DPDK  22.07.0
rte_security.h
Go to the documentation of this file.
1 /* SPDX-License-Identifier: BSD-3-Clause
2  * Copyright 2017,2019-2020 NXP
3  * Copyright(c) 2017-2020 Intel Corporation.
4  */
5 
6 #ifndef _RTE_SECURITY_H_
7 #define _RTE_SECURITY_H_
8 
16 #ifdef __cplusplus
17 extern "C" {
18 #endif
19 
20 #include <sys/types.h>
21 
22 #include <rte_compat.h>
23 #include <rte_common.h>
24 #include <rte_crypto.h>
25 #include <rte_ip.h>
26 #include <rte_mbuf_dyn.h>
27 
34 };
35 
42 };
43 
50 };
51 
57 #define RTE_SECURITY_IPSEC_TUNNEL_VERIFY_DST_ADDR 0x1
58 #define RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR 0x2
59 
70  void *device;
72  const struct rte_security_ops *ops;
74  uint16_t sess_cnt;
76  uint32_t flags;
78 };
79 
80 #define RTE_SEC_CTX_F_FAST_SET_MDATA 0x00000001
81 
83 #define RTE_SEC_CTX_F_FAST_GET_UDATA 0x00000002
84 
98  union {
99  struct {
100  struct in_addr src_ip;
102  struct in_addr dst_ip;
104  uint8_t dscp;
106  uint8_t df;
108  uint8_t ttl;
110  } ipv4;
112  struct {
113  struct in6_addr src_addr;
115  struct in6_addr dst_addr;
117  uint8_t dscp;
119  uint32_t flabel;
121  uint8_t hlimit;
123  } ipv6;
125  };
126 };
127 
128 struct rte_security_ipsec_udp_param {
129  uint16_t sport;
130  uint16_t dport;
131 };
132 
142  uint32_t esn : 1;
143 
150  uint32_t udp_encap : 1;
151 
159  uint32_t copy_dscp : 1;
160 
167  uint32_t copy_flabel : 1;
168 
175  uint32_t copy_df : 1;
176 
184  uint32_t dec_ttl : 1;
185 
193  uint32_t ecn : 1;
194 
201  uint32_t stats : 1;
202 
215  uint32_t iv_gen_disable : 1;
216 
224  uint32_t tunnel_hdr_verify : 2;
225 
231  uint32_t udp_ports_verify : 1;
232 
246  uint32_t ip_csum_enable : 1;
247 
262  uint32_t l4_csum_enable : 1;
263 
275  uint32_t ip_reassembly_en : 1;
276 
284  uint32_t reserved_opts : 17;
285 };
286 
293 };
294 
317 };
318 
325  uint32_t spi;
327  uint32_t salt;
341  uint32_t replay_win_sz;
345  union {
346  uint64_t value;
347  struct {
348  uint32_t low;
349  uint32_t hi;
350  };
351  } esn;
353  struct rte_security_ipsec_udp_param udp;
355 };
356 
362  int dummy;
363 };
364 
372 };
373 
378 };
379 
392 };
393 
400  int8_t bearer;
404  uint8_t en_ordering;
419  uint32_t hfn;
421  uint32_t hfn_threshold;
430  uint8_t hfn_ovrd;
436  uint8_t sdap_enabled;
438  uint16_t reserved;
439 };
440 
451 };
452 
461 };
462 
485 };
486 
497 };
498 
508  union {
509  struct rte_security_ipsec_xform ipsec;
510  struct rte_security_macsec_xform macsec;
511  struct rte_security_pdcp_xform pdcp;
512  struct rte_security_docsis_xform docsis;
513  };
517  void *userdata;
519 };
520 
521 struct rte_security_session {
522  void *sess_private_data;
524  uint64_t opaque_data;
526 };
527 
539 struct rte_security_session *
541  struct rte_security_session_conf *conf,
542  struct rte_mempool *mp,
543  struct rte_mempool *priv_mp);
544 
555 __rte_experimental
556 int
558  struct rte_security_session *sess,
559  struct rte_security_session_conf *conf);
560 
570 unsigned int
572 
587 int
589  struct rte_security_session *sess);
590 
592 typedef uint64_t rte_security_dynfield_t;
595 
609 __rte_experimental
610 static inline rte_security_dynfield_t *
612 {
613  return RTE_MBUF_DYNFIELD(mbuf,
614  rte_security_dynfield_offset,
615  rte_security_dynfield_t *);
616 }
617 
626 __rte_experimental
627 static inline bool rte_security_dynfield_is_registered(void)
628 {
629  return rte_security_dynfield_offset >= 0;
630 }
631 
633 __rte_experimental
634 extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
635  struct rte_security_session *sess,
636  struct rte_mbuf *m, void *params);
637 
651 static inline int
653  struct rte_security_session *sess,
654  struct rte_mbuf *mb, void *params)
655 {
656  /* Fast Path */
657  if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) {
658  *rte_security_dynfield(mb) =
659  (rte_security_dynfield_t)(sess->sess_private_data);
660  return 0;
661  }
662 
663  /* Jump to PMD specific function pointer */
664  return __rte_security_set_pkt_metadata(instance, sess, mb, params);
665 }
666 
668 __rte_experimental
669 extern void *__rte_security_get_userdata(struct rte_security_ctx *instance,
670  uint64_t md);
671 
689 __rte_experimental
690 static inline void *
691 rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
692 {
693  /* Fast Path */
694  if (instance->flags & RTE_SEC_CTX_F_FAST_GET_UDATA)
695  return (void *)(uintptr_t)md;
696 
697  /* Jump to PMD specific function pointer */
698  return __rte_security_get_userdata(instance, md);
699 }
700 
707 static inline int
709  struct rte_security_session *sess)
710 {
711  sym_op->sec_session = sess;
712 
713  return 0;
714 }
715 
716 static inline void *
717 get_sec_session_private_data(const struct rte_security_session *sess)
718 {
719  return sess->sess_private_data;
720 }
721 
722 static inline void
723 set_sec_session_private_data(struct rte_security_session *sess,
724  void *private_data)
725 {
726  sess->sess_private_data = private_data;
727 }
728 
738 static inline int
740  struct rte_security_session *sess)
741 {
743  return -EINVAL;
744 
746 
747  return __rte_security_attach_session(op->sym, sess);
748 }
749 
750 struct rte_security_macsec_stats {
751  uint64_t reserved;
752 };
753 
754 struct rte_security_ipsec_stats {
755  uint64_t ipackets;
756  uint64_t opackets;
757  uint64_t ibytes;
758  uint64_t obytes;
759  uint64_t ierrors;
760  uint64_t oerrors;
761  uint64_t reserved1;
762  uint64_t reserved2;
763 };
764 
765 struct rte_security_pdcp_stats {
766  uint64_t reserved;
767 };
768 
769 struct rte_security_docsis_stats {
770  uint64_t reserved;
771 };
772 
773 struct rte_security_stats {
774  enum rte_security_session_protocol protocol;
778  union {
779  struct rte_security_macsec_stats macsec;
780  struct rte_security_ipsec_stats ipsec;
781  struct rte_security_pdcp_stats pdcp;
782  struct rte_security_docsis_stats docsis;
783  };
784 };
785 
799 __rte_experimental
800 int
802  struct rte_security_session *sess,
803  struct rte_security_stats *stats);
804 
814  union {
815  struct {
828  } ipsec;
830  struct {
831  /* To be Filled */
832  int dummy;
833  } macsec;
835  struct {
838  uint32_t capa_flags;
840  } pdcp;
842  struct {
845  } docsis;
847  };
848 
852  uint32_t ol_flags;
854 };
855 
861 #define RTE_SECURITY_PDCP_ORDERING_CAP 0x00000001
862 
867 #define RTE_SECURITY_PDCP_DUP_DETECT_CAP 0x00000002
868 
869 #define RTE_SECURITY_TX_OLOAD_NEED_MDATA 0x00000001
870 
873 #define RTE_SECURITY_TX_HW_TRAILER_OFFLOAD 0x00000002
874 
879 #define RTE_SECURITY_RX_HW_TRAILER_OFFLOAD 0x00010000
880 
892  enum rte_security_session_protocol protocol;
893 
895  union {
896  struct {
898  enum rte_security_ipsec_sa_mode mode;
899  enum rte_security_ipsec_sa_direction direction;
900  } ipsec;
901  struct {
902  enum rte_security_pdcp_domain domain;
903  uint32_t capa_flags;
904  } pdcp;
905  struct {
906  enum rte_security_docsis_direction direction;
907  } docsis;
908  };
909 };
910 
920 const struct rte_security_capability *
922 
934 const struct rte_security_capability *
936  struct rte_security_capability_idx *idx);
937 
938 #ifdef __cplusplus
939 }
940 #endif
941 
942 #endif /* _RTE_SECURITY_H_ */
rte_security_pdcp_sn_size
Definition: rte_security.h:381
rte_security_ipsec_sa_protocol
Definition: rte_security.h:37
__rte_experimental void * __rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
static int rte_security_attach_session(struct rte_crypto_op *op, struct rte_security_session *sess)
Definition: rte_security.h:739
struct rte_ether_addr src_addr
Definition: rte_ether.h:269
rte_security_session_action_type
Definition: rte_security.h:466
__rte_experimental int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance, struct rte_security_session *sess, struct rte_mbuf *m, void *params)
rte_security_pdcp_direction
Definition: rte_security.h:375
static int rte_security_set_pkt_metadata(struct rte_security_ctx *instance, struct rte_security_session *sess, struct rte_mbuf *mb, void *params)
Definition: rte_security.h:652
int rte_security_session_destroy(struct rte_security_ctx *instance, struct rte_security_session *sess)
struct rte_security_session * sec_session
const struct rte_security_capability * rte_security_capabilities_get(struct rte_security_ctx *instance)
unsigned int rte_security_session_get_size(struct rte_security_ctx *instance)
uint8_t type
Definition: rte_crypto.h:89
struct rte_crypto_sym_xform * crypto_xform
Definition: rte_security.h:515
static __rte_experimental rte_security_dynfield_t * rte_security_dynfield(struct rte_mbuf *mbuf)
Definition: rte_security.h:611
rte_security_ipsec_sa_mode
Definition: rte_security.h:29
uint16_t sess_cnt
Definition: rte_security.h:74
struct rte_security_session * rte_security_session_create(struct rte_security_ctx *instance, struct rte_security_session_conf *conf, struct rte_mempool *mp, struct rte_mempool *priv_mp)
static int __rte_security_attach_session(struct rte_crypto_sym_op *sym_op, struct rte_security_session *sess)
Definition: rte_security.h:708
int rte_security_dynfield_offset
rte_security_ipsec_sa_direction
Definition: rte_security.h:288
rte_security_ipsec_tunnel_type
Definition: rte_security.h:45
struct rte_ether_addr dst_addr
Definition: rte_ether.h:268
__rte_experimental int rte_security_session_stats_get(struct rte_security_ctx *instance, struct rte_security_session *sess, struct rte_security_stats *stats)
#define RTE_MBUF_DYNFIELD(m, offset, type)
Definition: rte_mbuf_dyn.h:227
#define RTE_SEC_CTX_F_FAST_SET_MDATA
Definition: rte_security.h:80
#define unlikely(x)
__rte_experimental int rte_security_session_update(struct rte_security_ctx *instance, struct rte_security_session *sess, struct rte_security_session_conf *conf)
#define RTE_STD_C11
Definition: rte_common.h:42
static __rte_experimental bool rte_security_dynfield_is_registered(void)
Definition: rte_security.h:627
#define RTE_SEC_CTX_F_FAST_GET_UDATA
Definition: rte_security.h:83
rte_security_docsis_direction
Definition: rte_security.h:442
uint64_t rte_security_dynfield_t
Definition: rte_security.h:592
const struct rte_security_capability * rte_security_capability_get(struct rte_security_ctx *instance, struct rte_security_capability_idx *idx)
const struct rte_cryptodev_capabilities * crypto_capabilities
Definition: rte_security.h:849
uint8_t sess_type
Definition: rte_crypto.h:99
static __rte_experimental void * rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
Definition: rte_security.h:691
rte_security_session_protocol
Definition: rte_security.h:488
rte_security_pdcp_domain
Definition: rte_security.h:368
const struct rte_security_ops * ops
Definition: rte_security.h:72
struct rte_crypto_sym_op sym[0]
Definition: rte_crypto.h:135