X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=lib%2Flibrte_ipsec%2Frte_ipsec_sa.h;h=47ce169d2762506910e6708410de4cc2a3ce2e90;hb=82962b6abbdce0ee3dfc2b3ae4500150ed90428d;hp=d99028c2cb2a7baff836e7022f54c0e3a988cff7;hpb=9f7b43141caadb55832c2107d1bf6479ff12b1a5;p=dpdk.git diff --git a/lib/librte_ipsec/rte_ipsec_sa.h b/lib/librte_ipsec/rte_ipsec_sa.h index d99028c2cb..47ce169d27 100644 --- a/lib/librte_ipsec/rte_ipsec_sa.h +++ b/lib/librte_ipsec/rte_ipsec_sa.h @@ -55,6 +55,27 @@ struct rte_ipsec_sa_prm { uint32_t replay_win_sz; }; +/** + * Indicates that SA will(/will not) need an 'atomic' access + * to sequence number and replay window. + * 'atomic' here means: + * functions: + * - rte_ipsec_pkt_crypto_prepare + * - rte_ipsec_pkt_process + * can be safely used in MT environment, as long as the user can guarantee + * that they obey multiple readers/single writer model for SQN+replay_window + * operations. + * To be more specific: + * for outbound SA there are no restrictions. + * for inbound SA the caller has to guarantee that at any given moment + * only one thread is executing rte_ipsec_pkt_process() for given SA. + * Note that it is caller responsibility to maintain correct order + * of packets to be processed. + * In other words - it is a caller responsibility to serialize process() + * invocations. + */ +#define RTE_IPSEC_SAFLAG_SQN_ATOM (1ULL << 0) + /** * SA type is an 64-bit value that contain the following information: * - IP version (IPv4/IPv6) @@ -62,6 +83,8 @@ struct rte_ipsec_sa_prm { * - inbound/outbound * - mode (TRANSPORT/TUNNEL) * - for TUNNEL outer IP version (IPv4/IPv6) + * - are SA SQN operations 'atomic' + * - ESN enabled/disabled * ... */ @@ -70,6 +93,10 @@ enum { RTE_SATP_LOG2_PROTO, RTE_SATP_LOG2_DIR, RTE_SATP_LOG2_MODE, + RTE_SATP_LOG2_SQN = RTE_SATP_LOG2_MODE + 2, + RTE_SATP_LOG2_ESN, + RTE_SATP_LOG2_ECN, + RTE_SATP_LOG2_DSCP, RTE_SATP_LOG2_NUM }; @@ -90,23 +117,41 @@ enum { #define RTE_IPSEC_SATP_MODE_TUNLV4 (1ULL << RTE_SATP_LOG2_MODE) #define RTE_IPSEC_SATP_MODE_TUNLV6 (2ULL << RTE_SATP_LOG2_MODE) +#define RTE_IPSEC_SATP_SQN_MASK (1ULL << RTE_SATP_LOG2_SQN) +#define RTE_IPSEC_SATP_SQN_RAW (0ULL << RTE_SATP_LOG2_SQN) +#define RTE_IPSEC_SATP_SQN_ATOM (1ULL << RTE_SATP_LOG2_SQN) + +#define RTE_IPSEC_SATP_ESN_MASK (1ULL << RTE_SATP_LOG2_ESN) +#define RTE_IPSEC_SATP_ESN_DISABLE (0ULL << RTE_SATP_LOG2_ESN) +#define RTE_IPSEC_SATP_ESN_ENABLE (1ULL << RTE_SATP_LOG2_ESN) + +#define RTE_IPSEC_SATP_ECN_MASK (1ULL << RTE_SATP_LOG2_ECN) +#define RTE_IPSEC_SATP_ECN_DISABLE (0ULL << RTE_SATP_LOG2_ECN) +#define RTE_IPSEC_SATP_ECN_ENABLE (1ULL << RTE_SATP_LOG2_ECN) + +#define RTE_IPSEC_SATP_DSCP_MASK (1ULL << RTE_SATP_LOG2_DSCP) +#define RTE_IPSEC_SATP_DSCP_DISABLE (0ULL << RTE_SATP_LOG2_DSCP) +#define RTE_IPSEC_SATP_DSCP_ENABLE (1ULL << RTE_SATP_LOG2_DSCP) + /** * get type of given SA * @return * SA type value. */ -uint64_t __rte_experimental +__rte_experimental +uint64_t rte_ipsec_sa_type(const struct rte_ipsec_sa *sa); /** * Calculate required SA size based on provided input parameters. * @param prm - * Parameters that wil be used to initialise SA object. + * Parameters that will be used to initialise SA object. * @return * - Actual size required for SA with given parameters. * - -EINVAL if the parameters are invalid. */ -int __rte_experimental +__rte_experimental +int rte_ipsec_sa_size(const struct rte_ipsec_sa_prm *prm); /** @@ -122,7 +167,8 @@ rte_ipsec_sa_size(const struct rte_ipsec_sa_prm *prm); * - -EINVAL if the parameters are invalid. * - -ENOSPC if the size of the provided buffer is not big enough. */ -int __rte_experimental +__rte_experimental +int rte_ipsec_sa_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm, uint32_t size); @@ -131,7 +177,8 @@ rte_ipsec_sa_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm, * @param sa * Pointer to SA object to de-initialize. */ -void __rte_experimental +__rte_experimental +void rte_ipsec_sa_fini(struct rte_ipsec_sa *sa); #ifdef __cplusplus