+Cc Akhil, Anoob, Konstantin, Radu & Declan
16/03/2021 17:28, Slava Ovsiienko:
> The DPDK ethernet device might support the offload for security
> operations. Since ConnectX-6DX the hardware implements the
> cryptographic options required to provide the IPsec protocol
> offload and there is an intention to update mlx5 PMD to make this
> security offload capability available.
>
> The minimal required set of offload options to be supported:
> - crypto inline offload only
> (RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO)
> - ESP protocol only (AH will be not supported)
> - AES-GCM 128/256 algorithms
> - support both Transport and Tunnel modes
> - operate on BlueField-2, ConnectX-6DX and above
> - support both IPv4 and IPv6
> - VXLAN/GRE tunnel support
>
> The common updates in mlx5 PMD include the standard security
> context API support:
> - rte_security_capabilities_get()
> - rte_security_session_get_size()
> - rte_security_session_create()
> - rte_security_session_destroy()
> - rte_security_session_update()
>
> The mlx5 data path update includes:
> - RTE_SECURITY_DYNFIELD_NAME mbuf dynamic field support
> - rte_security_get_user_data()
> - rte_security_get_stats_get()
> - PKT_RX_SEC_OFFLOAD, PKT_RX_SEC_OFFLOAD_FAILED,
> PKT_TX_SEC_OFFLOAD mbuf flags support
> - report of DEV_RX_OFFLOAD_SECURITY and DEV_TX_OFFLOAD_SECURITY
>
> The mlx5 rte_flow API update includes:
> - RTE_FLOW_ACTION_TYPE_SECURITY action support
> - RTE_FLOW_ITEM_TYPE_ESP item support
> - support RSS over ESP option
>
> Signed-off-by: Viacheslav Ovsiienko <viachesl...@nvidia.com>
