On 2/12/2020 10:25 AM, Akhil Goyal wrote: > Hi Anoob, >>>>> >>>>> Hi Anoob, >>>>> >>>>> What is the difference between "Inline crypto" in that document and >>>>> this "Inline protocol"? Both seems providing same outpout. >>>> >>>> [Anoob] Yes. It is partly because the description of "inline crypto" is not >>> accurate. The feature, "inline crypto" is not ipsec aware but would do >>> crypto >>> operation in the ipsec. This summary points to the security documentation >>> for further details and that doc clearly explains the difference between >>> both >>> modes. >>>> >>>>> Is there a way to differentiate them more clearly? >>>> >>>> [Anoob] There are two options I can think of, 1. Update the feature >>>> list to describe the difference between the two. Have a line like, >>>> "As compared to inline crypto, inline protocol will handle the entire >>> protocol offload in addition to the crypto operation." >>>> 2. Both inline crypto and inline protocol falls under security. So could >>>> even >>> rename "Inline crypto" to "Inline security offload" and we should be good to >>> go. Also, under inline protocol, there are various protocols possible. Say, >>> tomorrow when we add MACSEC support, the same question would arise (as >>> in whether it's a new feature or would it be under "inline protocol"). > > Please re-phrase the description of inline crypto as well so that there is a > clear > Differentiation between the two modes. Referring to rte_security is not > enough. > > It can be something like > For Inline crypto: An operation defined in rte_security lib to perform only > crypto > Operations of the security protocol while the packet is received at NIC. NIC > is not aware > of the protocol operations. See Security library and PMD documentation for > more details. > > For Inline protocol : An operation defined in rte_security lib to perform > protocol processing for > the security protocol (e.g. IPSEC, MACSEC) while the packet is received at > the NIC. The NIC is capable > to understand the security protocol operations. See Security library and PMD > documentation for more details.
Since both using the rte_security, for a PMD isn't there a way to say if it is supporting any one of them or both? If so what do you think documenting it too? > > >>> >>> Hi Anoob, >>> >>> These seems security related and I don't know enough to comment if this is >>> correct thing to do. I have cc'ed a few more people for comment. >>> >>> @Akhil, would you mind if I assign this to you? >>> >>> Thanks, >>> ferruh >>> >>>> >>>>> >>>>>> >>>>>> Thanks, >>>>>> Anoob >>>>>> >>>>>>> -----Original Message----- >>>>>>> From: dev <dev-boun...@dpdk.org> On Behalf Of Anoob Joseph >>>>>>> Sent: Tuesday, December 10, 2019 12:23 PM >>>>>>> To: John McNamara <john.mcnam...@intel.com>; Marko Kovacevic >>>>>>> <marko.kovace...@intel.com>; Ferruh Yigit <ferruh.yi...@intel.com> >>>>>>> Cc: Anoob Joseph <ano...@marvell.com>; Jerin Jacob Kollanukkaran >>>>>>> <jer...@marvell.com>; Narayana Prasad Raju Athreya >>>>>>> <pathr...@marvell.com>; dev@dpdk.org >>>>>>> Subject: [dpdk-dev] [PATCH] doc: add inline protocol in feature >>>>>>> list >>>>>>> >>>>>>> Update feature list to include inline protocol offload. >>>>>>> >>>>>>> Signed-off-by: Anoob Joseph <ano...@marvell.com> >>>>>>> --- >>>>>>> doc/guides/nics/features.rst | 18 ++++++++++++++++++ >>>>>>> doc/guides/nics/features/default.ini | 1 + >>>>>>> 2 files changed, 19 insertions(+) >>>>>>> >>>>>>> diff --git a/doc/guides/nics/features.rst >>>>>>> b/doc/guides/nics/features.rst index >>>>>>> 8394a65..f4eb2a9 100644 >>>>>>> --- a/doc/guides/nics/features.rst >>>>>>> +++ b/doc/guides/nics/features.rst >>>>>>> @@ -433,6 +433,24 @@ Supports inline crypto processing (e.g. inline >>>>>>> IPsec). See Security library and >>>>>>> ``mbuf.ol_flags:PKT_TX_SEC_OFFLOAD``, >>>>>>> ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD_FAILED``. >>>>>>> >>>>>>> >>>>>>> +.. _nic_features_inline_protocol_doc: >>>>>>> + >>>>>>> +Inline protocol >>>>>>> +--------------- >>>>>>> + >>>>>>> +Supports inline protocol processing (e.g. inline IPsec). See >>>>>>> +Security library and >>>>>>> PMD documentation for more details. >>>>>>> + >>>>>>> +* **[uses] rte_eth_rxconf,rte_eth_rxmode**: >>>>>>> ``offloads:DEV_RX_OFFLOAD_SECURITY``, >>>>>>> +* **[uses] rte_eth_txconf,rte_eth_txmode**: >>>>>>> ``offloads:DEV_TX_OFFLOAD_SECURITY``. >>>>>>> +* **[implements] rte_security_ops**: ``session_create``, >>>>>>> +``session_update``, >>>>>>> + ``session_stats_get``, ``session_destroy``, >>>>>>> +``set_pkt_metadata``, ``get_userdata``, >>>>>>> + ``capabilities_get``. >>>>>>> +* **[provides] rte_eth_dev_info**: >>>>>>> >>>>> >>> +``rx_offload_capa,rx_queue_offload_capa:DEV_RX_OFFLOAD_SECURITY``, >>>>>>> + >>>>> >>> ``tx_offload_capa,tx_queue_offload_capa:DEV_TX_OFFLOAD_SECURITY``. >>>>>>> +* **[provides] mbuf**: ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD``, >>>>>>> + ``mbuf.ol_flags:PKT_TX_SEC_OFFLOAD``, >>>>>>> ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD_FAILED``. >>>>>>> + >>>>>>> + >>>>>>> .. _nic_features_crc_offload: >>>>>>> >>>>>>> CRC offload >>>>>>> diff --git a/doc/guides/nics/features/default.ini >>>>>>> b/doc/guides/nics/features/default.ini >>>>>>> index 91ec619..4d0ad32 100644 >>>>>>> --- a/doc/guides/nics/features/default.ini >>>>>>> +++ b/doc/guides/nics/features/default.ini >>>>>>> @@ -42,6 +42,7 @@ Flow API = >>>>>>> Rate limitation = >>>>>>> Traffic mirroring = >>>>>>> Inline crypto = >>>>>>> +Inline protocol = >>>>>>> CRC offload = >>>>>>> VLAN offload = >>>>>>> QinQ offload = >>>>>>> -- >>>>>>> 2.7.4 >>>>>> >>>> >
