common/sfc_efx/base: add NIC magic check on BAR lookup

[dpdk.git] / lib / librte_security / rte_security.h

diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
index aaafdfc..16839e5 100644 (file)
--- a/lib/librte_security/rte_security.h
+++ b/lib/librte_security/rte_security.h
@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: BSD-3-Clause
  * Copyright 2017,2019 NXP
- * Copyright(c) 2017 Intel Corporation.
+ * Copyright(c) 2017-2020 Intel Corporation.
  */
 
 #ifndef _RTE_SECURITY_H_
@@ -212,6 +212,10 @@ struct rte_security_ipsec_xform {
        /**< Tunnel parameters, NULL for transport mode */
        uint64_t esn_soft_limit;
        /**< ESN for which the overflow event need to be raised */
+       uint32_t replay_win_sz;
+       /**< Anti replay window size to enable sequence replay attack handling.
+        * replay checking is disabled if the window size is 0.
+        */
 };
 
 /**
@@ -289,6 +293,28 @@ struct rte_security_pdcp_xform {
        uint32_t hfn_ovrd;
 };
 
+/** DOCSIS direction */
+enum rte_security_docsis_direction {
+       RTE_SECURITY_DOCSIS_UPLINK,
+       /**< Uplink
+        * - Decryption, followed by CRC Verification
+        */
+       RTE_SECURITY_DOCSIS_DOWNLINK,
+       /**< Downlink
+        * - CRC Generation, followed by Encryption
+        */
+};
+
+/**
+ * DOCSIS security session configuration.
+ *
+ * This structure contains data required to create a DOCSIS security session.
+ */
+struct rte_security_docsis_xform {
+       enum rte_security_docsis_direction direction;
+       /**< DOCSIS direction */
+};
+
 /**
  * Security session action type.
  */
@@ -303,10 +329,14 @@ enum rte_security_session_action_type {
        /**< All security protocol processing is performed inline during
         * transmission
         */
-       RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL
+       RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
        /**< All security protocol processing including crypto is performed
         * on a lookaside accelerator
         */
+       RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO
+       /**< Similar to ACTION_TYPE_NONE but crypto processing for security
+        * protocol is processed synchronously by a CPU.
+        */
 };
 
 /** Security session protocol definition */
@@ -317,6 +347,8 @@ enum rte_security_session_protocol {
        /**< MACSec Protocol */
        RTE_SECURITY_PROTOCOL_PDCP,
        /**< PDCP Protocol */
+       RTE_SECURITY_PROTOCOL_DOCSIS,
+       /**< DOCSIS Protocol */
 };
 
 /**
@@ -332,6 +364,7 @@ struct rte_security_session_conf {
                struct rte_security_ipsec_xform ipsec;
                struct rte_security_macsec_xform macsec;
                struct rte_security_pdcp_xform pdcp;
+               struct rte_security_docsis_xform docsis;
        };
        /**< Configuration parameters for security session */
        struct rte_crypto_sym_xform *crypto_xform;
@@ -370,7 +403,7 @@ rte_security_session_create(struct rte_security_ctx *instance,
  * @param   conf       update configuration parameters
  * @return
  *  - On success returns 0
- *  - On failure return errno
+ *  - On failure returns a negative errno value.
  */
 __rte_experimental
 int
@@ -395,12 +428,14 @@ rte_security_session_get_size(struct rte_security_ctx *instance);
  * return it to its original mempool.
  *
  * @param   instance   security instance
- * @param   sess       security session to freed
+ * @param   sess       security session to be freed
  *
  * @return
  *  - 0 if successful.
- *  - -EINVAL if session is NULL.
+ *  - -EINVAL if session or context instance is NULL.
  *  - -EBUSY if not all device private data has been freed.
+ *  - -ENOTSUP if destroying private data is not supported.
+ *  - other negative values in case of freeing private data errors.
  */
 int
 rte_security_session_destroy(struct rte_security_ctx *instance,
@@ -513,6 +548,10 @@ struct rte_security_pdcp_stats {
        uint64_t reserved;
 };
 
+struct rte_security_docsis_stats {
+       uint64_t reserved;
+};
+
 struct rte_security_stats {
        enum rte_security_session_protocol protocol;
        /**< Security protocol to be configured */
@@ -522,6 +561,7 @@ struct rte_security_stats {
                struct rte_security_macsec_stats macsec;
                struct rte_security_ipsec_stats ipsec;
                struct rte_security_pdcp_stats pdcp;
+               struct rte_security_docsis_stats docsis;
        };
 };
 
@@ -563,6 +603,10 @@ struct rte_security_capability {
                        /**< IPsec SA direction */
                        struct rte_security_ipsec_sa_options options;
                        /**< IPsec SA supported options */
+                       uint32_t replay_win_sz_max;
+                       /**< IPsec Anti Replay Window Size. A '0' value
+                        * indicates that Anti Replay is not supported.
+                        */
                } ipsec;
                /**< IPsec capability */
                struct {
@@ -577,6 +621,11 @@ struct rte_security_capability {
                        /**< Capability flags, see RTE_SECURITY_PDCP_* */
                } pdcp;
                /**< PDCP capability */
+               struct {
+                       enum rte_security_docsis_direction direction;
+                       /**< DOCSIS direction */
+               } docsis;
+               /**< DOCSIS capability */
        };
 
        const struct rte_cryptodev_capabilities *crypto_capabilities;
@@ -635,6 +684,9 @@ struct rte_security_capability_idx {
                        enum rte_security_pdcp_domain domain;
                        uint32_t capa_flags;
                } pdcp;
+               struct {
+                       enum rte_security_docsis_direction direction;
+               } docsis;
        };
 };