1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2018 Intel Corporation
8 #include <rte_rwlock.h>
10 #define IPSEC_MAX_HDR_SIZE 64
11 #define IPSEC_MAX_IV_SIZE 16
12 #define IPSEC_MAX_IV_QWORD (IPSEC_MAX_IV_SIZE / sizeof(uint64_t))
13 #define TUN_HDR_MSK (RTE_IPSEC_SATP_ECN_MASK | RTE_IPSEC_SATP_DSCP_MASK)
15 /* padding alignment for different algorithms */
17 IPSEC_PAD_DEFAULT = 4,
18 IPSEC_PAD_3DES_CBC = 8,
19 IPSEC_PAD_AES_CBC = IPSEC_MAX_IV_SIZE,
20 IPSEC_PAD_AES_CTR = IPSEC_PAD_DEFAULT,
21 IPSEC_PAD_AES_GCM = IPSEC_PAD_DEFAULT,
22 IPSEC_PAD_NULL = IPSEC_PAD_DEFAULT,
25 /* iv sizes for different algorithms */
27 IPSEC_IV_SIZE_DEFAULT = IPSEC_MAX_IV_SIZE,
28 IPSEC_AES_CTR_IV_SIZE = sizeof(uint64_t),
29 /* TripleDES supports IV size of 32bits or 64bits but he library
30 * only supports 64bits.
32 IPSEC_3DES_IV_SIZE = sizeof(uint64_t),
35 /* these definitions probably has to be in rte_crypto_sym.h */
45 #ifdef __SIZEOF_INT128__
54 #define REPLAY_SQN_NUM 2
55 #define REPLAY_SQN_NEXT(n) ((n) ^ 1)
60 __extension__ uint64_t window[0];
63 /*IPSEC SA supported algorithms */
75 uint64_t type; /* type of given SA */
76 uint64_t udata; /* user defined */
77 uint32_t size; /* size of given sa object */
79 /* sqn calculations related */
84 uint16_t bucket_index_mask;
86 /* template for crypto op fields */
88 union sym_op_ofslen cipher;
89 union sym_op_ofslen auth;
91 /* tx_offload template for tunnel mbuf */
98 uint8_t proto; /* next proto */
104 uint8_t iv_ofs; /* offset for algo-specific IV inside crypto op */
109 /* template for tunnel header */
110 uint8_t hdr[IPSEC_MAX_HDR_SIZE];
113 * sqn and replay window
114 * In case of SA handled by multiple threads *sqn* cacheline
115 * could be shared by multiple cores.
116 * To minimise perfomance impact, we try to locate in a separate
117 * place from other frequently accesed data.
125 uint32_t rdidx; /* read index */
126 uint32_t wridx; /* write index */
127 struct replay_sqn *rsn[REPLAY_SQN_NUM];
131 } __rte_cache_aligned;
134 ipsec_sa_pkt_func_select(const struct rte_ipsec_session *ss,
135 const struct rte_ipsec_sa *sa, struct rte_ipsec_sa_pkt_func *pf);
137 /* inbound processing */
140 esp_inb_pkt_prepare(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[],
141 struct rte_crypto_op *cop[], uint16_t num);
144 esp_inb_tun_pkt_process(const struct rte_ipsec_session *ss,
145 struct rte_mbuf *mb[], uint16_t num);
148 inline_inb_tun_pkt_process(const struct rte_ipsec_session *ss,
149 struct rte_mbuf *mb[], uint16_t num);
152 esp_inb_trs_pkt_process(const struct rte_ipsec_session *ss,
153 struct rte_mbuf *mb[], uint16_t num);
156 inline_inb_trs_pkt_process(const struct rte_ipsec_session *ss,
157 struct rte_mbuf *mb[], uint16_t num);
159 /* outbound processing */
162 esp_outb_tun_prepare(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[],
163 struct rte_crypto_op *cop[], uint16_t num);
166 esp_outb_trs_prepare(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[],
167 struct rte_crypto_op *cop[], uint16_t num);
170 esp_outb_sqh_process(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[],
174 inline_outb_tun_pkt_process(const struct rte_ipsec_session *ss,
175 struct rte_mbuf *mb[], uint16_t num);
178 inline_outb_trs_pkt_process(const struct rte_ipsec_session *ss,
179 struct rte_mbuf *mb[], uint16_t num);
182 inline_proto_outb_pkt_process(const struct rte_ipsec_session *ss,
183 struct rte_mbuf *mb[], uint16_t num);