uint32_t cdev_id_qp;
uint64_t seq;
uint32_t salt;
- union {
- struct rte_cryptodev_sym_session *crypto_session;
- struct rte_security_session *sec_session;
- };
enum rte_crypto_cipher_algorithm cipher_algo;
enum rte_crypto_auth_algorithm auth_algo;
enum rte_crypto_aead_algorithm aead_algo;
#define IP4_TUNNEL (1 << 0)
#define IP6_TUNNEL (1 << 1)
#define TRANSPORT (1 << 2)
+#define IP4_TRANSPORT (1 << 3)
+#define IP6_TRANSPORT (1 << 4)
struct ip_addr src;
struct ip_addr dst;
uint8_t cipher_key[MAX_KEY_SIZE];
struct rte_crypto_sym_xform *xforms;
struct rte_security_ipsec_xform *sec_xform;
};
- enum rte_security_session_action_type type;
enum rte_security_ipsec_sa_direction direction;
uint16_t portid;
- struct rte_security_ctx *security_ctx;
- uint32_t ol_flags;
#define MAX_RTE_FLOW_PATTERN (4)
#define MAX_RTE_FLOW_ACTIONS (3)
uint8_t buf[32];
} __rte_cache_aligned;
+#define IS_TRANSPORT(flags) ((flags) & TRANSPORT)
+
+#define IS_TUNNEL(flags) ((flags) & (IP4_TUNNEL | IP6_TUNNEL))
+
+#define IS_IP4(flags) ((flags) & (IP4_TUNNEL | IP4_TRANSPORT))
+
+#define IS_IP6(flags) ((flags) & (IP6_TUNNEL | IP6_TRANSPORT))
+
+#define IS_IP4_TUNNEL(flags) ((flags) & IP4_TUNNEL)
+
+#define IS_IP6_TUNNEL(flags) ((flags) & IP6_TUNNEL)
+
+/*
+ * Macro for getting ipsec_sa flags statuses without version of protocol
+ * used for transport (IP4_TRANSPORT and IP6_TRANSPORT flags).
+ */
+#define WITHOUT_TRANSPORT_VERSION(flags) \
+ ((flags) & (IP4_TUNNEL | \
+ IP6_TUNNEL | \
+ TRANSPORT))
+
struct cdev_qp {
uint16_t id;
uint16_t qp;
struct rt_ctx *rt_ip4;
struct rt_ctx *rt_ip6;
struct rte_mempool *mbuf_pool;
+ struct rte_mempool *mbuf_pool_indir;
struct rte_mempool *session_pool;
struct rte_mempool *session_priv_pool;
};
return (cop + 1);
}
+static inline struct rte_ipsec_session *
+ipsec_get_session(struct ipsec_sa *sa)
+{
+ return &sa->ips;
+}
+
+static inline enum rte_security_session_action_type
+ipsec_get_action_type(struct ipsec_sa *sa)
+{
+ struct rte_ipsec_session *ips;
+ ips = ipsec_get_session(sa);
+ return ips->type;
+}
+
int
inbound_sa_check(struct sa_ctx *sa_ctx, struct rte_mbuf *m, uint32_t sa_idx);
* or -ENOENT otherwise.
*/
int
-sp4_spi_present(uint32_t spi, int inbound);
+sp4_spi_present(uint32_t spi, int inbound, struct ip_addr ip_addr[2],
+ uint32_t mask[2]);
int
-sp6_spi_present(uint32_t spi, int inbound);
+sp6_spi_present(uint32_t spi, int inbound, struct ip_addr ip_addr[2],
+ uint32_t mask[2]);
/*
* Search through SA entries for given SPI.
uint64_t *tx_offloads);
int
-add_dst_ethaddr(uint16_t port, const struct ether_addr *addr);
+add_dst_ethaddr(uint16_t port, const struct rte_ether_addr *addr);
void
enqueue_cop_burst(struct cdev_qp *cqp);
int
-create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa);
+create_lookaside_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa,
+ struct rte_ipsec_session *ips);
+
+int
+create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
+ struct rte_ipsec_session *ips);
#endif /* __IPSEC_H__ */
git.droids-corp.org / dpdk.git / blobdiff