X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=lib%2Flibrte_ipsec%2Fsa.h;h=48c3c103a1b9c27d7843de266cdafad201e63af8;hb=ed2a31871f5068eb87a0e997f18ff7a7d3a42652;hp=492521930f34c2f9a82cde28a8e6defdf8dab484;hpb=9f7b43141caadb55832c2107d1bf6479ff12b1a5;p=dpdk.git

diff --git a/lib/librte_ipsec/sa.h b/lib/librte_ipsec/sa.h
index 492521930f..48c3c103a1 100644
--- a/lib/librte_ipsec/sa.h
+++ b/lib/librte_ipsec/sa.h
@@ -5,6 +5,8 @@
 #ifndef _SA_H_
 #define _SA_H_
 
+#include <rte_rwlock.h>
+
 #define IPSEC_MAX_HDR_SIZE	64
 #define IPSEC_MAX_IV_SIZE	16
 #define IPSEC_MAX_IV_QWORD	(IPSEC_MAX_IV_SIZE / sizeof(uint64_t))
@@ -12,11 +14,23 @@
 /* padding alignment for different algorithms */
 enum {
 	IPSEC_PAD_DEFAULT = 4,
+	IPSEC_PAD_3DES_CBC = 8,
 	IPSEC_PAD_AES_CBC = IPSEC_MAX_IV_SIZE,
+	IPSEC_PAD_AES_CTR = IPSEC_PAD_DEFAULT,
 	IPSEC_PAD_AES_GCM = IPSEC_PAD_DEFAULT,
 	IPSEC_PAD_NULL = IPSEC_PAD_DEFAULT,
 };
 
+/* iv sizes for different algorithms */
+enum {
+	IPSEC_IV_SIZE_DEFAULT = IPSEC_MAX_IV_SIZE,
+	IPSEC_AES_CTR_IV_SIZE = sizeof(uint64_t),
+	/* TripleDES supports IV size of 32bits or 64bits but he library
+	 * only supports 64bits.
+	 */
+	IPSEC_3DES_IV_SIZE = sizeof(uint64_t),
+};
+
 /* these definitions probably has to be in rte_crypto_sym.h */
 union sym_op_ofslen {
 	uint64_t raw;
@@ -36,12 +50,27 @@ union sym_op_data {
 	};
 };
 
+#define REPLAY_SQN_NUM		2
+#define REPLAY_SQN_NEXT(n)	((n) ^ 1)
+
 struct replay_sqn {
+	rte_rwlock_t rwl;
 	uint64_t sqn;
 	__extension__ uint64_t window[0];
 };
 
+/*IPSEC SA supported algorithms */
+enum sa_algo_type	{
+	ALGO_TYPE_NULL = 0,
+	ALGO_TYPE_3DES_CBC,
+	ALGO_TYPE_AES_CBC,
+	ALGO_TYPE_AES_CTR,
+	ALGO_TYPE_AES_GCM,
+	ALGO_TYPE_MAX
+};
+
 struct rte_ipsec_sa {
+
 	uint64_t type;     /* type of given SA */
 	uint64_t udata;    /* user defined */
 	uint32_t size;     /* size of given sa object */
@@ -58,7 +87,13 @@ struct rte_ipsec_sa {
 		union sym_op_ofslen cipher;
 		union sym_op_ofslen auth;
 	} ctp;
+	/* tx_offload template for tunnel mbuf */
+	struct {
+		uint64_t msk;
+		uint64_t val;
+	} tx_offload;
 	uint32_t salt;
+	uint8_t algo_type;
 	uint8_t proto;    /* next proto */
 	uint8_t aad_len;
 	uint8_t hdr_len;
@@ -74,12 +109,27 @@ struct rte_ipsec_sa {
 
 	/*
 	 * sqn and replay window
+	 * In case of SA handled by multiple threads *sqn* cacheline
+	 * could be shared by multiple cores.
+	 * To minimise perfomance impact, we try to locate in a separate
+	 * place from other frequently accesed data.
 	 */
 	union {
-		uint64_t outb;
-		struct replay_sqn *inb;
+		union {
+			rte_atomic64_t atom;
+			uint64_t raw;
+		} outb;
+		struct {
+			uint32_t rdidx; /* read index */
+			uint32_t wridx; /* write index */
+			struct replay_sqn *rsn[REPLAY_SQN_NUM];
+		} inb;
 	} sqn;
 
 } __rte_cache_aligned;
 
+int
+ipsec_sa_pkt_func_select(const struct rte_ipsec_session *ss,
+	const struct rte_ipsec_sa *sa, struct rte_ipsec_sa_pkt_func *pf);
+
 #endif /* _SA_H_ */