DPDK 21.11.9
Data Fields
rte_security_ipsec_sa_options Struct Reference

#include <rte_security.h>

Data Fields

uint32_t esn: 1
 
uint32_t udp_encap: 1
 
uint32_t copy_dscp: 1
 
uint32_t copy_flabel: 1
 
uint32_t copy_df: 1
 
uint32_t dec_ttl: 1
 
uint32_t ecn: 1
 
uint32_t stats: 1
 
uint32_t iv_gen_disable: 1
 
uint32_t tunnel_hdr_verify: 2
 
uint32_t udp_ports_verify: 1
 
uint32_t ip_csum_enable: 1
 
uint32_t l4_csum_enable: 1
 
uint32_t reserved_opts: 18
 

Detailed Description

IPsec Security Association option flags

Definition at line 139 of file rte_security.h.

Field Documentation

◆ esn

uint32_t esn

Extended Sequence Numbers (ESN)

  • 1: Use extended (64 bit) sequence numbers
  • 0: Use normal sequence numbers
Examples
examples/ipsec-secgw/ipsec.c, and examples/ipsec-secgw/sa.c.

Definition at line 145 of file rte_security.h.

◆ udp_encap

uint32_t udp_encap

UDP encapsulation

  • 1: Do UDP encapsulation/decapsulation so that IPSEC packets can traverse through NAT boxes.
  • 0: No UDP encapsulation
Examples
examples/ipsec-secgw/ipsec.c, and examples/ipsec-secgw/sa.c.

Definition at line 153 of file rte_security.h.

◆ copy_dscp

uint32_t copy_dscp

Copy DSCP bits

  • 1: Copy IPv4 or IPv6 DSCP bits from inner IP header to the outer IP header in encapsulation, and vice versa in decapsulation.
  • 0: Do not change DSCP field.
Examples
examples/ipsec-secgw/sa.c.

Definition at line 162 of file rte_security.h.

◆ copy_flabel

uint32_t copy_flabel

Copy IPv6 Flow Label

  • 1: Copy IPv6 flow label from inner IPv6 header to the outer IPv6 header.
  • 0: Outer header is not modified.

Definition at line 170 of file rte_security.h.

◆ copy_df

uint32_t copy_df

Copy IPv4 Don't Fragment bit

  • 1: Copy the DF bit from the inner IPv4 header to the outer IPv4 header.
  • 0: Outer header is not modified.

Definition at line 178 of file rte_security.h.

◆ dec_ttl

uint32_t dec_ttl

Decrement inner packet Time To Live (TTL) field

  • 1: In tunnel mode, decrement inner packet IPv4 TTL or IPv6 Hop Limit after tunnel decapsulation, or before tunnel encapsulation.
  • 0: Inner packet is not modified.

Definition at line 187 of file rte_security.h.

◆ ecn

uint32_t ecn

Explicit Congestion Notification (ECN)

  • 1: In tunnel mode, enable outer header ECN Field copied from inner header in tunnel encapsulation, or inner header ECN field construction in decapsulation.
  • 0: Inner/outer header are not modified.
Examples
examples/ipsec-secgw/sa.c.

Definition at line 196 of file rte_security.h.

◆ stats

uint32_t stats

Security statistics

  • 1: Enable per session security statistics collection for this SA, if supported by the driver.
  • 0: Disable per session security statistics collection for this SA.

Definition at line 204 of file rte_security.h.

◆ iv_gen_disable

uint32_t iv_gen_disable

Disable IV generation in PMD

  • 1: Disable IV generation in PMD. When disabled, IV provided in rte_crypto_op will be used by the PMD.
  • 0: Enable IV generation in PMD. When enabled, PMD generated random value would be used and application is not required to provide IV.

Note: For inline cases, IV generation would always need to be handled by the PMD.

Definition at line 218 of file rte_security.h.

◆ tunnel_hdr_verify

uint32_t tunnel_hdr_verify

Verify tunnel header in inbound

  • RTE_SECURITY_IPSEC_TUNNEL_VERIFY_DST_ADDR: Verify destination IP address.
  • RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR: Verify both source and destination IP addresses.

Definition at line 227 of file rte_security.h.

◆ udp_ports_verify

uint32_t udp_ports_verify

Verify UDP encapsulation ports in inbound

  • 1: Match UDP source and destination ports
  • 0: Do not match UDP ports

Definition at line 234 of file rte_security.h.

◆ ip_csum_enable

uint32_t ip_csum_enable

Compute/verify inner packet IPv4 header checksum in tunnel mode

  • 1: For outbound, compute inner packet IPv4 header checksum before tunnel encapsulation and for inbound, verify after tunnel decapsulation.
  • 0: Inner packet IP header checksum is not computed/verified.

The checksum verification status would be set in mbuf using RTE_MBUF_F_RX_IP_CKSUM_xxx flags.

Inner IP checksum computation can also be enabled(per operation) by setting the flag RTE_MBUF_F_TX_IP_CKSUM in mbuf.

Definition at line 249 of file rte_security.h.

◆ l4_csum_enable

uint32_t l4_csum_enable

Compute/verify inner packet L4 checksum in tunnel mode

  • 1: For outbound, compute inner packet L4 checksum before tunnel encapsulation and for inbound, verify after tunnel decapsulation.
  • 0: Inner packet L4 checksum is not computed/verified.

The checksum verification status would be set in mbuf using RTE_MBUF_F_RX_L4_CKSUM_xxx flags.

Inner L4 checksum computation can also be enabled(per operation) by setting the flags RTE_MBUF_F_TX_TCP_CKSUM or RTE_MBUF_F_TX_SCTP_CKSUM or RTE_MBUF_F_TX_UDP_CKSUM or RTE_MBUF_F_TX_L4_MASK in mbuf.

Definition at line 265 of file rte_security.h.

◆ reserved_opts

uint32_t reserved_opts

Reserved bit fields for future extension

User should ensure reserved_opts is cleared as it may change in subsequent releases to support new options.

Note: Reduce number of bits in reserved_opts for every new option.

Definition at line 274 of file rte_security.h.


The documentation for this struct was generated from the following file: