DPDK 25.03.0-rc0
Data Fields
rte_security_capability Struct Reference

#include <rte_security.h>

Data Fields

enum rte_security_session_action_type action
 
enum rte_security_session_protocol protocol
 
const struct rte_cryptodev_capabilitiescrypto_capabilities
 
uint32_t ol_flags
 
enum rte_security_ipsec_sa_protocol proto
 
enum rte_security_ipsec_sa_mode mode
 
enum rte_security_ipsec_sa_direction direction
 
struct rte_security_ipsec_sa_options options
 
uint32_t replay_win_sz_max
 
struct {
   enum rte_security_ipsec_sa_protocol   proto
 
   enum rte_security_ipsec_sa_mode   mode
 
   enum rte_security_ipsec_sa_direction   direction
 
   struct rte_security_ipsec_sa_options   options
 
   uint32_t   replay_win_sz_max
 
ipsec
 
uint16_t mtu
 
enum rte_security_macsec_alg alg
 
uint16_t max_nb_sc
 
uint16_t max_nb_sa
 
uint16_t max_nb_sess
 
uint32_t replay_win_sz
 
uint16_t relative_sectag_insert: 1
 
uint16_t fixed_sectag_insert: 1
 
uint16_t icv_include_da_sa: 1
 
uint16_t ctrl_port_enable: 1
 
uint16_t preserve_sectag: 1
 
uint16_t preserve_icv: 1
 
uint16_t validate_frames: 1
 
uint16_t re_key: 1
 
uint16_t anti_replay: 1
 
uint16_t reserved: 7
 
struct {
   uint16_t   mtu
 
   enum rte_security_macsec_alg   alg
 
   uint16_t   max_nb_sc
 
   uint16_t   max_nb_sa
 
   uint16_t   max_nb_sess
 
   uint32_t   replay_win_sz
 
   uint16_t   relative_sectag_insert: 1
 
   uint16_t   fixed_sectag_insert: 1
 
   uint16_t   icv_include_da_sa: 1
 
   uint16_t   ctrl_port_enable: 1
 
   uint16_t   preserve_sectag: 1
 
   uint16_t   preserve_icv: 1
 
   uint16_t   validate_frames: 1
 
   uint16_t   re_key: 1
 
   uint16_t   anti_replay: 1
 
   uint16_t   reserved: 7
 
macsec
 
enum rte_security_pdcp_domain domain
 
uint32_t capa_flags
 
struct {
   enum rte_security_pdcp_domain   domain
 
   uint32_t   capa_flags
 
pdcp
 
enum rte_security_docsis_direction direction
 
struct {
   enum rte_security_docsis_direction   direction
 
docsis
 
enum rte_security_tls_version ver
 
enum rte_security_tls_sess_type type
 
uint32_t ar_win_size
 
struct {
   enum rte_security_tls_version   ver
 
   enum rte_security_tls_sess_type   type
 
   uint32_t   ar_win_size
 
tls_record
 

Detailed Description

Security capability definition

Examples
examples/ipsec-secgw/ipsec-secgw.c, and examples/ipsec-secgw/ipsec.c.

Definition at line 1247 of file rte_security.h.

Field Documentation

◆ action

Security action type

Examples
examples/ipsec-secgw/ipsec.c.

Definition at line 1248 of file rte_security.h.

◆ protocol

Security protocol

Definition at line 1250 of file rte_security.h.

◆ proto

IPsec SA protocol

Definition at line 1254 of file rte_security.h.

◆ mode

IPsec SA mode

Examples
examples/ipsec-secgw/ipsec-secgw.c.

Definition at line 1256 of file rte_security.h.

◆ direction [1/2]

IPsec SA direction

Definition at line 1258 of file rte_security.h.

◆ options

IPsec SA supported options

Examples
examples/ipsec-secgw/ipsec.c.

Definition at line 1260 of file rte_security.h.

◆ replay_win_sz_max

uint32_t replay_win_sz_max

IPsec Anti Replay Window Size. A '0' value indicates that Anti Replay is not supported.

Examples
examples/ipsec-secgw/ipsec.c.

Definition at line 1262 of file rte_security.h.

◆ 

struct { ... } ipsec

IPsec capability

Examples
examples/ipsec-secgw/ipsec.c.

◆ mtu

uint16_t mtu

MTU supported for inline TX

Definition at line 1270 of file rte_security.h.

◆ alg

MACsec algorithm to be used

Definition at line 1272 of file rte_security.h.

◆ max_nb_sc

uint16_t max_nb_sc

Maximum number of secure channels supported

Definition at line 1274 of file rte_security.h.

◆ max_nb_sa

uint16_t max_nb_sa

Maximum number of SAs supported

Definition at line 1276 of file rte_security.h.

◆ max_nb_sess

uint16_t max_nb_sess

Maximum number of SAs supported

Definition at line 1278 of file rte_security.h.

◆ replay_win_sz

uint32_t replay_win_sz

MACsec anti replay window size

Definition at line 1280 of file rte_security.h.

◆ relative_sectag_insert

uint16_t relative_sectag_insert

Support Sectag insertion at relative offset

Definition at line 1282 of file rte_security.h.

◆ fixed_sectag_insert

uint16_t fixed_sectag_insert

Support Sectag insertion at fixed offset

Definition at line 1284 of file rte_security.h.

◆ icv_include_da_sa

uint16_t icv_include_da_sa

ICV includes source and destination MAC addresses

Definition at line 1286 of file rte_security.h.

◆ ctrl_port_enable

uint16_t ctrl_port_enable

Control port traffic is supported

Definition at line 1288 of file rte_security.h.

◆ preserve_sectag

uint16_t preserve_sectag

Do not strip SecTAG after processing

Definition at line 1290 of file rte_security.h.

◆ preserve_icv

uint16_t preserve_icv

Do not strip ICV from the packet after processing

Definition at line 1292 of file rte_security.h.

◆ validate_frames

uint16_t validate_frames

Support frame validation as per RTE_SECURITY_MACSEC_VALIDATE_*

Definition at line 1294 of file rte_security.h.

◆ re_key

uint16_t re_key

support re-keying on SA expiry

Definition at line 1296 of file rte_security.h.

◆ anti_replay

uint16_t anti_replay

support anti replay

Definition at line 1298 of file rte_security.h.

◆ reserved

uint16_t reserved

Reserved bitfields for future capabilities

Definition at line 1300 of file rte_security.h.

◆ 

struct { ... } macsec

MACsec capability

◆ domain

PDCP mode of operation: Control or data

Definition at line 1304 of file rte_security.h.

◆ capa_flags

uint32_t capa_flags

Capability flags, see RTE_SECURITY_PDCP_*

Definition at line 1306 of file rte_security.h.

◆ 

struct { ... } pdcp

PDCP capability

◆ direction [2/2]

DOCSIS direction

Definition at line 1311 of file rte_security.h.

◆ 

struct { ... } docsis

DOCSIS capability

◆ ver

TLS record version.

Definition at line 1316 of file rte_security.h.

◆ type

TLS record session type.

Definition at line 1318 of file rte_security.h.

◆ ar_win_size

uint32_t ar_win_size

Maximum anti replay window size supported for DTLS 1.2 record read operation. Value of 0 means anti replay check is not supported.

Definition at line 1320 of file rte_security.h.

◆ 

struct { ... } tls_record

TLS record capability

◆ crypto_capabilities

const struct rte_cryptodev_capabilities* crypto_capabilities

Corresponding crypto capabilities for security capability

Examples
examples/ipsec-secgw/ipsec-secgw.c, and examples/ipsec-secgw/ipsec.c.

Definition at line 1328 of file rte_security.h.

◆ ol_flags

uint32_t ol_flags

Device offload flags

Examples
examples/ipsec-secgw/ipsec.c.

Definition at line 1331 of file rte_security.h.


The documentation for this struct was generated from the following file: