Scroll to navigation

rte_ipsec_sa.h(3) DPDK rte_ipsec_sa.h(3)

NAME

rte_ipsec_sa.h

SYNOPSIS

#include <rte_common.h>
#include <rte_cryptodev.h>
#include <rte_security.h>

Data Structures


struct rte_ipsec_sa_prm

Macros


#define RTE_IPSEC_SAFLAG_SQN_ATOM (1ULL << 0)

Enumerations


enum

Functions


uint64_t rte_ipsec_sa_type (const struct rte_ipsec_sa *sa)
int rte_ipsec_sa_size (const struct rte_ipsec_sa_prm *prm)
int rte_ipsec_sa_init (struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm, uint32_t size)
void rte_ipsec_sa_fini (struct rte_ipsec_sa *sa)

Detailed Description

Defines API to manage IPsec Security Association (SA) objects.

Definition in file rte_ipsec_sa.h.

Macro Definition Documentation

#define RTE_IPSEC_SAFLAG_SQN_ATOM (1ULL << 0)

Indicates that SA will(/will not) need an 'atomic' access to sequence number and replay window. 'atomic' here means: functions:

  • rte_ipsec_pkt_crypto_prepare
  • rte_ipsec_pkt_process can be safely used in MT environment, as long as the user can guarantee that they obey multiple readers/single writer model for SQN+replay_window operations. To be more specific: for outbound SA there are no restrictions. for inbound SA the caller has to guarantee that at any given moment only one thread is executing rte_ipsec_pkt_process() for given SA. Note that it is caller responsibility to maintain correct order of packets to be processed. In other words - it is a caller responsibility to serialize process() invocations.

Definition at line 70 of file rte_ipsec_sa.h.

Enumeration Type Documentation

anonymous enum

SA type is an 64-bit value that contain the following information:

  • IP version (IPv4/IPv6)
  • IPsec proto (ESP/AH)
  • inbound/outbound
  • mode (TRANSPORT/TUNNEL)
  • for TUNNEL outer IP version (IPv4/IPv6)
  • are SA SQN operations 'atomic'
  • ESN enabled/disabled
  • NAT-T UDP encapsulated (TUNNEL mode only) ...

Definition at line 85 of file rte_ipsec_sa.h.

Function Documentation

uint64_t rte_ipsec_sa_type (const struct rte_ipsec_sa * sa)

get type of given SA

Returns

SA type value.

int rte_ipsec_sa_size (const struct rte_ipsec_sa_prm * prm)

Calculate required SA size based on provided input parameters.

Parameters

prm Parameters that will be used to initialise SA object.

Returns

  • Actual size required for SA with given parameters.
  • -EINVAL if the parameters are invalid.

int rte_ipsec_sa_init (struct rte_ipsec_sa * sa, const struct rte_ipsec_sa_prm * prm, uint32_t size)

initialise SA based on provided input parameters.

Parameters

sa SA object to initialise.
prm Parameters used to initialise given SA object.
size size of the provided buffer for SA.

Returns

  • Actual size of SA object if operation completed successfully.
  • -EINVAL if the parameters are invalid.
  • -ENOSPC if the size of the provided buffer is not big enough.

void rte_ipsec_sa_fini (struct rte_ipsec_sa * sa)

cleanup SA

Parameters

sa Pointer to SA object to de-initialize.

Author

Generated automatically by Doxygen for DPDK from the source code.

Fri Dec 15 2023 Version 23.11.0