cryptodev: remove unused cryptodev session structure

[dpdk.git] / examples / ipsec-secgw / ipsec.h

diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index e60fae6..ccd0aa8 100644 (file)
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -1,7 +1,7 @@
 /*-
  *   BSD LICENSE
  *
- *   Copyright(c) 2016 Intel Corporation. All rights reserved.
+ *   Copyright(c) 2016-2017 Intel Corporation. All rights reserved.
  *   All rights reserved.
  *
  *   Redistribution and use in source and binary forms, with or without
@@ -37,7 +37,6 @@
 #include <stdint.h>
 
 #include <rte_byteorder.h>
-#include <rte_ip.h>
 #include <rte_crypto.h>
 
 #define RTE_LOGTYPE_IPSEC       RTE_LOGTYPE_USER1
@@ -49,16 +48,19 @@
 
 #define MAX_DIGEST_SIZE 32 /* Bytes -- 256 bits */
 
+#define IV_OFFSET              (sizeof(struct rte_crypto_op) + \
+                               sizeof(struct rte_crypto_sym_op))
+
 #define uint32_t_to_char(ip, a, b, c, d) do {\
-               *a = (unsigned char)(ip >> 24 & 0xff);\
-               *b = (unsigned char)(ip >> 16 & 0xff);\
-               *c = (unsigned char)(ip >> 8 & 0xff);\
-               *d = (unsigned char)(ip & 0xff);\
+               *a = (uint8_t)(ip >> 24 & 0xff);\
+               *b = (uint8_t)(ip >> 16 & 0xff);\
+               *c = (uint8_t)(ip >> 8 & 0xff);\
+               *d = (uint8_t)(ip & 0xff);\
        } while (0)
 
 #define DEFAULT_MAX_CATEGORIES 1
 
-#define IPSEC_SA_MAX_ENTRIES (64) /* must be power of 2, max 2 power 30 */
+#define IPSEC_SA_MAX_ENTRIES (128) /* must be power of 2, max 2 power 30 */
 #define SPI2IDX(spi) (spi & (IPSEC_SA_MAX_ENTRIES - 1))
 #define INVALID_SPI (0)
 
@@ -69,39 +71,61 @@
 
 #define IPSEC_XFORM_MAX 2
 
+#define IP6_VERSION (6)
+
 struct rte_crypto_xform;
 struct ipsec_xform;
-struct rte_cryptodev_session;
 struct rte_mbuf;
 
 struct ipsec_sa;
 
-typedef int (*ipsec_xform_fn)(struct rte_mbuf *m, struct ipsec_sa *sa,
+typedef int32_t (*ipsec_xform_fn)(struct rte_mbuf *m, struct ipsec_sa *sa,
                struct rte_crypto_op *cop);
 
+struct ip_addr {
+       union {
+               uint32_t ip4;
+               union {
+                       uint64_t ip6[2];
+                       uint8_t ip6_b[16];
+               } ip6;
+       } ip;
+};
+
+#define MAX_KEY_SIZE           32
+
 struct ipsec_sa {
        uint32_t spi;
        uint32_t cdev_id_qp;
-       uint32_t src;
-       uint32_t dst;
+       uint64_t seq;
+       uint32_t salt;
        struct rte_cryptodev_sym_session *crypto_session;
-       struct rte_crypto_sym_xform *xforms;
-       ipsec_xform_fn pre_crypto;
-       ipsec_xform_fn post_crypto;
        enum rte_crypto_cipher_algorithm cipher_algo;
        enum rte_crypto_auth_algorithm auth_algo;
+       enum rte_crypto_aead_algorithm aead_algo;
        uint16_t digest_len;
        uint16_t iv_len;
        uint16_t block_size;
        uint16_t flags;
-       uint32_t seq;
+#define IP4_TUNNEL (1 << 0)
+#define IP6_TUNNEL (1 << 1)
+#define TRANSPORT  (1 << 2)
+       struct ip_addr src;
+       struct ip_addr dst;
+       uint8_t cipher_key[MAX_KEY_SIZE];
+       uint16_t cipher_key_len;
+       uint8_t auth_key[MAX_KEY_SIZE];
+       uint16_t auth_key_len;
+       uint16_t aad_len;
+       struct rte_crypto_sym_xform *xforms;
 } __rte_cache_aligned;
 
 struct ipsec_mbuf_metadata {
        struct ipsec_sa *sa;
        struct rte_crypto_op cop;
        struct rte_crypto_sym_op sym_cop;
-};
+       uint8_t buf[32];
+} __rte_cache_aligned;
 
 struct cdev_qp {
        uint16_t id;
@@ -113,7 +137,8 @@ struct cdev_qp {
 
 struct ipsec_ctx {
        struct rte_hash *cdev_map;
-       struct sp_ctx *sp_ctx;
+       struct sp_ctx *sp4_ctx;
+       struct sp_ctx *sp6_ctx;
        struct sa_ctx *sa_ctx;
        uint16_t nb_qps;
        uint16_t last_qp;
@@ -127,14 +152,23 @@ struct cdev_key {
 };
 
 struct socket_ctx {
-       struct sa_ctx *sa_ipv4_in;
-       struct sa_ctx *sa_ipv4_out;
-       struct sp_ctx *sp_ipv4_in;
-       struct sp_ctx *sp_ipv4_out;
-       struct rt_ctx *rt_ipv4;
+       struct sa_ctx *sa_in;
+       struct sa_ctx *sa_out;
+       struct sp_ctx *sp_ip4_in;
+       struct sp_ctx *sp_ip4_out;
+       struct sp_ctx *sp_ip6_in;
+       struct sp_ctx *sp_ip6_out;
+       struct rt_ctx *rt_ip4;
+       struct rt_ctx *rt_ip6;
        struct rte_mempool *mbuf_pool;
 };
 
+struct cnt_blk {
+       uint32_t salt;
+       uint64_t iv;
+       uint32_t cnt;
+} __attribute__((packed));
+
 uint16_t
 ipsec_inbound(struct ipsec_ctx *ctx, struct rte_mbuf *pkts[],
                uint16_t nb_pkts, uint16_t len);
@@ -155,6 +189,28 @@ get_priv(struct rte_mbuf *m)
        return RTE_PTR_ADD(m, sizeof(struct rte_mbuf));
 }
 
+static inline void *
+get_cnt_blk(struct rte_mbuf *m)
+{
+       struct ipsec_mbuf_metadata *priv = get_priv(m);
+
+       return &priv->buf[0];
+}
+
+static inline void *
+get_aad(struct rte_mbuf *m)
+{
+       struct ipsec_mbuf_metadata *priv = get_priv(m);
+
+       return &priv->buf[16];
+}
+
+static inline void *
+get_sym_cop(struct rte_crypto_op *cop)
+{
+       return (cop + 1);
+}
+
 int
 inbound_sa_check(struct sa_ctx *sa_ctx, struct rte_mbuf *m, uint32_t sa_idx);
 
@@ -167,12 +223,15 @@ outbound_sa_lookup(struct sa_ctx *sa_ctx, uint32_t sa_idx[],
                struct ipsec_sa *sa[], uint16_t nb_pkts);
 
 void
-sp_init(struct socket_ctx *ctx, int socket_id, unsigned ep);
+sp4_init(struct socket_ctx *ctx, int32_t socket_id);
+
+void
+sp6_init(struct socket_ctx *ctx, int32_t socket_id);
 
 void
-sa_init(struct socket_ctx *ctx, int socket_id, unsigned ep);
+sa_init(struct socket_ctx *ctx, int32_t socket_id);
 
 void
-rt_init(struct socket_ctx *ctx, int socket_id, unsigned ep);
+rt_init(struct socket_ctx *ctx, int32_t socket_id);
 
 #endif /* __IPSEC_H__ */