From mboxrd@z Thu Jan  1 00:00:00 1970
From: Akhil Goyal <akhil.goyal@nxp.com>
Subject: [PATCH 07/11] ethdev: add rte flow action for crypto
Date: Thu, 14 Sep 2017 13:56:47 +0530
Message-ID: <20170914082651.26232-8-akhil.goyal@nxp.com>
References: <20170914082651.26232-1-akhil.goyal@nxp.com>
Mime-Version: 1.0
Content-Type: text/plain
Cc: <declan.doherty@intel.com>, <pablo.de.lara.guarch@intel.com>,
 <hemant.agrawal@nxp.com>, <radu.nicolau@intel.com>, <borisp@mellanox.com>,
 <aviadye@mellanox.com>, <thomas@monjalon.net>, <sandeep.malik@nxp.com>,
 <jerin.jacob@caviumnetworks.com>
To: <dev@dpdk.org>
Return-path: <dev-bounces@dpdk.org>
Received: from NAM03-BY2-obe.outbound.protection.outlook.com
 (mail-by2nam03on0043.outbound.protection.outlook.com [104.47.42.43])
 by dpdk.org (Postfix) with ESMTP id BC5DE1B1BF
 for <dev@dpdk.org>; Thu, 14 Sep 2017 10:29:38 +0200 (CEST)
In-Reply-To: <20170914082651.26232-1-akhil.goyal@nxp.com>
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

From: Boris Pismenny <borisp@mellanox.com>

The crypto action is specified by an application to request
crypto offload for a flow.

Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
---
 lib/librte_ether/rte_flow.h | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/lib/librte_ether/rte_flow.h b/lib/librte_ether/rte_flow.h
index ea08af6..dce92ca 100644
--- a/lib/librte_ether/rte_flow.h
+++ b/lib/librte_ether/rte_flow.h
@@ -941,6 +941,13 @@ enum rte_flow_action_type {
 	 * See struct rte_flow_action_vf.
 	 */
 	RTE_FLOW_ACTION_TYPE_VF,
+	/**
+	 * Redirects packets to security engine of current device for security
+	 * processing as specified by security session.
+	 *
+	 * See struct rte_flow_action_security.
+	 */
+	RTE_FLOW_ACTION_TYPE_SECURITY
 };
 
 /**
@@ -1034,6 +1041,29 @@ struct rte_flow_action_vf {
 };
 
 /**
+ * RTE_FLOW_ACTION_TYPE_SECURITY
+ *
+ * Perform security action on define flow as specified by security session.
+ * The security session specified in the action must be created on the same port
+ * as the flow action that is being specified.
+ *
+ * The ingress/egress flow attribute should match that specified in the
+ * security session if the security session supports the definition of the
+ * direction.
+ *
+ * Multiple flows can be configured to use the same security session. For
+ * example if the security session specifies an egress IPsec SA, then multiple
+ * flows can be specified to that SA. In the case of an ingress IPsec SA then
+ * it is only valid to have a single flow to map to that security session.
+ *
+ *
+ * Non-terminating by default.
+ */
+struct rte_flow_action_security {
+	void *security_session; /**< Pointer to security session structure. */
+};
+
+/**
  * Definition of a single action.
  *
  * A list of actions is terminated by a END action.
-- 
2.9.3