DPDK patches and discussions
 help / color / mirror / Atom feed
* [dpdk-dev] [PATCH] ethdev: add security flow item
@ 2020-09-10 16:44 Tejasree Kondoj
  2020-09-10 16:45 ` Stephen Hemminger
  0 siblings, 1 reply; 15+ messages in thread
From: Tejasree Kondoj @ 2020-09-10 16:44 UTC (permalink / raw)
  To: Akhil Goyal, Radu Nicolau, Declan Doherty, Ori Kam,
	Thomas Monjalon, Ferruh Yigit, Andrew Rybchenko, Jerin Jacob
  Cc: Tejasree Kondoj, Narayana Prasad, Anoob Joseph, dev

Introduce a new item type RTE_FLOW_ITEM_TYPE_SECURITY to
distinguish plain packets from IPsec decrypted plain packets.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
 doc/guides/prog_guide/rte_flow.rst | 25 +++++++++++++++++++++++++
 lib/librte_ethdev/rte_flow.h       |  9 +++++++++
 2 files changed, 34 insertions(+)

diff --git a/doc/guides/prog_guide/rte_flow.rst b/doc/guides/prog_guide/rte_flow.rst
index 3e5cd1e0d..a51a3e5d6 100644
--- a/doc/guides/prog_guide/rte_flow.rst
+++ b/doc/guides/prog_guide/rte_flow.rst
@@ -712,6 +712,31 @@ action sets metadata for a packet and the metadata will be reported via
    | ``mask`` | ``data`` | bit-mask applies to "spec" and "last" |
    +----------+----------+---------------------------------------+
 
+Item: ``SECURITY``
+^^^^^^^^^^^^^^^^^^
+
+Matches packets that were security processed. It can be used to identify
+packets after inline security processing. For example, in case of inline IPsec,
+the packet headers would change after IPsec decapsulation and this item would
+allow application to differentiate non-IPsec packets from packets after
+inline IPsec processing.
+
+- ``spec``, ``last`` and ``mask`` are ignored.
+
+.. _table_rte_flow_item_security:
+
+.. table:: SECURITY
+
+   +----------+---------+
+   | Field    | Value   |
+   +==========+=========+
+   | ``spec`` | ignored |
+   +----------+---------+
+   | ``last`` | ignored |
+   +----------+---------+
+   | ``mask`` | ignored |
+   +----------+---------+
+
 Data matching item types
 ~~~~~~~~~~~~~~~~~~~~~~~~
 
diff --git a/lib/librte_ethdev/rte_flow.h b/lib/librte_ethdev/rte_flow.h
index da8bfa548..65499b758 100644
--- a/lib/librte_ethdev/rte_flow.h
+++ b/lib/librte_ethdev/rte_flow.h
@@ -537,6 +537,15 @@ enum rte_flow_item_type {
 	 */
 	RTE_FLOW_ITEM_TYPE_ECPRI,
 
+	/**
+	 * [META]
+	 *
+	 * Matches security processed packets.
+	 *
+	 * No associated specification structure.
+	 */
+	RTE_FLOW_ITEM_TYPE_SECURITY,
+
 };
 
 /**
-- 
2.27.0


^ permalink raw reply	[flat|nested] 15+ messages in thread

end of thread, other threads:[~2021-04-20  1:08 UTC | newest]

Thread overview: 15+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-10 16:44 [dpdk-dev] [PATCH] ethdev: add security flow item Tejasree Kondoj
2020-09-10 16:45 ` Stephen Hemminger
2020-09-17  9:38   ` Asaf Penso
2020-09-21  8:58     ` Tejasree Kondoj
2020-09-21 16:09       ` Asaf Penso
2020-09-22  7:51         ` Ori Kam
2020-09-22  9:07           ` Tejasree Kondoj
2020-09-22 13:28             ` Ori Kam
2020-09-22 14:18             ` Tejasree Kondoj
2020-09-23 14:30               ` Ori Kam
2020-09-24  5:30                 ` Tejasree Kondoj
2020-09-24  9:51                   ` Ori Kam
2020-09-24 10:07                     ` Tejasree Kondoj
2021-02-17 17:36                       ` Ferruh Yigit
2021-04-20  1:08                         ` Ferruh Yigit

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).