--- /dev/null
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2019 Intel Corporation
+ */
+
+#include <rte_errno.h>
+
+#include "rte_ipsec_sad.h"
+
+int
+rte_ipsec_sad_add(__rte_unused struct rte_ipsec_sad *sad,
+ __rte_unused const union rte_ipsec_sad_key *key,
+ __rte_unused int key_type, __rte_unused void *sa)
+{
+ return -ENOTSUP;
+}
+
+int
+rte_ipsec_sad_del(__rte_unused struct rte_ipsec_sad *sad,
+ __rte_unused const union rte_ipsec_sad_key *key,
+ __rte_unused int key_type)
+{
+ return -ENOTSUP;
+}
+
+struct rte_ipsec_sad *
+rte_ipsec_sad_create(__rte_unused const char *name,
+ __rte_unused const struct rte_ipsec_sad_conf *conf)
+{
+ return NULL;
+}
+
+struct rte_ipsec_sad *
+rte_ipsec_sad_find_existing(__rte_unused const char *name)
+{
+ return NULL;
+}
+
+void
+rte_ipsec_sad_destroy(__rte_unused struct rte_ipsec_sad *sad)
+{
+ return;
+}
+
+int
+rte_ipsec_sad_lookup(__rte_unused const struct rte_ipsec_sad *sad,
+ __rte_unused const union rte_ipsec_sad_key *keys[],
+ __rte_unused void *sa[], __rte_unused uint32_t n)
+{
+ return -ENOTSUP;
+}
--- /dev/null
+
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2019 Intel Corporation
+ */
+
+#ifndef _RTE_IPSEC_SAD_H_
+#define _RTE_IPSEC_SAD_H_
+
+#include <rte_compat.h>
+
+/**
+ * @file rte_ipsec_sad.h
+ * @b EXPERIMENTAL: this API may change without prior notice
+ *
+ * RTE IPsec security association database (SAD) support.
+ * Contains helper functions to lookup and maintain SAD
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct rte_ipsec_sad;
+
+/** Type of key */
+enum {
+ RTE_IPSEC_SAD_SPI_ONLY = 0,
+ RTE_IPSEC_SAD_SPI_DIP,
+ RTE_IPSEC_SAD_SPI_DIP_SIP,
+ RTE_IPSEC_SAD_KEY_TYPE_MASK,
+};
+
+struct rte_ipsec_sadv4_key {
+ uint32_t spi;
+ uint32_t dip;
+ uint32_t sip;
+};
+
+struct rte_ipsec_sadv6_key {
+ uint32_t spi;
+ uint8_t dip[16];
+ uint8_t sip[16];
+};
+
+union rte_ipsec_sad_key {
+ struct rte_ipsec_sadv4_key v4;
+ struct rte_ipsec_sadv6_key v6;
+};
+
+/** Flag to create SAD with ipv6 dip and sip addresses */
+#define RTE_IPSEC_SAD_FLAG_IPV6 0x1
+/** Flag to support reader writer concurrency */
+#define RTE_IPSEC_SAD_FLAG_RW_CONCURRENCY 0x2
+
+/** IPsec SAD configuration structure */
+struct rte_ipsec_sad_conf {
+ /** CPU socket ID where rte_ipsec_sad should be allocated */
+ int socket_id;
+ /** maximum number of SA for each type of key */
+ uint32_t max_sa[RTE_IPSEC_SAD_KEY_TYPE_MASK];
+ /** RTE_IPSEC_SAD_FLAG_* flags */
+ uint32_t flags;
+};
+
+/**
+ * Add a rule into the SAD. Could be safely called with concurrent lookups
+ * if RTE_IPSEC_SAD_FLAG_RW_CONCURRENCY flag was configured on creation time.
+ * While with this flag multi-reader - one-writer model Is MT safe,
+ * multi-writer model is not and required extra synchronisation.
+ *
+ * @param sad
+ * SAD object handle
+ * @param key
+ * pointer to the key
+ * @param key_type
+ * key type (spi only/spi+dip/spi+dip+sip)
+ * @param sa
+ * Pointer associated with the key to save in a SAD
+ * Must be 4 bytes aligned.
+ * @return
+ * 0 on success, negative value otherwise
+ */
+__rte_experimental
+int
+rte_ipsec_sad_add(struct rte_ipsec_sad *sad,
+ const union rte_ipsec_sad_key *key,
+ int key_type, void *sa);
+
+/**
+ * Delete a rule from the SAD. Could be safely called with concurrent lookups
+ * if RTE_IPSEC_SAD_FLAG_RW_CONCURRENCY flag was configured on creation time.
+ * While with this flag multi-reader - one-writer model Is MT safe,
+ * multi-writer model is not and required extra synchronisation.
+ *
+ * @param sad
+ * SAD object handle
+ * @param key
+ * pointer to the key
+ * @param key_type
+ * key type (spi only/spi+dip/spi+dip+sip)
+ * @return
+ * 0 on success, negative value otherwise
+ */
+__rte_experimental
+int
+rte_ipsec_sad_del(struct rte_ipsec_sad *sad,
+ const union rte_ipsec_sad_key *key,
+ int key_type);
+/*
+ * Create SAD
+ *
+ * @param name
+ * SAD name
+ * @param conf
+ * Structure containing the configuration
+ * @return
+ * Handle to SAD object on success
+ * NULL otherwise with rte_errno set to an appropriate values.
+ */
+__rte_experimental
+struct rte_ipsec_sad *
+rte_ipsec_sad_create(const char *name, const struct rte_ipsec_sad_conf *conf);
+
+/**
+ * Find an existing SAD object and return a pointer to it.
+ *
+ * @param name
+ * Name of the SAD object as passed to rte_ipsec_sad_create()
+ * @return
+ * Pointer to sad object or NULL if object not found with rte_errno
+ * set appropriately. Possible rte_errno values include:
+ * - ENOENT - required entry not available to return.
+ */
+__rte_experimental
+struct rte_ipsec_sad *
+rte_ipsec_sad_find_existing(const char *name);
+
+/**
+ * Destroy SAD object.
+ *
+ * @param sad
+ * pointer to the SAD object
+ * @return
+ * None
+ */
+__rte_experimental
+void
+rte_ipsec_sad_destroy(struct rte_ipsec_sad *sad);
+
+/**
+ * Lookup multiple keys in the SAD.
+ *
+ * @param sad
+ * SAD object handle
+ * @param keys
+ * Array of keys to be looked up in the SAD
+ * @param sa
+ * Pointer assocoated with the keys.
+ * If the lookup for the given key failed, then corresponding sa
+ * will be NULL
+ * @param n
+ * Number of elements in keys array to lookup.
+ * @return
+ * -EINVAL for incorrect arguments, otherwise number of successful lookups.
+ */
+__rte_experimental
+int
+rte_ipsec_sad_lookup(const struct rte_ipsec_sad *sad,
+ const union rte_ipsec_sad_key *keys[],
+ void *sa[], uint32_t n);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _RTE_IPSEC_SAD_H_ */
git.droids-corp.org / dpdk.git / commitdiff