* See struct rte_flow_item_esp.
*/
RTE_FLOW_ITEM_TYPE_ESP,
+
+ /**
+ * Matches a GENEVE header.
+ *
+ * See struct rte_flow_item_geneve.
+ */
+ RTE_FLOW_ITEM_TYPE_GENEVE,
};
/**
};
#endif
+/**
+ * RTE_FLOW_ITEM_TYPE_GENEVE.
+ *
+ * Matches a GENEVE header.
+ */
+struct rte_flow_item_geneve {
+ /**
+ * Version (2b), length of the options fields (6b), OAM packet (1b),
+ * critical options present (1b), reserved 0 (6b).
+ */
+ rte_be16_t ver_opt_len_o_c_rsvd0;
+ rte_be16_t protocol; /**< Protocol type. */
+ uint8_t vni[3]; /**< Virtual Network Identifier. */
+ uint8_t rsvd1; /**< Reserved, normally 0x00. */
+};
+
+/** Default mask for RTE_FLOW_ITEM_TYPE_GENEVE. */
+#ifndef __cplusplus
+static const struct rte_flow_item_geneve rte_flow_item_geneve_mask = {
+ .vni = "\xff\xff\xff",
+};
+#endif
+
/**
* Matching pattern item definition.
*
* See file rte_mtr.h for MTR object configuration.
*/
RTE_FLOW_ACTION_TYPE_METER,
+
+ /**
+ * Redirects packets to security engine of current device for security
+ * processing as specified by security session.
+ *
+ * See struct rte_flow_action_security.
+ */
+ RTE_FLOW_ACTION_TYPE_SECURITY
};
/**
uint32_t mtr_id; /**< MTR object ID created with rte_mtr_create(). */
};
+/**
+ * RTE_FLOW_ACTION_TYPE_SECURITY
+ *
+ * Perform the security action on flows matched by the pattern items
+ * according to the configuration of the security session.
+ *
+ * This action modifies the payload of matched flows. For INLINE_CRYPTO, the
+ * security protocol headers and IV are fully provided by the application as
+ * specified in the flow pattern. The payload of matching packets is
+ * encrypted on egress, and decrypted and authenticated on ingress.
+ * For INLINE_PROTOCOL, the security protocol is fully offloaded to HW,
+ * providing full encapsulation and decapsulation of packets in security
+ * protocols. The flow pattern specifies both the outer security header fields
+ * and the inner packet fields. The security session specified in the action
+ * must match the pattern parameters.
+ *
+ * The security session specified in the action must be created on the same
+ * port as the flow action that is being specified.
+ *
+ * The ingress/egress flow attribute should match that specified in the
+ * security session if the security session supports the definition of the
+ * direction.
+ *
+ * Multiple flows can be configured to use the same security session.
+ *
+ * Non-terminating by default.
+ */
+struct rte_flow_action_security {
+ void *security_session; /**< Pointer to security session structure. */
+};
+
/**
* Definition of a single action.
*
*
* -ENOSYS: underlying device does not support this functionality.
*
+ * -EIO: underlying device is removed.
+ *
* -EINVAL: unknown or invalid rule specification.
*
* -ENOTSUP: valid but unsupported rule specification (e.g. partial