#include <rte_common.h>
#include <rte_crypto.h>
#include <rte_ip.h>
-#include <rte_mbuf.h>
#include <rte_mbuf_dyn.h>
-#include <rte_memory.h>
-#include <rte_mempool.h>
/** IPSec protocol mode */
enum rte_security_ipsec_sa_mode {
};
};
+struct rte_security_ipsec_udp_param {
+ uint16_t sport;
+ uint16_t dport;
+};
+
/**
* IPsec Security Association option flags
*/
* source and destination IP addresses.
*/
uint32_t tunnel_hdr_verify : 2;
+
+ /** Verify UDP encapsulation ports in inbound
+ *
+ * * 1: Match UDP source and destination ports
+ * * 0: Do not match UDP ports
+ */
+ uint32_t udp_ports_verify : 1;
+
+ /** Compute/verify inner packet IPv4 header checksum in tunnel mode
+ *
+ * * 1: For outbound, compute inner packet IPv4 header checksum
+ * before tunnel encapsulation and for inbound, verify after
+ * tunnel decapsulation.
+ * * 0: Inner packet IP header checksum is not computed/verified.
+ *
+ * The checksum verification status would be set in mbuf using
+ * RTE_MBUF_F_RX_IP_CKSUM_xxx flags.
+ *
+ * Inner IP checksum computation can also be enabled(per operation)
+ * by setting the flag RTE_MBUF_F_TX_IP_CKSUM in mbuf.
+ */
+ uint32_t ip_csum_enable : 1;
+
+ /** Compute/verify inner packet L4 checksum in tunnel mode
+ *
+ * * 1: For outbound, compute inner packet L4 checksum before
+ * tunnel encapsulation and for inbound, verify after
+ * tunnel decapsulation.
+ * * 0: Inner packet L4 checksum is not computed/verified.
+ *
+ * The checksum verification status would be set in mbuf using
+ * RTE_MBUF_F_RX_L4_CKSUM_xxx flags.
+ *
+ * Inner L4 checksum computation can also be enabled(per operation)
+ * by setting the flags RTE_MBUF_F_TX_TCP_CKSUM or RTE_MBUF_F_TX_SCTP_CKSUM or
+ * RTE_MBUF_F_TX_UDP_CKSUM or RTE_MBUF_F_TX_L4_MASK in mbuf.
+ */
+ uint32_t l4_csum_enable : 1;
+
+ /** Enable IP reassembly on inline inbound packets.
+ *
+ * * 1: Enable driver to try reassembly of encrypted IP packets for
+ * this SA, if supported by the driver. This feature will work
+ * only if user has successfully set IP reassembly config params
+ * using rte_eth_ip_reassembly_conf_set() for the inline Ethernet
+ * device. PMD need to register mbuf dynamic fields using
+ * rte_eth_ip_reassembly_dynfield_register() and security session
+ * creation would fail if dynfield is not registered successfully.
+ * * 0: Disable IP reassembly of packets (default).
+ */
+ uint32_t ip_reassembly_en : 1;
+
+ /** Reserved bit fields for future extension
+ *
+ * User should ensure reserved_opts is cleared as it may change in
+ * subsequent releases to support new options.
+ *
+ * Note: Reduce number of bits in reserved_opts for every new option.
+ */
+ uint32_t reserved_opts : 17;
};
/** IPSec security association direction */
/**< Anti replay window size to enable sequence replay attack handling.
* replay checking is disabled if the window size is 0.
*/
+ union {
+ uint64_t value;
+ struct {
+ uint32_t low;
+ uint32_t hi;
+ };
+ } esn;
+ /**< Extended Sequence Number */
+ struct rte_security_ipsec_udp_param udp;
+ /**< UDP parameters, ignored when udp_encap option not specified */
};
/**