DPDK 21.11.9
rte_security.h
Go to the documentation of this file.
1/* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright 2017,2019-2020 NXP
3 * Copyright(c) 2017-2020 Intel Corporation.
4 */
5
6#ifndef _RTE_SECURITY_H_
7#define _RTE_SECURITY_H_
8
16#ifdef __cplusplus
17extern "C" {
18#endif
19
20#include <sys/types.h>
21
22#include <rte_compat.h>
23#include <rte_common.h>
24#include <rte_crypto.h>
25#include <rte_ip.h>
26#include <rte_mbuf.h>
27#include <rte_mbuf_dyn.h>
28#include <rte_memory.h>
29#include <rte_mempool.h>
30
37};
38
45};
46
53};
54
60#define RTE_SECURITY_IPSEC_TUNNEL_VERIFY_DST_ADDR 0x1
61#define RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR 0x2
62
73 void *device;
75 const struct rte_security_ops *ops;
77 uint16_t sess_cnt;
79 uint32_t flags;
81};
82
83#define RTE_SEC_CTX_F_FAST_SET_MDATA 0x00000001
86#define RTE_SEC_CTX_F_FAST_GET_UDATA 0x00000002
101 union {
102 struct {
103 struct in_addr src_ip;
105 struct in_addr dst_ip;
107 uint8_t dscp;
109 uint8_t df;
111 uint8_t ttl;
113 } ipv4;
115 struct {
116 struct in6_addr src_addr;
118 struct in6_addr dst_addr;
120 uint8_t dscp;
122 uint32_t flabel;
124 uint8_t hlimit;
126 } ipv6;
128 };
129};
130
131struct rte_security_ipsec_udp_param {
132 uint16_t sport;
133 uint16_t dport;
134};
135
145 uint32_t esn : 1;
146
153 uint32_t udp_encap : 1;
154
162 uint32_t copy_dscp : 1;
163
170 uint32_t copy_flabel : 1;
171
178 uint32_t copy_df : 1;
179
187 uint32_t dec_ttl : 1;
188
196 uint32_t ecn : 1;
197
204 uint32_t stats : 1;
205
218 uint32_t iv_gen_disable : 1;
219
227 uint32_t tunnel_hdr_verify : 2;
228
234 uint32_t udp_ports_verify : 1;
235
249 uint32_t ip_csum_enable : 1;
250
265 uint32_t l4_csum_enable : 1;
266
274 uint32_t reserved_opts : 18;
275};
276
283};
284
307};
308
315 uint32_t spi;
317 uint32_t salt;
335 union {
336 uint64_t value;
337 struct {
338 uint32_t low;
339 uint32_t hi;
340 };
341 } esn;
343 struct rte_security_ipsec_udp_param udp;
345};
346
352 int dummy;
353};
354
362};
363
368};
369
383
390 int8_t bearer;
394 uint8_t en_ordering;
409 uint32_t hfn;
420 uint8_t hfn_ovrd;
428 uint16_t reserved;
429};
430
441};
442
451};
452
456/* Enumeration of rte_security_session_action_type 8<*/
477/* >8 End enumeration of rte_security_session_action_type. */
478
480/* Enumeration of rte_security_session_protocol 8<*/
490};
491/* >8 End enumeration of rte_security_session_protocol. */
492
496/* Structure rte_security_session_conf 8< */
503 union {
504 struct rte_security_ipsec_xform ipsec;
505 struct rte_security_macsec_xform macsec;
506 struct rte_security_pdcp_xform pdcp;
507 struct rte_security_docsis_xform docsis;
508 };
512 void *userdata;
514};
515/* >8 End of structure rte_security_session_conf. */
516
517struct rte_security_session {
518 void *sess_private_data;
520 uint64_t opaque_data;
522};
523
535struct rte_security_session *
537 struct rte_security_session_conf *conf,
538 struct rte_mempool *mp,
539 struct rte_mempool *priv_mp);
540
551__rte_experimental
552int
554 struct rte_security_session *sess,
555 struct rte_security_session_conf *conf);
556
566unsigned int
568
583int
585 struct rte_security_session *sess);
586
588typedef uint64_t rte_security_dynfield_t;
591
605__rte_experimental
606static inline rte_security_dynfield_t *
608{
609 return RTE_MBUF_DYNFIELD(mbuf,
612}
613
622__rte_experimental
624{
626}
627
629__rte_experimental
631 struct rte_security_session *sess,
632 struct rte_mbuf *m, void *params);
633
647static inline int
649 struct rte_security_session *sess,
650 struct rte_mbuf *mb, void *params)
651{
652 /* Fast Path */
653 if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) {
655 (rte_security_dynfield_t)(sess->sess_private_data);
656 return 0;
657 }
658
659 /* Jump to PMD specific function pointer */
660 return __rte_security_set_pkt_metadata(instance, sess, mb, params);
661}
662
664__rte_experimental
665extern void *__rte_security_get_userdata(struct rte_security_ctx *instance,
666 uint64_t md);
667
685__rte_experimental
686static inline void *
687rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
688{
689 /* Fast Path */
690 if (instance->flags & RTE_SEC_CTX_F_FAST_GET_UDATA)
691 return (void *)(uintptr_t)md;
692
693 /* Jump to PMD specific function pointer */
694 return __rte_security_get_userdata(instance, md);
695}
696
703static inline int
705 struct rte_security_session *sess)
706{
707 sym_op->sec_session = sess;
708
709 return 0;
710}
711
712static inline void *
713get_sec_session_private_data(const struct rte_security_session *sess)
714{
715 return sess->sess_private_data;
716}
717
718static inline void
719set_sec_session_private_data(struct rte_security_session *sess,
720 void *private_data)
721{
722 sess->sess_private_data = private_data;
723}
724
734static inline int
736 struct rte_security_session *sess)
737{
739 return -EINVAL;
740
742
743 return __rte_security_attach_session(op->sym, sess);
744}
745
746struct rte_security_macsec_stats {
747 uint64_t reserved;
748};
749
750struct rte_security_ipsec_stats {
751 uint64_t ipackets;
752 uint64_t opackets;
753 uint64_t ibytes;
754 uint64_t obytes;
755 uint64_t ierrors;
756 uint64_t oerrors;
757 uint64_t reserved1;
758 uint64_t reserved2;
759};
760
761struct rte_security_pdcp_stats {
762 uint64_t reserved;
763};
764
765struct rte_security_docsis_stats {
766 uint64_t reserved;
767};
768
769struct rte_security_stats {
770 enum rte_security_session_protocol protocol;
774 union {
775 struct rte_security_macsec_stats macsec;
776 struct rte_security_ipsec_stats ipsec;
777 struct rte_security_pdcp_stats pdcp;
778 struct rte_security_docsis_stats docsis;
779 };
780};
781
795__rte_experimental
796int
798 struct rte_security_session *sess,
799 struct rte_security_stats *stats);
800
810 union {
811 struct {
824 } ipsec;
826 struct {
827 /* To be Filled */
828 int dummy;
829 } macsec;
831 struct {
834 uint32_t capa_flags;
836 } pdcp;
838 struct {
841 } docsis;
843 };
844
848 uint32_t ol_flags;
850};
851
857#define RTE_SECURITY_PDCP_ORDERING_CAP 0x00000001
858
863#define RTE_SECURITY_PDCP_DUP_DETECT_CAP 0x00000002
864
865#define RTE_SECURITY_TX_OLOAD_NEED_MDATA 0x00000001
869#define RTE_SECURITY_TX_HW_TRAILER_OFFLOAD 0x00000002
875#define RTE_SECURITY_RX_HW_TRAILER_OFFLOAD 0x00010000
888 enum rte_security_session_protocol protocol;
889
891 union {
892 struct {
895 enum rte_security_ipsec_sa_direction direction;
896 } ipsec;
897 struct {
898 enum rte_security_pdcp_domain domain;
899 uint32_t capa_flags;
900 } pdcp;
901 struct {
902 enum rte_security_docsis_direction direction;
903 } docsis;
904 };
905};
906
916const struct rte_security_capability *
918
930const struct rte_security_capability *
932 struct rte_security_capability_idx *idx);
933
934#ifdef __cplusplus
935}
936#endif
937
938#endif /* _RTE_SECURITY_H_ */
#define unlikely(x)
#define RTE_STD_C11
Definition: rte_common.h:42
@ RTE_CRYPTO_OP_SECURITY_SESSION
Definition: rte_crypto.h:65
@ RTE_CRYPTO_OP_TYPE_SYMMETRIC
Definition: rte_crypto.h:32
#define RTE_MBUF_DYNFIELD(m, offset, type)
Definition: rte_mbuf_dyn.h:229
rte_security_session_protocol
Definition: rte_security.h:481
@ RTE_SECURITY_PROTOCOL_PDCP
Definition: rte_security.h:486
@ RTE_SECURITY_PROTOCOL_DOCSIS
Definition: rte_security.h:488
@ RTE_SECURITY_PROTOCOL_IPSEC
Definition: rte_security.h:482
@ RTE_SECURITY_PROTOCOL_MACSEC
Definition: rte_security.h:484
static int __rte_security_attach_session(struct rte_crypto_sym_op *sym_op, struct rte_security_session *sess)
Definition: rte_security.h:704
const struct rte_security_capability * rte_security_capability_get(struct rte_security_ctx *instance, struct rte_security_capability_idx *idx)
const struct rte_security_capability * rte_security_capabilities_get(struct rte_security_ctx *instance)
#define RTE_SEC_CTX_F_FAST_SET_MDATA
Definition: rte_security.h:83
#define RTE_SEC_CTX_F_FAST_GET_UDATA
Definition: rte_security.h:86
rte_security_pdcp_direction
Definition: rte_security.h:365
@ RTE_SECURITY_PDCP_UPLINK
Definition: rte_security.h:366
@ RTE_SECURITY_PDCP_DOWNLINK
Definition: rte_security.h:367
struct rte_security_session * rte_security_session_create(struct rte_security_ctx *instance, struct rte_security_session_conf *conf, struct rte_mempool *mp, struct rte_mempool *priv_mp)
rte_security_ipsec_sa_protocol
Definition: rte_security.h:40
@ RTE_SECURITY_IPSEC_SA_PROTO_AH
Definition: rte_security.h:41
@ RTE_SECURITY_IPSEC_SA_PROTO_ESP
Definition: rte_security.h:43
__rte_experimental int rte_security_session_update(struct rte_security_ctx *instance, struct rte_security_session *sess, struct rte_security_session_conf *conf)
rte_security_session_action_type
Definition: rte_security.h:457
@ RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO
Definition: rte_security.h:472
@ RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL
Definition: rte_security.h:464
@ RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL
Definition: rte_security.h:468
@ RTE_SECURITY_ACTION_TYPE_NONE
Definition: rte_security.h:458
@ RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO
Definition: rte_security.h:460
__rte_experimental int rte_security_session_stats_get(struct rte_security_ctx *instance, struct rte_security_session *sess, struct rte_security_stats *stats)
static __rte_experimental void * rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
Definition: rte_security.h:687
rte_security_ipsec_sa_direction
Definition: rte_security.h:278
@ RTE_SECURITY_IPSEC_SA_DIR_INGRESS
Definition: rte_security.h:281
@ RTE_SECURITY_IPSEC_SA_DIR_EGRESS
Definition: rte_security.h:279
int rte_security_session_destroy(struct rte_security_ctx *instance, struct rte_security_session *sess)
static int rte_security_set_pkt_metadata(struct rte_security_ctx *instance, struct rte_security_session *sess, struct rte_mbuf *mb, void *params)
Definition: rte_security.h:648
rte_security_ipsec_sa_mode
Definition: rte_security.h:32
@ RTE_SECURITY_IPSEC_SA_MODE_TUNNEL
Definition: rte_security.h:35
@ RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT
Definition: rte_security.h:33
rte_security_pdcp_domain
Definition: rte_security.h:358
@ RTE_SECURITY_PDCP_MODE_CONTROL
Definition: rte_security.h:359
@ RTE_SECURITY_PDCP_MODE_SHORT_MAC
Definition: rte_security.h:361
@ RTE_SECURITY_PDCP_MODE_DATA
Definition: rte_security.h:360
static int rte_security_attach_session(struct rte_crypto_op *op, struct rte_security_session *sess)
Definition: rte_security.h:735
rte_security_docsis_direction
Definition: rte_security.h:432
@ RTE_SECURITY_DOCSIS_UPLINK
Definition: rte_security.h:433
@ RTE_SECURITY_DOCSIS_DOWNLINK
Definition: rte_security.h:437
unsigned int rte_security_session_get_size(struct rte_security_ctx *instance)
int rte_security_dynfield_offset
__rte_experimental int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance, struct rte_security_session *sess, struct rte_mbuf *m, void *params)
static __rte_experimental bool rte_security_dynfield_is_registered(void)
Definition: rte_security.h:623
uint64_t rte_security_dynfield_t
Definition: rte_security.h:588
__rte_experimental void * __rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
static __rte_experimental rte_security_dynfield_t * rte_security_dynfield(struct rte_mbuf *mbuf)
Definition: rte_security.h:607
rte_security_pdcp_sn_size
Definition: rte_security.h:371
@ RTE_SECURITY_PDCP_SN_SIZE_12
Definition: rte_security.h:377
@ RTE_SECURITY_PDCP_SN_SIZE_18
Definition: rte_security.h:381
@ RTE_SECURITY_PDCP_SN_SIZE_15
Definition: rte_security.h:379
@ RTE_SECURITY_PDCP_SN_SIZE_7
Definition: rte_security.h:375
@ RTE_SECURITY_PDCP_SN_SIZE_5
Definition: rte_security.h:373
rte_security_ipsec_tunnel_type
Definition: rte_security.h:48
@ RTE_SECURITY_IPSEC_TUNNEL_IPV6
Definition: rte_security.h:51
@ RTE_SECURITY_IPSEC_TUNNEL_IPV4
Definition: rte_security.h:49
uint8_t type
Definition: rte_crypto.h:89
struct rte_crypto_sym_op sym[0]
Definition: rte_crypto.h:135
uint8_t sess_type
Definition: rte_crypto.h:99
struct rte_security_session * sec_session
enum rte_security_ipsec_sa_protocol proto
Definition: rte_security.h:812
struct rte_security_capability::@371::@376 docsis
enum rte_security_session_action_type action
Definition: rte_security.h:805
enum rte_security_ipsec_sa_direction direction
Definition: rte_security.h:816
struct rte_security_capability::@371::@375 pdcp
struct rte_security_ipsec_sa_options options
Definition: rte_security.h:818
struct rte_security_capability::@371::@374 macsec
struct rte_security_capability::@371::@373 ipsec
enum rte_security_pdcp_domain domain
Definition: rte_security.h:832
enum rte_security_session_protocol protocol
Definition: rte_security.h:807
enum rte_security_ipsec_sa_mode mode
Definition: rte_security.h:814
enum rte_security_docsis_direction direction
Definition: rte_security.h:839
const struct rte_cryptodev_capabilities * crypto_capabilities
Definition: rte_security.h:845
uint16_t sess_cnt
Definition: rte_security.h:77
const struct rte_security_ops * ops
Definition: rte_security.h:75
enum rte_security_docsis_direction direction
Definition: rte_security.h:449
enum rte_security_ipsec_tunnel_type type
Definition: rte_security.h:98
struct rte_security_ipsec_tunnel_param::@360::@363 ipv6
struct rte_security_ipsec_tunnel_param::@360::@362 ipv4
struct rte_security_ipsec_lifetime life
Definition: rte_security.h:329
struct rte_security_ipsec_tunnel_param tunnel
Definition: rte_security.h:327
enum rte_security_ipsec_sa_protocol proto
Definition: rte_security.h:323
union rte_security_ipsec_xform::@364 esn
enum rte_security_ipsec_sa_direction direction
Definition: rte_security.h:321
struct rte_security_ipsec_sa_options options
Definition: rte_security.h:319
enum rte_security_ipsec_sa_mode mode
Definition: rte_security.h:325
struct rte_security_ipsec_udp_param udp
Definition: rte_security.h:343
enum rte_security_pdcp_sn_size sn_size
Definition: rte_security.h:405
enum rte_security_pdcp_direction pkt_dir
Definition: rte_security.h:403
enum rte_security_pdcp_domain domain
Definition: rte_security.h:401
struct rte_crypto_sym_xform * crypto_xform
Definition: rte_security.h:510
enum rte_security_session_action_type action_type
Definition: rte_security.h:498
enum rte_security_session_protocol protocol
Definition: rte_security.h:500