DPDK  21.11.0
rte_security.h
Go to the documentation of this file.
1 /* SPDX-License-Identifier: BSD-3-Clause
2  * Copyright 2017,2019-2020 NXP
3  * Copyright(c) 2017-2020 Intel Corporation.
4  */
5 
6 #ifndef _RTE_SECURITY_H_
7 #define _RTE_SECURITY_H_
8 
16 #ifdef __cplusplus
17 extern "C" {
18 #endif
19 
20 #include <sys/types.h>
21 
22 #include <rte_compat.h>
23 #include <rte_common.h>
24 #include <rte_crypto.h>
25 #include <rte_ip.h>
26 #include <rte_mbuf.h>
27 #include <rte_mbuf_dyn.h>
28 #include <rte_memory.h>
29 #include <rte_mempool.h>
30 
37 };
38 
45 };
46 
53 };
54 
60 #define RTE_SECURITY_IPSEC_TUNNEL_VERIFY_DST_ADDR 0x1
61 #define RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR 0x2
62 
73  void *device;
75  const struct rte_security_ops *ops;
77  uint16_t sess_cnt;
79  uint32_t flags;
81 };
82 
83 #define RTE_SEC_CTX_F_FAST_SET_MDATA 0x00000001
84 
86 #define RTE_SEC_CTX_F_FAST_GET_UDATA 0x00000002
87 
101  union {
102  struct {
103  struct in_addr src_ip;
105  struct in_addr dst_ip;
107  uint8_t dscp;
109  uint8_t df;
111  uint8_t ttl;
113  } ipv4;
115  struct {
116  struct in6_addr src_addr;
118  struct in6_addr dst_addr;
120  uint8_t dscp;
122  uint32_t flabel;
124  uint8_t hlimit;
126  } ipv6;
128  };
129 };
130 
131 struct rte_security_ipsec_udp_param {
132  uint16_t sport;
133  uint16_t dport;
134 };
135 
145  uint32_t esn : 1;
146 
153  uint32_t udp_encap : 1;
154 
162  uint32_t copy_dscp : 1;
163 
170  uint32_t copy_flabel : 1;
171 
178  uint32_t copy_df : 1;
179 
187  uint32_t dec_ttl : 1;
188 
196  uint32_t ecn : 1;
197 
204  uint32_t stats : 1;
205 
218  uint32_t iv_gen_disable : 1;
219 
227  uint32_t tunnel_hdr_verify : 2;
228 
234  uint32_t udp_ports_verify : 1;
235 
249  uint32_t ip_csum_enable : 1;
250 
265  uint32_t l4_csum_enable : 1;
266 
274  uint32_t reserved_opts : 18;
275 };
276 
283 };
284 
307 };
308 
315  uint32_t spi;
317  uint32_t salt;
331  uint32_t replay_win_sz;
335  union {
336  uint64_t value;
337  struct {
338  uint32_t low;
339  uint32_t hi;
340  };
341  } esn;
343  struct rte_security_ipsec_udp_param udp;
345 };
346 
352  int dummy;
353 };
354 
362 };
363 
368 };
369 
382 };
383 
390  int8_t bearer;
394  uint8_t en_ordering;
409  uint32_t hfn;
411  uint32_t hfn_threshold;
420  uint8_t hfn_ovrd;
426  uint8_t sdap_enabled;
428  uint16_t reserved;
429 };
430 
441 };
442 
451 };
452 
475 };
476 
487 };
488 
498  union {
499  struct rte_security_ipsec_xform ipsec;
500  struct rte_security_macsec_xform macsec;
501  struct rte_security_pdcp_xform pdcp;
502  struct rte_security_docsis_xform docsis;
503  };
507  void *userdata;
509 };
510 
511 struct rte_security_session {
512  void *sess_private_data;
514  uint64_t opaque_data;
516 };
517 
529 struct rte_security_session *
531  struct rte_security_session_conf *conf,
532  struct rte_mempool *mp,
533  struct rte_mempool *priv_mp);
534 
545 __rte_experimental
546 int
548  struct rte_security_session *sess,
549  struct rte_security_session_conf *conf);
550 
560 unsigned int
562 
577 int
579  struct rte_security_session *sess);
580 
582 typedef uint64_t rte_security_dynfield_t;
585 
599 __rte_experimental
600 static inline rte_security_dynfield_t *
602 {
603  return RTE_MBUF_DYNFIELD(mbuf,
604  rte_security_dynfield_offset,
605  rte_security_dynfield_t *);
606 }
607 
616 __rte_experimental
617 static inline bool rte_security_dynfield_is_registered(void)
618 {
619  return rte_security_dynfield_offset >= 0;
620 }
621 
623 __rte_experimental
624 extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
625  struct rte_security_session *sess,
626  struct rte_mbuf *m, void *params);
627 
641 static inline int
643  struct rte_security_session *sess,
644  struct rte_mbuf *mb, void *params)
645 {
646  /* Fast Path */
647  if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) {
648  *rte_security_dynfield(mb) =
649  (rte_security_dynfield_t)(sess->sess_private_data);
650  return 0;
651  }
652 
653  /* Jump to PMD specific function pointer */
654  return __rte_security_set_pkt_metadata(instance, sess, mb, params);
655 }
656 
658 __rte_experimental
659 extern void *__rte_security_get_userdata(struct rte_security_ctx *instance,
660  uint64_t md);
661 
679 __rte_experimental
680 static inline void *
681 rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
682 {
683  /* Fast Path */
684  if (instance->flags & RTE_SEC_CTX_F_FAST_GET_UDATA)
685  return (void *)(uintptr_t)md;
686 
687  /* Jump to PMD specific function pointer */
688  return __rte_security_get_userdata(instance, md);
689 }
690 
697 static inline int
699  struct rte_security_session *sess)
700 {
701  sym_op->sec_session = sess;
702 
703  return 0;
704 }
705 
706 static inline void *
707 get_sec_session_private_data(const struct rte_security_session *sess)
708 {
709  return sess->sess_private_data;
710 }
711 
712 static inline void
713 set_sec_session_private_data(struct rte_security_session *sess,
714  void *private_data)
715 {
716  sess->sess_private_data = private_data;
717 }
718 
728 static inline int
730  struct rte_security_session *sess)
731 {
733  return -EINVAL;
734 
736 
737  return __rte_security_attach_session(op->sym, sess);
738 }
739 
740 struct rte_security_macsec_stats {
741  uint64_t reserved;
742 };
743 
744 struct rte_security_ipsec_stats {
745  uint64_t ipackets;
746  uint64_t opackets;
747  uint64_t ibytes;
748  uint64_t obytes;
749  uint64_t ierrors;
750  uint64_t oerrors;
751  uint64_t reserved1;
752  uint64_t reserved2;
753 };
754 
755 struct rte_security_pdcp_stats {
756  uint64_t reserved;
757 };
758 
759 struct rte_security_docsis_stats {
760  uint64_t reserved;
761 };
762 
763 struct rte_security_stats {
764  enum rte_security_session_protocol protocol;
768  union {
769  struct rte_security_macsec_stats macsec;
770  struct rte_security_ipsec_stats ipsec;
771  struct rte_security_pdcp_stats pdcp;
772  struct rte_security_docsis_stats docsis;
773  };
774 };
775 
789 __rte_experimental
790 int
792  struct rte_security_session *sess,
793  struct rte_security_stats *stats);
794 
804  union {
805  struct {
818  } ipsec;
820  struct {
821  /* To be Filled */
822  int dummy;
823  } macsec;
825  struct {
828  uint32_t capa_flags;
830  } pdcp;
832  struct {
835  } docsis;
837  };
838 
842  uint32_t ol_flags;
844 };
845 
851 #define RTE_SECURITY_PDCP_ORDERING_CAP 0x00000001
852 
857 #define RTE_SECURITY_PDCP_DUP_DETECT_CAP 0x00000002
858 
859 #define RTE_SECURITY_TX_OLOAD_NEED_MDATA 0x00000001
860 
863 #define RTE_SECURITY_TX_HW_TRAILER_OFFLOAD 0x00000002
864 
869 #define RTE_SECURITY_RX_HW_TRAILER_OFFLOAD 0x00010000
870 
882  enum rte_security_session_protocol protocol;
883 
885  union {
886  struct {
888  enum rte_security_ipsec_sa_mode mode;
889  enum rte_security_ipsec_sa_direction direction;
890  } ipsec;
891  struct {
892  enum rte_security_pdcp_domain domain;
893  uint32_t capa_flags;
894  } pdcp;
895  struct {
896  enum rte_security_docsis_direction direction;
897  } docsis;
898  };
899 };
900 
910 const struct rte_security_capability *
912 
924 const struct rte_security_capability *
926  struct rte_security_capability_idx *idx);
927 
928 #ifdef __cplusplus
929 }
930 #endif
931 
932 #endif /* _RTE_SECURITY_H_ */
rte_security_pdcp_sn_size
Definition: rte_security.h:371
rte_security_ipsec_sa_protocol
Definition: rte_security.h:40
__rte_experimental void * __rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
static int rte_security_attach_session(struct rte_crypto_op *op, struct rte_security_session *sess)
Definition: rte_security.h:729
struct rte_ether_addr src_addr
Definition: rte_ether.h:270
rte_security_session_action_type
Definition: rte_security.h:456
__rte_experimental int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance, struct rte_security_session *sess, struct rte_mbuf *m, void *params)
rte_security_pdcp_direction
Definition: rte_security.h:365
static int rte_security_set_pkt_metadata(struct rte_security_ctx *instance, struct rte_security_session *sess, struct rte_mbuf *mb, void *params)
Definition: rte_security.h:642
int rte_security_session_destroy(struct rte_security_ctx *instance, struct rte_security_session *sess)
struct rte_security_session * sec_session
const struct rte_security_capability * rte_security_capabilities_get(struct rte_security_ctx *instance)
unsigned int rte_security_session_get_size(struct rte_security_ctx *instance)
uint8_t type
Definition: rte_crypto.h:89
struct rte_crypto_sym_xform * crypto_xform
Definition: rte_security.h:505
static __rte_experimental rte_security_dynfield_t * rte_security_dynfield(struct rte_mbuf *mbuf)
Definition: rte_security.h:601
rte_security_ipsec_sa_mode
Definition: rte_security.h:32
uint16_t sess_cnt
Definition: rte_security.h:77
struct rte_security_session * rte_security_session_create(struct rte_security_ctx *instance, struct rte_security_session_conf *conf, struct rte_mempool *mp, struct rte_mempool *priv_mp)
static int __rte_security_attach_session(struct rte_crypto_sym_op *sym_op, struct rte_security_session *sess)
Definition: rte_security.h:698
int rte_security_dynfield_offset
rte_security_ipsec_sa_direction
Definition: rte_security.h:278
rte_security_ipsec_tunnel_type
Definition: rte_security.h:48
struct rte_ether_addr dst_addr
Definition: rte_ether.h:269
__rte_experimental int rte_security_session_stats_get(struct rte_security_ctx *instance, struct rte_security_session *sess, struct rte_security_stats *stats)
#define RTE_MBUF_DYNFIELD(m, offset, type)
Definition: rte_mbuf_dyn.h:229
#define RTE_SEC_CTX_F_FAST_SET_MDATA
Definition: rte_security.h:83
#define unlikely(x)
__rte_experimental int rte_security_session_update(struct rte_security_ctx *instance, struct rte_security_session *sess, struct rte_security_session_conf *conf)
#define RTE_STD_C11
Definition: rte_common.h:42
static __rte_experimental bool rte_security_dynfield_is_registered(void)
Definition: rte_security.h:617
#define RTE_SEC_CTX_F_FAST_GET_UDATA
Definition: rte_security.h:86
rte_security_docsis_direction
Definition: rte_security.h:432
uint64_t rte_security_dynfield_t
Definition: rte_security.h:582
const struct rte_security_capability * rte_security_capability_get(struct rte_security_ctx *instance, struct rte_security_capability_idx *idx)
const struct rte_cryptodev_capabilities * crypto_capabilities
Definition: rte_security.h:839
uint8_t sess_type
Definition: rte_crypto.h:99
static __rte_experimental void * rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
Definition: rte_security.h:681
rte_security_session_protocol
Definition: rte_security.h:478
rte_security_pdcp_domain
Definition: rte_security.h:358
const struct rte_security_ops * ops
Definition: rte_security.h:75
struct rte_crypto_sym_op sym[0]
Definition: rte_crypto.h:128