X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=lib%2Fsecurity%2Frte_security.h;h=675db940eb550bec7f6fb1502a8333e828350a03;hb=670692191a938fb8aaa887aa268437aacc51de7d;hp=7eb9f109ae4d3df6b8c54bfe17f60f335f9acc24;hpb=03ab51eafda992874a48c392ca66ffb577fe2b71;p=dpdk.git

diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 7eb9f109ae..675db940eb 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -23,10 +23,7 @@ extern "C" {
 #include <rte_common.h>
 #include <rte_crypto.h>
 #include <rte_ip.h>
-#include <rte_mbuf.h>
 #include <rte_mbuf_dyn.h>
-#include <rte_memory.h>
-#include <rte_mempool.h>
 
 /** IPSec protocol mode */
 enum rte_security_ipsec_sa_mode {
@@ -128,6 +125,11 @@ struct rte_security_ipsec_tunnel_param {
 	};
 };
 
+struct rte_security_ipsec_udp_param {
+	uint16_t sport;
+	uint16_t dport;
+};
+
 /**
  * IPsec Security Association option flags
  */
@@ -236,10 +238,10 @@ struct rte_security_ipsec_sa_options {
 	 * * 0: Inner packet IP header checksum is not computed/verified.
 	 *
 	 * The checksum verification status would be set in mbuf using
-	 * PKT_RX_IP_CKSUM_xxx flags.
+	 * RTE_MBUF_F_RX_IP_CKSUM_xxx flags.
 	 *
 	 * Inner IP checksum computation can also be enabled(per operation)
-	 * by setting the flag PKT_TX_IP_CKSUM in mbuf.
+	 * by setting the flag RTE_MBUF_F_TX_IP_CKSUM in mbuf.
 	 */
 	uint32_t ip_csum_enable : 1;
 
@@ -251,13 +253,35 @@ struct rte_security_ipsec_sa_options {
 	 * * 0: Inner packet L4 checksum is not computed/verified.
 	 *
 	 * The checksum verification status would be set in mbuf using
-	 * PKT_RX_L4_CKSUM_xxx flags.
+	 * RTE_MBUF_F_RX_L4_CKSUM_xxx flags.
 	 *
 	 * Inner L4 checksum computation can also be enabled(per operation)
-	 * by setting the flags PKT_TX_TCP_CKSUM or PKT_TX_SCTP_CKSUM or
-	 * PKT_TX_UDP_CKSUM or PKT_TX_L4_MASK in mbuf.
+	 * by setting the flags RTE_MBUF_F_TX_TCP_CKSUM or RTE_MBUF_F_TX_SCTP_CKSUM or
+	 * RTE_MBUF_F_TX_UDP_CKSUM or RTE_MBUF_F_TX_L4_MASK in mbuf.
 	 */
 	uint32_t l4_csum_enable : 1;
+
+	/** Enable IP reassembly on inline inbound packets.
+	 *
+	 * * 1: Enable driver to try reassembly of encrypted IP packets for
+	 *      this SA, if supported by the driver. This feature will work
+	 *      only if user has successfully set IP reassembly config params
+	 *      using rte_eth_ip_reassembly_conf_set() for the inline Ethernet
+	 *      device. PMD need to register mbuf dynamic fields using
+	 *      rte_eth_ip_reassembly_dynfield_register() and security session
+	 *      creation would fail if dynfield is not registered successfully.
+	 * * 0: Disable IP reassembly of packets (default).
+	 */
+	uint32_t ip_reassembly_en : 1;
+
+	/** Reserved bit fields for future extension
+	 *
+	 * User should ensure reserved_opts is cleared as it may change in
+	 * subsequent releases to support new options.
+	 *
+	 * Note: Reduce number of bits in reserved_opts for every new option.
+	 */
+	uint32_t reserved_opts : 17;
 };
 
 /** IPSec security association direction */
@@ -287,9 +311,9 @@ struct rte_security_ipsec_lifetime {
 	uint64_t bytes_soft_limit;
 	/**< Soft expiry limit in bytes */
 	uint64_t packets_hard_limit;
-	/**< Soft expiry limit in number of packets */
+	/**< Hard expiry limit in number of packets */
 	uint64_t bytes_hard_limit;
-	/**< Soft expiry limit in bytes */
+	/**< Hard expiry limit in bytes */
 };
 
 /**
@@ -318,6 +342,16 @@ struct rte_security_ipsec_xform {
 	/**< Anti replay window size to enable sequence replay attack handling.
 	 * replay checking is disabled if the window size is 0.
 	 */
+	union {
+		uint64_t value;
+		struct {
+			uint32_t low;
+			uint32_t hi;
+		};
+	} esn;
+	/**< Extended Sequence Number */
+	struct rte_security_ipsec_udp_param udp;
+	/**< UDP parameters, ignored when udp_encap option not specified */
 };
 
 /**