[dpdk-dev] [PATCH 0/2] Document rte_flow security action

Boris Pismenny borisp at mellanox.com
Sun Sep 17 14:06:29 CEST 2017


This series updates the documentation regarding the use of rte_flow
security actions for configuring crypto offload. This documentation
attempts to provide guidelines for the use of security sessions with
inline and protocol offloads.

The documentation relfects my understanding of the current status of
inline crypto offload. I've added some documentation for full protocol
offload as well, even though I am not familiar with any existing
implementation.

Full protocol offload is the first encap/decap action in rte_flow.
For example, in IPsec it implies ESP encap/decap. As an encap/decap
offload, it offloads header construction to hardware.
This raises the following question:
Should the rte_flow pattern hold the pattern of headers to add/remove
by hardware?

My answer is yes, because it allows us to describe more complex
encapsulation offloads and their order - [GRE | ESP | TCP] vs.
[ESP | GRE | TCP]. By providing the full pattern we resolve the
ambiguity and define the order of encapsulation. While actions describe
the encapsulation operation related to each header.

The patches are based on the integration branch of dpdk-draft-ipsec.

Boris Pismenny (2):
  doc: add details of rte_flow security actions
  ethdev: update documentation for security action

 doc/guides/prog_guide/rte_flow.rst | 83 +++++++++++++++++++++++++++++++++++++-
 lib/librte_ether/rte_flow.h        | 24 +++++++----
 2 files changed, 97 insertions(+), 10 deletions(-)

-- 
1.8.3.1



More information about the dev mailing list