6 #ifndef _RTE_SECURITY_H_ 7 #define _RTE_SECURITY_H_ 20 #include <sys/types.h> 22 #include <rte_compat.h> 57 #define RTE_SECURITY_IPSEC_TUNNEL_VERIFY_DST_ADDR 0x1 58 #define RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR 0x2 84 #define RTE_SEC_CTX_F_FAST_SET_MDATA 0x00000001 101 struct in_addr src_ip;
103 struct in_addr dst_ip;
129 struct rte_security_ipsec_udp_param {
354 struct rte_security_ipsec_udp_param udp;
369 #define RTE_SECURITY_MACSEC_NUM_AN 4 371 #define RTE_SECURITY_MACSEC_SALT_LEN 12 420 uint8_t reserved : 6;
436 #define RTE_SECURITY_MACSEC_VALIDATE_DISABLE 0 438 #define RTE_SECURITY_MACSEC_VALIDATE_NO_DISCARD 1 440 #define RTE_SECURITY_MACSEC_VALIDATE_STRICT 2 442 #define RTE_SECURITY_MACSEC_VALIDATE_NO_OP 3 505 uint16_t icv_include_da_sa : 1;
507 uint16_t ctrl_port_enable : 1;
515 uint16_t reserved : 9;
835 static inline rte_security_dynfield_t *
839 rte_security_dynfield_offset,
840 rte_security_dynfield_t *);
854 return rte_security_dynfield_offset >= 0;
857 #define RTE_SECURITY_SESS_OPAQUE_DATA_OFF 0 858 #define RTE_SECURITY_SESS_FAST_MDATA_OFF 1 862 static inline uint64_t
865 return *((uint64_t *)sess + RTE_SECURITY_SESS_OPAQUE_DATA_OFF);
875 data = (((uint64_t *)sess) + RTE_SECURITY_SESS_OPAQUE_DATA_OFF);
882 static inline uint64_t
885 return *((uint64_t *)sess + RTE_SECURITY_SESS_FAST_MDATA_OFF);
895 data = (((uint64_t *)sess) + RTE_SECURITY_SESS_FAST_MDATA_OFF);
969 struct rte_security_macsec_secy_stats {
970 uint64_t ctl_pkt_bcast_cnt;
971 uint64_t ctl_pkt_mcast_cnt;
972 uint64_t ctl_pkt_ucast_cnt;
973 uint64_t ctl_octet_cnt;
974 uint64_t unctl_pkt_bcast_cnt;
975 uint64_t unctl_pkt_mcast_cnt;
976 uint64_t unctl_pkt_ucast_cnt;
977 uint64_t unctl_octet_cnt;
979 uint64_t octet_decrypted_cnt;
980 uint64_t octet_validated_cnt;
981 uint64_t pkt_port_disabled_cnt;
982 uint64_t pkt_badtag_cnt;
983 uint64_t pkt_nosa_cnt;
984 uint64_t pkt_nosaerror_cnt;
985 uint64_t pkt_tagged_ctl_cnt;
986 uint64_t pkt_untaged_cnt;
987 uint64_t pkt_ctl_cnt;
988 uint64_t pkt_notag_cnt;
990 uint64_t octet_encrypted_cnt;
991 uint64_t octet_protected_cnt;
992 uint64_t pkt_noactivesa_cnt;
993 uint64_t pkt_toolong_cnt;
994 uint64_t pkt_untagged_cnt;
997 struct rte_security_macsec_sc_stats {
1000 uint64_t pkt_invalid_cnt;
1001 uint64_t pkt_late_cnt;
1002 uint64_t pkt_notvalid_cnt;
1003 uint64_t pkt_unchecked_cnt;
1004 uint64_t pkt_delay_cnt;
1005 uint64_t pkt_ok_cnt;
1006 uint64_t octet_decrypt_cnt;
1007 uint64_t octet_validate_cnt;
1009 uint64_t pkt_encrypt_cnt;
1010 uint64_t pkt_protected_cnt;
1011 uint64_t octet_encrypt_cnt;
1012 uint64_t octet_protected_cnt;
1015 struct rte_security_macsec_sa_stats {
1017 uint64_t pkt_invalid_cnt;
1018 uint64_t pkt_nosaerror_cnt;
1019 uint64_t pkt_notvalid_cnt;
1020 uint64_t pkt_ok_cnt;
1021 uint64_t pkt_nosa_cnt;
1023 uint64_t pkt_encrypt_cnt;
1024 uint64_t pkt_protected_cnt;
1027 struct rte_security_ipsec_stats {
1038 struct rte_security_pdcp_stats {
1042 struct rte_security_docsis_stats {
1046 struct rte_security_stats {
1052 struct rte_security_macsec_secy_stats macsec;
1053 struct rte_security_ipsec_stats ipsec;
1054 struct rte_security_pdcp_stats pdcp;
1055 struct rte_security_docsis_stats docsis;
1076 struct rte_security_stats *stats);
1095 struct rte_security_macsec_sa_stats *stats);
1114 struct rte_security_macsec_sc_stats *stats);
1202 #define RTE_SECURITY_PDCP_ORDERING_CAP 0x00000001 1208 #define RTE_SECURITY_PDCP_DUP_DETECT_CAP 0x00000002 1210 #define RTE_SECURITY_TX_OLOAD_NEED_MDATA 0x00000001 1214 #define RTE_SECURITY_TX_HW_TRAILER_OFFLOAD 0x00000002 1220 #define RTE_SECURITY_RX_HW_TRAILER_OFFLOAD 0x00010000 1244 uint32_t capa_flags;
rte_security_pdcp_sn_size
rte_security_ipsec_sa_protocol
uint32_t tunnel_hdr_verify
struct rte_ether_addr src_addr
rte_security_session_action_type
rte_security_pdcp_direction
__rte_experimental int rte_security_macsec_sa_destroy(struct rte_security_ctx *instance, uint16_t sa_id)
uint16_t relative_sectag_insert
__rte_experimental int rte_security_macsec_sa_create(struct rte_security_ctx *instance, struct rte_security_macsec_sa *conf)
const struct rte_security_capability * rte_security_capabilities_get(struct rte_security_ctx *instance)
unsigned int rte_security_session_get_size(struct rte_security_ctx *instance)
static int rte_security_set_pkt_metadata(struct rte_security_ctx *instance, void *sess, struct rte_mbuf *mb, void *params)
uint32_t replay_win_sz_max
struct rte_crypto_sym_xform * crypto_xform
static __rte_experimental rte_security_dynfield_t * rte_security_dynfield(struct rte_mbuf *mbuf)
uint64_t bytes_hard_limit
rte_security_ipsec_sa_mode
static void rte_security_session_fast_mdata_set(void *sess, uint64_t fdata)
static uint64_t rte_security_session_opaque_data_get(void *sess)
void * rte_security_session_create(struct rte_security_ctx *instance, struct rte_security_session_conf *conf, struct rte_mempool *mp)
uint64_t bytes_soft_limit
uint32_t ip_reassembly_en
int rte_security_dynfield_offset
rte_security_ipsec_sa_direction
rte_security_ipsec_tunnel_type
struct rte_ether_addr dst_addr
#define RTE_SECURITY_MACSEC_NUM_AN
#define RTE_MBUF_DYNFIELD(m, offset, type)
int rte_security_session_destroy(struct rte_security_ctx *instance, void *sess)
__rte_experimental int rte_security_session_update(struct rte_security_ctx *instance, void *sess, struct rte_security_session_conf *conf)
#define RTE_SEC_CTX_F_FAST_SET_MDATA
__rte_experimental int rte_security_macsec_sc_stats_get(struct rte_security_ctx *instance, uint16_t sc_id, struct rte_security_macsec_sc_stats *stats)
__rte_experimental int rte_security_macsec_sa_stats_get(struct rte_security_ctx *instance, uint16_t sa_id, struct rte_security_macsec_sa_stats *stats)
__rte_experimental int rte_security_macsec_sc_create(struct rte_security_ctx *instance, struct rte_security_macsec_sc *conf)
static int __rte_security_attach_session(struct rte_crypto_sym_op *sym_op, void *sess)
rte_security_macsec_direction
uint16_t icv_include_da_sa
static void rte_security_session_opaque_data_set(void *sess, uint64_t opaque)
static __rte_experimental bool rte_security_dynfield_is_registered(void)
uint16_t fixed_sectag_insert
uint32_t udp_ports_verify
static int rte_security_attach_session(struct rte_crypto_op *op, void *sess)
static uint64_t rte_security_session_fast_mdata_get(void *sess)
__rte_experimental int rte_security_session_stats_get(struct rte_security_ctx *instance, void *sess, struct rte_security_stats *stats)
rte_security_docsis_direction
uint64_t rte_security_dynfield_t
#define RTE_SECURITY_MACSEC_SALT_LEN
const struct rte_security_capability * rte_security_capability_get(struct rte_security_ctx *instance, struct rte_security_capability_idx *idx)
const struct rte_cryptodev_capabilities * crypto_capabilities
uint64_t packets_hard_limit
rte_security_session_protocol
uint16_t ctrl_port_enable
uint64_t packets_soft_limit
__rte_experimental int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance, void *sess, struct rte_mbuf *m, void *params)
__rte_experimental int rte_security_macsec_sc_destroy(struct rte_security_ctx *instance, uint16_t sc_id)
const struct rte_security_ops * ops
struct rte_crypto_sym_op sym[0]