#include <rte_common.h>
#include <rte_crypto.h>
#include <rte_ip.h>
-#include <rte_mbuf.h>
#include <rte_mbuf_dyn.h>
-#include <rte_memory.h>
-#include <rte_mempool.h>
/** IPSec protocol mode */
enum rte_security_ipsec_sa_mode {
};
};
+struct rte_security_ipsec_udp_param {
+ uint16_t sport;
+ uint16_t dport;
+};
+
/**
* IPsec Security Association option flags
*/
* * 0: Inner packet IP header checksum is not computed/verified.
*
* The checksum verification status would be set in mbuf using
- * PKT_RX_IP_CKSUM_xxx flags.
+ * RTE_MBUF_F_RX_IP_CKSUM_xxx flags.
*
* Inner IP checksum computation can also be enabled(per operation)
- * by setting the flag PKT_TX_IP_CKSUM in mbuf.
+ * by setting the flag RTE_MBUF_F_TX_IP_CKSUM in mbuf.
*/
uint32_t ip_csum_enable : 1;
* * 0: Inner packet L4 checksum is not computed/verified.
*
* The checksum verification status would be set in mbuf using
- * PKT_RX_L4_CKSUM_xxx flags.
+ * RTE_MBUF_F_RX_L4_CKSUM_xxx flags.
*
* Inner L4 checksum computation can also be enabled(per operation)
- * by setting the flags PKT_TX_TCP_CKSUM or PKT_TX_SCTP_CKSUM or
- * PKT_TX_UDP_CKSUM or PKT_TX_L4_MASK in mbuf.
+ * by setting the flags RTE_MBUF_F_TX_TCP_CKSUM or RTE_MBUF_F_TX_SCTP_CKSUM or
+ * RTE_MBUF_F_TX_UDP_CKSUM or RTE_MBUF_F_TX_L4_MASK in mbuf.
*/
uint32_t l4_csum_enable : 1;
+
+ /** Enable IP reassembly on inline inbound packets.
+ *
+ * * 1: Enable driver to try reassembly of encrypted IP packets for
+ * this SA, if supported by the driver. This feature will work
+ * only if user has successfully set IP reassembly config params
+ * using rte_eth_ip_reassembly_conf_set() for the inline Ethernet
+ * device. PMD need to register mbuf dynamic fields using
+ * rte_eth_ip_reassembly_dynfield_register() and security session
+ * creation would fail if dynfield is not registered successfully.
+ * * 0: Disable IP reassembly of packets (default).
+ */
+ uint32_t ip_reassembly_en : 1;
+
+ /** Reserved bit fields for future extension
+ *
+ * User should ensure reserved_opts is cleared as it may change in
+ * subsequent releases to support new options.
+ *
+ * Note: Reduce number of bits in reserved_opts for every new option.
+ */
+ uint32_t reserved_opts : 17;
};
/** IPSec security association direction */
uint64_t bytes_soft_limit;
/**< Soft expiry limit in bytes */
uint64_t packets_hard_limit;
- /**< Soft expiry limit in number of packets */
+ /**< Hard expiry limit in number of packets */
uint64_t bytes_hard_limit;
- /**< Soft expiry limit in bytes */
+ /**< Hard expiry limit in bytes */
};
/**
/**< Anti replay window size to enable sequence replay attack handling.
* replay checking is disabled if the window size is 0.
*/
+ union {
+ uint64_t value;
+ struct {
+ uint32_t low;
+ uint32_t hi;
+ };
+ } esn;
+ /**< Extended Sequence Number */
+ struct rte_security_ipsec_udp_param udp;
+ /**< UDP parameters, ignored when udp_encap option not specified */
};
/**
git.droids-corp.org / dpdk.git / blobdiff