CEST) Received: from Internal Mail-Server by MTLPINE1 (envelope-from borisp@mellanox.com) with ESMTPS (AES256-SHA encrypted); 17 Sep 2017 15:06:53 +0300 Received: from gen-l-vrt-098.mtl.labs.mlnx (gen-l-vrt-098.mtl.labs.mlnx [10.137.170.1]) by labmailer.mlnx (8.13.8/8.13.8) with ESMTP id v8HC6oEj013909; Sun, 17 Sep 2017 15:06:52 +0300 From: Boris Pismenny To: dev@dpdk.org Cc: akhil.goyal@nxp.com, declan.doherty@intel.com, pablo.de.lara.guarch@intel.com, hemant.agrawal@nxp.com, radu.nicolau@intel.com, borisp@mellanox.com, aviadye@mellanox.com, thomas@monjalon.net, sandeep.malik@nxp.com, jerin.jacob@caviumnetworks.com, nelio.laranjeiro@6wind.com, liranl@mellanox.com Date: Sun, 17 Sep 2017 15:06:31 +0300 Message-Id: <1505649991-3463-3-git-send-email-borisp@mellanox.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1505649991-3463-1-git-send-email-borisp@mellanox.com> References: <1505649991-3463-1-git-send-email-borisp@mellanox.com> Subject: [dpdk-dev] [PATCH 2/2] ethdev: update documentation for security action X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Sep 2017 12:12:47 -0000 Signed-off-by: Boris Pismenny --- lib/librte_ether/rte_flow.h | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/lib/librte_ether/rte_flow.h b/lib/librte_ether/rte_flow.h index dce92ca..48d4fca 100644 --- a/lib/librte_ether/rte_flow.h +++ b/lib/librte_ether/rte_flow.h @@ -1043,19 +1043,27 @@ struct rte_flow_action_vf { /** * RTE_FLOW_ACTION_TYPE_SECURITY * - * Perform security action on define flow as specified by security session. - * The security session specified in the action must be created on the same port - * as the flow action that is being specified. + * Perform the security action on flows matched by the pattern items + * according to the configuration of the security session. + * + * This action modifies the payload of matched flows. For INLINE_CRYPTO, the + * security protocol headers and IV are fully provided by the application as + * specified in the flow pattern. The payload of matching packets is + * encrypted on egress, and decrypted and authenticated on ingress. + * For INLINE_PROTOCOL, the security protocol is fully offloaded to HW, + * providing full encapsulation and decapsulation of packets in security + * protocols. The flow pattern specifies both the outer security header fields + * and the inner packet fields. The security session specified in the action + * must match the pattern parameters. + * + * The security session specified in the action must be created on the same + * port as the flow action that is being specified. * * The ingress/egress flow attribute should match that specified in the * security session if the security session supports the definition of the * direction. * - * Multiple flows can be configured to use the same security session. For - * example if the security session specifies an egress IPsec SA, then multiple - * flows can be specified to that SA. In the case of an ingress IPsec SA then - * it is only valid to have a single flow to map to that security session. - * + * Multiple flows can be configured to use the same security session. * * Non-terminating by default. */ -- 1.8.3.1