DPDK  23.07.0
Data Structures | Macros | Enumerations | Functions
rte_ipsec_sa.h File Reference
#include <rte_common.h>
#include <rte_cryptodev.h>
#include <rte_security.h>

Go to the source code of this file.

Data Structures

struct  rte_ipsec_sa_prm
 

Macros

#define RTE_IPSEC_SAFLAG_SQN_ATOM   (1ULL << 0)
 

Enumerations

enum  
 

Functions

uint64_t rte_ipsec_sa_type (const struct rte_ipsec_sa *sa)
 
int rte_ipsec_sa_size (const struct rte_ipsec_sa_prm *prm)
 
int rte_ipsec_sa_init (struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm, uint32_t size)
 
void rte_ipsec_sa_fini (struct rte_ipsec_sa *sa)
 

Detailed Description

Defines API to manage IPsec Security Association (SA) objects.

Definition in file rte_ipsec_sa.h.

Macro Definition Documentation

◆ RTE_IPSEC_SAFLAG_SQN_ATOM

#define RTE_IPSEC_SAFLAG_SQN_ATOM   (1ULL << 0)

Indicates that SA will(/will not) need an 'atomic' access to sequence number and replay window. 'atomic' here means: functions:

  • rte_ipsec_pkt_crypto_prepare
  • rte_ipsec_pkt_process can be safely used in MT environment, as long as the user can guarantee that they obey multiple readers/single writer model for SQN+replay_window operations. To be more specific: for outbound SA there are no restrictions. for inbound SA the caller has to guarantee that at any given moment only one thread is executing rte_ipsec_pkt_process() for given SA. Note that it is caller responsibility to maintain correct order of packets to be processed. In other words - it is a caller responsibility to serialize process() invocations.
Examples:
examples/ipsec-secgw/ipsec-secgw.c.

Definition at line 70 of file rte_ipsec_sa.h.

Enumeration Type Documentation

◆ anonymous enum

anonymous enum

SA type is an 64-bit value that contain the following information:

  • IP version (IPv4/IPv6)
  • IPsec proto (ESP/AH)
  • inbound/outbound
  • mode (TRANSPORT/TUNNEL)
  • for TUNNEL outer IP version (IPv4/IPv6)
  • are SA SQN operations 'atomic'
  • ESN enabled/disabled
  • NAT-T UDP encapsulated (TUNNEL mode only) ...

Definition at line 85 of file rte_ipsec_sa.h.

Function Documentation

◆ rte_ipsec_sa_type()

uint64_t rte_ipsec_sa_type ( const struct rte_ipsec_sa *  sa)

get type of given SA

Returns
SA type value.
Examples:
examples/ipsec-secgw/ipsec_process.c, and examples/ipsec-secgw/ipsec_worker.c.

◆ rte_ipsec_sa_size()

int rte_ipsec_sa_size ( const struct rte_ipsec_sa_prm prm)

Calculate required SA size based on provided input parameters.

Parameters
prmParameters that will be used to initialise SA object.
Returns
  • Actual size required for SA with given parameters.
  • -EINVAL if the parameters are invalid.
Examples:
examples/ipsec-secgw/sa.c.

◆ rte_ipsec_sa_init()

int rte_ipsec_sa_init ( struct rte_ipsec_sa *  sa,
const struct rte_ipsec_sa_prm prm,
uint32_t  size 
)

initialise SA based on provided input parameters.

Parameters
saSA object to initialise.
prmParameters used to initialise given SA object.
sizesize of the provided buffer for SA.
Returns
  • Actual size of SA object if operation completed successfully.
  • -EINVAL if the parameters are invalid.
  • -ENOSPC if the size of the provided buffer is not big enough.
Examples:
examples/ipsec-secgw/sa.c.

◆ rte_ipsec_sa_fini()

void rte_ipsec_sa_fini ( struct rte_ipsec_sa *  sa)

cleanup SA

Parameters
saPointer to SA object to de-initialize.