DPDK  19.11.14
Data Structures | Macros | Enumerations | Functions
rte_ipsec_sad.h File Reference
#include <stdint.h>
#include <rte_compat.h>

Go to the source code of this file.

Data Structures

struct  rte_ipsec_sad_conf
 

Macros

#define RTE_IPSEC_SAD_FLAG_IPV6   0x1
 
#define RTE_IPSEC_SAD_FLAG_RW_CONCURRENCY   0x2
 

Enumerations

enum  
 

Functions

__rte_experimental int rte_ipsec_sad_add (struct rte_ipsec_sad *sad, const union rte_ipsec_sad_key *key, int key_type, void *sa)
 
__rte_experimental int rte_ipsec_sad_del (struct rte_ipsec_sad *sad, const union rte_ipsec_sad_key *key, int key_type)
 
__rte_experimental struct rte_ipsec_sad * rte_ipsec_sad_find_existing (const char *name)
 
__rte_experimental void rte_ipsec_sad_destroy (struct rte_ipsec_sad *sad)
 
__rte_experimental int rte_ipsec_sad_lookup (const struct rte_ipsec_sad *sad, const union rte_ipsec_sad_key *keys[], void *sa[], uint32_t n)
 

Detailed Description

EXPERIMENTAL: this API may change without prior notice

RTE IPsec security association database (SAD) support. Contains helper functions to lookup and maintain SAD

Definition in file rte_ipsec_sad.h.

Macro Definition Documentation

◆ RTE_IPSEC_SAD_FLAG_IPV6

#define RTE_IPSEC_SAD_FLAG_IPV6   0x1

Flag to create SAD with ipv6 dip and sip addresses

Definition at line 53 of file rte_ipsec_sad.h.

◆ RTE_IPSEC_SAD_FLAG_RW_CONCURRENCY

#define RTE_IPSEC_SAD_FLAG_RW_CONCURRENCY   0x2

Flag to support reader writer concurrency

Definition at line 55 of file rte_ipsec_sad.h.

Enumeration Type Documentation

◆ anonymous enum

anonymous enum

Type of key

Definition at line 28 of file rte_ipsec_sad.h.

Function Documentation

◆ rte_ipsec_sad_add()

__rte_experimental int rte_ipsec_sad_add ( struct rte_ipsec_sad *  sad,
const union rte_ipsec_sad_key *  key,
int  key_type,
void *  sa 
)

Add a rule into the SAD. Could be safely called with concurrent lookups if RTE_IPSEC_SAD_FLAG_RW_CONCURRENCY flag was configured on creation time. While with this flag multi-reader - one-writer model Is MT safe, multi-writer model is not and required extra synchronisation.

Parameters
sadSAD object handle
keypointer to the key
key_typekey type (spi only/spi+dip/spi+dip+sip)
saPointer associated with the key to save in a SAD Must be 4 bytes aligned.
Returns
0 on success, negative value otherwise

◆ rte_ipsec_sad_del()

__rte_experimental int rte_ipsec_sad_del ( struct rte_ipsec_sad *  sad,
const union rte_ipsec_sad_key *  key,
int  key_type 
)

Delete a rule from the SAD. Could be safely called with concurrent lookups if RTE_IPSEC_SAD_FLAG_RW_CONCURRENCY flag was configured on creation time. While with this flag multi-reader - one-writer model Is MT safe, multi-writer model is not and required extra synchronisation.

Parameters
sadSAD object handle
keypointer to the key
key_typekey type (spi only/spi+dip/spi+dip+sip)
Returns
0 on success, negative value otherwise

◆ rte_ipsec_sad_find_existing()

__rte_experimental struct rte_ipsec_sad* rte_ipsec_sad_find_existing ( const char *  name)

Find an existing SAD object and return a pointer to it.

Parameters
nameName of the SAD object as passed to rte_ipsec_sad_create()
Returns
Pointer to sad object or NULL if object not found with rte_errno set appropriately. Possible rte_errno values include:
  • ENOENT - required entry not available to return.

◆ rte_ipsec_sad_destroy()

__rte_experimental void rte_ipsec_sad_destroy ( struct rte_ipsec_sad *  sad)

Destroy SAD object.

Parameters
sadpointer to the SAD object
Returns
None

◆ rte_ipsec_sad_lookup()

__rte_experimental int rte_ipsec_sad_lookup ( const struct rte_ipsec_sad *  sad,
const union rte_ipsec_sad_key *  keys[],
void *  sa[],
uint32_t  n 
)

Lookup multiple keys in the SAD.

Parameters
sadSAD object handle
keysArray of keys to be looked up in the SAD
saPointer assocoated with the keys. If the lookup for the given key failed, then corresponding sa will be NULL
nNumber of elements in keys array to lookup.
Returns
-EINVAL for incorrect arguments, otherwise number of successful lookups.