[dpdk-dev] [PATCH] ethdev: add security flow item

Tejasree Kondoj ktejasree at marvell.com
Thu Sep 10 18:44:41 CEST 2020

Previous message: [dpdk-dev] [PATCH] eal/linux: fix memory allocations in containers+SELinux
Next message: [dpdk-dev] [PATCH] ethdev: add security flow item
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Introduce a new item type RTE_FLOW_ITEM_TYPE_SECURITY to
distinguish plain packets from IPsec decrypted plain packets.

Signed-off-by: Tejasree Kondoj <ktejasree at marvell.com>
---
 doc/guides/prog_guide/rte_flow.rst | 25 +++++++++++++++++++++++++
 lib/librte_ethdev/rte_flow.h       |  9 +++++++++
 2 files changed, 34 insertions(+)

diff --git a/doc/guides/prog_guide/rte_flow.rst b/doc/guides/prog_guide/rte_flow.rst
index 3e5cd1e0d..a51a3e5d6 100644
--- a/doc/guides/prog_guide/rte_flow.rst
+++ b/doc/guides/prog_guide/rte_flow.rst
@@ -712,6 +712,31 @@ action sets metadata for a packet and the metadata will be reported via
    | ``mask`` | ``data`` | bit-mask applies to "spec" and "last" |
    +----------+----------+---------------------------------------+
 
+Item: ``SECURITY``
+^^^^^^^^^^^^^^^^^^
+
+Matches packets that were security processed. It can be used to identify
+packets after inline security processing. For example, in case of inline IPsec,
+the packet headers would change after IPsec decapsulation and this item would
+allow application to differentiate non-IPsec packets from packets after
+inline IPsec processing.
+
+- ``spec``, ``last`` and ``mask`` are ignored.
+
+.. _table_rte_flow_item_security:
+
+.. table:: SECURITY
+
+   +----------+---------+
+   | Field    | Value   |
+   +==========+=========+
+   | ``spec`` | ignored |
+   +----------+---------+
+   | ``last`` | ignored |
+   +----------+---------+
+   | ``mask`` | ignored |
+   +----------+---------+
+
 Data matching item types
 ~~~~~~~~~~~~~~~~~~~~~~~~
 
diff --git a/lib/librte_ethdev/rte_flow.h b/lib/librte_ethdev/rte_flow.h
index da8bfa548..65499b758 100644
--- a/lib/librte_ethdev/rte_flow.h
+++ b/lib/librte_ethdev/rte_flow.h
@@ -537,6 +537,15 @@ enum rte_flow_item_type {
 	 */
 	RTE_FLOW_ITEM_TYPE_ECPRI,
 
+	/**
+	 * [META]
+	 *
+	 * Matches security processed packets.
+	 *
+	 * No associated specification structure.
+	 */
+	RTE_FLOW_ITEM_TYPE_SECURITY,
+
 };
 
 /**
-- 
2.27.0

Previous message: [dpdk-dev] [PATCH] eal/linux: fix memory allocations in containers+SELinux
Next message: [dpdk-dev] [PATCH] ethdev: add security flow item
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list