DPDK 24.11.1
Data Structures | Macros | Functions
rte_swx_ipsec.h File Reference
#include <stdint.h>
#include <stdio.h>
#include <netinet/in.h>
#include <rte_compat.h>
#include <rte_crypto_sym.h>
#include <rte_ip6.h>

Go to the source code of this file.

Data Structures

struct  rte_swx_ipsec_burst_size
 
struct  rte_swx_ipsec_params
 
struct  rte_swx_ipsec_input_packet_metadata
 
struct  rte_swx_ipsec_sa_cipher_params
 
struct  rte_swx_ipsec_sa_authentication_params
 
struct  rte_swx_ipsec_sa_aead_params
 
struct  rte_swx_ipsec_sa_encap_params
 
struct  rte_swx_ipsec_sa_params
 

Macros

#define RTE_SWX_IPSEC_NAME_SIZE   64
 
#define RTE_SWX_IPSEC_BURST_SIZE_MAX   256
 
#define RTE_SWX_IPSEC_KEY_SIZE_MAX   64
 

Functions

__rte_experimental struct rte_swx_ipsec * rte_swx_ipsec_find (const char *name)
 
__rte_experimental int rte_swx_ipsec_create (struct rte_swx_ipsec **ipsec, const char *name, struct rte_swx_ipsec_params *params, int numa_node)
 
__rte_experimental void rte_swx_ipsec_free (struct rte_swx_ipsec *ipsec)
 
__rte_experimental void rte_swx_ipsec_run (struct rte_swx_ipsec *ipsec)
 
__rte_experimental int rte_swx_ipsec_sa_add (struct rte_swx_ipsec *ipsec, struct rte_swx_ipsec_sa_params *sa_params, uint32_t *sa_id)
 
__rte_experimental void rte_swx_ipsec_sa_delete (struct rte_swx_ipsec *ipsec, uint32_t sa_id)
 
__rte_experimental struct rte_swx_ipsec_sa_paramsrte_swx_ipsec_sa_read (struct rte_swx_ipsec *ipsec, const char *string, int *is_blank_or_comment, const char **errmsg)
 

Detailed Description

RTE SWX Internet Protocol Security (IPsec)

The IPsec block is a companion block for the SWX pipeline used to provide IPsec support to the pipeline. The block is external to the pipeline, hence it needs to be explicitly instantiated by the user and connected to a pipeline instance through the pipeline I/O ports.

Main features:

Security Association (SA):

Packet format:

SA update procedure:

Definition in file rte_swx_ipsec.h.

Macro Definition Documentation

◆ RTE_SWX_IPSEC_NAME_SIZE

#define RTE_SWX_IPSEC_NAME_SIZE   64

Name size.

Definition at line 66 of file rte_swx_ipsec.h.

◆ RTE_SWX_IPSEC_BURST_SIZE_MAX

#define RTE_SWX_IPSEC_BURST_SIZE_MAX   256

Maximum burst size.

Definition at line 71 of file rte_swx_ipsec.h.

◆ RTE_SWX_IPSEC_KEY_SIZE_MAX

#define RTE_SWX_IPSEC_KEY_SIZE_MAX   64

Maximum key size in bytes.

Definition at line 186 of file rte_swx_ipsec.h.

Function Documentation

◆ rte_swx_ipsec_find()

__rte_experimental struct rte_swx_ipsec * rte_swx_ipsec_find ( const char *  name)

IPsec instance find

Parameters
[in]nameIPsec instance name.
Returns
Valid IPsec instance handle if found or NULL otherwise.
Examples
examples/pipeline/cli.c.

◆ rte_swx_ipsec_create()

__rte_experimental int rte_swx_ipsec_create ( struct rte_swx_ipsec **  ipsec,
const char *  name,
struct rte_swx_ipsec_params params,
int  numa_node 
)

IPsec instance create

Parameters
[out]ipsecIPsec instance handle. Must point to valid memory. Contains valid pipeline handle once this function returns successfully.
[in]nameIPsec instance unique name.
[in]paramsIPsec instance configuration parameters.
[in]numa_nodeNon-Uniform Memory Access (NUMA) node.
Returns
0 on success or the following error codes otherwise: -EINVAL: Invalid argument; -ENOMEM: Not enough space/cannot allocate memory; -EEXIST: Pipeline with this name already exists.
Examples
examples/pipeline/cli.c.

◆ rte_swx_ipsec_free()

__rte_experimental void rte_swx_ipsec_free ( struct rte_swx_ipsec *  ipsec)

IPsec instance free

Parameters
[in]ipsecIPsec instance handle.

◆ rte_swx_ipsec_run()

__rte_experimental void rte_swx_ipsec_run ( struct rte_swx_ipsec *  ipsec)

IPsec Data Plane API IPsec instance run

Parameters
[in]ipsecIPsec instance handle.
Examples
examples/pipeline/cli.c.

◆ rte_swx_ipsec_sa_add()

__rte_experimental int rte_swx_ipsec_sa_add ( struct rte_swx_ipsec *  ipsec,
struct rte_swx_ipsec_sa_params sa_params,
uint32_t *  sa_id 
)

IPsec SA add

Parameters
[in]ipsecIPsec instance handle.
[in]sa_paramsSA parameters.
[out]sa_idOn success, the SA ID.
Returns
0 on success or error code otherwise.
Examples
examples/pipeline/cli.c.

◆ rte_swx_ipsec_sa_delete()

__rte_experimental void rte_swx_ipsec_sa_delete ( struct rte_swx_ipsec *  ipsec,
uint32_t  sa_id 
)

IPsec SA delete

It is the responibility of the Control Plane to make sure the SA to be deleted is no longer used by the Data Plane.

Parameters
[in]ipsecIPsec instance handle.
[in]sa_idThe SA ID.
Examples
examples/pipeline/cli.c.

◆ rte_swx_ipsec_sa_read()

__rte_experimental struct rte_swx_ipsec_sa_params * rte_swx_ipsec_sa_read ( struct rte_swx_ipsec *  ipsec,
const char *  string,
int *  is_blank_or_comment,
const char **  errmsg 
)

IPsec SA read from string

IPsec SA syntax:

<sa> : encrypt <crypto_params> <encap_params> | decrypt <crypto_params> <encap_params> ;

<crypto_params> : <cipher> <auth> | <aead> ;

<cipher> : cipher <ciher_alg> key <cipher_key> | cipher <cipher_alg> ;

<auth> : auth <authentication_alg> key <authentication_key> | auth <authentication_alg> ;

<aead> : aead <aead_alg> key <aead_key> ;

<encap_params> : esp spi <spi> tunnel ipv4 srcaddr <ipv4_src_addr> dstaddr <ipv4_dst_addr> | esp spi <spi> tunnel ipv6 srcaddr <ipv6_src_addr> dstaddr <ipv6_dst_addr> | esp spi <spi> transport ;

Parameters
[in]ipsecIPsec instance handle.
[in]stringString containing the SA.
[in,out]is_blank_or_commentOn error, when its input value is not NULL, this argument is set to a non-zero value when string contains a blank or comment line and to zero otherwise.
[in,out]errmsgOn error, when its input value is not NULL, this argument points to a string with details on the detected error.
Returns
Pointer to valid IPsec SA parameters data structure on success or NULL on error.
Examples
examples/pipeline/cli.c.