/**
* @file rte_security.h
- * @b EXPERIMENTAL: this API may change without prior notice
*
* RTE Security Common Definitions
*
* * 0: Inner packet is not modified.
*/
uint32_t dec_ttl : 1;
+
+ /**< Explicit Congestion Notification (ECN)
+ *
+ * * 1: In tunnel mode, enable outer header ECN Field copied from
+ * inner header in tunnel encapsulation, or inner header ECN
+ * field construction in decapsulation.
+ * * 0: Inner/outer header are not modified.
+ */
+ uint32_t ecn : 1;
};
/** IPSec security association direction */
struct rte_security_session {
void *sess_private_data;
/**< Private session material */
+ uint64_t opaque_data;
+ /**< Opaque user defined data */
};
/**
* - On success, pointer to session
* - On failure, NULL
*/
-struct rte_security_session * __rte_experimental
+struct rte_security_session *
rte_security_session_create(struct rte_security_ctx *instance,
struct rte_security_session_conf *conf,
struct rte_mempool *mp);
* - On success returns 0
* - On failure return errno
*/
-int __rte_experimental
+__rte_experimental
+int
rte_security_session_update(struct rte_security_ctx *instance,
struct rte_security_session *sess,
struct rte_security_session_conf *conf);
* - Size of the private data, if successful
* - 0 if device is invalid or does not support the operation.
*/
-unsigned int __rte_experimental
+unsigned int
rte_security_session_get_size(struct rte_security_ctx *instance);
/**
* - -EINVAL if session is NULL.
* - -EBUSY if not all device private data has been freed.
*/
-int __rte_experimental
+int
rte_security_session_destroy(struct rte_security_ctx *instance,
struct rte_security_session *sess);
* - On success, zero.
* - On failure, a negative value.
*/
-int __rte_experimental
+int
rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
struct rte_security_session *sess,
struct rte_mbuf *mb, void *params);
* - On success, userdata
* - On failure, NULL
*/
-void * __rte_experimental
+__rte_experimental
+void *
rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md);
/**
* @param sym_op crypto operation
* @param sess security session
*/
-static inline int __rte_experimental
+static inline int
__rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
struct rte_security_session *sess)
{
return 0;
}
-static inline void * __rte_experimental
+static inline void *
get_sec_session_private_data(const struct rte_security_session *sess)
{
return sess->sess_private_data;
}
-static inline void __rte_experimental
+static inline void
set_sec_session_private_data(struct rte_security_session *sess,
void *private_data)
{
* @param op crypto operation
* @param sess security session
*/
-static inline int __rte_experimental
+static inline int
rte_security_attach_session(struct rte_crypto_op *op,
struct rte_security_session *sess)
{
* - On success return 0
* - On failure errno
*/
-int __rte_experimental
+__rte_experimental
+int
rte_security_session_stats_get(struct rte_security_ctx *instance,
struct rte_security_session *sess,
struct rte_security_stats *stats);
enum rte_security_pdcp_domain domain;
/**< PDCP mode of operation: Control or data */
uint32_t capa_flags;
- /**< Capabilitity flags, see RTE_SECURITY_PDCP_* */
+ /**< Capability flags, see RTE_SECURITY_PDCP_* */
} pdcp;
/**< PDCP capability */
};
#define RTE_SECURITY_TX_HW_TRAILER_OFFLOAD 0x00000002
/**< HW constructs trailer of packets
* Transmitted packets will have the trailer added to them
- * by hardawre. The next protocol field will be based on
+ * by hardware. The next protocol field will be based on
* the mbuf->inner_esp_next_proto field.
*/
#define RTE_SECURITY_RX_HW_TRAILER_OFFLOAD 0x00010000
* - Returns array of security capabilities.
* - Return NULL if no capabilities available.
*/
-const struct rte_security_capability * __rte_experimental
+const struct rte_security_capability *
rte_security_capabilities_get(struct rte_security_ctx *instance);
/**
* index criteria.
* - Return NULL if the capability not matched on security instance.
*/
-const struct rte_security_capability * __rte_experimental
+const struct rte_security_capability *
rte_security_capability_get(struct rte_security_ctx *instance,
struct rte_security_capability_idx *idx);