From patchwork Sun Sep 17 12:06:31 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Boris Pismenny X-Patchwork-Id: 28807 Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id F148D1AF03; Sun, 17 Sep 2017 14:12:48 +0200 (CEST) Received: from mellanox.co.il (mail-il-dmz.mellanox.com [193.47.165.129]) by dpdk.org (Postfix) with ESMTP id D98F51AEEB for ; Sun, 17 Sep 2017 14:12:46 +0200 (CEST) Received: from Internal Mail-Server by MTLPINE1 (envelope-from borisp@mellanox.com) with ESMTPS (AES256-SHA encrypted); 17 Sep 2017 15:06:53 +0300 Received: from gen-l-vrt-098.mtl.labs.mlnx (gen-l-vrt-098.mtl.labs.mlnx [10.137.170.1]) by labmailer.mlnx (8.13.8/8.13.8) with ESMTP id v8HC6oEj013909; Sun, 17 Sep 2017 15:06:52 +0300 From: Boris Pismenny To: dev@dpdk.org Cc: akhil.goyal@nxp.com, declan.doherty@intel.com, pablo.de.lara.guarch@intel.com, hemant.agrawal@nxp.com, radu.nicolau@intel.com, borisp@mellanox.com, aviadye@mellanox.com, thomas@monjalon.net, sandeep.malik@nxp.com, jerin.jacob@caviumnetworks.com, nelio.laranjeiro@6wind.com, liranl@mellanox.com Date: Sun, 17 Sep 2017 15:06:31 +0300 Message-Id: <1505649991-3463-3-git-send-email-borisp@mellanox.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1505649991-3463-1-git-send-email-borisp@mellanox.com> References: <1505649991-3463-1-git-send-email-borisp@mellanox.com> Subject: [dpdk-dev] [PATCH 2/2] ethdev: update documentation for security action X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Signed-off-by: Boris Pismenny Acked-by: John McNamara --- lib/librte_ether/rte_flow.h | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/lib/librte_ether/rte_flow.h b/lib/librte_ether/rte_flow.h index dce92ca..48d4fca 100644 --- a/lib/librte_ether/rte_flow.h +++ b/lib/librte_ether/rte_flow.h @@ -1043,19 +1043,27 @@ struct rte_flow_action_vf { /** * RTE_FLOW_ACTION_TYPE_SECURITY * - * Perform security action on define flow as specified by security session. - * The security session specified in the action must be created on the same port - * as the flow action that is being specified. + * Perform the security action on flows matched by the pattern items + * according to the configuration of the security session. + * + * This action modifies the payload of matched flows. For INLINE_CRYPTO, the + * security protocol headers and IV are fully provided by the application as + * specified in the flow pattern. The payload of matching packets is + * encrypted on egress, and decrypted and authenticated on ingress. + * For INLINE_PROTOCOL, the security protocol is fully offloaded to HW, + * providing full encapsulation and decapsulation of packets in security + * protocols. The flow pattern specifies both the outer security header fields + * and the inner packet fields. The security session specified in the action + * must match the pattern parameters. + * + * The security session specified in the action must be created on the same + * port as the flow action that is being specified. * * The ingress/egress flow attribute should match that specified in the * security session if the security session supports the definition of the * direction. * - * Multiple flows can be configured to use the same security session. For - * example if the security session specifies an egress IPsec SA, then multiple - * flows can be specified to that SA. In the case of an ingress IPsec SA then - * it is only valid to have a single flow to map to that security session. - * + * Multiple flows can be configured to use the same security session. * * Non-terminating by default. */