This series updates the documentation regarding the use of rte_flow security actions for configuring crypto offload. This documentation attempts to provide guidelines for the use of security sessions with inline and protocol offloads.
The documentation relfects my understanding of the current status of inline crypto offload. I've added some documentation for full protocol offload as well, even though I am not familiar with any existing implementation. Full protocol offload is the first encap/decap action in rte_flow. For example, in IPsec it implies ESP encap/decap. As an encap/decap offload, it offloads header construction to hardware. This raises the following question: Should the rte_flow pattern hold the pattern of headers to add/remove by hardware? My answer is yes, because it allows us to describe more complex encapsulation offloads and their order - [GRE | ESP | TCP] vs. [ESP | GRE | TCP]. By providing the full pattern we resolve the ambiguity and define the order of encapsulation. While actions describe the encapsulation operation related to each header. The patches are based on the integration branch of dpdk-draft-ipsec. Boris Pismenny (2): doc: add details of rte_flow security actions ethdev: update documentation for security action doc/guides/prog_guide/rte_flow.rst | 83 +++++++++++++++++++++++++++++++++++++- lib/librte_ether/rte_flow.h | 24 +++++++---- 2 files changed, 97 insertions(+), 10 deletions(-) -- 1.8.3.1
