DPDK  21.11.8
Data Structures | Functions
rte_ipsec.h File Reference
#include <rte_ipsec_sa.h>
#include <rte_mbuf.h>
#include <rte_ipsec_group.h>

Go to the source code of this file.

Data Structures

struct  rte_ipsec_sa_pkt_func
 
struct  rte_ipsec_session
 

Functions

int rte_ipsec_session_prepare (struct rte_ipsec_session *ss)
 
static uint16_t rte_ipsec_pkt_crypto_prepare (const struct rte_ipsec_session *ss, struct rte_mbuf *mb[], struct rte_crypto_op *cop[], uint16_t num)
 
static uint16_t rte_ipsec_pkt_process (const struct rte_ipsec_session *ss, struct rte_mbuf *mb[], uint16_t num)
 
__rte_experimental int rte_ipsec_telemetry_sa_add (const struct rte_ipsec_sa *sa)
 
__rte_experimental void rte_ipsec_telemetry_sa_del (const struct rte_ipsec_sa *sa)
 

Detailed Description

RTE IPsec support.

librte_ipsec provides a framework for data-path IPsec protocol processing (ESP/AH).

Definition in file rte_ipsec.h.

Function Documentation

◆ rte_ipsec_session_prepare()

int rte_ipsec_session_prepare ( struct rte_ipsec_session ss)

Checks that inside given rte_ipsec_session crypto/security fields are filled correctly and setups function pointers based on these values. Expects that all fields except IPsec processing function pointers (pkt_func) will be filled correctly by caller.

Parameters
ssPointer to the rte_ipsec_session object
Returns
  • Zero if operation completed successfully.
  • -EINVAL if the parameters are invalid.
Examples:
examples/ipsec-secgw/ipsec_process.c, and examples/ipsec-secgw/sa.c.

◆ rte_ipsec_pkt_crypto_prepare()

static uint16_t rte_ipsec_pkt_crypto_prepare ( const struct rte_ipsec_session ss,
struct rte_mbuf mb[],
struct rte_crypto_op cop[],
uint16_t  num 
)
inlinestatic

For input mbufs and given IPsec session prepare crypto ops that can be enqueued into the cryptodev associated with given session. expects that for each input packet:

  • l2_len, l3_len are setup correctly Note that erroneous mbufs are not freed by the function, but are placed beyond last valid mbuf in the mb array. It is a user responsibility to handle them further.
    Parameters
    ssPointer to the rte_ipsec_session object the packets belong to.
    mbThe address of an array of num pointers to rte_mbuf structures which contain the input packets.
    copThe address of an array of num pointers to the output rte_crypto_op structures.
    numThe maximum number of packets to process.
    Returns
    Number of successfully processed packets, with error code set in rte_errno.
Examples:
examples/ipsec-secgw/ipsec_process.c.

Definition at line 118 of file rte_ipsec.h.

◆ rte_ipsec_pkt_process()

static uint16_t rte_ipsec_pkt_process ( const struct rte_ipsec_session ss,
struct rte_mbuf mb[],
uint16_t  num 
)
inlinestatic

Finalise processing of packets after crypto-dev finished with them or process packets that are subjects to inline IPsec offload. Expects that for each input packet:

  • l2_len, l3_len are setup correctly Output mbufs will be: inbound - decrypted & authenticated, ESP(AH) related headers removed, l2_len and l3_len fields are updated. outbound - appropriate mbuf fields (ol_flags, tx_offloads, etc.) properly setup, if necessary - IP headers updated, ESP(AH) fields added, Note that erroneous mbufs are not freed by the function, but are placed beyond last valid mbuf in the mb array. It is a user responsibility to handle them further.
    Parameters
    ssPointer to the rte_ipsec_session object the packets belong to.
    mbThe address of an array of num pointers to rte_mbuf structures which contain the input packets.
    numThe maximum number of packets to process.
    Returns
    Number of successfully processed packets, with error code set in rte_errno.
Examples:
examples/ipsec-secgw/ipsec_process.c.

Definition at line 155 of file rte_ipsec.h.

◆ rte_ipsec_telemetry_sa_add()

__rte_experimental int rte_ipsec_telemetry_sa_add ( const struct rte_ipsec_sa *  sa)

Enable per SA telemetry for a specific SA. Note that this function is not thread safe

Parameters
saPointer to the rte_ipsec_sa object that will have telemetry enabled.
Returns
0 on success, negative value otherwise.
Examples:
examples/ipsec-secgw/sa.c.

◆ rte_ipsec_telemetry_sa_del()

__rte_experimental void rte_ipsec_telemetry_sa_del ( const struct rte_ipsec_sa *  sa)

Disable per SA telemetry for a specific SA. Note that this function is not thread safe

Parameters
saPointer to the rte_ipsec_sa object that will have telemetry disabled.