1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2018 Intel Corporation
5 #ifndef _RTE_IPSEC_GROUP_H_
6 #define _RTE_IPSEC_GROUP_H_
9 * @file rte_ipsec_group.h
12 * It is not recommended to include this file directly,
13 * include <rte_ipsec.h> instead.
14 * Contains helper functions to process completed crypto-ops
15 * and group related packets by sessions they belong to.
24 * Used to group mbufs by some id.
25 * See below for particular usage.
27 struct rte_ipsec_group {
31 } id; /**< grouped by value */
32 struct rte_mbuf **m; /**< start of the group */
33 uint32_t cnt; /**< number of entries in the group */
34 int32_t rc; /**< status code associated with the group */
38 * Take crypto-op as an input and extract pointer to related ipsec session.
40 * The address of an input *rte_crypto_op* structure.
42 * The pointer to the related *rte_ipsec_session* structure.
44 static inline struct rte_ipsec_session *
45 rte_ipsec_ses_from_crypto(const struct rte_crypto_op *cop)
47 const struct rte_security_session *ss;
48 const struct rte_cryptodev_sym_session *cs;
50 if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
51 ss = cop->sym[0].sec_session;
52 return (void *)(uintptr_t)ss->opaque_data;
53 } else if (cop->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
54 cs = cop->sym[0].session;
55 return (void *)(uintptr_t)cs->opaque_data;
61 * Take as input completed crypto ops, extract related mbufs
62 * and group them by rte_ipsec_session they belong to.
63 * For mbuf which crypto-op wasn't completed successfully
64 * RTE_MBUF_F_RX_SEC_OFFLOAD_FAILED will be raised in ol_flags.
65 * Note that mbufs with undetermined SA (session-less) are not freed
66 * by the function, but are placed beyond mbufs for the last valid group.
67 * It is a user responsibility to handle them further.
69 * The address of an array of *num* pointers to the input *rte_crypto_op*
72 * The address of an array of *num* pointers to output *rte_mbuf* structures.
74 * The address of an array of *num* to output *rte_ipsec_group* structures.
76 * The maximum number of crypto-ops to process.
78 * Number of filled elements in *grp* array.
80 static inline uint16_t
81 rte_ipsec_pkt_crypto_group(const struct rte_crypto_op *cop[],
82 struct rte_mbuf *mb[], struct rte_ipsec_group grp[], uint16_t num)
86 struct rte_mbuf *m, *dr[num];
93 for (i = 0; i != num; i++) {
95 m = cop[i]->sym[0].m_src;
96 ns = cop[i]->sym[0].session;
98 m->ol_flags |= RTE_MBUF_F_RX_SEC_OFFLOAD;
99 if (cop[i]->status != RTE_CRYPTO_OP_STATUS_SUCCESS)
100 m->ol_flags |= RTE_MBUF_F_RX_SEC_OFFLOAD_FAILED;
102 /* no valid session found */
112 * we already have an open group - finalize it,
113 * then open a new one.
117 rte_ipsec_ses_from_crypto(cop[i - 1]);
118 grp[n].cnt = mb + j - grp[n].m;
122 /* start new group */
130 /* finalise last group */
132 grp[n].id.ptr = rte_ipsec_ses_from_crypto(cop[i - 1]);
133 grp[n].cnt = mb + j - grp[n].m;
137 /* copy mbufs with unknown session beyond recognised ones */
138 if (k != 0 && k != num) {
139 for (i = 0; i != k; i++)
150 #endif /* _RTE_IPSEC_GROUP_H_ */