DPDK 21.11.9
|
#include <sys/types.h>
#include <rte_compat.h>
#include <rte_common.h>
#include <rte_crypto.h>
#include <rte_ip.h>
#include <rte_mbuf.h>
#include <rte_mbuf_dyn.h>
#include <rte_memory.h>
#include <rte_mempool.h>
Go to the source code of this file.
Data Structures | |
struct | rte_security_ctx |
struct | rte_security_ipsec_tunnel_param |
struct | rte_security_ipsec_sa_options |
struct | rte_security_ipsec_lifetime |
struct | rte_security_ipsec_xform |
struct | rte_security_macsec_xform |
struct | rte_security_pdcp_xform |
struct | rte_security_docsis_xform |
struct | rte_security_session_conf |
struct | rte_security_capability |
struct | rte_security_capability_idx |
Macros | |
#define | RTE_SECURITY_IPSEC_TUNNEL_VERIFY_DST_ADDR 0x1 |
#define | RTE_SEC_CTX_F_FAST_SET_MDATA 0x00000001 |
#define | RTE_SEC_CTX_F_FAST_GET_UDATA 0x00000002 |
#define | RTE_SECURITY_PDCP_ORDERING_CAP 0x00000001 |
#define | RTE_SECURITY_PDCP_DUP_DETECT_CAP 0x00000002 |
#define | RTE_SECURITY_TX_OLOAD_NEED_MDATA 0x00000001 |
#define | RTE_SECURITY_TX_HW_TRAILER_OFFLOAD 0x00000002 |
#define | RTE_SECURITY_RX_HW_TRAILER_OFFLOAD 0x00010000 |
Typedefs | |
typedef uint64_t | rte_security_dynfield_t |
Functions | |
struct rte_security_session * | rte_security_session_create (struct rte_security_ctx *instance, struct rte_security_session_conf *conf, struct rte_mempool *mp, struct rte_mempool *priv_mp) |
__rte_experimental int | rte_security_session_update (struct rte_security_ctx *instance, struct rte_security_session *sess, struct rte_security_session_conf *conf) |
unsigned int | rte_security_session_get_size (struct rte_security_ctx *instance) |
int | rte_security_session_destroy (struct rte_security_ctx *instance, struct rte_security_session *sess) |
static __rte_experimental rte_security_dynfield_t * | rte_security_dynfield (struct rte_mbuf *mbuf) |
static __rte_experimental bool | rte_security_dynfield_is_registered (void) |
__rte_experimental int | __rte_security_set_pkt_metadata (struct rte_security_ctx *instance, struct rte_security_session *sess, struct rte_mbuf *m, void *params) |
static int | rte_security_set_pkt_metadata (struct rte_security_ctx *instance, struct rte_security_session *sess, struct rte_mbuf *mb, void *params) |
__rte_experimental void * | __rte_security_get_userdata (struct rte_security_ctx *instance, uint64_t md) |
static __rte_experimental void * | rte_security_get_userdata (struct rte_security_ctx *instance, uint64_t md) |
static int | __rte_security_attach_session (struct rte_crypto_sym_op *sym_op, struct rte_security_session *sess) |
static int | rte_security_attach_session (struct rte_crypto_op *op, struct rte_security_session *sess) |
__rte_experimental int | rte_security_session_stats_get (struct rte_security_ctx *instance, struct rte_security_session *sess, struct rte_security_stats *stats) |
const struct rte_security_capability * | rte_security_capabilities_get (struct rte_security_ctx *instance) |
const struct rte_security_capability * | rte_security_capability_get (struct rte_security_ctx *instance, struct rte_security_capability_idx *idx) |
Variables | |
int | rte_security_dynfield_offset |
RTE Security Common Definitions
Definition in file rte_security.h.
#define RTE_SECURITY_IPSEC_TUNNEL_VERIFY_DST_ADDR 0x1 |
IPSEC tunnel header verification mode
Controls how outer IP header is verified in inbound.
Definition at line 60 of file rte_security.h.
#define RTE_SEC_CTX_F_FAST_SET_MDATA 0x00000001 |
Driver uses fast metadata update without using driver specific callback
Definition at line 84 of file rte_security.h.
#define RTE_SEC_CTX_F_FAST_GET_UDATA 0x00000002 |
Driver provides udata using fast method without using driver specific callback. For fast mdata and udata, mbuf dynamic field would be registered by driver via rte_security_dynfield_register().
Definition at line 90 of file rte_security.h.
#define RTE_SECURITY_PDCP_ORDERING_CAP 0x00000001 |
Underlying Hardware/driver which support PDCP may or may not support packet ordering. Set RTE_SECURITY_PDCP_ORDERING_CAP if it support. If it is not set, driver/HW assumes packets received are in order and it will be application's responsibility to maintain ordering.
Definition at line 857 of file rte_security.h.
#define RTE_SECURITY_PDCP_DUP_DETECT_CAP 0x00000002 |
Underlying Hardware/driver which support PDCP may or may not detect duplicate packet. Set RTE_SECURITY_PDCP_DUP_DETECT_CAP if it support. If it is not set, driver/HW assumes there is no duplicate packet received.
Definition at line 863 of file rte_security.h.
#define RTE_SECURITY_TX_OLOAD_NEED_MDATA 0x00000001 |
HW needs metadata update, see rte_security_set_pkt_metadata().
Definition at line 867 of file rte_security.h.
#define RTE_SECURITY_TX_HW_TRAILER_OFFLOAD 0x00000002 |
HW constructs trailer of packets Transmitted packets will have the trailer added to them by hardware. The next protocol field will be based on the mbuf->inner_esp_next_proto field.
Definition at line 874 of file rte_security.h.
#define RTE_SECURITY_RX_HW_TRAILER_OFFLOAD 0x00010000 |
HW removes trailer of packets Received packets have no trailer, the next protocol field is supplied in the mbuf->inner_esp_next_proto field. Inner packet is not modified.
Definition at line 880 of file rte_security.h.
typedef uint64_t rte_security_dynfield_t |
Device-specific metadata field type
Definition at line 588 of file rte_security.h.
IPSec protocol mode
Enumerator | |
---|---|
RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT | IPSec Transport mode |
RTE_SECURITY_IPSEC_SA_MODE_TUNNEL | IPSec Tunnel mode |
Definition at line 32 of file rte_security.h.
IPSec Protocol
Enumerator | |
---|---|
RTE_SECURITY_IPSEC_SA_PROTO_AH | AH protocol |
RTE_SECURITY_IPSEC_SA_PROTO_ESP | ESP protocol |
Definition at line 40 of file rte_security.h.
IPSEC tunnel type
Enumerator | |
---|---|
RTE_SECURITY_IPSEC_TUNNEL_IPV4 | Outer header is IPv4 |
RTE_SECURITY_IPSEC_TUNNEL_IPV6 | Outer header is IPv6 |
Definition at line 48 of file rte_security.h.
IPSec security association direction
Enumerator | |
---|---|
RTE_SECURITY_IPSEC_SA_DIR_EGRESS | Encrypt and generate digest |
RTE_SECURITY_IPSEC_SA_DIR_INGRESS | Verify digest and decrypt |
Definition at line 278 of file rte_security.h.
PDCP Mode of session
Enumerator | |
---|---|
RTE_SECURITY_PDCP_MODE_CONTROL | PDCP control plane |
RTE_SECURITY_PDCP_MODE_DATA | PDCP data plane |
RTE_SECURITY_PDCP_MODE_SHORT_MAC | PDCP short mac |
Definition at line 358 of file rte_security.h.
PDCP Frame direction
Enumerator | |
---|---|
RTE_SECURITY_PDCP_UPLINK | Uplink |
RTE_SECURITY_PDCP_DOWNLINK | Downlink |
Definition at line 365 of file rte_security.h.
PDCP Sequence Number Size selectors
Definition at line 371 of file rte_security.h.
DOCSIS direction
Enumerator | |
---|---|
RTE_SECURITY_DOCSIS_UPLINK | Uplink
|
RTE_SECURITY_DOCSIS_DOWNLINK | Downlink
|
Definition at line 432 of file rte_security.h.
Security session action type.
Definition at line 457 of file rte_security.h.
Security session protocol definition
Enumerator | |
---|---|
RTE_SECURITY_PROTOCOL_IPSEC | IPsec Protocol |
RTE_SECURITY_PROTOCOL_MACSEC | MACSec Protocol |
RTE_SECURITY_PROTOCOL_PDCP | PDCP Protocol |
RTE_SECURITY_PROTOCOL_DOCSIS | DOCSIS Protocol |
Definition at line 481 of file rte_security.h.
struct rte_security_session * rte_security_session_create | ( | struct rte_security_ctx * | instance, |
struct rte_security_session_conf * | conf, | ||
struct rte_mempool * | mp, | ||
struct rte_mempool * | priv_mp | ||
) |
Create security session as specified by the session configuration
instance | security instance |
conf | session configuration parameters |
mp | mempool to allocate session objects from |
priv_mp | mempool to allocate session private data objects from |
__rte_experimental int rte_security_session_update | ( | struct rte_security_ctx * | instance, |
struct rte_security_session * | sess, | ||
struct rte_security_session_conf * | conf | ||
) |
Update security session as specified by the session configuration
instance | security instance |
sess | session to update parameters |
conf | update configuration parameters |
unsigned int rte_security_session_get_size | ( | struct rte_security_ctx * | instance | ) |
Get the size of the security session data for a device.
instance | security instance. |
int rte_security_session_destroy | ( | struct rte_security_ctx * | instance, |
struct rte_security_session * | sess | ||
) |
Free security session header and the session private data and return it to its original mempool.
instance | security instance |
sess | security session to be freed |
|
inlinestatic |
Get pointer to mbuf field for device-specific metadata.
For performance reason, no check is done, the dynamic field may not be registered.
mbuf | packet to access |
Definition at line 607 of file rte_security.h.
|
inlinestatic |
Check whether the dynamic field is registered.
Definition at line 623 of file rte_security.h.
__rte_experimental int __rte_security_set_pkt_metadata | ( | struct rte_security_ctx * | instance, |
struct rte_security_session * | sess, | ||
struct rte_mbuf * | m, | ||
void * | params | ||
) |
Function to call PMD specific function pointer set_pkt_metadata()
|
inlinestatic |
Updates the buffer with device-specific defined metadata
instance | security instance |
sess | security session |
mb | packet mbuf to set metadata on. |
params | device-specific defined parameters required for metadata |
Definition at line 648 of file rte_security.h.
__rte_experimental void * __rte_security_get_userdata | ( | struct rte_security_ctx * | instance, |
uint64_t | md | ||
) |
Function to call PMD specific function pointer get_userdata()
|
inlinestatic |
Get userdata associated with the security session. Device specific metadata provided would be used to uniquely identify the security session being referred to. This userdata would be registered while creating the session, and application can use this to identify the SA etc.
Device specific metadata would be set in mbuf for inline processed inbound packets. In addition, the same metadata would be set for IPsec events reported by rte_eth_event framework.
instance | security instance |
md | device-specific metadata |
Definition at line 687 of file rte_security.h.
|
inlinestatic |
Attach a session to a symmetric crypto operation
sym_op | crypto operation |
sess | security session |
Definition at line 704 of file rte_security.h.
|
inlinestatic |
Attach a session to a crypto operation. This API is needed only in case of RTE_SECURITY_SESS_CRYPTO_PROTO_OFFLOAD For other rte_security_session_action_type, ol_flags in rte_mbuf may be defined to perform security operations.
op | crypto operation |
sess | security session |
Definition at line 735 of file rte_security.h.
__rte_experimental int rte_security_session_stats_get | ( | struct rte_security_ctx * | instance, |
struct rte_security_session * | sess, | ||
struct rte_security_stats * | stats | ||
) |
Get security session statistics
instance | security instance |
sess | security session If security session is NULL then global (per security instance) statistics will be retrieved, if supported. Global statistics collection is not dependent on the per session statistics configuration. |
stats | statistics |
const struct rte_security_capability * rte_security_capabilities_get | ( | struct rte_security_ctx * | instance | ) |
Returns array of security instance capabilities
instance | Security instance. |
const struct rte_security_capability * rte_security_capability_get | ( | struct rte_security_ctx * | instance, |
struct rte_security_capability_idx * | idx | ||
) |
Query if a specific capability is available on security instance
instance | security instance. |
idx | security capability index to match against |
|
extern |
Dynamic mbuf field for device-specific metadata