On 06/12/2018 3:38 PM, Konstantin Ananyev wrote:
Introduce Security Association (SA-level) data-path API Operates at SA level, provides functions to: - initialize/teardown SA object - process inbound/outbound ESP/AH packets associated with the given SA (decrypt/encrypt, authenticate, check integrity, add/remove ESP/AH related headers and data, etc.).Signed-off-by: Mohammad Abdul Awal <[email protected]> Signed-off-by: Konstantin Ananyev <[email protected]> ---
...
+#ifndef _RTE_IPSEC_H_ +#define _RTE_IPSEC_H_ + +/** + * @file rte_ipsec.h + * @b EXPERIMENTAL: this API may change without prior notice + * + * RTE IPsec support. + * librte_ipsec provides a framework for data-path IPsec protocol + * processing (ESP/AH). + * IKEv2 protocol support right now is out of scope of that draft. + * Though it tries to define related API in such way, that it could be adopted + * by IKEv2 implementation. + */
I think you can drop the IKE note from the header as key exchange is covered under a complete different RFC to the base IPsec one.
+ +#include <rte_ipsec_sa.h> +#include <rte_mbuf.h> +
...
Acked-by: Declan Doherty <[email protected]>
