Scroll to navigation

rte_security_capability(3) DPDK rte_security_capability(3)

NAME

rte_security_capability

SYNOPSIS

#include <rte_security.h>

Data Fields


enum rte_security_session_action_type action
enum rte_security_session_protocol protocol
const struct rte_cryptodev_capabilities * crypto_capabilities
uint32_t ol_flags
enum rte_security_ipsec_sa_protocol proto
enum rte_security_ipsec_sa_mode mode
enum rte_security_ipsec_sa_direction direction
struct rte_security_ipsec_sa_options options
uint32_t replay_win_sz_max
struct {
enum rte_security_ipsec_sa_protocol proto
enum rte_security_ipsec_sa_mode mode
enum rte_security_ipsec_sa_direction direction
struct rte_security_ipsec_sa_options options
uint32_t replay_win_sz_max
} ipsec
uint16_t mtu
enum rte_security_macsec_alg alg
uint16_t max_nb_sc
uint16_t max_nb_sa
uint16_t max_nb_sess
uint32_t replay_win_sz
uint16_t relative_sectag_insert: 1
uint16_t fixed_sectag_insert: 1
uint16_t icv_include_da_sa: 1
uint16_t ctrl_port_enable: 1
uint16_t preserve_sectag: 1
uint16_t preserve_icv: 1
uint16_t validate_frames: 1
uint16_t re_key: 1
uint16_t anti_replay: 1
uint16_t reserved: 7
struct {
uint16_t mtu
enum rte_security_macsec_alg alg
uint16_t max_nb_sc
uint16_t max_nb_sa
uint16_t max_nb_sess
uint32_t replay_win_sz
uint16_t relative_sectag_insert: 1
uint16_t fixed_sectag_insert: 1
uint16_t icv_include_da_sa: 1
uint16_t ctrl_port_enable: 1
uint16_t preserve_sectag: 1
uint16_t preserve_icv: 1
uint16_t validate_frames: 1
uint16_t re_key: 1
uint16_t anti_replay: 1
uint16_t reserved: 7
} macsec
enum rte_security_pdcp_domain domain
uint32_t capa_flags
struct {
enum rte_security_pdcp_domain domain
uint32_t capa_flags
} pdcp
enum rte_security_docsis_direction direction
struct {
enum rte_security_docsis_direction direction
} docsis
enum rte_security_tls_version ver
enum rte_security_tls_sess_type type
uint32_t ar_win_size
struct {
enum rte_security_tls_version ver
enum rte_security_tls_sess_type type
uint32_t ar_win_size
} tls_record

Detailed Description

Security capability definition

Definition at line 1247 of file rte_security.h.

Field Documentation

enum rte_security_session_action_type action

Security action type

Definition at line 1179 of file rte_security.h.

enum rte_security_session_protocol protocol

Security protocol

Definition at line 1179 of file rte_security.h.

enum rte_security_ipsec_sa_protocol proto

IPsec SA protocol

Definition at line 1331 of file rte_security.h.

enum rte_security_ipsec_sa_mode mode

IPsec SA mode

Definition at line 1331 of file rte_security.h.

enum rte_security_ipsec_sa_direction direction

IPsec SA direction

Definition at line 1331 of file rte_security.h.

struct rte_security_ipsec_sa_options options

IPsec SA supported options

Definition at line 1331 of file rte_security.h.

uint32_t replay_win_sz_max

IPsec Anti Replay Window Size. A '0' value indicates that Anti Replay is not supported.

Definition at line 1262 of file rte_security.h.

struct { ... } ipsec

IPsec capability

uint16_t mtu

MTU supported for inline TX

Definition at line 1270 of file rte_security.h.

enum rte_security_macsec_alg alg

MACsec algorithm to be used

Definition at line 1270 of file rte_security.h.

uint16_t max_nb_sc

Maximum number of secure channels supported

Definition at line 1274 of file rte_security.h.

uint16_t max_nb_sa

Maximum number of SAs supported

Definition at line 1276 of file rte_security.h.

uint16_t max_nb_sess

Maximum number of SAs supported

Definition at line 1278 of file rte_security.h.

uint32_t replay_win_sz

MACsec anti replay window size

Definition at line 1280 of file rte_security.h.

uint16_t relative_sectag_insert

Support Sectag insertion at relative offset

Definition at line 1282 of file rte_security.h.

uint16_t fixed_sectag_insert

Support Sectag insertion at fixed offset

Definition at line 1284 of file rte_security.h.

uint16_t icv_include_da_sa

ICV includes source and destination MAC addresses

Definition at line 1286 of file rte_security.h.

uint16_t ctrl_port_enable

Control port traffic is supported

Definition at line 1288 of file rte_security.h.

uint16_t preserve_sectag

Do not strip SecTAG after processing

Definition at line 1290 of file rte_security.h.

uint16_t preserve_icv

Do not strip ICV from the packet after processing

Definition at line 1292 of file rte_security.h.

uint16_t validate_frames

Support frame validation as per RTE_SECURITY_MACSEC_VALIDATE_*

Definition at line 1294 of file rte_security.h.

uint16_t re_key

support re-keying on SA expiry

Definition at line 1296 of file rte_security.h.

uint16_t anti_replay

support anti replay

Definition at line 1298 of file rte_security.h.

uint16_t reserved

Reserved bitfields for future capabilities

Definition at line 1300 of file rte_security.h.

struct { ... } macsec

MACsec capability

enum rte_security_pdcp_domain domain

PDCP mode of operation: Control or data

Definition at line 1300 of file rte_security.h.

uint32_t capa_flags

Capability flags, see RTE_SECURITY_PDCP_*

Definition at line 1306 of file rte_security.h.

struct { ... } pdcp

PDCP capability

enum rte_security_docsis_direction direction

DOCSIS direction

Definition at line 1306 of file rte_security.h.

struct { ... } docsis

DOCSIS capability

enum rte_security_tls_version ver

TLS record version.

Definition at line 1306 of file rte_security.h.

enum rte_security_tls_sess_type type

TLS record session type.

Definition at line 1306 of file rte_security.h.

uint32_t ar_win_size

Maximum anti replay window size supported for DTLS 1.2 record read operation. Value of 0 means anti replay check is not supported.

Definition at line 1320 of file rte_security.h.

struct { ... } tls_record

TLS record capability

const struct rte_cryptodev_capabilities* crypto_capabilities

Corresponding crypto capabilities for security capability

Definition at line 1328 of file rte_security.h.

uint32_t ol_flags

Device offload flags

Definition at line 1331 of file rte_security.h.

Author

Generated automatically by Doxygen for DPDK from the source code.

Fri Dec 15 2023 Version 23.11.0