Introduce a new item type RTE_FLOW_ITEM_TYPE_SECURITY to
distinguish plain packets from IPsec decrypted plain packets.
Signed-off-by: Tejasree Kondoj <ktejas...@marvell.com>
---
doc/guides/prog_guide/rte_flow.rst | 25 +++++++++++++++++++++++++
lib/librte_ethdev/rte_flow.h | 9 +++++++++
2 files changed, 34 insertions(+)
diff --git a/doc/guides/prog_guide/rte_flow.rst
b/doc/guides/prog_guide/rte_flow.rst
index 3e5cd1e0d..a51a3e5d6 100644
--- a/doc/guides/prog_guide/rte_flow.rst
+++ b/doc/guides/prog_guide/rte_flow.rst
@@ -712,6 +712,31 @@ action sets metadata for a packet and the metadata will be
reported via
| ``mask`` | ``data`` | bit-mask applies to "spec" and "last" |
+----------+----------+---------------------------------------+
+Item: ``SECURITY``
+^^^^^^^^^^^^^^^^^^
+
+Matches packets that were security processed. It can be used to identify
+packets after inline security processing. For example, in case of inline IPsec,
+the packet headers would change after IPsec decapsulation and this item would
+allow application to differentiate non-IPsec packets from packets after
+inline IPsec processing.
+
+- ``spec``, ``last`` and ``mask`` are ignored.
+
+.. _table_rte_flow_item_security:
+
+.. table:: SECURITY
+
+ +----------+---------+
+ | Field | Value |
+ +==========+=========+
+ | ``spec`` | ignored |
+ +----------+---------+
+ | ``last`` | ignored |
+ +----------+---------+
+ | ``mask`` | ignored |
+ +----------+---------+
+
Data matching item types
~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/lib/librte_ethdev/rte_flow.h b/lib/librte_ethdev/rte_flow.h
index da8bfa548..65499b758 100644
--- a/lib/librte_ethdev/rte_flow.h
+++ b/lib/librte_ethdev/rte_flow.h
@@ -537,6 +537,15 @@ enum rte_flow_item_type {
*/
RTE_FLOW_ITEM_TYPE_ECPRI,
+ /**
+ * [META]
+ *
+ * Matches security processed packets.
+ *
+ * No associated specification structure.
+ */
+ RTE_FLOW_ITEM_TYPE_SECURITY,
+
};
/**
--
2.27.0
