Re: [dpdk-dev] [PATCH 09/11] net/ixgbe: enable inline ipsec

Fri, 15 Sep 2017 06:14:56 -0700 

On 15/09/2017 5:48 AM, Hemant Agrawal wrote:

Hi Radu,

On 9/14/2017 1:56 PM, Akhil Goyal wrote:
+static const struct rte_security_capability ixgbe_security_capabilities[] = { 
+    { /* IPsec Inline Crypto AH Transport Egress */
+        .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
+        .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+        .ipsec = {
+            .proto = RTE_SECURITY_IPSEC_SA_PROTO_AH,
You are supporting AH, however only ESP is proposed in other patch for addition to rte_flow?
Hemant, this was a mistake on my part when defining the capabilities, although the ixgbe is capable of supporting AH we haven't done the enablement of that yet.  I'll update this file to remove the AH capabilities for the moment, until we have time to implement and test fully. 


+            .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+            .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+            .options = { 0 },
+        },
+        .crypto_capabilities = aes_gmac_crypto_capabilities
+    },
+    { /* IPsec Inline Crypto ESP Transport Egress */
+        .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
+        .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+        .ipsec = {
+            .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+            .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+            .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+            .options = { 0 }
+        },
+        .crypto_capabilities = aes_gcm_gmac_crypto_capabilities
+    },
+    { /* IPsec Inline Crypto AH Transport Ingress */
+        .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
+        .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+        .ipsec = {
+            .proto = RTE_SECURITY_IPSEC_SA_PROTO_AH,
+            .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+            .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+            .options = { 0 }
+        },
+        .crypto_capabilities = aes_gmac_crypto_capabilities
+    },
+    { /* IPsec Inline Crypto AH Tunnel Ingress */
+        .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
+        .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+        .ipsec = {
+            .proto = RTE_SECURITY_IPSEC_SA_PROTO_AH,
+            .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+            .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+            .options = { 0 }
+        },
+        .crypto_capabilities = aes_gmac_crypto_capabilities
+    },
+    { /* IPsec Inline Crypto ESP Transport Ingress */
+        .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
+        .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+        .ipsec = {
+            .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+            .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+            .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+            .options = { 0 }
+        },
+        .crypto_capabilities = aes_gcm_gmac_crypto_capabilities
+    },
+    { /* IPsec Inline Crypto ESP Tunnel Ingress */
+        .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
+        .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+        .ipsec = {
+            .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+            .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+            .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+            .options = { 0 }
+        },
+        .crypto_capabilities = aes_gcm_gmac_crypto_capabilities
+    },
+    {
+        .action = RTE_SECURITY_ACTION_TYPE_NONE
+    }
+};

Reply via email to