[dpdk-dev] [RFC 3/7] ethdev: add rte flow action for crypto

Mon, 10 Jul 2017 00:36:07 -0700 

The crypto action is specified by an application to request
crypto offload for a flow.

Signed-off-by: Boris Pismenny <bor...@mellanox.com>
Signed-off-by: Aviad Yehezkel <avia...@mellanox.com>
---
 lib/Makefile                |  1 +
 lib/librte_ether/rte_flow.h | 26 ++++++++++++++++++++++++++
 2 files changed, 27 insertions(+)

diff --git a/lib/Makefile b/lib/Makefile
index 07e1fd0..26c8c29 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -48,6 +48,7 @@ DEPDIRS-librte_cmdline := librte_eal
 DIRS-$(CONFIG_RTE_LIBRTE_ETHER) += librte_ether
 DEPDIRS-librte_ether := librte_net librte_eal librte_mempool librte_ring
 DEPDIRS-librte_ether += librte_mbuf
+DEPDIRS-librte_ether += librte_cryptodev
 DIRS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += librte_cryptodev
 DEPDIRS-librte_cryptodev := librte_eal librte_mempool librte_ring librte_mbuf
 DEPDIRS-librte_cryptodev += librte_kvargs
diff --git a/lib/librte_ether/rte_flow.h b/lib/librte_ether/rte_flow.h
index 4b78b66..d3f75e7 100644
--- a/lib/librte_ether/rte_flow.h
+++ b/lib/librte_ether/rte_flow.h
@@ -51,6 +51,7 @@
 #include <rte_udp.h>
 #include <rte_byteorder.h>
 #include <rte_esp.h>
+#include <rte_crypto_sym.h>
 
 #ifdef __cplusplus
 extern "C" {
@@ -905,6 +906,14 @@ enum rte_flow_action_type {
         * See struct rte_flow_action_vf.
         */
        RTE_FLOW_ACTION_TYPE_VF,
+
+       /**
+        * Encrypts or decrypts packets matching this flow. Must be either 
egress
+        * or ingress, but not both.
+        *
+        * See struct rte_flow_action_crypto.
+        */
+       RTE_FLOW_ACTION_TYPE_CRYPTO,
 };
 
 /**
@@ -998,6 +1007,23 @@ struct rte_flow_action_vf {
 };
 
 /**
+ * RTE_FLOW_ACTION_TYPE_CRYPTO
+ *
+ * Encrypts or decrypts packets matching this flow. Must be either egress
+ * or ingress, but not both.
+ *
+ * Packets matched by IPsec SA lookup, which includes at least the following:
+ * Destination IP and ESP SPI, but it may include Source IP, UDP ports, etc.
+ * Packets are encrypted in the outgoing direction and decrypted in the 
incoming
+ * direction.
+ *
+ * Non-terminating by default.
+ */
+struct rte_flow_action_crypto {
+       struct rte_crypto_sym_xform xform; /* applied crypto transform */
+};
+
+/**
  * Definition of a single action.
  *
  * A list of actions is terminated by a END action.
-- 
1.8.3.1

Reply via email to