[dpdk-dev] [EXT] Re: [PATCH] doc: add inline protocol in feature list

Akhil Goyal akhil.goyal at nxp.com
Wed Feb 12 11:25:26 CET 2020 

Hi Anoob,
> > >>
> > >> Hi Anoob,
> > >>
> > >> What is the difference between "Inline crypto" in that document and
> > >> this "Inline protocol"? Both seems providing same outpout.
> > >
> > > [Anoob] Yes. It is partly because the description of "inline crypto" is not
> > accurate. The feature, "inline crypto" is not ipsec aware but would do crypto
> > operation in the ipsec. This summary points to the security documentation
> > for further details and that doc clearly explains the difference between both
> > modes.
> > >
> > >> Is there a way to differentiate them more clearly?
> > >
> > > [Anoob] There are two options I can think of, 1. Update the feature
> > > list to describe the difference between the two. Have a line like,
> > > 	"As compared to inline crypto, inline protocol will handle the entire
> > protocol offload in addition to the crypto operation."
> > > 2. Both inline crypto and inline protocol falls under security. So could even
> > rename "Inline crypto" to "Inline security offload" and we should be good to
> > go. Also, under inline protocol, there are various protocols possible. Say,
> > tomorrow when we add MACSEC support, the same question would arise (as
> > in whether it's a new feature or would it be under "inline protocol").

Please re-phrase the description of inline crypto as well so that there is a clear 
Differentiation between the two modes. Referring to rte_security is not enough.

It can be something like
For Inline crypto: An operation defined in rte_security lib to perform only crypto
Operations of the security protocol while the packet is received at NIC. NIC is not aware
of the protocol operations. See Security library and PMD documentation for more details.

For Inline protocol : An operation defined in rte_security lib to perform protocol processing for
the security protocol (e.g. IPSEC, MACSEC) while the packet is received at the NIC. The NIC is capable
to understand the security protocol operations. See Security library and PMD documentation for more details.


> >
> > Hi Anoob,
> >
> > These seems security related and I don't know enough to comment if this is
> > correct thing to do. I have cc'ed a few more people for comment.
> >
> > @Akhil, would you mind if I assign this to you?
> >
> > Thanks,
> > ferruh
> >
> > >
> > >>
> > >>>
> > >>> Thanks,
> > >>> Anoob
> > >>>
> > >>>> -----Original Message-----
> > >>>> From: dev <dev-bounces at dpdk.org> On Behalf Of Anoob Joseph
> > >>>> Sent: Tuesday, December 10, 2019 12:23 PM
> > >>>> To: John McNamara <john.mcnamara at intel.com>; Marko Kovacevic
> > >>>> <marko.kovacevic at intel.com>; Ferruh Yigit <ferruh.yigit at intel.com>
> > >>>> Cc: Anoob Joseph <anoobj at marvell.com>; Jerin Jacob Kollanukkaran
> > >>>> <jerinj at marvell.com>; Narayana Prasad Raju Athreya
> > >>>> <pathreya at marvell.com>; dev at dpdk.org
> > >>>> Subject: [dpdk-dev] [PATCH] doc: add inline protocol in feature
> > >>>> list
> > >>>>
> > >>>> Update feature list to include inline protocol offload.
> > >>>>
> > >>>> Signed-off-by: Anoob Joseph <anoobj at marvell.com>
> > >>>> ---
> > >>>>  doc/guides/nics/features.rst         | 18 ++++++++++++++++++
> > >>>>  doc/guides/nics/features/default.ini |  1 +
> > >>>>  2 files changed, 19 insertions(+)
> > >>>>
> > >>>> diff --git a/doc/guides/nics/features.rst
> > >>>> b/doc/guides/nics/features.rst index
> > >>>> 8394a65..f4eb2a9 100644
> > >>>> --- a/doc/guides/nics/features.rst
> > >>>> +++ b/doc/guides/nics/features.rst
> > >>>> @@ -433,6 +433,24 @@ Supports inline crypto processing (e.g. inline
> > >>>> IPsec). See Security library and
> > >>>>    ``mbuf.ol_flags:PKT_TX_SEC_OFFLOAD``,
> > >>>> ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD_FAILED``.
> > >>>>
> > >>>>
> > >>>> +.. _nic_features_inline_protocol_doc:
> > >>>> +
> > >>>> +Inline protocol
> > >>>> +---------------
> > >>>> +
> > >>>> +Supports inline protocol processing (e.g. inline IPsec). See
> > >>>> +Security library and
> > >>>> PMD documentation for more details.
> > >>>> +
> > >>>> +* **[uses]       rte_eth_rxconf,rte_eth_rxmode**:
> > >>>> ``offloads:DEV_RX_OFFLOAD_SECURITY``,
> > >>>> +* **[uses]       rte_eth_txconf,rte_eth_txmode**:
> > >>>> ``offloads:DEV_TX_OFFLOAD_SECURITY``.
> > >>>> +* **[implements] rte_security_ops**: ``session_create``,
> > >>>> +``session_update``,
> > >>>> +  ``session_stats_get``, ``session_destroy``,
> > >>>> +``set_pkt_metadata``, ``get_userdata``,
> > >>>> +  ``capabilities_get``.
> > >>>> +* **[provides] rte_eth_dev_info**:
> > >>>>
> > >>
> > +``rx_offload_capa,rx_queue_offload_capa:DEV_RX_OFFLOAD_SECURITY``,
> > >>>> +
> > >>
> > ``tx_offload_capa,tx_queue_offload_capa:DEV_TX_OFFLOAD_SECURITY``.
> > >>>> +* **[provides]   mbuf**: ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD``,
> > >>>> +  ``mbuf.ol_flags:PKT_TX_SEC_OFFLOAD``,
> > >>>> ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD_FAILED``.
> > >>>> +
> > >>>> +
> > >>>>  .. _nic_features_crc_offload:
> > >>>>
> > >>>>  CRC offload
> > >>>> diff --git a/doc/guides/nics/features/default.ini
> > >>>> b/doc/guides/nics/features/default.ini
> > >>>> index 91ec619..4d0ad32 100644
> > >>>> --- a/doc/guides/nics/features/default.ini
> > >>>> +++ b/doc/guides/nics/features/default.ini
> > >>>> @@ -42,6 +42,7 @@ Flow API             =
> > >>>>  Rate limitation      =
> > >>>>  Traffic mirroring    =
> > >>>>  Inline crypto        =
> > >>>> +Inline protocol      =
> > >>>>  CRC offload          =
> > >>>>  VLAN offload         =
> > >>>>  QinQ offload         =
> > >>>> --
> > >>>> 2.7.4
> > >>>
> > >

More information about the dev mailing list