[dpdk-dev] [PATCH v3 5/9] ipsec: add SA data-path API
Doherty, Declan
declan.doherty at intel.com
Tue Dec 11 18:25:46 CET 2018
On 06/12/2018 3:38 PM, Konstantin Ananyev wrote:
> Introduce Security Association (SA-level) data-path API
> Operates at SA level, provides functions to:
> - initialize/teardown SA object
> - process inbound/outbound ESP/AH packets associated with the given SA
> (decrypt/encrypt, authenticate, check integrity,
> add/remove ESP/AH related headers and data, etc.).
>
> Signed-off-by: Mohammad Abdul Awal <mohammad.abdul.awal at intel.com>
> Signed-off-by: Konstantin Ananyev <konstantin.ananyev at intel.com>
> ---
...
> +#ifndef _RTE_IPSEC_H_
> +#define _RTE_IPSEC_H_
> +
> +/**
> + * @file rte_ipsec.h
> + * @b EXPERIMENTAL: this API may change without prior notice
> + *
> + * RTE IPsec support.
> + * librte_ipsec provides a framework for data-path IPsec protocol
> + * processing (ESP/AH).
> + * IKEv2 protocol support right now is out of scope of that draft.
> + * Though it tries to define related API in such way, that it could be adopted
> + * by IKEv2 implementation.
> + */
I think you can drop the IKE note from the header as key exchange is
covered under a complete different RFC to the base IPsec one.
> +
> +#include <rte_ipsec_sa.h>
> +#include <rte_mbuf.h>
> +
...
>
Acked-by: Declan Doherty <declan.doherty at intel.com>
More information about the dev
mailing list