+static struct rte_cryptodev_sym_session *
+create_ipsec_session(struct rte_mempool *sess_mp,
+ struct rte_mempool *priv_mp,
+ uint8_t dev_id,
+ const struct cperf_options *options,
+ const struct cperf_test_vector *test_vector,
+ uint16_t iv_offset)
+{
+ struct rte_crypto_sym_xform xform = {0};
+ struct rte_crypto_sym_xform auth_xform = {0};
+
+ if (options->aead_algo != 0) {
+ /* Setup AEAD Parameters */
+ xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+ xform.next = NULL;
+ xform.aead.algo = options->aead_algo;
+ xform.aead.op = options->aead_op;
+ xform.aead.iv.offset = iv_offset;
+ xform.aead.key.data = test_vector->aead_key.data;
+ xform.aead.key.length = test_vector->aead_key.length;
+ xform.aead.iv.length = test_vector->aead_iv.length;
+ xform.aead.digest_length = options->digest_sz;
+ xform.aead.aad_length = options->aead_aad_sz;
+ } else if (options->cipher_algo != 0 && options->auth_algo != 0) {
+ /* Setup Cipher Parameters */
+ xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+ xform.next = NULL;
+ xform.cipher.algo = options->cipher_algo;
+ xform.cipher.op = options->cipher_op;
+ xform.cipher.iv.offset = iv_offset;
+ xform.cipher.iv.length = test_vector->cipher_iv.length;
+ /* cipher different than null */
+ if (options->cipher_algo != RTE_CRYPTO_CIPHER_NULL) {
+ xform.cipher.key.data = test_vector->cipher_key.data;
+ xform.cipher.key.length =
+ test_vector->cipher_key.length;
+ } else {
+ xform.cipher.key.data = NULL;
+ xform.cipher.key.length = 0;
+ }
+
+ /* Setup Auth Parameters */
+ auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
+ auth_xform.next = NULL;
+ auth_xform.auth.algo = options->auth_algo;
+ auth_xform.auth.op = options->auth_op;
+ auth_xform.auth.iv.offset = iv_offset +
+ xform.cipher.iv.length;
+ /* auth different than null */
+ if (options->auth_algo != RTE_CRYPTO_AUTH_NULL) {
+ auth_xform.auth.digest_length = options->digest_sz;
+ auth_xform.auth.key.length =
+ test_vector->auth_key.length;
+ auth_xform.auth.key.data = test_vector->auth_key.data;
+ auth_xform.auth.iv.length = test_vector->auth_iv.length;
+ } else {
+ auth_xform.auth.digest_length = 0;
+ auth_xform.auth.key.length = 0;
+ auth_xform.auth.key.data = NULL;
+ auth_xform.auth.iv.length = 0;
+ }
+
+ xform.next = &auth_xform;
+ } else {
+ return NULL;
+ }
+
+#define CPERF_IPSEC_SRC_IP 0x01010101
+#define CPERF_IPSEC_DST_IP 0x02020202
+#define CPERF_IPSEC_SALT 0x0
+#define CPERF_IPSEC_DEFTTL 64
+ struct rte_security_ipsec_tunnel_param tunnel = {
+ .type = RTE_SECURITY_IPSEC_TUNNEL_IPV4,
+ {.ipv4 = {
+ .src_ip = { .s_addr = CPERF_IPSEC_SRC_IP},
+ .dst_ip = { .s_addr = CPERF_IPSEC_DST_IP},
+ .dscp = 0,
+ .df = 0,
+ .ttl = CPERF_IPSEC_DEFTTL,
+ } },
+ };
+ struct rte_security_session_conf sess_conf = {
+ .action_type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+ .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+ {.ipsec = {
+ .spi = rte_lcore_id(),
+ /**< For testing sake, lcore_id is taken as SPI so that
+ * for every core a different session is created.
+ */
+ .salt = CPERF_IPSEC_SALT,
+ .options = { 0 },
+ .replay_win_sz = 0,
+ .direction =
+ ((options->cipher_op ==
+ RTE_CRYPTO_CIPHER_OP_ENCRYPT) &&
+ (options->auth_op ==
+ RTE_CRYPTO_AUTH_OP_GENERATE)) ||
+ (options->aead_op ==
+ RTE_CRYPTO_AEAD_OP_ENCRYPT) ?
+ RTE_SECURITY_IPSEC_SA_DIR_EGRESS :
+ RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+ .tunnel = tunnel,
+ } },
+ .userdata = NULL,
+ .crypto_xform = &xform
+ };
+
+ struct rte_security_ctx *ctx = (struct rte_security_ctx *)
+ rte_cryptodev_get_sec_ctx(dev_id);
+
+ /* Create security session */
+ return (void *)rte_security_session_create(ctx,
+ &sess_conf, sess_mp, priv_mp);
+}
+