[dpdk-dev] [PATCH v3 5/9] ipsec: add SA data-path API

Doherty, Declan declan.doherty at intel.com
Tue Dec 11 18:25:46 CET 2018


On 06/12/2018 3:38 PM, Konstantin Ananyev wrote:
> Introduce Security Association (SA-level) data-path API
> Operates at SA level, provides functions to:
>      - initialize/teardown SA object
>      - process inbound/outbound ESP/AH packets associated with the given SA
>        (decrypt/encrypt, authenticate, check integrity,
>        add/remove ESP/AH related headers and data, etc.).
> 
> Signed-off-by: Mohammad Abdul Awal <mohammad.abdul.awal at intel.com>
> Signed-off-by: Konstantin Ananyev <konstantin.ananyev at intel.com>
> ---

...

> +#ifndef _RTE_IPSEC_H_
> +#define _RTE_IPSEC_H_
> +
> +/**
> + * @file rte_ipsec.h
> + * @b EXPERIMENTAL: this API may change without prior notice
> + *
> + * RTE IPsec support.
> + * librte_ipsec provides a framework for data-path IPsec protocol
> + * processing (ESP/AH).
> + * IKEv2 protocol support right now is out of scope of that draft.
> + * Though it tries to define related API in such way, that it could be adopted
> + * by IKEv2 implementation.
> + */

I think you can drop the IKE note from the header as key exchange is 
covered under a complete different RFC to the base IPsec one.
> +
> +#include <rte_ipsec_sa.h>
> +#include <rte_mbuf.h>
> +

...

> 


Acked-by: Declan Doherty <declan.doherty at intel.com>


More information about the dev mailing list