doc: add inline protocol in feature list
Checks
Commit Message
Update feature list to include inline protocol offload.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
doc/guides/nics/features.rst | 18 ++++++++++++++++++
doc/guides/nics/features/default.ini | 1 +
2 files changed, 19 insertions(+)
Comments
Hi Ferruh,
Can you review this patch?
Thanks,
Anoob
> -----Original Message-----
> From: dev <dev-bounces@dpdk.org> On Behalf Of Anoob Joseph
> Sent: Tuesday, December 10, 2019 12:23 PM
> To: John McNamara <john.mcnamara@intel.com>; Marko Kovacevic
> <marko.kovacevic@intel.com>; Ferruh Yigit <ferruh.yigit@intel.com>
> Cc: Anoob Joseph <anoobj@marvell.com>; Jerin Jacob Kollanukkaran
> <jerinj@marvell.com>; Narayana Prasad Raju Athreya
> <pathreya@marvell.com>; dev@dpdk.org
> Subject: [dpdk-dev] [PATCH] doc: add inline protocol in feature list
>
> Update feature list to include inline protocol offload.
>
> Signed-off-by: Anoob Joseph <anoobj@marvell.com>
> ---
> doc/guides/nics/features.rst | 18 ++++++++++++++++++
> doc/guides/nics/features/default.ini | 1 +
> 2 files changed, 19 insertions(+)
>
> diff --git a/doc/guides/nics/features.rst b/doc/guides/nics/features.rst index
> 8394a65..f4eb2a9 100644
> --- a/doc/guides/nics/features.rst
> +++ b/doc/guides/nics/features.rst
> @@ -433,6 +433,24 @@ Supports inline crypto processing (e.g. inline IPsec). See
> Security library and
> ``mbuf.ol_flags:PKT_TX_SEC_OFFLOAD``,
> ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD_FAILED``.
>
>
> +.. _nic_features_inline_protocol_doc:
> +
> +Inline protocol
> +---------------
> +
> +Supports inline protocol processing (e.g. inline IPsec). See Security library and
> PMD documentation for more details.
> +
> +* **[uses] rte_eth_rxconf,rte_eth_rxmode**:
> ``offloads:DEV_RX_OFFLOAD_SECURITY``,
> +* **[uses] rte_eth_txconf,rte_eth_txmode**:
> ``offloads:DEV_TX_OFFLOAD_SECURITY``.
> +* **[implements] rte_security_ops**: ``session_create``,
> +``session_update``,
> + ``session_stats_get``, ``session_destroy``, ``set_pkt_metadata``,
> +``get_userdata``,
> + ``capabilities_get``.
> +* **[provides] rte_eth_dev_info**:
> +``rx_offload_capa,rx_queue_offload_capa:DEV_RX_OFFLOAD_SECURITY``,
> + ``tx_offload_capa,tx_queue_offload_capa:DEV_TX_OFFLOAD_SECURITY``.
> +* **[provides] mbuf**: ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD``,
> + ``mbuf.ol_flags:PKT_TX_SEC_OFFLOAD``,
> ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD_FAILED``.
> +
> +
> .. _nic_features_crc_offload:
>
> CRC offload
> diff --git a/doc/guides/nics/features/default.ini
> b/doc/guides/nics/features/default.ini
> index 91ec619..4d0ad32 100644
> --- a/doc/guides/nics/features/default.ini
> +++ b/doc/guides/nics/features/default.ini
> @@ -42,6 +42,7 @@ Flow API =
> Rate limitation =
> Traffic mirroring =
> Inline crypto =
> +Inline protocol =
> CRC offload =
> VLAN offload =
> QinQ offload =
> --
> 2.7.4
On 1/21/2020 5:40 AM, Anoob Joseph wrote:
> Hi Ferruh,
>
> Can you review this patch?
Hi Anoob,
What is the difference between "Inline crypto" in that document and this "Inline
protocol"? Both seems providing same outpout.
Is there a way to differentiate them more clearly?
>
> Thanks,
> Anoob
>
>> -----Original Message-----
>> From: dev <dev-bounces@dpdk.org> On Behalf Of Anoob Joseph
>> Sent: Tuesday, December 10, 2019 12:23 PM
>> To: John McNamara <john.mcnamara@intel.com>; Marko Kovacevic
>> <marko.kovacevic@intel.com>; Ferruh Yigit <ferruh.yigit@intel.com>
>> Cc: Anoob Joseph <anoobj@marvell.com>; Jerin Jacob Kollanukkaran
>> <jerinj@marvell.com>; Narayana Prasad Raju Athreya
>> <pathreya@marvell.com>; dev@dpdk.org
>> Subject: [dpdk-dev] [PATCH] doc: add inline protocol in feature list
>>
>> Update feature list to include inline protocol offload.
>>
>> Signed-off-by: Anoob Joseph <anoobj@marvell.com>
>> ---
>> doc/guides/nics/features.rst | 18 ++++++++++++++++++
>> doc/guides/nics/features/default.ini | 1 +
>> 2 files changed, 19 insertions(+)
>>
>> diff --git a/doc/guides/nics/features.rst b/doc/guides/nics/features.rst index
>> 8394a65..f4eb2a9 100644
>> --- a/doc/guides/nics/features.rst
>> +++ b/doc/guides/nics/features.rst
>> @@ -433,6 +433,24 @@ Supports inline crypto processing (e.g. inline IPsec). See
>> Security library and
>> ``mbuf.ol_flags:PKT_TX_SEC_OFFLOAD``,
>> ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD_FAILED``.
>>
>>
>> +.. _nic_features_inline_protocol_doc:
>> +
>> +Inline protocol
>> +---------------
>> +
>> +Supports inline protocol processing (e.g. inline IPsec). See Security library and
>> PMD documentation for more details.
>> +
>> +* **[uses] rte_eth_rxconf,rte_eth_rxmode**:
>> ``offloads:DEV_RX_OFFLOAD_SECURITY``,
>> +* **[uses] rte_eth_txconf,rte_eth_txmode**:
>> ``offloads:DEV_TX_OFFLOAD_SECURITY``.
>> +* **[implements] rte_security_ops**: ``session_create``,
>> +``session_update``,
>> + ``session_stats_get``, ``session_destroy``, ``set_pkt_metadata``,
>> +``get_userdata``,
>> + ``capabilities_get``.
>> +* **[provides] rte_eth_dev_info**:
>> +``rx_offload_capa,rx_queue_offload_capa:DEV_RX_OFFLOAD_SECURITY``,
>> + ``tx_offload_capa,tx_queue_offload_capa:DEV_TX_OFFLOAD_SECURITY``.
>> +* **[provides] mbuf**: ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD``,
>> + ``mbuf.ol_flags:PKT_TX_SEC_OFFLOAD``,
>> ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD_FAILED``.
>> +
>> +
>> .. _nic_features_crc_offload:
>>
>> CRC offload
>> diff --git a/doc/guides/nics/features/default.ini
>> b/doc/guides/nics/features/default.ini
>> index 91ec619..4d0ad32 100644
>> --- a/doc/guides/nics/features/default.ini
>> +++ b/doc/guides/nics/features/default.ini
>> @@ -42,6 +42,7 @@ Flow API =
>> Rate limitation =
>> Traffic mirroring =
>> Inline crypto =
>> +Inline protocol =
>> CRC offload =
>> VLAN offload =
>> QinQ offload =
>> --
>> 2.7.4
>
Hi Ferruh,
Please see inline.
Thanks,
Anoob
> -----Original Message-----
> From: Ferruh Yigit <ferruh.yigit@intel.com>
> Sent: Tuesday, January 21, 2020 9:42 PM
> To: Anoob Joseph <anoobj@marvell.com>; John McNamara
> <john.mcnamara@intel.com>; Marko Kovacevic
> <marko.kovacevic@intel.com>
> Cc: Jerin Jacob Kollanukkaran <jerinj@marvell.com>; Narayana Prasad Raju
> Athreya <pathreya@marvell.com>; dev@dpdk.org
> Subject: [EXT] Re: [dpdk-dev] [PATCH] doc: add inline protocol in feature list
>
> External Email
>
> ----------------------------------------------------------------------
> On 1/21/2020 5:40 AM, Anoob Joseph wrote:
> > Hi Ferruh,
> >
> > Can you review this patch?
>
> Hi Anoob,
>
> What is the difference between "Inline crypto" in that document and this
> "Inline protocol"? Both seems providing same outpout.
[Anoob] Yes. It is partly because the description of "inline crypto" is not accurate. The feature, "inline crypto" is not ipsec aware but would do crypto operation in the ipsec. This summary points to the security documentation for further details and that doc clearly explains the difference between both modes.
> Is there a way to differentiate them more clearly?
[Anoob] There are two options I can think of,
1. Update the feature list to describe the difference between the two. Have a line like,
"As compared to inline crypto, inline protocol will handle the entire protocol offload in addition to the crypto operation."
2. Both inline crypto and inline protocol falls under security. So could even rename "Inline crypto" to "Inline security offload" and we should be good to go. Also, under inline protocol, there are various protocols possible. Say, tomorrow when we add MACSEC support, the same question would arise (as in whether it's a new feature or would it be under "inline protocol").
>
> >
> > Thanks,
> > Anoob
> >
> >> -----Original Message-----
> >> From: dev <dev-bounces@dpdk.org> On Behalf Of Anoob Joseph
> >> Sent: Tuesday, December 10, 2019 12:23 PM
> >> To: John McNamara <john.mcnamara@intel.com>; Marko Kovacevic
> >> <marko.kovacevic@intel.com>; Ferruh Yigit <ferruh.yigit@intel.com>
> >> Cc: Anoob Joseph <anoobj@marvell.com>; Jerin Jacob Kollanukkaran
> >> <jerinj@marvell.com>; Narayana Prasad Raju Athreya
> >> <pathreya@marvell.com>; dev@dpdk.org
> >> Subject: [dpdk-dev] [PATCH] doc: add inline protocol in feature list
> >>
> >> Update feature list to include inline protocol offload.
> >>
> >> Signed-off-by: Anoob Joseph <anoobj@marvell.com>
> >> ---
> >> doc/guides/nics/features.rst | 18 ++++++++++++++++++
> >> doc/guides/nics/features/default.ini | 1 +
> >> 2 files changed, 19 insertions(+)
> >>
> >> diff --git a/doc/guides/nics/features.rst
> >> b/doc/guides/nics/features.rst index
> >> 8394a65..f4eb2a9 100644
> >> --- a/doc/guides/nics/features.rst
> >> +++ b/doc/guides/nics/features.rst
> >> @@ -433,6 +433,24 @@ Supports inline crypto processing (e.g. inline
> >> IPsec). See Security library and
> >> ``mbuf.ol_flags:PKT_TX_SEC_OFFLOAD``,
> >> ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD_FAILED``.
> >>
> >>
> >> +.. _nic_features_inline_protocol_doc:
> >> +
> >> +Inline protocol
> >> +---------------
> >> +
> >> +Supports inline protocol processing (e.g. inline IPsec). See
> >> +Security library and
> >> PMD documentation for more details.
> >> +
> >> +* **[uses] rte_eth_rxconf,rte_eth_rxmode**:
> >> ``offloads:DEV_RX_OFFLOAD_SECURITY``,
> >> +* **[uses] rte_eth_txconf,rte_eth_txmode**:
> >> ``offloads:DEV_TX_OFFLOAD_SECURITY``.
> >> +* **[implements] rte_security_ops**: ``session_create``,
> >> +``session_update``,
> >> + ``session_stats_get``, ``session_destroy``, ``set_pkt_metadata``,
> >> +``get_userdata``,
> >> + ``capabilities_get``.
> >> +* **[provides] rte_eth_dev_info**:
> >>
> +``rx_offload_capa,rx_queue_offload_capa:DEV_RX_OFFLOAD_SECURITY``,
> >> +
> ``tx_offload_capa,tx_queue_offload_capa:DEV_TX_OFFLOAD_SECURITY``.
> >> +* **[provides] mbuf**: ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD``,
> >> + ``mbuf.ol_flags:PKT_TX_SEC_OFFLOAD``,
> >> ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD_FAILED``.
> >> +
> >> +
> >> .. _nic_features_crc_offload:
> >>
> >> CRC offload
> >> diff --git a/doc/guides/nics/features/default.ini
> >> b/doc/guides/nics/features/default.ini
> >> index 91ec619..4d0ad32 100644
> >> --- a/doc/guides/nics/features/default.ini
> >> +++ b/doc/guides/nics/features/default.ini
> >> @@ -42,6 +42,7 @@ Flow API =
> >> Rate limitation =
> >> Traffic mirroring =
> >> Inline crypto =
> >> +Inline protocol =
> >> CRC offload =
> >> VLAN offload =
> >> QinQ offload =
> >> --
> >> 2.7.4
> >
On 1/22/2020 9:47 AM, Anoob Joseph wrote:
> Hi Ferruh,
>
> Please see inline.
>
> Thanks,
> Anoob
>
>> -----Original Message-----
>> From: Ferruh Yigit <ferruh.yigit@intel.com>
>> Sent: Tuesday, January 21, 2020 9:42 PM
>> To: Anoob Joseph <anoobj@marvell.com>; John McNamara
>> <john.mcnamara@intel.com>; Marko Kovacevic
>> <marko.kovacevic@intel.com>
>> Cc: Jerin Jacob Kollanukkaran <jerinj@marvell.com>; Narayana Prasad Raju
>> Athreya <pathreya@marvell.com>; dev@dpdk.org
>> Subject: [EXT] Re: [dpdk-dev] [PATCH] doc: add inline protocol in feature list
>>
>> External Email
>>
>> ----------------------------------------------------------------------
>> On 1/21/2020 5:40 AM, Anoob Joseph wrote:
>>> Hi Ferruh,
>>>
>>> Can you review this patch?
>>
>> Hi Anoob,
>>
>> What is the difference between "Inline crypto" in that document and this
>> "Inline protocol"? Both seems providing same outpout.
>
> [Anoob] Yes. It is partly because the description of "inline crypto" is not accurate. The feature, "inline crypto" is not ipsec aware but would do crypto operation in the ipsec. This summary points to the security documentation for further details and that doc clearly explains the difference between both modes.
>
>> Is there a way to differentiate them more clearly?
>
> [Anoob] There are two options I can think of,
> 1. Update the feature list to describe the difference between the two. Have a line like,
> "As compared to inline crypto, inline protocol will handle the entire protocol offload in addition to the crypto operation."
> 2. Both inline crypto and inline protocol falls under security. So could even rename "Inline crypto" to "Inline security offload" and we should be good to go. Also, under inline protocol, there are various protocols possible. Say, tomorrow when we add MACSEC support, the same question would arise (as in whether it's a new feature or would it be under "inline protocol").
Hi Anoob,
These seems security related and I don't know enough to comment if this is
correct thing to do. I have cc'ed a few more people for comment.
@Akhil, would you mind if I assign this to you?
Thanks,
ferruh
>
>>
>>>
>>> Thanks,
>>> Anoob
>>>
>>>> -----Original Message-----
>>>> From: dev <dev-bounces@dpdk.org> On Behalf Of Anoob Joseph
>>>> Sent: Tuesday, December 10, 2019 12:23 PM
>>>> To: John McNamara <john.mcnamara@intel.com>; Marko Kovacevic
>>>> <marko.kovacevic@intel.com>; Ferruh Yigit <ferruh.yigit@intel.com>
>>>> Cc: Anoob Joseph <anoobj@marvell.com>; Jerin Jacob Kollanukkaran
>>>> <jerinj@marvell.com>; Narayana Prasad Raju Athreya
>>>> <pathreya@marvell.com>; dev@dpdk.org
>>>> Subject: [dpdk-dev] [PATCH] doc: add inline protocol in feature list
>>>>
>>>> Update feature list to include inline protocol offload.
>>>>
>>>> Signed-off-by: Anoob Joseph <anoobj@marvell.com>
>>>> ---
>>>> doc/guides/nics/features.rst | 18 ++++++++++++++++++
>>>> doc/guides/nics/features/default.ini | 1 +
>>>> 2 files changed, 19 insertions(+)
>>>>
>>>> diff --git a/doc/guides/nics/features.rst
>>>> b/doc/guides/nics/features.rst index
>>>> 8394a65..f4eb2a9 100644
>>>> --- a/doc/guides/nics/features.rst
>>>> +++ b/doc/guides/nics/features.rst
>>>> @@ -433,6 +433,24 @@ Supports inline crypto processing (e.g. inline
>>>> IPsec). See Security library and
>>>> ``mbuf.ol_flags:PKT_TX_SEC_OFFLOAD``,
>>>> ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD_FAILED``.
>>>>
>>>>
>>>> +.. _nic_features_inline_protocol_doc:
>>>> +
>>>> +Inline protocol
>>>> +---------------
>>>> +
>>>> +Supports inline protocol processing (e.g. inline IPsec). See
>>>> +Security library and
>>>> PMD documentation for more details.
>>>> +
>>>> +* **[uses] rte_eth_rxconf,rte_eth_rxmode**:
>>>> ``offloads:DEV_RX_OFFLOAD_SECURITY``,
>>>> +* **[uses] rte_eth_txconf,rte_eth_txmode**:
>>>> ``offloads:DEV_TX_OFFLOAD_SECURITY``.
>>>> +* **[implements] rte_security_ops**: ``session_create``,
>>>> +``session_update``,
>>>> + ``session_stats_get``, ``session_destroy``, ``set_pkt_metadata``,
>>>> +``get_userdata``,
>>>> + ``capabilities_get``.
>>>> +* **[provides] rte_eth_dev_info**:
>>>>
>> +``rx_offload_capa,rx_queue_offload_capa:DEV_RX_OFFLOAD_SECURITY``,
>>>> +
>> ``tx_offload_capa,tx_queue_offload_capa:DEV_TX_OFFLOAD_SECURITY``.
>>>> +* **[provides] mbuf**: ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD``,
>>>> + ``mbuf.ol_flags:PKT_TX_SEC_OFFLOAD``,
>>>> ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD_FAILED``.
>>>> +
>>>> +
>>>> .. _nic_features_crc_offload:
>>>>
>>>> CRC offload
>>>> diff --git a/doc/guides/nics/features/default.ini
>>>> b/doc/guides/nics/features/default.ini
>>>> index 91ec619..4d0ad32 100644
>>>> --- a/doc/guides/nics/features/default.ini
>>>> +++ b/doc/guides/nics/features/default.ini
>>>> @@ -42,6 +42,7 @@ Flow API =
>>>> Rate limitation =
>>>> Traffic mirroring =
>>>> Inline crypto =
>>>> +Inline protocol =
>>>> CRC offload =
>>>> VLAN offload =
>>>> QinQ offload =
>>>> --
>>>> 2.7.4
>>>
>
Hi Akhil,
Can you review this patch?
Thanks,
Anoob
> -----Original Message-----
> From: Ferruh Yigit <ferruh.yigit@intel.com>
> Sent: Tuesday, February 4, 2020 8:06 PM
> To: Anoob Joseph <anoobj@marvell.com>; John McNamara
> <john.mcnamara@intel.com>; Marko Kovacevic
> <marko.kovacevic@intel.com>
> Cc: Jerin Jacob Kollanukkaran <jerinj@marvell.com>; Narayana Prasad Raju
> Athreya <pathreya@marvell.com>; dev@dpdk.org; Akhil Goyal
> <akhil.goyal@nxp.com>; Konstantin Ananyev
> <konstantin.ananyev@intel.com>; Hemant Agrawal
> <hemant.agrawal@nxp.com>; Fan Zhang <roy.fan.zhang@intel.com>; Fiona
> Trahe <fiona.trahe@intel.com>
> Subject: Re: [EXT] Re: [dpdk-dev] [PATCH] doc: add inline protocol in feature
> list
>
> On 1/22/2020 9:47 AM, Anoob Joseph wrote:
> > Hi Ferruh,
> >
> > Please see inline.
> >
> > Thanks,
> > Anoob
> >
> >> -----Original Message-----
> >> From: Ferruh Yigit <ferruh.yigit@intel.com>
> >> Sent: Tuesday, January 21, 2020 9:42 PM
> >> To: Anoob Joseph <anoobj@marvell.com>; John McNamara
> >> <john.mcnamara@intel.com>; Marko Kovacevic
> >> <marko.kovacevic@intel.com>
> >> Cc: Jerin Jacob Kollanukkaran <jerinj@marvell.com>; Narayana Prasad
> >> Raju Athreya <pathreya@marvell.com>; dev@dpdk.org
> >> Subject: [EXT] Re: [dpdk-dev] [PATCH] doc: add inline protocol in
> >> feature list
> >>
> >> External Email
> >>
> >> ---------------------------------------------------------------------
> >> - On 1/21/2020 5:40 AM, Anoob Joseph wrote:
> >>> Hi Ferruh,
> >>>
> >>> Can you review this patch?
> >>
> >> Hi Anoob,
> >>
> >> What is the difference between "Inline crypto" in that document and
> >> this "Inline protocol"? Both seems providing same outpout.
> >
> > [Anoob] Yes. It is partly because the description of "inline crypto" is not
> accurate. The feature, "inline crypto" is not ipsec aware but would do crypto
> operation in the ipsec. This summary points to the security documentation
> for further details and that doc clearly explains the difference between both
> modes.
> >
> >> Is there a way to differentiate them more clearly?
> >
> > [Anoob] There are two options I can think of, 1. Update the feature
> > list to describe the difference between the two. Have a line like,
> > "As compared to inline crypto, inline protocol will handle the entire
> protocol offload in addition to the crypto operation."
> > 2. Both inline crypto and inline protocol falls under security. So could even
> rename "Inline crypto" to "Inline security offload" and we should be good to
> go. Also, under inline protocol, there are various protocols possible. Say,
> tomorrow when we add MACSEC support, the same question would arise (as
> in whether it's a new feature or would it be under "inline protocol").
>
> Hi Anoob,
>
> These seems security related and I don't know enough to comment if this is
> correct thing to do. I have cc'ed a few more people for comment.
>
> @Akhil, would you mind if I assign this to you?
>
> Thanks,
> ferruh
>
> >
> >>
> >>>
> >>> Thanks,
> >>> Anoob
> >>>
> >>>> -----Original Message-----
> >>>> From: dev <dev-bounces@dpdk.org> On Behalf Of Anoob Joseph
> >>>> Sent: Tuesday, December 10, 2019 12:23 PM
> >>>> To: John McNamara <john.mcnamara@intel.com>; Marko Kovacevic
> >>>> <marko.kovacevic@intel.com>; Ferruh Yigit <ferruh.yigit@intel.com>
> >>>> Cc: Anoob Joseph <anoobj@marvell.com>; Jerin Jacob Kollanukkaran
> >>>> <jerinj@marvell.com>; Narayana Prasad Raju Athreya
> >>>> <pathreya@marvell.com>; dev@dpdk.org
> >>>> Subject: [dpdk-dev] [PATCH] doc: add inline protocol in feature
> >>>> list
> >>>>
> >>>> Update feature list to include inline protocol offload.
> >>>>
> >>>> Signed-off-by: Anoob Joseph <anoobj@marvell.com>
> >>>> ---
> >>>> doc/guides/nics/features.rst | 18 ++++++++++++++++++
> >>>> doc/guides/nics/features/default.ini | 1 +
> >>>> 2 files changed, 19 insertions(+)
> >>>>
> >>>> diff --git a/doc/guides/nics/features.rst
> >>>> b/doc/guides/nics/features.rst index
> >>>> 8394a65..f4eb2a9 100644
> >>>> --- a/doc/guides/nics/features.rst
> >>>> +++ b/doc/guides/nics/features.rst
> >>>> @@ -433,6 +433,24 @@ Supports inline crypto processing (e.g. inline
> >>>> IPsec). See Security library and
> >>>> ``mbuf.ol_flags:PKT_TX_SEC_OFFLOAD``,
> >>>> ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD_FAILED``.
> >>>>
> >>>>
> >>>> +.. _nic_features_inline_protocol_doc:
> >>>> +
> >>>> +Inline protocol
> >>>> +---------------
> >>>> +
> >>>> +Supports inline protocol processing (e.g. inline IPsec). See
> >>>> +Security library and
> >>>> PMD documentation for more details.
> >>>> +
> >>>> +* **[uses] rte_eth_rxconf,rte_eth_rxmode**:
> >>>> ``offloads:DEV_RX_OFFLOAD_SECURITY``,
> >>>> +* **[uses] rte_eth_txconf,rte_eth_txmode**:
> >>>> ``offloads:DEV_TX_OFFLOAD_SECURITY``.
> >>>> +* **[implements] rte_security_ops**: ``session_create``,
> >>>> +``session_update``,
> >>>> + ``session_stats_get``, ``session_destroy``,
> >>>> +``set_pkt_metadata``, ``get_userdata``,
> >>>> + ``capabilities_get``.
> >>>> +* **[provides] rte_eth_dev_info**:
> >>>>
> >>
> +``rx_offload_capa,rx_queue_offload_capa:DEV_RX_OFFLOAD_SECURITY``,
> >>>> +
> >>
> ``tx_offload_capa,tx_queue_offload_capa:DEV_TX_OFFLOAD_SECURITY``.
> >>>> +* **[provides] mbuf**: ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD``,
> >>>> + ``mbuf.ol_flags:PKT_TX_SEC_OFFLOAD``,
> >>>> ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD_FAILED``.
> >>>> +
> >>>> +
> >>>> .. _nic_features_crc_offload:
> >>>>
> >>>> CRC offload
> >>>> diff --git a/doc/guides/nics/features/default.ini
> >>>> b/doc/guides/nics/features/default.ini
> >>>> index 91ec619..4d0ad32 100644
> >>>> --- a/doc/guides/nics/features/default.ini
> >>>> +++ b/doc/guides/nics/features/default.ini
> >>>> @@ -42,6 +42,7 @@ Flow API =
> >>>> Rate limitation =
> >>>> Traffic mirroring =
> >>>> Inline crypto =
> >>>> +Inline protocol =
> >>>> CRC offload =
> >>>> VLAN offload =
> >>>> QinQ offload =
> >>>> --
> >>>> 2.7.4
> >>>
> >
Hi Anoob,
> > >>
> > >> Hi Anoob,
> > >>
> > >> What is the difference between "Inline crypto" in that document and
> > >> this "Inline protocol"? Both seems providing same outpout.
> > >
> > > [Anoob] Yes. It is partly because the description of "inline crypto" is not
> > accurate. The feature, "inline crypto" is not ipsec aware but would do crypto
> > operation in the ipsec. This summary points to the security documentation
> > for further details and that doc clearly explains the difference between both
> > modes.
> > >
> > >> Is there a way to differentiate them more clearly?
> > >
> > > [Anoob] There are two options I can think of, 1. Update the feature
> > > list to describe the difference between the two. Have a line like,
> > > "As compared to inline crypto, inline protocol will handle the entire
> > protocol offload in addition to the crypto operation."
> > > 2. Both inline crypto and inline protocol falls under security. So could even
> > rename "Inline crypto" to "Inline security offload" and we should be good to
> > go. Also, under inline protocol, there are various protocols possible. Say,
> > tomorrow when we add MACSEC support, the same question would arise (as
> > in whether it's a new feature or would it be under "inline protocol").
Please re-phrase the description of inline crypto as well so that there is a clear
Differentiation between the two modes. Referring to rte_security is not enough.
It can be something like
For Inline crypto: An operation defined in rte_security lib to perform only crypto
Operations of the security protocol while the packet is received at NIC. NIC is not aware
of the protocol operations. See Security library and PMD documentation for more details.
For Inline protocol : An operation defined in rte_security lib to perform protocol processing for
the security protocol (e.g. IPSEC, MACSEC) while the packet is received at the NIC. The NIC is capable
to understand the security protocol operations. See Security library and PMD documentation for more details.
> >
> > Hi Anoob,
> >
> > These seems security related and I don't know enough to comment if this is
> > correct thing to do. I have cc'ed a few more people for comment.
> >
> > @Akhil, would you mind if I assign this to you?
> >
> > Thanks,
> > ferruh
> >
> > >
> > >>
> > >>>
> > >>> Thanks,
> > >>> Anoob
> > >>>
> > >>>> -----Original Message-----
> > >>>> From: dev <dev-bounces@dpdk.org> On Behalf Of Anoob Joseph
> > >>>> Sent: Tuesday, December 10, 2019 12:23 PM
> > >>>> To: John McNamara <john.mcnamara@intel.com>; Marko Kovacevic
> > >>>> <marko.kovacevic@intel.com>; Ferruh Yigit <ferruh.yigit@intel.com>
> > >>>> Cc: Anoob Joseph <anoobj@marvell.com>; Jerin Jacob Kollanukkaran
> > >>>> <jerinj@marvell.com>; Narayana Prasad Raju Athreya
> > >>>> <pathreya@marvell.com>; dev@dpdk.org
> > >>>> Subject: [dpdk-dev] [PATCH] doc: add inline protocol in feature
> > >>>> list
> > >>>>
> > >>>> Update feature list to include inline protocol offload.
> > >>>>
> > >>>> Signed-off-by: Anoob Joseph <anoobj@marvell.com>
> > >>>> ---
> > >>>> doc/guides/nics/features.rst | 18 ++++++++++++++++++
> > >>>> doc/guides/nics/features/default.ini | 1 +
> > >>>> 2 files changed, 19 insertions(+)
> > >>>>
> > >>>> diff --git a/doc/guides/nics/features.rst
> > >>>> b/doc/guides/nics/features.rst index
> > >>>> 8394a65..f4eb2a9 100644
> > >>>> --- a/doc/guides/nics/features.rst
> > >>>> +++ b/doc/guides/nics/features.rst
> > >>>> @@ -433,6 +433,24 @@ Supports inline crypto processing (e.g. inline
> > >>>> IPsec). See Security library and
> > >>>> ``mbuf.ol_flags:PKT_TX_SEC_OFFLOAD``,
> > >>>> ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD_FAILED``.
> > >>>>
> > >>>>
> > >>>> +.. _nic_features_inline_protocol_doc:
> > >>>> +
> > >>>> +Inline protocol
> > >>>> +---------------
> > >>>> +
> > >>>> +Supports inline protocol processing (e.g. inline IPsec). See
> > >>>> +Security library and
> > >>>> PMD documentation for more details.
> > >>>> +
> > >>>> +* **[uses] rte_eth_rxconf,rte_eth_rxmode**:
> > >>>> ``offloads:DEV_RX_OFFLOAD_SECURITY``,
> > >>>> +* **[uses] rte_eth_txconf,rte_eth_txmode**:
> > >>>> ``offloads:DEV_TX_OFFLOAD_SECURITY``.
> > >>>> +* **[implements] rte_security_ops**: ``session_create``,
> > >>>> +``session_update``,
> > >>>> + ``session_stats_get``, ``session_destroy``,
> > >>>> +``set_pkt_metadata``, ``get_userdata``,
> > >>>> + ``capabilities_get``.
> > >>>> +* **[provides] rte_eth_dev_info**:
> > >>>>
> > >>
> > +``rx_offload_capa,rx_queue_offload_capa:DEV_RX_OFFLOAD_SECURITY``,
> > >>>> +
> > >>
> > ``tx_offload_capa,tx_queue_offload_capa:DEV_TX_OFFLOAD_SECURITY``.
> > >>>> +* **[provides] mbuf**: ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD``,
> > >>>> + ``mbuf.ol_flags:PKT_TX_SEC_OFFLOAD``,
> > >>>> ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD_FAILED``.
> > >>>> +
> > >>>> +
> > >>>> .. _nic_features_crc_offload:
> > >>>>
> > >>>> CRC offload
> > >>>> diff --git a/doc/guides/nics/features/default.ini
> > >>>> b/doc/guides/nics/features/default.ini
> > >>>> index 91ec619..4d0ad32 100644
> > >>>> --- a/doc/guides/nics/features/default.ini
> > >>>> +++ b/doc/guides/nics/features/default.ini
> > >>>> @@ -42,6 +42,7 @@ Flow API =
> > >>>> Rate limitation =
> > >>>> Traffic mirroring =
> > >>>> Inline crypto =
> > >>>> +Inline protocol =
> > >>>> CRC offload =
> > >>>> VLAN offload =
> > >>>> QinQ offload =
> > >>>> --
> > >>>> 2.7.4
> > >>>
> > >
On 2/12/2020 10:25 AM, Akhil Goyal wrote:
> Hi Anoob,
>>>>>
>>>>> Hi Anoob,
>>>>>
>>>>> What is the difference between "Inline crypto" in that document and
>>>>> this "Inline protocol"? Both seems providing same outpout.
>>>>
>>>> [Anoob] Yes. It is partly because the description of "inline crypto" is not
>>> accurate. The feature, "inline crypto" is not ipsec aware but would do crypto
>>> operation in the ipsec. This summary points to the security documentation
>>> for further details and that doc clearly explains the difference between both
>>> modes.
>>>>
>>>>> Is there a way to differentiate them more clearly?
>>>>
>>>> [Anoob] There are two options I can think of, 1. Update the feature
>>>> list to describe the difference between the two. Have a line like,
>>>> "As compared to inline crypto, inline protocol will handle the entire
>>> protocol offload in addition to the crypto operation."
>>>> 2. Both inline crypto and inline protocol falls under security. So could even
>>> rename "Inline crypto" to "Inline security offload" and we should be good to
>>> go. Also, under inline protocol, there are various protocols possible. Say,
>>> tomorrow when we add MACSEC support, the same question would arise (as
>>> in whether it's a new feature or would it be under "inline protocol").
>
> Please re-phrase the description of inline crypto as well so that there is a clear
> Differentiation between the two modes. Referring to rte_security is not enough.
>
> It can be something like
> For Inline crypto: An operation defined in rte_security lib to perform only crypto
> Operations of the security protocol while the packet is received at NIC. NIC is not aware
> of the protocol operations. See Security library and PMD documentation for more details.
>
> For Inline protocol : An operation defined in rte_security lib to perform protocol processing for
> the security protocol (e.g. IPSEC, MACSEC) while the packet is received at the NIC. The NIC is capable
> to understand the security protocol operations. See Security library and PMD documentation for more details.
Since both using the rte_security, for a PMD isn't there a way to say if it is
supporting any one of them or both? If so what do you think documenting it too?
>
>
>>>
>>> Hi Anoob,
>>>
>>> These seems security related and I don't know enough to comment if this is
>>> correct thing to do. I have cc'ed a few more people for comment.
>>>
>>> @Akhil, would you mind if I assign this to you?
>>>
>>> Thanks,
>>> ferruh
>>>
>>>>
>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>> Anoob
>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: dev <dev-bounces@dpdk.org> On Behalf Of Anoob Joseph
>>>>>>> Sent: Tuesday, December 10, 2019 12:23 PM
>>>>>>> To: John McNamara <john.mcnamara@intel.com>; Marko Kovacevic
>>>>>>> <marko.kovacevic@intel.com>; Ferruh Yigit <ferruh.yigit@intel.com>
>>>>>>> Cc: Anoob Joseph <anoobj@marvell.com>; Jerin Jacob Kollanukkaran
>>>>>>> <jerinj@marvell.com>; Narayana Prasad Raju Athreya
>>>>>>> <pathreya@marvell.com>; dev@dpdk.org
>>>>>>> Subject: [dpdk-dev] [PATCH] doc: add inline protocol in feature
>>>>>>> list
>>>>>>>
>>>>>>> Update feature list to include inline protocol offload.
>>>>>>>
>>>>>>> Signed-off-by: Anoob Joseph <anoobj@marvell.com>
>>>>>>> ---
>>>>>>> doc/guides/nics/features.rst | 18 ++++++++++++++++++
>>>>>>> doc/guides/nics/features/default.ini | 1 +
>>>>>>> 2 files changed, 19 insertions(+)
>>>>>>>
>>>>>>> diff --git a/doc/guides/nics/features.rst
>>>>>>> b/doc/guides/nics/features.rst index
>>>>>>> 8394a65..f4eb2a9 100644
>>>>>>> --- a/doc/guides/nics/features.rst
>>>>>>> +++ b/doc/guides/nics/features.rst
>>>>>>> @@ -433,6 +433,24 @@ Supports inline crypto processing (e.g. inline
>>>>>>> IPsec). See Security library and
>>>>>>> ``mbuf.ol_flags:PKT_TX_SEC_OFFLOAD``,
>>>>>>> ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD_FAILED``.
>>>>>>>
>>>>>>>
>>>>>>> +.. _nic_features_inline_protocol_doc:
>>>>>>> +
>>>>>>> +Inline protocol
>>>>>>> +---------------
>>>>>>> +
>>>>>>> +Supports inline protocol processing (e.g. inline IPsec). See
>>>>>>> +Security library and
>>>>>>> PMD documentation for more details.
>>>>>>> +
>>>>>>> +* **[uses] rte_eth_rxconf,rte_eth_rxmode**:
>>>>>>> ``offloads:DEV_RX_OFFLOAD_SECURITY``,
>>>>>>> +* **[uses] rte_eth_txconf,rte_eth_txmode**:
>>>>>>> ``offloads:DEV_TX_OFFLOAD_SECURITY``.
>>>>>>> +* **[implements] rte_security_ops**: ``session_create``,
>>>>>>> +``session_update``,
>>>>>>> + ``session_stats_get``, ``session_destroy``,
>>>>>>> +``set_pkt_metadata``, ``get_userdata``,
>>>>>>> + ``capabilities_get``.
>>>>>>> +* **[provides] rte_eth_dev_info**:
>>>>>>>
>>>>>
>>> +``rx_offload_capa,rx_queue_offload_capa:DEV_RX_OFFLOAD_SECURITY``,
>>>>>>> +
>>>>>
>>> ``tx_offload_capa,tx_queue_offload_capa:DEV_TX_OFFLOAD_SECURITY``.
>>>>>>> +* **[provides] mbuf**: ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD``,
>>>>>>> + ``mbuf.ol_flags:PKT_TX_SEC_OFFLOAD``,
>>>>>>> ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD_FAILED``.
>>>>>>> +
>>>>>>> +
>>>>>>> .. _nic_features_crc_offload:
>>>>>>>
>>>>>>> CRC offload
>>>>>>> diff --git a/doc/guides/nics/features/default.ini
>>>>>>> b/doc/guides/nics/features/default.ini
>>>>>>> index 91ec619..4d0ad32 100644
>>>>>>> --- a/doc/guides/nics/features/default.ini
>>>>>>> +++ b/doc/guides/nics/features/default.ini
>>>>>>> @@ -42,6 +42,7 @@ Flow API =
>>>>>>> Rate limitation =
>>>>>>> Traffic mirroring =
>>>>>>> Inline crypto =
>>>>>>> +Inline protocol =
>>>>>>> CRC offload =
>>>>>>> VLAN offload =
>>>>>>> QinQ offload =
>>>>>>> --
>>>>>>> 2.7.4
>>>>>>
>>>>
>
Hi Ferruh,
>
>
> Since both using the rte_security, for a PMD isn't there a way to say if it is
> supporting any one of them or both? If so what do you think documenting it too?
>
I think that is mentioned in the rte_security capabilities about the action types
Which are supported by the driver. One of the dev->security_ctx->ops is to get the security
Capabilities which will return the supported action type by the PMD.
I am not sure if we can add that here or not. It is your call.
- Akhil
On 2/12/2020 1:48 PM, Akhil Goyal wrote:
> Hi Ferruh,
>>
>>
>> Since both using the rte_security, for a PMD isn't there a way to say if it is
>> supporting any one of them or both? If so what do you think documenting it too?
>>
> I think that is mentioned in the rte_security capabilities about the action types
> Which are supported by the driver. One of the dev->security_ctx->ops is to get the security
> Capabilities which will return the supported action type by the PMD.
>
> I am not sure if we can add that here or not. It is your call.
>
I think it make sense to document action types needs to be supported to claim
that the feature is supported, but most probably you will judge better on the
matter.
> On 2/12/2020 1:48 PM, Akhil Goyal wrote:
> > Hi Ferruh,
> >>
> >>
> >> Since both using the rte_security, for a PMD isn't there a way to say if it is
> >> supporting any one of them or both? If so what do you think documenting it
> too?
> >>
> > I think that is mentioned in the rte_security capabilities about the action types
> > Which are supported by the driver. One of the dev->security_ctx->ops is to get
> the security
> > Capabilities which will return the supported action type by the PMD.
> >
> > I am not sure if we can add that here or not. It is your call.
> >
>
> I think it make sense to document action types needs to be supported to claim
> that the feature is supported, but most probably you will judge better on the
> matter.
If we can add specifics of security in ethernet feature definition,
Then probably we can add
**[provides] rte_security_ops, capabilities_get**: `` action: RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO ``
For inline crypto
And
**[provides] rte_security_ops, capabilities_get**: `` action: RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL``
Please check my syntax if it is not correct.
@@ -433,6 +433,24 @@ Supports inline crypto processing (e.g. inline IPsec). See Security library and
``mbuf.ol_flags:PKT_TX_SEC_OFFLOAD``, ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD_FAILED``.
+.. _nic_features_inline_protocol_doc:
+
+Inline protocol
+---------------
+
+Supports inline protocol processing (e.g. inline IPsec). See Security library and PMD documentation for more details.
+
+* **[uses] rte_eth_rxconf,rte_eth_rxmode**: ``offloads:DEV_RX_OFFLOAD_SECURITY``,
+* **[uses] rte_eth_txconf,rte_eth_txmode**: ``offloads:DEV_TX_OFFLOAD_SECURITY``.
+* **[implements] rte_security_ops**: ``session_create``, ``session_update``,
+ ``session_stats_get``, ``session_destroy``, ``set_pkt_metadata``, ``get_userdata``,
+ ``capabilities_get``.
+* **[provides] rte_eth_dev_info**: ``rx_offload_capa,rx_queue_offload_capa:DEV_RX_OFFLOAD_SECURITY``,
+ ``tx_offload_capa,tx_queue_offload_capa:DEV_TX_OFFLOAD_SECURITY``.
+* **[provides] mbuf**: ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD``,
+ ``mbuf.ol_flags:PKT_TX_SEC_OFFLOAD``, ``mbuf.ol_flags:PKT_RX_SEC_OFFLOAD_FAILED``.
+
+
.. _nic_features_crc_offload:
CRC offload
@@ -42,6 +42,7 @@ Flow API =
Rate limitation =
Traffic mirroring =
Inline crypto =
+Inline protocol =
CRC offload =
VLAN offload =
QinQ offload =