Signed-off-by: Boris Pismenny <bor...@mellanox.com>
---
lib/librte_ether/rte_flow.h | 24 ++++++++++++++++--------
1 file changed, 16 insertions(+), 8 deletions(-)
diff --git a/lib/librte_ether/rte_flow.h b/lib/librte_ether/rte_flow.h
index dce92ca..48d4fca 100644
--- a/lib/librte_ether/rte_flow.h
+++ b/lib/librte_ether/rte_flow.h
@@ -1043,19 +1043,27 @@ struct rte_flow_action_vf {
/**
* RTE_FLOW_ACTION_TYPE_SECURITY
*
- * Perform security action on define flow as specified by security session.
- * The security session specified in the action must be created on the same
port
- * as the flow action that is being specified.
+ * Perform the security action on flows matched by the pattern items
+ * according to the configuration of the security session.
+ *
+ * This action modifies the payload of matched flows. For INLINE_CRYPTO, the
+ * security protocol headers and IV are fully provided by the application as
+ * specified in the flow pattern. The payload of matching packets is
+ * encrypted on egress, and decrypted and authenticated on ingress.
+ * For INLINE_PROTOCOL, the security protocol is fully offloaded to HW,
+ * providing full encapsulation and decapsulation of packets in security
+ * protocols. The flow pattern specifies both the outer security header fields
+ * and the inner packet fields. The security session specified in the action
+ * must match the pattern parameters.
+ *
+ * The security session specified in the action must be created on the same
+ * port as the flow action that is being specified.
*
* The ingress/egress flow attribute should match that specified in the
* security session if the security session supports the definition of the
* direction.
*
- * Multiple flows can be configured to use the same security session. For
- * example if the security session specifies an egress IPsec SA, then multiple
- * flows can be specified to that SA. In the case of an ingress IPsec SA then
- * it is only valid to have a single flow to map to that security session.
- *
+ * Multiple flows can be configured to use the same security session.
*
* Non-terminating by default.
*/
--
1.8.3.1
