>
> Enable user to provide IV to be used per security operation. This
> would be used with lookaside protocol offload for comparing
> against known vectors.
>
> By default, PMD would generate IV internally and would be random.
>
> Signed-off-by: Anoob Joseph <ano...@marvell.com>
> Acked-by: Akhil Goyal <gak...@marvell.com>
> ---
> doc/guides/rel_notes/release_21_11.rst | 5 +++++
> lib/security/rte_security.h | 14 ++++++++++++++
> 2 files changed, 19 insertions(+)
>
> diff --git a/doc/guides/rel_notes/release_21_11.rst
> b/doc/guides/rel_notes/release_21_11.rst
> index 411fa95..9b14c84 100644
> --- a/doc/guides/rel_notes/release_21_11.rst
> +++ b/doc/guides/rel_notes/release_21_11.rst
> @@ -118,6 +118,11 @@ ABI Changes
> Also, make sure to start the actual text at the margin.
> =======================================================
>
> +* security: add IPsec SA option to disable IV generation
> +
> + * Added IPsec SA option to disable IV generation to allow known vector
> + tests as well as usage of application provided IV on supported PMDs.
> +
>
> Known Issues
> ------------
> diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
> index 88d31de..b4b6776 100644
> --- a/lib/security/rte_security.h
> +++ b/lib/security/rte_security.h
> @@ -181,6 +181,20 @@ struct rte_security_ipsec_sa_options {
> * * 0: Disable per session security statistics collection for this SA.
> */
> uint32_t stats : 1;
> +
> + /** Disable IV generation in PMD
> + *
> + * * 1: Disable IV generation in PMD. When disabled, IV provided in
> + * rte_crypto_op will be used by the PMD.
> + *
> + * * 0: Enable IV generation in PMD. When enabled, PMD generated random
> + * value would be used and application is not required to provide
> + * IV.
> + *
> + * Note: For inline cases, IV generation would always need to be handled
> + * by the PMD.
> + */
> + uint32_t iv_gen_disable : 1;
> };
>
> /** IPSec security association direction */
> --
Acked-by: Konstantin Ananyev <konstantin.anan...@intel.com>
> 2.7.4
