DPDK 22.11.6
|
#include <sys/types.h>
#include <rte_compat.h>
#include <rte_common.h>
#include <rte_crypto.h>
#include <rte_ip.h>
#include <rte_mbuf_dyn.h>
Go to the source code of this file.
Data Structures | |
struct | rte_security_ctx |
struct | rte_security_ipsec_tunnel_param |
struct | rte_security_ipsec_sa_options |
struct | rte_security_ipsec_lifetime |
struct | rte_security_ipsec_xform |
struct | rte_security_macsec_sa |
struct | rte_security_macsec_sc |
struct | rte_security_macsec_xform |
struct | rte_security_pdcp_xform |
struct | rte_security_docsis_xform |
struct | rte_security_session_conf |
struct | rte_security_capability |
struct | rte_security_capability_idx |
Macros | |
#define | RTE_SECURITY_IPSEC_TUNNEL_VERIFY_DST_ADDR 0x1 |
#define | RTE_SEC_CTX_F_FAST_SET_MDATA 0x00000001 |
#define | RTE_SECURITY_MACSEC_NUM_AN 4 |
#define | RTE_SECURITY_MACSEC_SALT_LEN 12 |
#define | RTE_SECURITY_MACSEC_VALIDATE_DISABLE 0 |
#define | RTE_SECURITY_MACSEC_VALIDATE_NO_DISCARD 1 |
#define | RTE_SECURITY_MACSEC_VALIDATE_STRICT 2 |
#define | RTE_SECURITY_MACSEC_VALIDATE_NO_OP 3 |
#define | RTE_SECURITY_PDCP_ORDERING_CAP 0x00000001 |
#define | RTE_SECURITY_PDCP_DUP_DETECT_CAP 0x00000002 |
#define | RTE_SECURITY_TX_OLOAD_NEED_MDATA 0x00000001 |
#define | RTE_SECURITY_TX_HW_TRAILER_OFFLOAD 0x00000002 |
#define | RTE_SECURITY_RX_HW_TRAILER_OFFLOAD 0x00010000 |
Typedefs | |
typedef uint64_t | rte_security_dynfield_t |
Functions | |
void * | rte_security_session_create (struct rte_security_ctx *instance, struct rte_security_session_conf *conf, struct rte_mempool *mp) |
__rte_experimental int | rte_security_session_update (struct rte_security_ctx *instance, void *sess, struct rte_security_session_conf *conf) |
unsigned int | rte_security_session_get_size (struct rte_security_ctx *instance) |
int | rte_security_session_destroy (struct rte_security_ctx *instance, void *sess) |
__rte_experimental int | rte_security_macsec_sc_create (struct rte_security_ctx *instance, struct rte_security_macsec_sc *conf) |
__rte_experimental int | rte_security_macsec_sc_destroy (struct rte_security_ctx *instance, uint16_t sc_id) |
__rte_experimental int | rte_security_macsec_sa_create (struct rte_security_ctx *instance, struct rte_security_macsec_sa *conf) |
__rte_experimental int | rte_security_macsec_sa_destroy (struct rte_security_ctx *instance, uint16_t sa_id) |
static __rte_experimental rte_security_dynfield_t * | rte_security_dynfield (struct rte_mbuf *mbuf) |
static __rte_experimental bool | rte_security_dynfield_is_registered (void) |
static uint64_t | rte_security_session_opaque_data_get (void *sess) |
static void | rte_security_session_opaque_data_set (void *sess, uint64_t opaque) |
static uint64_t | rte_security_session_fast_mdata_get (void *sess) |
static void | rte_security_session_fast_mdata_set (void *sess, uint64_t fdata) |
__rte_experimental int | __rte_security_set_pkt_metadata (struct rte_security_ctx *instance, void *sess, struct rte_mbuf *m, void *params) |
static int | rte_security_set_pkt_metadata (struct rte_security_ctx *instance, void *sess, struct rte_mbuf *mb, void *params) |
static int | __rte_security_attach_session (struct rte_crypto_sym_op *sym_op, void *sess) |
static int | rte_security_attach_session (struct rte_crypto_op *op, void *sess) |
__rte_experimental int | rte_security_session_stats_get (struct rte_security_ctx *instance, void *sess, struct rte_security_stats *stats) |
__rte_experimental int | rte_security_macsec_sa_stats_get (struct rte_security_ctx *instance, uint16_t sa_id, struct rte_security_macsec_sa_stats *stats) |
__rte_experimental int | rte_security_macsec_sc_stats_get (struct rte_security_ctx *instance, uint16_t sc_id, struct rte_security_macsec_sc_stats *stats) |
const struct rte_security_capability * | rte_security_capabilities_get (struct rte_security_ctx *instance) |
const struct rte_security_capability * | rte_security_capability_get (struct rte_security_ctx *instance, struct rte_security_capability_idx *idx) |
Variables | |
int | rte_security_dynfield_offset |
RTE Security Common Definitions
Definition in file rte_security.h.
#define RTE_SECURITY_IPSEC_TUNNEL_VERIFY_DST_ADDR 0x1 |
IPSEC tunnel header verification mode
Controls how outer IP header is verified in inbound.
Definition at line 57 of file rte_security.h.
#define RTE_SEC_CTX_F_FAST_SET_MDATA 0x00000001 |
Driver uses fast metadata update without using driver specific callback. For fast mdata, mbuf dynamic field would be registered by driver via rte_security_dynfield_register().
Definition at line 88 of file rte_security.h.
#define RTE_SECURITY_MACSEC_NUM_AN 4 |
Maximum number of association numbers for a secure channel.
Definition at line 369 of file rte_security.h.
#define RTE_SECURITY_MACSEC_SALT_LEN 12 |
Salt length for MACsec SA.
Definition at line 371 of file rte_security.h.
#define RTE_SECURITY_MACSEC_VALIDATE_DISABLE 0 |
Disable Validation of MACsec frame.
Definition at line 436 of file rte_security.h.
#define RTE_SECURITY_MACSEC_VALIDATE_NO_DISCARD 1 |
Validate MACsec frame but do not discard invalid frame.
Definition at line 438 of file rte_security.h.
#define RTE_SECURITY_MACSEC_VALIDATE_STRICT 2 |
Validate MACsec frame and discart invalid frame.
Definition at line 440 of file rte_security.h.
#define RTE_SECURITY_MACSEC_VALIDATE_NO_OP 3 |
Do not perform any MACsec operation.
Definition at line 442 of file rte_security.h.
#define RTE_SECURITY_PDCP_ORDERING_CAP 0x00000001 |
Underlying Hardware/driver which support PDCP may or may not support packet ordering. Set RTE_SECURITY_PDCP_ORDERING_CAP if it support. If it is not set, driver/HW assumes packets received are in order and it will be application's responsibility to maintain ordering.
Definition at line 1202 of file rte_security.h.
#define RTE_SECURITY_PDCP_DUP_DETECT_CAP 0x00000002 |
Underlying Hardware/driver which support PDCP may or may not detect duplicate packet. Set RTE_SECURITY_PDCP_DUP_DETECT_CAP if it support. If it is not set, driver/HW assumes there is no duplicate packet received.
Definition at line 1208 of file rte_security.h.
#define RTE_SECURITY_TX_OLOAD_NEED_MDATA 0x00000001 |
HW needs metadata update, see rte_security_set_pkt_metadata().
Definition at line 1212 of file rte_security.h.
#define RTE_SECURITY_TX_HW_TRAILER_OFFLOAD 0x00000002 |
HW constructs trailer of packets Transmitted packets will have the trailer added to them by hardware. The next protocol field will be based on the mbuf->inner_esp_next_proto field.
Definition at line 1219 of file rte_security.h.
#define RTE_SECURITY_RX_HW_TRAILER_OFFLOAD 0x00010000 |
HW removes trailer of packets Received packets have no trailer, the next protocol field is supplied in the mbuf->inner_esp_next_proto field. Inner packet is not modified.
Definition at line 1225 of file rte_security.h.
typedef uint64_t rte_security_dynfield_t |
Device-specific metadata field type
Definition at line 817 of file rte_security.h.
IPSec protocol mode
Enumerator | |
---|---|
RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT | IPSec Transport mode |
RTE_SECURITY_IPSEC_SA_MODE_TUNNEL | IPSec Tunnel mode |
Definition at line 29 of file rte_security.h.
IPSec Protocol
Enumerator | |
---|---|
RTE_SECURITY_IPSEC_SA_PROTO_AH | AH protocol |
RTE_SECURITY_IPSEC_SA_PROTO_ESP | ESP protocol |
Definition at line 37 of file rte_security.h.
IPSEC tunnel type
Enumerator | |
---|---|
RTE_SECURITY_IPSEC_TUNNEL_IPV4 | Outer header is IPv4 |
RTE_SECURITY_IPSEC_TUNNEL_IPV6 | Outer header is IPv6 |
Definition at line 45 of file rte_security.h.
IPSec security association direction
Enumerator | |
---|---|
RTE_SECURITY_IPSEC_SA_DIR_EGRESS | Encrypt and generate digest |
RTE_SECURITY_IPSEC_SA_DIR_INGRESS | Verify digest and decrypt |
Definition at line 289 of file rte_security.h.
MACSec packet flow direction
Enumerator | |
---|---|
RTE_SECURITY_MACSEC_DIR_TX | Generate SecTag and encrypt/authenticate |
RTE_SECURITY_MACSEC_DIR_RX | Remove SecTag and decrypt/verify |
Definition at line 361 of file rte_security.h.
MACsec Supported Algorithm list as per IEEE Std 802.1AE.
Definition at line 428 of file rte_security.h.
PDCP Mode of session
Enumerator | |
---|---|
RTE_SECURITY_PDCP_MODE_CONTROL | PDCP control plane |
RTE_SECURITY_PDCP_MODE_DATA | PDCP data plane |
RTE_SECURITY_PDCP_MODE_SHORT_MAC | PDCP short mac |
Definition at line 523 of file rte_security.h.
PDCP Frame direction
Enumerator | |
---|---|
RTE_SECURITY_PDCP_UPLINK | Uplink |
RTE_SECURITY_PDCP_DOWNLINK | Downlink |
Definition at line 530 of file rte_security.h.
PDCP Sequence Number Size selectors
Definition at line 536 of file rte_security.h.
DOCSIS direction
Enumerator | |
---|---|
RTE_SECURITY_DOCSIS_UPLINK | Uplink
|
RTE_SECURITY_DOCSIS_DOWNLINK | Downlink
|
Definition at line 597 of file rte_security.h.
Security session action type.
Definition at line 622 of file rte_security.h.
Security session protocol definition
Enumerator | |
---|---|
RTE_SECURITY_PROTOCOL_IPSEC | IPsec Protocol |
RTE_SECURITY_PROTOCOL_MACSEC | MACSec Protocol |
RTE_SECURITY_PROTOCOL_PDCP | PDCP Protocol |
RTE_SECURITY_PROTOCOL_DOCSIS | DOCSIS Protocol |
Definition at line 646 of file rte_security.h.
void * rte_security_session_create | ( | struct rte_security_ctx * | instance, |
struct rte_security_session_conf * | conf, | ||
struct rte_mempool * | mp | ||
) |
Create security session as specified by the session configuration
instance | security instance |
conf | session configuration parameters |
mp | mempool to allocate session objects from |
__rte_experimental int rte_security_session_update | ( | struct rte_security_ctx * | instance, |
void * | sess, | ||
struct rte_security_session_conf * | conf | ||
) |
Update security session as specified by the session configuration
instance | security instance |
sess | session to update parameters |
conf | update configuration parameters |
unsigned int rte_security_session_get_size | ( | struct rte_security_ctx * | instance | ) |
Get the size of the security session data for a device.
instance | security instance. |
int rte_security_session_destroy | ( | struct rte_security_ctx * | instance, |
void * | sess | ||
) |
Free security session header and the session private data and return it to its original mempool.
instance | security instance |
sess | security session to be freed |
__rte_experimental int rte_security_macsec_sc_create | ( | struct rte_security_ctx * | instance, |
struct rte_security_macsec_sc * | conf | ||
) |
Create MACsec security channel (SC).
instance | security instance |
conf | MACsec SC configuration params |
__rte_experimental int rte_security_macsec_sc_destroy | ( | struct rte_security_ctx * | instance, |
uint16_t | sc_id | ||
) |
Destroy MACsec security channel (SC).
instance | security instance |
sc_id | SC ID to be destroyed |
__rte_experimental int rte_security_macsec_sa_create | ( | struct rte_security_ctx * | instance, |
struct rte_security_macsec_sa * | conf | ||
) |
Create MACsec security association (SA).
instance | security instance |
conf | MACsec SA configuration params |
__rte_experimental int rte_security_macsec_sa_destroy | ( | struct rte_security_ctx * | instance, |
uint16_t | sa_id | ||
) |
Destroy MACsec security association (SA).
instance | security instance |
sa_id | SA ID to be destroyed |
|
inlinestatic |
Get pointer to mbuf field for device-specific metadata.
For performance reason, no check is done, the dynamic field may not be registered.
mbuf | packet to access |
Definition at line 836 of file rte_security.h.
|
inlinestatic |
Check whether the dynamic field is registered.
Definition at line 852 of file rte_security.h.
|
inlinestatic |
Get opaque data from session handle
Definition at line 863 of file rte_security.h.
|
inlinestatic |
Set opaque data in session handle
Definition at line 872 of file rte_security.h.
|
inlinestatic |
Get fast mdata from session handle
Definition at line 883 of file rte_security.h.
|
inlinestatic |
Set fast mdata in session handle
Definition at line 892 of file rte_security.h.
__rte_experimental int __rte_security_set_pkt_metadata | ( | struct rte_security_ctx * | instance, |
void * | sess, | ||
struct rte_mbuf * | m, | ||
void * | params | ||
) |
Function to call PMD specific function pointer set_pkt_metadata()
|
inlinestatic |
Updates the buffer with device-specific defined metadata
instance | security instance |
sess | security session |
mb | packet mbuf to set metadata on. |
params | device-specific defined parameters required for metadata |
Definition at line 919 of file rte_security.h.
|
inlinestatic |
Attach a session to a symmetric crypto operation
sym_op | crypto operation |
sess | security session |
Definition at line 941 of file rte_security.h.
|
inlinestatic |
Attach a session to a crypto operation. This API is needed only in case of RTE_SECURITY_SESS_CRYPTO_PROTO_OFFLOAD For other rte_security_session_action_type, ol_flags in rte_mbuf may be defined to perform security operations.
op | crypto operation |
sess | security session |
Definition at line 958 of file rte_security.h.
__rte_experimental int rte_security_session_stats_get | ( | struct rte_security_ctx * | instance, |
void * | sess, | ||
struct rte_security_stats * | stats | ||
) |
Get security session statistics
instance | security instance |
sess | security session If security session is NULL then global (per security instance) statistics will be retrieved, if supported. Global statistics collection is not dependent on the per session statistics configuration. |
stats | statistics |
__rte_experimental int rte_security_macsec_sa_stats_get | ( | struct rte_security_ctx * | instance, |
uint16_t | sa_id, | ||
struct rte_security_macsec_sa_stats * | stats | ||
) |
Get MACsec SA statistics.
instance | security instance |
sa_id | SA ID for which stats are needed |
stats | statistics |
__rte_experimental int rte_security_macsec_sc_stats_get | ( | struct rte_security_ctx * | instance, |
uint16_t | sc_id, | ||
struct rte_security_macsec_sc_stats * | stats | ||
) |
Get MACsec SC statistics.
instance | security instance |
sc_id | SC ID for which stats are needed |
stats | SC statistics |
const struct rte_security_capability * rte_security_capabilities_get | ( | struct rte_security_ctx * | instance | ) |
Returns array of security instance capabilities
instance | Security instance. |
const struct rte_security_capability * rte_security_capability_get | ( | struct rte_security_ctx * | instance, |
struct rte_security_capability_idx * | idx | ||
) |
Query if a specific capability is available on security instance
instance | security instance. |
idx | security capability index to match against |
|
extern |
Dynamic mbuf field for device-specific metadata