#define DEFAULT_MAX_CATEGORIES 1
-#define IPSEC_SA_MAX_ENTRIES (128) /* must be power of 2, max 2 power 30 */
-#define SPI2IDX(spi) (spi & (IPSEC_SA_MAX_ENTRIES - 1))
#define INVALID_SPI (0)
#define DISCARD INVALID_SPI
struct rte_mbuf;
struct ipsec_sa;
+/*
+ * Keeps number of configured SA's for each address family:
+ */
+struct ipsec_sa_cnt {
+ uint32_t nb_v4;
+ uint32_t nb_v6;
+};
typedef int32_t (*ipsec_xform_fn)(struct rte_mbuf *m, struct ipsec_sa *sa,
struct rte_crypto_op *cop);
uint32_t enable; /* use librte_ipsec API for ipsec pkt processing */
uint32_t window_size; /* replay window size */
uint32_t enable_esn; /* enable/disable ESN support */
+ uint32_t cache_sz; /* per lcore SA cache size */
uint64_t flags; /* rte_ipsec_sa_prm.flags */
};
extern struct app_sa_prm app_sa_prm;
+struct flow_info {
+ struct rte_flow *rx_def_flow;
+};
+
+extern struct flow_info flow_info_tbl[RTE_MAX_ETHPORTS];
+
+enum {
+ IPSEC_SESSION_PRIMARY = 0,
+ IPSEC_SESSION_FALLBACK = 1,
+ IPSEC_SESSION_MAX
+};
+
+#define IPSEC_SA_OFFLOAD_FALLBACK_FLAG (1)
+
+static inline struct ipsec_sa *
+ipsec_mask_saptr(void *ptr)
+{
+ uintptr_t i = (uintptr_t)ptr;
+ static const uintptr_t mask = IPSEC_SA_OFFLOAD_FALLBACK_FLAG;
+
+ i &= ~mask;
+
+ return (struct ipsec_sa *)i;
+}
+
struct ipsec_sa {
- struct rte_ipsec_session ips; /* one session per sa for now */
+ struct rte_ipsec_session sessions[IPSEC_SESSION_MAX];
uint32_t spi;
uint32_t cdev_id_qp;
uint64_t seq;
uint32_t salt;
+ uint32_t fallback_sessions;
enum rte_crypto_cipher_algorithm cipher_algo;
enum rte_crypto_auth_algorithm auth_algo;
enum rte_crypto_aead_algorithm aead_algo;
struct traffic_type {
const uint8_t *data[MAX_PKT_BURST * 2];
struct rte_mbuf *pkts[MAX_PKT_BURST * 2];
- struct ipsec_sa *saptr[MAX_PKT_BURST * 2];
+ void *saptr[MAX_PKT_BURST * 2];
uint32_t res[MAX_PKT_BURST * 2];
uint32_t num;
};
}
static inline struct rte_ipsec_session *
-ipsec_get_session(struct ipsec_sa *sa)
+ipsec_get_primary_session(struct ipsec_sa *sa)
+{
+ return &sa->sessions[IPSEC_SESSION_PRIMARY];
+}
+
+static inline struct rte_ipsec_session *
+ipsec_get_fallback_session(struct ipsec_sa *sa)
{
- return &sa->ips;
+ return &sa->sessions[IPSEC_SESSION_FALLBACK];
}
static inline enum rte_security_session_action_type
ipsec_get_action_type(struct ipsec_sa *sa)
{
struct rte_ipsec_session *ips;
- ips = ipsec_get_session(sa);
+ ips = ipsec_get_primary_session(sa);
return ips->type;
}
void
inbound_sa_lookup(struct sa_ctx *sa_ctx, struct rte_mbuf *pkts[],
- struct ipsec_sa *sa[], uint16_t nb_pkts);
+ void *sa[], uint16_t nb_pkts);
void
outbound_sa_lookup(struct sa_ctx *sa_ctx, uint32_t sa_idx[],
- struct ipsec_sa *sa[], uint16_t nb_pkts);
+ void *sa[], uint16_t nb_pkts);
void
sp4_init(struct socket_ctx *ctx, int32_t socket_id);
* or -ENOENT otherwise.
*/
int
-sa_spi_present(uint32_t spi, int inbound);
+sa_spi_present(struct sa_ctx *sa_ctx, uint32_t spi, int inbound);
void
sa_init(struct socket_ctx *ctx, int32_t socket_id);
git.droids-corp.org / dpdk.git / blobdiff