Scroll to navigation

rte_ipsec.h(3) DPDK rte_ipsec.h(3)

NAME

rte_ipsec.h

SYNOPSIS

#include <rte_ipsec_sa.h>
#include <rte_mbuf.h>
#include <rte_ipsec_group.h>

Data Structures


struct rte_ipsec_sa_pkt_func
struct rte_ipsec_session

Functions


int rte_ipsec_session_prepare (struct rte_ipsec_session *ss)
static uint16_t rte_ipsec_pkt_crypto_prepare (const struct rte_ipsec_session *ss, struct rte_mbuf *mb[], struct rte_crypto_op *cop[], uint16_t num)
static uint16_t rte_ipsec_pkt_process (const struct rte_ipsec_session *ss, struct rte_mbuf *mb[], uint16_t num)
int rte_ipsec_telemetry_sa_add (const struct rte_ipsec_sa *sa)
void rte_ipsec_telemetry_sa_del (const struct rte_ipsec_sa *sa)

Detailed Description

RTE IPsec support.

librte_ipsec provides a framework for data-path IPsec protocol processing (ESP/AH).

Definition in file rte_ipsec.h.

Function Documentation

int rte_ipsec_session_prepare (struct rte_ipsec_session * ss)

Checks that inside given rte_ipsec_session crypto/security fields are filled correctly and setups function pointers based on these values. Expects that all fields except IPsec processing function pointers (pkt_func) will be filled correctly by caller.

Parameters:

ss Pointer to the rte_ipsec_session object

Returns:

  • Zero if operation completed successfully.
  • -EINVAL if the parameters are invalid.

static uint16_t rte_ipsec_pkt_crypto_prepare (const struct rte_ipsec_session * ss, struct rte_mbuf * mb[], struct rte_crypto_op * cop[], uint16_t num) [inline], [static]

For input mbufs and given IPsec session prepare crypto ops that can be enqueued into the cryptodev associated with given session. expects that for each input packet:

l2_len, l3_len are setup correctly Note that erroneous mbufs are not freed by the function, but are placed beyond last valid mbuf in the mb array. It is a user responsibility to handle them further.

Parameters:

ss Pointer to the rte_ipsec_session object the packets belong to.
mb The address of an array of num pointers to rte_mbuf structures which contain the input packets.
cop The address of an array of num pointers to the output rte_crypto_op structures.
num The maximum number of packets to process.

Returns:

Number of successfully processed packets, with error code set in rte_errno.

Definition at line 118 of file rte_ipsec.h.

static uint16_t rte_ipsec_pkt_process (const struct rte_ipsec_session * ss, struct rte_mbuf * mb[], uint16_t num) [inline], [static]

Finalise processing of packets after crypto-dev finished with them or process packets that are subjects to inline IPsec offload. Expects that for each input packet:

l2_len, l3_len are setup correctly Output mbufs will be: inbound - decrypted & authenticated, ESP(AH) related headers removed, l2_len and l3_len fields are updated. outbound - appropriate mbuf fields (ol_flags, tx_offloads, etc.) properly setup, if necessary - IP headers updated, ESP(AH) fields added, Note that erroneous mbufs are not freed by the function, but are placed beyond last valid mbuf in the mb array. It is a user responsibility to handle them further.

Parameters:

ss Pointer to the rte_ipsec_session object the packets belong to.
mb The address of an array of num pointers to rte_mbuf structures which contain the input packets.
num The maximum number of packets to process.

Returns:

Number of successfully processed packets, with error code set in rte_errno.

Definition at line 155 of file rte_ipsec.h.

int rte_ipsec_telemetry_sa_add (const struct rte_ipsec_sa * sa)

Enable per SA telemetry for a specific SA. Note that this function is not thread safe

Parameters:

sa Pointer to the rte_ipsec_sa object that will have telemetry enabled.

Returns:

0 on success, negative value otherwise.

void rte_ipsec_telemetry_sa_del (const struct rte_ipsec_sa * sa)

Disable per SA telemetry for a specific SA. Note that this function is not thread safe

Parameters:

sa Pointer to the rte_ipsec_sa object that will have telemetry disabled.

Author

Generated automatically by Doxygen for DPDK from the source code.

Thu May 23 2024 Version 23.11.0