DPDK  19.08.2
rte_security.h
Go to the documentation of this file.
1 /* SPDX-License-Identifier: BSD-3-Clause
2  * Copyright 2017 NXP.
3  * Copyright(c) 2017 Intel Corporation.
4  */
5 
6 #ifndef _RTE_SECURITY_H_
7 #define _RTE_SECURITY_H_
8 
16 #ifdef __cplusplus
17 extern "C" {
18 #endif
19 
20 #include <sys/types.h>
21 
22 #include <netinet/in.h>
23 #include <netinet/ip.h>
24 #include <netinet/ip6.h>
25 
26 #include <rte_compat.h>
27 #include <rte_common.h>
28 #include <rte_crypto.h>
29 #include <rte_mbuf.h>
30 #include <rte_memory.h>
31 #include <rte_mempool.h>
32 
39 };
40 
47 };
48 
55 };
56 
67  void *device;
69  const struct rte_security_ops *ops;
71  uint16_t sess_cnt;
73 };
74 
84  union {
85  struct {
86  struct in_addr src_ip;
88  struct in_addr dst_ip;
90  uint8_t dscp;
92  uint8_t df;
94  uint8_t ttl;
96  } ipv4;
98  struct {
99  struct in6_addr src_addr;
101  struct in6_addr dst_addr;
103  uint8_t dscp;
105  uint32_t flabel;
107  uint8_t hlimit;
109  } ipv6;
111  };
112 };
113 
123  uint32_t esn : 1;
124 
131  uint32_t udp_encap : 1;
132 
140  uint32_t copy_dscp : 1;
141 
148  uint32_t copy_flabel : 1;
149 
156  uint32_t copy_df : 1;
157 
165  uint32_t dec_ttl : 1;
166 
174  uint32_t ecn : 1;
175 };
176 
183 };
184 
191  uint32_t spi;
193  uint32_t salt;
205  uint64_t esn_soft_limit;
207 };
208 
214  int dummy;
215 };
216 
223 };
224 
229 };
230 
243 };
244 
251  int8_t bearer;
255  uint8_t en_ordering;
270  uint32_t hfn;
272  uint32_t hfn_threshold;
273 };
274 
293 };
294 
303 };
304 
314  union {
315  struct rte_security_ipsec_xform ipsec;
316  struct rte_security_macsec_xform macsec;
317  struct rte_security_pdcp_xform pdcp;
318  };
322  void *userdata;
324 };
325 
326 struct rte_security_session {
327  void *sess_private_data;
329  uint64_t opaque_data;
331 };
332 
343 struct rte_security_session *
345  struct rte_security_session_conf *conf,
346  struct rte_mempool *mp);
347 
358 __rte_experimental
359 int
361  struct rte_security_session *sess,
362  struct rte_security_session_conf *conf);
363 
373 unsigned int
375 
388 int
390  struct rte_security_session *sess);
391 
405 int
407  struct rte_security_session *sess,
408  struct rte_mbuf *mb, void *params);
409 
427 __rte_experimental
428 void *
429 rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md);
430 
437 static inline int
439  struct rte_security_session *sess)
440 {
441  sym_op->sec_session = sess;
442 
443  return 0;
444 }
445 
446 static inline void *
447 get_sec_session_private_data(const struct rte_security_session *sess)
448 {
449  return sess->sess_private_data;
450 }
451 
452 static inline void
453 set_sec_session_private_data(struct rte_security_session *sess,
454  void *private_data)
455 {
456  sess->sess_private_data = private_data;
457 }
458 
468 static inline int
470  struct rte_security_session *sess)
471 {
473  return -EINVAL;
474 
476 
477  return __rte_security_attach_session(op->sym, sess);
478 }
479 
480 struct rte_security_macsec_stats {
481  uint64_t reserved;
482 };
483 
484 struct rte_security_ipsec_stats {
485  uint64_t reserved;
486 
487 };
488 
489 struct rte_security_pdcp_stats {
490  uint64_t reserved;
491 };
492 
493 struct rte_security_stats {
494  enum rte_security_session_protocol protocol;
498  union {
499  struct rte_security_macsec_stats macsec;
500  struct rte_security_ipsec_stats ipsec;
501  struct rte_security_pdcp_stats pdcp;
502  };
503 };
504 
515 __rte_experimental
516 int
518  struct rte_security_session *sess,
519  struct rte_security_stats *stats);
520 
530  union {
531  struct {
540  } ipsec;
542  struct {
543  /* To be Filled */
544  int dummy;
545  } macsec;
547  struct {
550  uint32_t capa_flags;
552  } pdcp;
554  };
555 
559  uint32_t ol_flags;
561 };
562 
568 #define RTE_SECURITY_PDCP_ORDERING_CAP 0x00000001
569 
574 #define RTE_SECURITY_PDCP_DUP_DETECT_CAP 0x00000002
575 
576 #define RTE_SECURITY_TX_OLOAD_NEED_MDATA 0x00000001
577 
580 #define RTE_SECURITY_TX_HW_TRAILER_OFFLOAD 0x00000002
581 
586 #define RTE_SECURITY_RX_HW_TRAILER_OFFLOAD 0x00010000
587 
599  enum rte_security_session_protocol protocol;
600 
602  union {
603  struct {
605  enum rte_security_ipsec_sa_mode mode;
606  enum rte_security_ipsec_sa_direction direction;
607  } ipsec;
608  struct {
609  enum rte_security_pdcp_domain domain;
610  uint32_t capa_flags;
611  } pdcp;
612  };
613 };
614 
624 const struct rte_security_capability *
626 
638 const struct rte_security_capability *
640  struct rte_security_capability_idx *idx);
641 
642 #ifdef __cplusplus
643 }
644 #endif
645 
646 #endif /* _RTE_SECURITY_H_ */
rte_security_pdcp_sn_size
Definition: rte_security.h:232
rte_security_ipsec_sa_protocol
Definition: rte_security.h:42
static int rte_security_attach_session(struct rte_crypto_op *op, struct rte_security_session *sess)
Definition: rte_security.h:469
rte_security_session_action_type
Definition: rte_security.h:278
rte_security_pdcp_direction
Definition: rte_security.h:226
enum rte_security_ipsec_sa_direction direction
Definition: rte_security.h:197
int rte_security_session_destroy(struct rte_security_ctx *instance, struct rte_security_session *sess)
int rte_security_set_pkt_metadata(struct rte_security_ctx *instance, struct rte_security_session *sess, struct rte_mbuf *mb, void *params)
struct rte_security_session * sec_session
struct rte_security_ipsec_tunnel_param tunnel
Definition: rte_security.h:203
struct rte_security_ipsec_sa_options options
Definition: rte_security.h:195
const struct rte_security_capability * rte_security_capabilities_get(struct rte_security_ctx *instance)
enum rte_security_session_action_type action
Definition: rte_security.h:525
unsigned int rte_security_session_get_size(struct rte_security_ctx *instance)
uint8_t type
Definition: rte_crypto.h:84
struct rte_crypto_sym_xform * crypto_xform
Definition: rte_security.h:320
rte_security_ipsec_sa_mode
Definition: rte_security.h:34
enum rte_security_pdcp_domain domain
Definition: rte_security.h:548
uint16_t sess_cnt
Definition: rte_security.h:71
static int __rte_security_attach_session(struct rte_crypto_sym_op *sym_op, struct rte_security_session *sess)
Definition: rte_security.h:438
enum rte_security_pdcp_sn_size sn_size
Definition: rte_security.h:266
enum rte_security_pdcp_direction pkt_dir
Definition: rte_security.h:264
struct rte_security_capability::@247::@249 ipsec
rte_security_ipsec_sa_direction
Definition: rte_security.h:178
rte_security_ipsec_tunnel_type
Definition: rte_security.h:50
__rte_experimental int rte_security_session_stats_get(struct rte_security_ctx *instance, struct rte_security_session *sess, struct rte_security_stats *stats)
__rte_experimental void * rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
#define unlikely(x)
__rte_experimental int rte_security_session_update(struct rte_security_ctx *instance, struct rte_security_session *sess, struct rte_security_session_conf *conf)
enum rte_security_session_protocol protocol
Definition: rte_security.h:311
enum rte_security_session_action_type action_type
Definition: rte_security.h:309
struct rte_security_ipsec_sa_options options
Definition: rte_security.h:538
enum rte_security_ipsec_sa_protocol proto
Definition: rte_security.h:199
enum rte_security_ipsec_sa_direction direction
Definition: rte_security.h:536
#define RTE_STD_C11
Definition: rte_common.h:40
struct rte_security_ipsec_tunnel_param::@239::@241 ipv4
struct rte_security_capability::@247::@250 macsec
enum rte_security_ipsec_sa_protocol proto
Definition: rte_security.h:532
enum rte_security_ipsec_sa_mode mode
Definition: rte_security.h:534
const struct rte_security_capability * rte_security_capability_get(struct rte_security_ctx *instance, struct rte_security_capability_idx *idx)
const struct rte_cryptodev_capabilities * crypto_capabilities
Definition: rte_security.h:556
enum rte_security_pdcp_domain domain
Definition: rte_security.h:262
enum rte_security_ipsec_sa_mode mode
Definition: rte_security.h:201
enum rte_security_ipsec_tunnel_type type
Definition: rte_security.h:81
struct rte_security_ipsec_tunnel_param::@239::@242 ipv6
uint8_t sess_type
Definition: rte_crypto.h:94
rte_security_session_protocol
Definition: rte_security.h:296
rte_security_pdcp_domain
Definition: rte_security.h:220
struct rte_security_capability::@247::@251 pdcp
struct rte_security_session * rte_security_session_create(struct rte_security_ctx *instance, struct rte_security_session_conf *conf, struct rte_mempool *mp)
enum rte_security_session_protocol protocol
Definition: rte_security.h:527
const struct rte_security_ops * ops
Definition: rte_security.h:69
struct rte_crypto_sym_op sym[0]
Definition: rte_crypto.h:118