Hi Akhil
> -----Original Message-----
> From: akhil.go...@nxp.com <akhil.go...@nxp.com>
<snip>
> diff --git a/doc/guides/prog_guide/rte_security.rst
> b/doc/guides/prog_guide/rte_security.rst
> index 127da2e4f..ab535d1cd 100644
> --- a/doc/guides/prog_guide/rte_security.rst
> +++ b/doc/guides/prog_guide/rte_security.rst
> @@ -1,5 +1,5 @@
<snip>
> @@ -693,6 +693,23 @@ PDCP related configuration parameters are defined
> in ``rte_security_pdcp_xform``
> uint32_t hfn;
> /** HFN Threshold for key renegotiation */
> uint32_t hfn_threshold;
> + /** HFN can be given as a per packet value also.
> + * As we do not have IV in case of PDCP, and HFN is
> + * used to generate IV. IV field can be used to get the
> + * per packet HFN while enq/deq.
> + * If hfn_ovrd field is set, user is expected to set the
> + * per packet HFN in place of IV. PMDs will extract the HFN
> + * and perform operations accordingly.
> + */
> + uint8_t hfn_ovrd;
> + /** In case of 5G NR, a new protocol(SDAP) header may be set
> + * inside PDCP payload which should be authenticated but not
> + * encrypted. Hence, driver should be notified if SDAP is
> + * enabled or not, so that SDAP header is not encrypted.
> + */
> + uint8_t sdap_enabled;
> + /** Reserved for future */
> + uint16_t reserved;
> };
[DC] Should we consider removing the API code out of the security documentation?
It's a direct copy of the API code itself, and just means 2 files need to be
updated for every API change.
And as with 'hfn_ovrd', sometimes it's forgotten.
>From maintainability point of view, it might be better just remove it.
>
> DOCSIS related configuration parameters are defined in
> ``rte_security_docsis_xform`` diff --git a/lib/librte_security/rte_security.h
> b/lib/librte_security/rte_security.h
> index 16839e539..48b377b20 100644
> --- a/lib/librte_security/rte_security.h
> +++ b/lib/librte_security/rte_security.h
> @@ -1,5 +1,5 @@
> /* SPDX-License-Identifier: BSD-3-Clause
> - * Copyright 2017,2019 NXP
> + * Copyright 2017,2019-2020 NXP
> * Copyright(c) 2017-2020 Intel Corporation.
> */
>
> @@ -290,7 +290,15 @@ struct rte_security_pdcp_xform {
> * per packet HFN in place of IV. PMDs will extract the HFN
> * and perform operations accordingly.
> */
> - uint32_t hfn_ovrd;
> + uint8_t hfn_ovrd;
> + /** In case of 5G NR, a new protocol(SDAP) header may be set
[DC] Very minor thing... add space between 'protocol' and '(SDAP)' in the
comment block.
And same comment for the documentation if you choose to keep the API code
blocks there too.
> + * inside PDCP payload which should be authenticated but not
> + * encrypted. Hence, driver should be notified if SDAP is
> + * enabled or not, so that SDAP header is not encrypted.
> + */
> + uint8_t sdap_enabled;
> + /** Reserved for future */
> + uint16_t reserved;
> };
>
> /** DOCSIS direction */
> --
> 2.17.1
