From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <declan.doherty@intel.com>
Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
 by dpdk.org (Postfix) with ESMTP id 5671E2BBE
 for <dev@dpdk.org>; Fri, 15 Sep 2017 15:14:35 +0200 (CEST)
Received: from fmsmga004.fm.intel.com ([10.253.24.48])
 by orsmga104.jf.intel.com with ESMTP; 15 Sep 2017 06:14:34 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.42,396,1500966000"; d="scan'208";a="312077424"
Received: from dwdohert-mobl.ger.corp.intel.com (HELO [10.252.175.245])
 ([10.252.175.245])
 by fmsmga004.fm.intel.com with ESMTP; 15 Sep 2017 06:14:27 -0700
To: Hemant Agrawal <hemant.agrawal@nxp.com>, Akhil Goyal
 <akhil.goyal@nxp.com>, dev@dpdk.org
Cc: pablo.de.lara.guarch@intel.com, radu.nicolau@intel.com,
 borisp@mellanox.com, aviadye@mellanox.com, thomas@monjalon.net,
 sandeep.malik@nxp.com, jerin.jacob@caviumnetworks.com
References: <20170914082651.26232-1-akhil.goyal@nxp.com>
 <20170914082651.26232-10-akhil.goyal@nxp.com>
 <ecd42e7e-f001-2603-32b4-3852bd3abca9@nxp.com>
From: "Doherty, Declan" <declan.doherty@intel.com>
Message-ID: <8886d571-1708-1710-14fd-69e03a5e427c@intel.com>
Date: Fri, 15 Sep 2017 14:14:26 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <ecd42e7e-f001-2603-32b4-3852bd3abca9@nxp.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Subject: Re: [dpdk-dev] [PATCH 09/11] net/ixgbe: enable inline ipsec
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Sep 2017 13:14:36 -0000

On 15/09/2017 5:48 AM, Hemant Agrawal wrote:
> Hi Radu,
>
> On 9/14/2017 1:56 PM, Akhil Goyal wrote:
>
>> +static const struct rte_security_capability 
>> ixgbe_security_capabilities[] = {
>> +    { /* IPsec Inline Crypto AH Transport Egress */
>> +        .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
>> +        .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
>> +        .ipsec = {
>> +            .proto = RTE_SECURITY_IPSEC_SA_PROTO_AH,
>
> You are supporting AH, however only ESP is proposed in other patch for 
> addition to rte_flow?

Hemant, this was a mistake on my part when defining the capabilities, 
although the ixgbe is capable of supporting AH we haven't done the 
enablement of that yet.  I'll update this file to remove the AH 
capabilities for the moment, until we have time to implement and test fully.
>
>> +            .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
>> +            .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
>> +            .options = { 0 },
>> +        },
>> +        .crypto_capabilities = aes_gmac_crypto_capabilities
>> +    },
>> +    { /* IPsec Inline Crypto ESP Transport Egress */
>> +        .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
>> +        .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
>> +        .ipsec = {
>> +            .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
>> +            .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
>> +            .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
>> +            .options = { 0 }
>> +        },
>> +        .crypto_capabilities = aes_gcm_gmac_crypto_capabilities
>> +    },
>> +    { /* IPsec Inline Crypto AH Transport Ingress */
>> +        .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
>> +        .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
>> +        .ipsec = {
>> +            .proto = RTE_SECURITY_IPSEC_SA_PROTO_AH,
>> +            .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
>> +            .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
>> +            .options = { 0 }
>> +        },
>> +        .crypto_capabilities = aes_gmac_crypto_capabilities
>> +    },
>> +    { /* IPsec Inline Crypto AH Tunnel Ingress */
>> +        .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
>> +        .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
>> +        .ipsec = {
>> +            .proto = RTE_SECURITY_IPSEC_SA_PROTO_AH,
>> +            .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
>> +            .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
>> +            .options = { 0 }
>> +        },
>> +        .crypto_capabilities = aes_gmac_crypto_capabilities
>> +    },
>> +    { /* IPsec Inline Crypto ESP Transport Ingress */
>> +        .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
>> +        .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
>> +        .ipsec = {
>> +            .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
>> +            .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
>> +            .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
>> +            .options = { 0 }
>> +        },
>> +        .crypto_capabilities = aes_gcm_gmac_crypto_capabilities
>> +    },
>> +    { /* IPsec Inline Crypto ESP Tunnel Ingress */
>> +        .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
>> +        .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
>> +        .ipsec = {
>> +            .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
>> +            .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
>> +            .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
>> +            .options = { 0 }
>> +        },
>> +        .crypto_capabilities = aes_gcm_gmac_crypto_capabilities
>> +    },
>> +    {
>> +        .action = RTE_SECURITY_ACTION_TYPE_NONE
>> +    }
>> +};
>
>