2. EL 8
  3. dpdk-devel
  4. rte_ipsec_sa_init(3)

Scroll to navigation

rte_ipsec_sa.h(3) DPDK rte_ipsec_sa.h(3)

NAME

rte_ipsec_sa.h

SYNOPSIS

#include <rte_common.h>
#include <rte_cryptodev.h>
#include <rte_security.h>

Data Structures


struct rte_ipsec_sa_prm

Macros


#define RTE_IPSEC_SAFLAG_SQN_ATOM (1ULL << 0)

Enumerations


enum

Functions


uint64_t rte_ipsec_sa_type (const struct rte_ipsec_sa *sa)
int rte_ipsec_sa_size (const struct rte_ipsec_sa_prm *prm)
int rte_ipsec_sa_init (struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm, uint32_t size)
void rte_ipsec_sa_fini (struct rte_ipsec_sa *sa)

Detailed Description

Defines API to manage IPsec Security Association (SA) objects.

Definition in file rte_ipsec_sa.h.

Macro Definition Documentation

#define RTE_IPSEC_SAFLAG_SQN_ATOM (1ULL << 0)

Indicates that SA will(/will not) need an 'atomic' access to sequence number and replay window. 'atomic' here means: functions:

  • rte_ipsec_pkt_crypto_prepare
  • rte_ipsec_pkt_process can be safely used in MT environment, as long as the user can guarantee that they obey multiple readers/single writer model for SQN+replay_window operations. To be more specific: for outbound SA there are no restrictions. for inbound SA the caller has to guarantee that at any given moment only one thread is executing rte_ipsec_pkt_process() for given SA. Note that it is caller responsibility to maintain correct order of packets to be processed. In other words - it is a caller responsibility to serialize process() invocations.

Definition at line 70 of file rte_ipsec_sa.h.

Enumeration Type Documentation

anonymous enum

SA type is an 64-bit value that contain the following information:

  • IP version (IPv4/IPv6)
  • IPsec proto (ESP/AH)
  • inbound/outbound
  • mode (TRANSPORT/TUNNEL)
  • for TUNNEL outer IP version (IPv4/IPv6)
  • are SA SQN operations 'atomic'
  • ESN enabled/disabled
  • NAT-T UDP encapsulated (TUNNEL mode only) ...

Definition at line 85 of file rte_ipsec_sa.h.

Function Documentation

uint64_t rte_ipsec_sa_type (const struct rte_ipsec_sa * sa)

get type of given SA

Returns:

SA type value.

int rte_ipsec_sa_size (const struct rte_ipsec_sa_prm * prm)

Calculate required SA size based on provided input parameters.

Parameters:

prm Parameters that will be used to initialise SA object.

Returns:

  • Actual size required for SA with given parameters.
  • -EINVAL if the parameters are invalid.

int rte_ipsec_sa_init (struct rte_ipsec_sa * sa, const struct rte_ipsec_sa_prm * prm, uint32_t size)

initialise SA based on provided input parameters.

Parameters:

sa SA object to initialise.
prm Parameters used to initialise given SA object.
size size of the provided buffer for SA.

Returns:

  • Actual size of SA object if operation completed successfully.
  • -EINVAL if the parameters are invalid.
  • -ENOSPC if the size of the provided buffer is not big enough.

void rte_ipsec_sa_fini (struct rte_ipsec_sa * sa)

cleanup SA

Parameters:

sa Pointer to SA object to de-initialize.

Author

Generated automatically by Doxygen for DPDK from the source code.

Thu May 23 2024 Version 23.11.0