#include <sys/types.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/ip6.h>
#include <rte_common.h>
#include <rte_crypto.h>
#include <rte_mbuf.h>
#include <rte_memory.h>
#include <rte_mempool.h>

Data Structures
struct	rte_security_ctx

struct	rte_security_ipsec_tunnel_param

struct	rte_security_ipsec_sa_options

struct	rte_security_ipsec_xform

struct	rte_security_macsec_xform

struct	rte_security_session_conf

struct	rte_security_capability

struct	rte_security_capability_idx

Macros
#define	RTE_SECURITY_TX_OLOAD_NEED_MDATA 0x00000001

#define	RTE_SECURITY_TX_HW_TRAILER_OFFLOAD 0x00000002

#define	RTE_SECURITY_RX_HW_TRAILER_OFFLOAD 0x00010000

Functions
struct rte_security_session *	rte_security_session_create (struct rte_security_ctx instance, struct rte_security_session_conf conf, struct rte_mempool *mp)

int	rte_security_session_update (struct rte_security_ctx instance, struct rte_security_session sess, struct rte_security_session_conf *conf)

int	rte_security_session_destroy (struct rte_security_ctx instance, struct rte_security_session sess)

int	rte_security_set_pkt_metadata (struct rte_security_ctx instance, struct rte_security_session sess, struct rte_mbuf mb, void params)

static int	__rte_security_attach_session (struct rte_crypto_sym_op sym_op, struct rte_security_session sess)

static int	rte_security_attach_session (struct rte_crypto_op op, struct rte_security_session sess)

int	rte_security_session_stats_get (struct rte_security_ctx instance, struct rte_security_session sess, struct rte_security_stats *stats)

const struct rte_security_capability *	rte_security_capabilities_get (struct rte_security_ctx *instance)

const struct rte_security_capability *	rte_security_capability_get (struct rte_security_ctx instance, struct rte_security_capability_idx idx)

Detailed Description

EXPERIMENTAL: this API may change without prior notice

RTE Security Common Definitions

Definition in file rte_security.h.

Macro Definition Documentation

#define RTE_SECURITY_TX_OLOAD_NEED_MDATA 0x00000001

HW needs metadata update, see rte_security_set_pkt_metadata().

Examples:: examples/ipsec-secgw/ipsec.c.

Definition at line 468 of file rte_security.h.

#define RTE_SECURITY_TX_HW_TRAILER_OFFLOAD 0x00000002

HW constructs trailer of packets Transmitted packets will have the trailer added to them by hardawre. The next protocol field will be based on the mbuf->inner_esp_next_proto field.

Examples:: examples/ipsec-secgw/esp.c.

Definition at line 472 of file rte_security.h.

#define RTE_SECURITY_RX_HW_TRAILER_OFFLOAD 0x00010000

HW removes trailer of packets Received packets have no trailer, the next protocol field is supplied in the mbuf->inner_esp_next_proto field. Inner packet is not modified.

Examples:: examples/ipsec-secgw/esp.c.

Definition at line 478 of file rte_security.h.

Enumeration Type Documentation

enum rte_security_ipsec_sa_mode

IPSec protocol mode

Enumerator
RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT	IPSec Transport mode
RTE_SECURITY_IPSEC_SA_MODE_TUNNEL	IPSec Tunnel mode

Definition at line 62 of file rte_security.h.

enum rte_security_ipsec_sa_protocol

IPSec Protocol

Enumerator
RTE_SECURITY_IPSEC_SA_PROTO_AH	AH protocol
RTE_SECURITY_IPSEC_SA_PROTO_ESP	ESP protocol

Definition at line 70 of file rte_security.h.

enum rte_security_ipsec_tunnel_type

IPSEC tunnel type

Enumerator
RTE_SECURITY_IPSEC_TUNNEL_IPV4	Outer header is IPv4
RTE_SECURITY_IPSEC_TUNNEL_IPV6	Outer header is IPv6

Definition at line 78 of file rte_security.h.

enum rte_security_ipsec_sa_direction

IPSec security association direction

Enumerator
RTE_SECURITY_IPSEC_SA_DIR_EGRESS	Encrypt and generate digest
RTE_SECURITY_IPSEC_SA_DIR_INGRESS	Verify digest and decrypt

Definition at line 197 of file rte_security.h.

enum rte_security_session_action_type

Security session action type.

Enumerator
RTE_SECURITY_ACTION_TYPE_NONE	No security actions
RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO	Crypto processing for security protocol is processed inline during transmission
RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL	All security protocol processing is performed inline during transmission
RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL	All security protocol processing including crypto is performed on a lookaside accelerator

Definition at line 237 of file rte_security.h.

enum rte_security_session_protocol

Security session protocol definition

Enumerator
RTE_SECURITY_PROTOCOL_IPSEC	IPsec Protocol
RTE_SECURITY_PROTOCOL_MACSEC	MACSec Protocol

Definition at line 255 of file rte_security.h.

Function Documentation

struct rte_security_session* rte_security_session_create	(	struct rte_security_ctx *	instance,
		struct rte_security_session_conf *	conf,
		struct rte_mempool *	mp
	)

Create security session as specified by the session configuration

Parameters

instance	security instance
conf	session configuration parameters
mp	mempool to allocate session objects from

Returns

On success, pointer to session
On failure, NULL

Examples:: examples/ipsec-secgw/ipsec.c.

int rte_security_session_update	(	struct rte_security_ctx *	instance,
		struct rte_security_session *	sess,
		struct rte_security_session_conf *	conf
	)

Update security session as specified by the session configuration

Parameters

instance	security instance
sess	session to update parameters
conf	update configuration parameters

Returns

On success returns 0
On failure return errno

int rte_security_session_destroy	(	struct rte_security_ctx *	instance,
		struct rte_security_session *	sess
	)

Free security session header and the session private data and return it to its original mempool.

Parameters

instance	security instance
sess	security session to freed

Returns

0 if successful.
-EINVAL if session is NULL.
-EBUSY if not all device private data has been freed.

int rte_security_set_pkt_metadata	(	struct rte_security_ctx *	instance,
		struct rte_security_session *	sess,
		struct rte_mbuf *	mb,
		void *	params
	)

Updates the buffer with device-specific defined metadata

Parameters

instance	security instance
sess	security session
mb	packet mbuf to set metadata on.
params	device-specific defined parameters required for metadata

Returns

On success, zero.
On failure, a negative value.

Examples:: examples/ipsec-secgw/ipsec.c.

static int __rte_security_attach_session	(	struct rte_crypto_sym_op *	sym_op,
		struct rte_security_session *	sess
	)

inlinestatic

Attach a session to a symmetric crypto operation

Parameters

sym_op	crypto operation
sess	security session

Definition at line 356 of file rte_security.h.

static int rte_security_attach_session	(	struct rte_crypto_op *	op,
		struct rte_security_session *	sess
	)

inlinestatic

Attach a session to a crypto operation. This API is needed only in case of RTE_SECURITY_SESS_CRYPTO_PROTO_OFFLOAD For other rte_security_session_action_type, ol_flags in rte_mbuf may be defined to perform security operations.

Parameters

op	crypto operation
sess	security session

Examples:: examples/ipsec-secgw/ipsec.c.

Definition at line 387 of file rte_security.h.

int rte_security_session_stats_get	(	struct rte_security_ctx *	instance,
		struct rte_security_session *	sess,
		struct rte_security_stats *	stats
	)

Get security session statistics

Parameters

instance	security instance
sess	security session
stats	statistics

Returns

On success return 0
On failure errno

const struct rte_security_capability* rte_security_capabilities_get ( struct rte_security_ctx * instance )

Returns array of security instance capabilities

Parameters

instance Security instance.

Returns

Returns array of security capabilities.
Return NULL if no capabilities available.

Examples:: examples/ipsec-secgw/ipsec.c.

const struct rte_security_capability* rte_security_capability_get	(	struct rte_security_ctx *	instance,
		struct rte_security_capability_idx *	idx
	)

Query if a specific capability is available on security instance

Parameters

instance	security instance.
idx	security capability index to match against

Returns

Returns pointer to security capability on match of capability index criteria.
Return NULL if the capability not matched on security instance.

Enumerations
enum	rte_security_ipsec_sa_mode { RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT = 1, RTE_SECURITY_IPSEC_SA_MODE_TUNNEL }

enum	rte_security_ipsec_sa_protocol { RTE_SECURITY_IPSEC_SA_PROTO_AH = 1, RTE_SECURITY_IPSEC_SA_PROTO_ESP }

enum	rte_security_ipsec_tunnel_type { RTE_SECURITY_IPSEC_TUNNEL_IPV4 = 1, RTE_SECURITY_IPSEC_TUNNEL_IPV6 }

enum	rte_security_ipsec_sa_direction { RTE_SECURITY_IPSEC_SA_DIR_EGRESS, RTE_SECURITY_IPSEC_SA_DIR_INGRESS }

enum	rte_security_session_action_type { RTE_SECURITY_ACTION_TYPE_NONE, RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO, RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL, RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL }

enum	rte_security_session_protocol { RTE_SECURITY_PROTOCOL_IPSEC = 1, RTE_SECURITY_PROTOCOL_MACSEC }

Data Structures

Macros

Enumerations

Functions

Detailed Description

Macro Definition Documentation

Enumeration Type Documentation

Function Documentation