1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2018-2020 Intel Corporation
9 #include <rte_cryptodev.h>
12 #include "ipsec_sqn.h"
18 typedef uint16_t (*esp_inb_process_t)(const struct rte_ipsec_sa *sa,
19 struct rte_mbuf *mb[], uint32_t sqn[], uint32_t dr[], uint16_t num,
23 * helper function to fill crypto_sym op for cipher+auth algorithms.
24 * used by inb_cop_prepare(), see below.
27 sop_ciph_auth_prepare(struct rte_crypto_sym_op *sop,
28 const struct rte_ipsec_sa *sa, const union sym_op_data *icv,
29 uint32_t pofs, uint32_t plen)
31 sop->cipher.data.offset = pofs + sa->ctp.cipher.offset;
32 sop->cipher.data.length = plen - sa->ctp.cipher.length;
33 sop->auth.data.offset = pofs + sa->ctp.auth.offset;
34 sop->auth.data.length = plen - sa->ctp.auth.length;
35 sop->auth.digest.data = icv->va;
36 sop->auth.digest.phys_addr = icv->pa;
40 * helper function to fill crypto_sym op for aead algorithms
41 * used by inb_cop_prepare(), see below.
44 sop_aead_prepare(struct rte_crypto_sym_op *sop,
45 const struct rte_ipsec_sa *sa, const union sym_op_data *icv,
46 uint32_t pofs, uint32_t plen)
48 sop->aead.data.offset = pofs + sa->ctp.cipher.offset;
49 sop->aead.data.length = plen - sa->ctp.cipher.length;
50 sop->aead.digest.data = icv->va;
51 sop->aead.digest.phys_addr = icv->pa;
52 sop->aead.aad.data = icv->va + sa->icv_len;
53 sop->aead.aad.phys_addr = icv->pa + sa->icv_len;
57 * setup crypto op and crypto sym op for ESP inbound packet.
60 inb_cop_prepare(struct rte_crypto_op *cop,
61 const struct rte_ipsec_sa *sa, struct rte_mbuf *mb,
62 const union sym_op_data *icv, uint32_t pofs, uint32_t plen)
64 struct rte_crypto_sym_op *sop;
65 struct aead_gcm_iv *gcm;
66 struct aead_ccm_iv *ccm;
67 struct aead_chacha20_poly1305_iv *chacha20_poly1305;
68 struct aesctr_cnt_blk *ctr;
73 ivp = rte_pktmbuf_mtod_offset(mb, uint64_t *,
74 pofs + sizeof(struct rte_esp_hdr));
76 /* fill sym op fields */
80 case ALGO_TYPE_AES_GCM:
81 sop_aead_prepare(sop, sa, icv, pofs, plen);
83 /* fill AAD IV (located inside crypto op) */
84 gcm = rte_crypto_op_ctod_offset(cop, struct aead_gcm_iv *,
86 aead_gcm_iv_fill(gcm, ivp[0], sa->salt);
88 case ALGO_TYPE_AES_CCM:
89 sop_aead_prepare(sop, sa, icv, pofs, plen);
91 /* fill AAD IV (located inside crypto op) */
92 ccm = rte_crypto_op_ctod_offset(cop, struct aead_ccm_iv *,
94 aead_ccm_iv_fill(ccm, ivp[0], sa->salt);
96 case ALGO_TYPE_CHACHA20_POLY1305:
97 sop_aead_prepare(sop, sa, icv, pofs, plen);
99 /* fill AAD IV (located inside crypto op) */
100 chacha20_poly1305 = rte_crypto_op_ctod_offset(cop,
101 struct aead_chacha20_poly1305_iv *,
103 aead_chacha20_poly1305_iv_fill(chacha20_poly1305,
106 case ALGO_TYPE_AES_CBC:
107 case ALGO_TYPE_3DES_CBC:
108 sop_ciph_auth_prepare(sop, sa, icv, pofs, plen);
110 /* copy iv from the input packet to the cop */
111 ivc = rte_crypto_op_ctod_offset(cop, uint64_t *, sa->iv_ofs);
112 copy_iv(ivc, ivp, sa->iv_len);
114 case ALGO_TYPE_AES_GMAC:
115 sop_ciph_auth_prepare(sop, sa, icv, pofs, plen);
117 /* fill AAD IV (located inside crypto op) */
118 gcm = rte_crypto_op_ctod_offset(cop, struct aead_gcm_iv *,
120 aead_gcm_iv_fill(gcm, ivp[0], sa->salt);
122 case ALGO_TYPE_AES_CTR:
123 sop_ciph_auth_prepare(sop, sa, icv, pofs, plen);
125 /* fill CTR block (located inside crypto op) */
126 ctr = rte_crypto_op_ctod_offset(cop, struct aesctr_cnt_blk *,
128 aes_ctr_cnt_blk_fill(ctr, ivp[0], sa->salt);
131 sop_ciph_auth_prepare(sop, sa, icv, pofs, plen);
136 static inline uint32_t
137 inb_cpu_crypto_prepare(const struct rte_ipsec_sa *sa, struct rte_mbuf *mb,
138 uint32_t *pofs, uint32_t plen, void *iv)
140 struct aead_gcm_iv *gcm;
141 struct aead_ccm_iv *ccm;
142 struct aead_chacha20_poly1305_iv *chacha20_poly1305;
143 struct aesctr_cnt_blk *ctr;
147 ivp = rte_pktmbuf_mtod_offset(mb, uint64_t *,
148 *pofs + sizeof(struct rte_esp_hdr));
151 switch (sa->algo_type) {
152 case ALGO_TYPE_AES_GCM:
153 case ALGO_TYPE_AES_GMAC:
154 gcm = (struct aead_gcm_iv *)iv;
155 aead_gcm_iv_fill(gcm, ivp[0], sa->salt);
157 case ALGO_TYPE_AES_CCM:
158 ccm = (struct aead_ccm_iv *)iv;
159 aead_ccm_iv_fill(ccm, ivp[0], sa->salt);
161 case ALGO_TYPE_CHACHA20_POLY1305:
162 chacha20_poly1305 = (struct aead_chacha20_poly1305_iv *)iv;
163 aead_chacha20_poly1305_iv_fill(chacha20_poly1305,
166 case ALGO_TYPE_AES_CBC:
167 case ALGO_TYPE_3DES_CBC:
168 copy_iv(iv, ivp, sa->iv_len);
170 case ALGO_TYPE_AES_CTR:
171 ctr = (struct aesctr_cnt_blk *)iv;
172 aes_ctr_cnt_blk_fill(ctr, ivp[0], sa->salt);
176 *pofs += sa->ctp.auth.offset;
177 clen = plen - sa->ctp.auth.length;
182 * Helper function for prepare() to deal with situation when
183 * ICV is spread by two segments. Tries to move ICV completely into the
186 static struct rte_mbuf *
187 move_icv(struct rte_mbuf *ml, uint32_t ofs)
195 n = ml->data_len - ofs;
197 prev = rte_pktmbuf_mtod_offset(ml, const void *, ofs);
198 new = rte_pktmbuf_prepend(ms, n);
202 /* move n ICV bytes from ml into ms */
203 rte_memcpy(new, prev, n);
210 * for pure cryptodev (lookaside none) depending on SA settings,
211 * we might have to write some extra data to the packet.
214 inb_pkt_xprepare(const struct rte_ipsec_sa *sa, rte_be64_t sqc,
215 const union sym_op_data *icv)
217 struct aead_gcm_aad *aad;
218 struct aead_ccm_aad *caad;
219 struct aead_chacha20_poly1305_aad *chacha_aad;
221 /* insert SQN.hi between ESP trailer and ICV */
222 if (sa->sqh_len != 0)
223 insert_sqh(sqn_hi32(sqc), icv->va, sa->icv_len);
226 * fill AAD fields, if any (aad fields are placed after icv),
227 * right now we support only one AEAD algorithm: AES-GCM.
229 switch (sa->algo_type) {
230 case ALGO_TYPE_AES_GCM:
231 if (sa->aad_len != 0) {
232 aad = (struct aead_gcm_aad *)(icv->va + sa->icv_len);
233 aead_gcm_aad_fill(aad, sa->spi, sqc, IS_ESN(sa));
236 case ALGO_TYPE_AES_CCM:
237 if (sa->aad_len != 0) {
238 caad = (struct aead_ccm_aad *)(icv->va + sa->icv_len);
239 aead_ccm_aad_fill(caad, sa->spi, sqc, IS_ESN(sa));
242 case ALGO_TYPE_CHACHA20_POLY1305:
243 if (sa->aad_len != 0) {
244 chacha_aad = (struct aead_chacha20_poly1305_aad *)
245 (icv->va + sa->icv_len);
246 aead_chacha20_poly1305_aad_fill(chacha_aad,
247 sa->spi, sqc, IS_ESN(sa));
254 inb_get_sqn(const struct rte_ipsec_sa *sa, const struct replay_sqn *rsn,
255 struct rte_mbuf *mb, uint32_t hlen, rte_be64_t *sqc)
259 struct rte_esp_hdr *esph;
261 esph = rte_pktmbuf_mtod_offset(mb, struct rte_esp_hdr *, hlen);
264 * retrieve and reconstruct SQN, then check it, then
265 * convert it back into network byte order.
267 sqn = rte_be_to_cpu_32(esph->seq);
269 sqn = reconstruct_esn(rsn->sqn, sqn, sa->replay.win_sz);
270 *sqc = rte_cpu_to_be_64(sqn);
272 /* check IPsec window */
273 rc = esn_inb_check_sqn(rsn, sa, sqn);
278 /* prepare packet for upcoming processing */
279 static inline int32_t
280 inb_prepare(const struct rte_ipsec_sa *sa, struct rte_mbuf *mb,
281 uint32_t hlen, union sym_op_data *icv)
283 uint32_t clen, icv_len, icv_ofs, plen;
286 /* start packet manipulation */
290 /* check that packet has a valid length */
291 clen = plen - sa->ctp.cipher.length;
292 if ((int32_t)clen < 0 || (clen & (sa->pad_align - 1)) != 0)
295 /* find ICV location */
296 icv_len = sa->icv_len;
297 icv_ofs = mb->pkt_len - icv_len;
299 ml = mbuf_get_seg_ofs(mb, &icv_ofs);
302 * if ICV is spread by two segments, then try to
303 * move ICV completely into the last segment.
305 if (ml->data_len < icv_ofs + icv_len) {
307 ml = move_icv(ml, icv_ofs);
311 /* new ICV location */
315 icv_ofs += sa->sqh_len;
318 * we have to allocate space for AAD somewhere,
319 * right now - just use free trailing space at the last segment.
320 * Would probably be more convenient to reserve space for AAD
321 * inside rte_crypto_op itself
322 * (again for IV space is already reserved inside cop).
324 if (sa->aad_len + sa->sqh_len > rte_pktmbuf_tailroom(ml))
327 icv->va = rte_pktmbuf_mtod_offset(ml, void *, icv_ofs);
328 icv->pa = rte_pktmbuf_iova_offset(ml, icv_ofs);
331 * if esn is used then high-order 32 bits are also used in ICV
332 * calculation but are not transmitted, update packet length
333 * to be consistent with auth data length and offset, this will
334 * be subtracted from packet length in post crypto processing
336 mb->pkt_len += sa->sqh_len;
337 ml->data_len += sa->sqh_len;
342 static inline int32_t
343 inb_pkt_prepare(const struct rte_ipsec_sa *sa, const struct replay_sqn *rsn,
344 struct rte_mbuf *mb, uint32_t hlen, union sym_op_data *icv)
349 rc = inb_get_sqn(sa, rsn, mb, hlen, &sqn);
353 rc = inb_prepare(sa, mb, hlen, icv);
357 inb_pkt_xprepare(sa, sqn, icv);
362 * setup/update packets and crypto ops for ESP inbound case.
365 esp_inb_pkt_prepare(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[],
366 struct rte_crypto_op *cop[], uint16_t num)
370 struct rte_ipsec_sa *sa;
371 struct rte_cryptodev_sym_session *cs;
372 struct replay_sqn *rsn;
373 union sym_op_data icv;
378 rsn = rsn_acquire(sa);
381 for (i = 0; i != num; i++) {
383 hl = mb[i]->l2_len + mb[i]->l3_len;
384 rc = inb_pkt_prepare(sa, rsn, mb[i], hl, &icv);
386 lksd_none_cop_prepare(cop[k], cs, mb[i]);
387 inb_cop_prepare(cop[k], sa, mb[i], &icv, hl, rc);
395 rsn_release(sa, rsn);
397 /* copy not prepared mbufs beyond good ones */
398 if (k != num && k != 0)
399 move_bad_mbufs(mb, dr, num, num - k);
405 * Start with processing inbound packet.
406 * This is common part for both tunnel and transport mode.
407 * Extract information that will be needed later from mbuf metadata and
408 * actual packet data:
409 * - mbuf for packet's last segment
410 * - length of the L2/L3 headers
411 * - esp tail structure
414 process_step1(struct rte_mbuf *mb, uint32_t tlen, struct rte_mbuf **ml,
415 struct rte_esp_tail *espt, uint32_t *hlen, uint32_t *tofs)
417 const struct rte_esp_tail *pt;
420 ofs = mb->pkt_len - tlen;
421 hlen[0] = mb->l2_len + mb->l3_len;
422 ml[0] = mbuf_get_seg_ofs(mb, &ofs);
423 pt = rte_pktmbuf_mtod_offset(ml[0], const struct rte_esp_tail *, ofs);
429 * Helper function to check pad bytes values.
430 * Note that pad bytes can be spread across multiple segments.
433 check_pad_bytes(struct rte_mbuf *mb, uint32_t ofs, uint32_t len)
438 for (n = 0; n != len; n += k, mb = mb->next) {
439 k = mb->data_len - ofs;
440 k = RTE_MIN(k, len - n);
441 pd = rte_pktmbuf_mtod_offset(mb, const uint8_t *, ofs);
442 if (memcmp(pd, esp_pad_bytes + n, k) != 0)
451 * packet checks for transport mode:
452 * - no reported IPsec related failures in ol_flags
453 * - tail and header lengths are valid
454 * - padding bytes are valid
455 * apart from checks, function also updates tail offset (and segment)
456 * by taking into account pad length.
458 static inline int32_t
459 trs_process_check(struct rte_mbuf *mb, struct rte_mbuf **ml,
460 uint32_t *tofs, struct rte_esp_tail espt, uint32_t hlen, uint32_t tlen)
462 if ((mb->ol_flags & PKT_RX_SEC_OFFLOAD_FAILED) != 0 ||
463 tlen + hlen > mb->pkt_len)
466 /* padding bytes are spread over multiple segments */
467 if (tofs[0] < espt.pad_len) {
468 tofs[0] = mb->pkt_len - tlen;
469 ml[0] = mbuf_get_seg_ofs(mb, tofs);
471 tofs[0] -= espt.pad_len;
473 return check_pad_bytes(ml[0], tofs[0], espt.pad_len);
477 * packet checks for tunnel mode:
478 * - same as for trasnport mode
479 * - esp tail next proto contains expected for that SA value
481 static inline int32_t
482 tun_process_check(struct rte_mbuf *mb, struct rte_mbuf **ml,
483 uint32_t *tofs, struct rte_esp_tail espt, uint32_t hlen, uint32_t tlen,
486 return (trs_process_check(mb, ml, tofs, espt, hlen, tlen) ||
487 espt.next_proto != proto);
491 * step two for tunnel mode:
492 * - read SQN value (for future use)
493 * - cut of ICV, ESP tail and padding bytes
494 * - cut of ESP header and IV, also if needed - L2/L3 headers
495 * (controlled by *adj* value)
498 tun_process_step2(struct rte_mbuf *mb, struct rte_mbuf *ml, uint32_t hlen,
499 uint32_t adj, uint32_t tofs, uint32_t tlen, uint32_t *sqn)
501 const struct rte_esp_hdr *ph;
504 ph = rte_pktmbuf_mtod_offset(mb, const struct rte_esp_hdr *, hlen);
507 /* cut of ICV, ESP tail and padding bytes */
508 mbuf_cut_seg_ofs(mb, ml, tofs, tlen);
510 /* cut of L2/L3 headers, ESP header and IV */
511 return rte_pktmbuf_adj(mb, adj);
515 * step two for transport mode:
516 * - read SQN value (for future use)
517 * - cut of ICV, ESP tail and padding bytes
518 * - cut of ESP header and IV
519 * - move L2/L3 header to fill the gap after ESP header removal
522 trs_process_step2(struct rte_mbuf *mb, struct rte_mbuf *ml, uint32_t hlen,
523 uint32_t adj, uint32_t tofs, uint32_t tlen, uint32_t *sqn)
527 /* get start of the packet before modifications */
528 op = rte_pktmbuf_mtod(mb, char *);
530 /* cut off ESP header and IV */
531 np = tun_process_step2(mb, ml, hlen, adj, tofs, tlen, sqn);
533 /* move header bytes to fill the gap after ESP header removal */
534 remove_esph(np, op, hlen);
539 * step three for transport mode:
540 * update mbuf metadata:
545 trs_process_step3(struct rte_mbuf *mb)
547 /* reset mbuf packet type */
548 mb->packet_type &= (RTE_PTYPE_L2_MASK | RTE_PTYPE_L3_MASK);
550 /* clear the PKT_RX_SEC_OFFLOAD flag if set */
551 mb->ol_flags &= ~PKT_RX_SEC_OFFLOAD;
555 * step three for tunnel mode:
556 * update mbuf metadata:
562 tun_process_step3(struct rte_mbuf *mb, uint64_t txof_msk, uint64_t txof_val)
564 /* reset mbuf metatdata: L2/L3 len, packet type */
565 mb->packet_type = RTE_PTYPE_UNKNOWN;
566 mb->tx_offload = (mb->tx_offload & txof_msk) | txof_val;
568 /* clear the PKT_RX_SEC_OFFLOAD flag if set */
569 mb->ol_flags &= ~PKT_RX_SEC_OFFLOAD;
573 * *process* function for tunnel packets
575 static inline uint16_t
576 tun_process(const struct rte_ipsec_sa *sa, struct rte_mbuf *mb[],
577 uint32_t sqn[], uint32_t dr[], uint16_t num, uint8_t sqh_len)
579 uint32_t adj, i, k, tl;
580 uint32_t hl[num], to[num];
581 struct rte_esp_tail espt[num];
582 struct rte_mbuf *ml[num];
587 * remove icv, esp trailer and high-order
588 * 32 bits of esn from packet length
590 const uint32_t tlen = sa->icv_len + sizeof(espt[0]) + sqh_len;
591 const uint32_t cofs = sa->ctp.cipher.offset;
594 * to minimize stalls due to load latency,
595 * read mbufs metadata and esp tail first.
597 for (i = 0; i != num; i++)
598 process_step1(mb[i], tlen, &ml[i], &espt[i], &hl[i], &to[i]);
601 for (i = 0; i != num; i++) {
604 tl = tlen + espt[i].pad_len;
606 /* check that packet is valid */
607 if (tun_process_check(mb[i], &ml[i], &to[i], espt[i], adj, tl,
610 outh = rte_pktmbuf_mtod_offset(mb[i], uint8_t *,
613 /* modify packet's layout */
614 inh = tun_process_step2(mb[i], ml[i], hl[i], adj,
617 /* update inner ip header */
618 update_tun_inb_l3hdr(sa, outh, inh);
620 /* update mbuf's metadata */
621 tun_process_step3(mb[i], sa->tx_offload.msk,
632 * *process* function for tunnel packets
634 static inline uint16_t
635 trs_process(const struct rte_ipsec_sa *sa, struct rte_mbuf *mb[],
636 uint32_t sqn[], uint32_t dr[], uint16_t num, uint8_t sqh_len)
639 uint32_t i, k, l2, tl;
640 uint32_t hl[num], to[num];
641 struct rte_esp_tail espt[num];
642 struct rte_mbuf *ml[num];
645 * remove icv, esp trailer and high-order
646 * 32 bits of esn from packet length
648 const uint32_t tlen = sa->icv_len + sizeof(espt[0]) + sqh_len;
649 const uint32_t cofs = sa->ctp.cipher.offset;
652 * to minimize stalls due to load latency,
653 * read mbufs metadata and esp tail first.
655 for (i = 0; i != num; i++)
656 process_step1(mb[i], tlen, &ml[i], &espt[i], &hl[i], &to[i]);
659 for (i = 0; i != num; i++) {
661 tl = tlen + espt[i].pad_len;
664 /* check that packet is valid */
665 if (trs_process_check(mb[i], &ml[i], &to[i], espt[i],
666 hl[i] + cofs, tl) == 0) {
668 /* modify packet's layout */
669 np = trs_process_step2(mb[i], ml[i], hl[i], cofs,
671 update_trs_l3hdr(sa, np + l2, mb[i]->pkt_len,
672 l2, hl[i] - l2, espt[i].next_proto);
674 /* update mbuf's metadata */
675 trs_process_step3(mb[i]);
685 * for group of ESP inbound packets perform SQN check and update.
687 static inline uint16_t
688 esp_inb_rsn_update(struct rte_ipsec_sa *sa, const uint32_t sqn[],
689 uint32_t dr[], uint16_t num)
692 struct replay_sqn *rsn;
694 /* replay not enabled */
695 if (sa->replay.win_sz == 0)
698 rsn = rsn_update_start(sa);
701 for (i = 0; i != num; i++) {
702 if (esn_inb_update_sqn(rsn, sa, rte_be_to_cpu_32(sqn[i])) == 0)
708 rsn_update_finish(sa, rsn);
713 * process group of ESP inbound packets.
715 static inline uint16_t
716 esp_inb_pkt_process(struct rte_ipsec_sa *sa, struct rte_mbuf *mb[],
717 uint16_t num, uint8_t sqh_len, esp_inb_process_t process)
723 /* process packets, extract seq numbers */
724 k = process(sa, mb, sqn, dr, num, sqh_len);
726 /* handle unprocessed mbufs */
727 if (k != num && k != 0)
728 move_bad_mbufs(mb, dr, num, num - k);
730 /* update SQN and replay window */
731 n = esp_inb_rsn_update(sa, sqn, dr, k);
733 /* handle mbufs with wrong SQN */
734 if (n != k && n != 0)
735 move_bad_mbufs(mb, dr, k, k - n);
744 * Prepare (plus actual crypto/auth) routine for inbound CPU-CRYPTO
745 * (synchronous mode).
748 cpu_inb_pkt_prepare(const struct rte_ipsec_session *ss,
749 struct rte_mbuf *mb[], uint16_t num)
753 struct rte_ipsec_sa *sa;
754 struct replay_sqn *rsn;
755 union sym_op_data icv;
756 struct rte_crypto_va_iova_ptr iv[num];
757 struct rte_crypto_va_iova_ptr aad[num];
758 struct rte_crypto_va_iova_ptr dgst[num];
762 uint64_t ivbuf[num][IPSEC_MAX_IV_QWORD];
767 rsn = rsn_acquire(sa);
769 /* do preparation for all packets */
770 for (i = 0, k = 0; i != num; i++) {
772 /* calculate ESP header offset */
773 l4ofs[k] = mb[i]->l2_len + mb[i]->l3_len;
775 /* prepare ESP packet for processing */
776 rc = inb_pkt_prepare(sa, rsn, mb[i], l4ofs[k], &icv);
778 /* get encrypted data offset and length */
779 clen[k] = inb_cpu_crypto_prepare(sa, mb[i],
780 l4ofs + k, rc, ivbuf[k]);
782 /* fill iv, digest and aad */
784 aad[k].va = icv.va + sa->icv_len;
785 dgst[k++].va = icv.va;
792 /* release rsn lock */
793 rsn_release(sa, rsn);
795 /* copy not prepared mbufs beyond good ones */
796 if (k != num && k != 0)
797 move_bad_mbufs(mb, dr, num, num - k);
799 /* convert mbufs to iovecs and do actual crypto/auth processing */
801 cpu_crypto_bulk(ss, sa->cofs, mb, iv, aad, dgst,
807 * process group of ESP inbound tunnel packets.
810 esp_inb_tun_pkt_process(const struct rte_ipsec_session *ss,
811 struct rte_mbuf *mb[], uint16_t num)
813 struct rte_ipsec_sa *sa = ss->sa;
815 return esp_inb_pkt_process(sa, mb, num, sa->sqh_len, tun_process);
819 inline_inb_tun_pkt_process(const struct rte_ipsec_session *ss,
820 struct rte_mbuf *mb[], uint16_t num)
822 return esp_inb_pkt_process(ss->sa, mb, num, 0, tun_process);
826 * process group of ESP inbound transport packets.
829 esp_inb_trs_pkt_process(const struct rte_ipsec_session *ss,
830 struct rte_mbuf *mb[], uint16_t num)
832 struct rte_ipsec_sa *sa = ss->sa;
834 return esp_inb_pkt_process(sa, mb, num, sa->sqh_len, trs_process);
838 inline_inb_trs_pkt_process(const struct rte_ipsec_session *ss,
839 struct rte_mbuf *mb[], uint16_t num)
841 return esp_inb_pkt_process(ss->sa, mb, num, 0, trs_process);
git.droids-corp.org / dpdk.git / blob