[dpdk-dev] [PATCH v3 5/9] ipsec: add SA data-path API

Ananyev, Konstantin konstantin.ananyev at intel.com
Wed Dec 12 08:37:43 CET 2018



> -----Original Message-----
> From: Doherty, Declan
> Sent: Tuesday, December 11, 2018 5:26 PM
> To: Ananyev, Konstantin <konstantin.ananyev at intel.com>; dev at dpdk.org
> Cc: Awal, Mohammad Abdul <mohammad.abdul.awal at intel.com>
> Subject: Re: [dpdk-dev] [PATCH v3 5/9] ipsec: add SA data-path API
> 
> On 06/12/2018 3:38 PM, Konstantin Ananyev wrote:
> > Introduce Security Association (SA-level) data-path API
> > Operates at SA level, provides functions to:
> >      - initialize/teardown SA object
> >      - process inbound/outbound ESP/AH packets associated with the given SA
> >        (decrypt/encrypt, authenticate, check integrity,
> >        add/remove ESP/AH related headers and data, etc.).
> >
> > Signed-off-by: Mohammad Abdul Awal <mohammad.abdul.awal at intel.com>
> > Signed-off-by: Konstantin Ananyev <konstantin.ananyev at intel.com>
> > ---
> 
> ...
> 
> > +#ifndef _RTE_IPSEC_H_
> > +#define _RTE_IPSEC_H_
> > +
> > +/**
> > + * @file rte_ipsec.h
> > + * @b EXPERIMENTAL: this API may change without prior notice
> > + *
> > + * RTE IPsec support.
> > + * librte_ipsec provides a framework for data-path IPsec protocol
> > + * processing (ESP/AH).
> > + * IKEv2 protocol support right now is out of scope of that draft.
> > + * Though it tries to define related API in such way, that it could be adopted
> > + * by IKEv2 implementation.
> > + */
> 
> I think you can drop the IKE note from the header as key exchange is
> covered under a complete different RFC to the base IPsec one.

Makes sense, will do in v4.
Konstantin

> > +
> > +#include <rte_ipsec_sa.h>
> > +#include <rte_mbuf.h>
> > +
> 
> ...
> 
> >
> 
> 
> Acked-by: Declan Doherty <declan.doherty at intel.com>


More information about the dev mailing list