1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2019 Intel Corporation
11 ipsec_sad_add(struct ipsec_sad *sad, struct ipsec_sa *sa)
15 union rte_ipsec_sad_key key = { {0} };
16 const union rte_ipsec_sad_key *lookup_key[1];
18 /* spi field is common for ipv4 and ipv6 key types */
19 key.v4.spi = rte_cpu_to_be_32(sa->spi);
21 switch (WITHOUT_TRANSPORT_VERSION(sa->flags)) {
23 rte_ipsec_sad_lookup(sad->sad_v4, lookup_key, &tmp, 1);
27 ret = rte_ipsec_sad_add(sad->sad_v4, &key,
28 RTE_IPSEC_SAD_SPI_ONLY, sa);
33 rte_ipsec_sad_lookup(sad->sad_v6, lookup_key, &tmp, 1);
37 ret = rte_ipsec_sad_add(sad->sad_v6, &key,
38 RTE_IPSEC_SAD_SPI_ONLY, sa);
43 if (sp4_spi_present(sa->spi, 1, NULL, NULL) >= 0) {
44 rte_ipsec_sad_lookup(sad->sad_v4, lookup_key, &tmp, 1);
48 ret = rte_ipsec_sad_add(sad->sad_v4, &key,
49 RTE_IPSEC_SAD_SPI_ONLY, sa);
53 if (sp6_spi_present(sa->spi, 1, NULL, NULL) >= 0) {
54 rte_ipsec_sad_lookup(sad->sad_v6, lookup_key, &tmp, 1);
58 ret = rte_ipsec_sad_add(sad->sad_v6, &key,
59 RTE_IPSEC_SAD_SPI_ONLY, sa);
69 ipsec_sad_create(const char *name, struct ipsec_sad *sad,
70 int socket_id, struct ipsec_sa_cnt *sa_cnt)
73 struct rte_ipsec_sad_conf sad_conf;
74 char sad_name[RTE_IPSEC_SAD_NAMESIZE];
76 if ((name == NULL) || (sad == NULL) || (sa_cnt == NULL))
79 ret = snprintf(sad_name, RTE_IPSEC_SAD_NAMESIZE, "%s_v4", name);
80 if (ret < 0 || ret >= RTE_IPSEC_SAD_NAMESIZE)
83 sad_conf.socket_id = socket_id;
85 /* Make SAD have extra 25% of required number of entries */
86 sad_conf.max_sa[RTE_IPSEC_SAD_SPI_ONLY] = sa_cnt->nb_v4 * 5 / 4;
87 sad_conf.max_sa[RTE_IPSEC_SAD_SPI_DIP] = 0;
88 sad_conf.max_sa[RTE_IPSEC_SAD_SPI_DIP_SIP] = 0;
90 if (sa_cnt->nb_v4 != 0) {
91 sad->sad_v4 = rte_ipsec_sad_create(sad_name, &sad_conf);
92 if (sad->sad_v4 == NULL)
96 ret = snprintf(sad_name, RTE_IPSEC_SAD_NAMESIZE, "%s_v6", name);
97 if (ret < 0 || ret >= RTE_IPSEC_SAD_NAMESIZE)
99 sad_conf.flags = RTE_IPSEC_SAD_FLAG_IPV6;
100 sad_conf.max_sa[RTE_IPSEC_SAD_SPI_ONLY] = sa_cnt->nb_v6 * 5 / 4;
102 if (sa_cnt->nb_v6 != 0) {
103 sad->sad_v6 = rte_ipsec_sad_create(name, &sad_conf);
104 if (sad->sad_v6 == NULL)