LCOV - code coverage report
Current view: top level - lib/ipsec - rte_ipsec.h (source / functions) Hit Total Coverage
Test: Code coverage Lines: 0 2 0.0 %
Date: 2024-04-01 19:00:53 Functions: 0 0 -
Legend: Lines: hit not hit | Branches: + taken - not taken # not executed Branches: 0 0 -

           Branch data     Line data    Source code
       1                 :            : /* SPDX-License-Identifier: BSD-3-Clause
       2                 :            :  * Copyright(c) 2018-2020 Intel Corporation
       3                 :            :  */
       4                 :            : 
       5                 :            : #ifndef _RTE_IPSEC_H_
       6                 :            : #define _RTE_IPSEC_H_
       7                 :            : 
       8                 :            : /**
       9                 :            :  * @file rte_ipsec.h
      10                 :            :  *
      11                 :            :  * RTE IPsec support.
      12                 :            :  *
      13                 :            :  * librte_ipsec provides a framework for data-path IPsec protocol
      14                 :            :  * processing (ESP/AH).
      15                 :            :  */
      16                 :            : 
      17                 :            : #include <rte_ipsec_sa.h>
      18                 :            : #include <rte_mbuf.h>
      19                 :            : 
      20                 :            : #ifdef __cplusplus
      21                 :            : extern "C" {
      22                 :            : #endif
      23                 :            : 
      24                 :            : struct rte_ipsec_session;
      25                 :            : 
      26                 :            : /**
      27                 :            :  * IPsec session specific functions that will be used to:
      28                 :            :  * - prepare - for input mbufs and given IPsec session prepare crypto ops
      29                 :            :  *   that can be enqueued into the cryptodev associated with given session
      30                 :            :  *   (see *rte_ipsec_pkt_crypto_prepare* below for more details).
      31                 :            :  * - process - finalize processing of packets after crypto-dev finished
      32                 :            :  *   with them or process packets that are subjects to inline IPsec offload
      33                 :            :  *   (see rte_ipsec_pkt_process for more details).
      34                 :            :  */
      35                 :            : struct rte_ipsec_sa_pkt_func {
      36                 :            :         union {
      37                 :            :                 uint16_t (*async)(const struct rte_ipsec_session *ss,
      38                 :            :                                 struct rte_mbuf *mb[],
      39                 :            :                                 struct rte_crypto_op *cop[],
      40                 :            :                                 uint16_t num);
      41                 :            :                 uint16_t (*sync)(const struct rte_ipsec_session *ss,
      42                 :            :                                 struct rte_mbuf *mb[],
      43                 :            :                                 uint16_t num);
      44                 :            :         } prepare;
      45                 :            :         uint16_t (*process)(const struct rte_ipsec_session *ss,
      46                 :            :                                 struct rte_mbuf *mb[],
      47                 :            :                                 uint16_t num);
      48                 :            : };
      49                 :            : 
      50                 :            : /**
      51                 :            :  * rte_ipsec_session is an aggregate structure that defines particular
      52                 :            :  * IPsec Security Association IPsec (SA) on given security/crypto device:
      53                 :            :  * - pointer to the SA object
      54                 :            :  * - security session action type
      55                 :            :  * - pointer to security/crypto session, plus other related data
      56                 :            :  * - session/device specific functions to prepare/process IPsec packets.
      57                 :            :  */
      58                 :            : struct __rte_cache_aligned rte_ipsec_session {
      59                 :            :         /**
      60                 :            :          * SA that session belongs to.
      61                 :            :          * Note that multiple sessions can belong to the same SA.
      62                 :            :          */
      63                 :            :         struct rte_ipsec_sa *sa;
      64                 :            :         /** session action type */
      65                 :            :         enum rte_security_session_action_type type;
      66                 :            :         /** session and related data */
      67                 :            :         union {
      68                 :            :                 struct {
      69                 :            :                         struct rte_cryptodev_sym_session *ses;
      70                 :            :                         uint8_t dev_id;
      71                 :            :                 } crypto;
      72                 :            :                 struct {
      73                 :            :                         struct rte_security_session *ses;
      74                 :            :                         struct rte_security_ctx *ctx;
      75                 :            :                         uint32_t ol_flags;
      76                 :            :                 } security;
      77                 :            :         };
      78                 :            :         /** functions to prepare/process IPsec packets */
      79                 :            :         struct rte_ipsec_sa_pkt_func pkt_func;
      80                 :            : };
      81                 :            : 
      82                 :            : /**
      83                 :            :  * Checks that inside given rte_ipsec_session crypto/security fields
      84                 :            :  * are filled correctly and setups function pointers based on these values.
      85                 :            :  * Expects that all fields except IPsec processing function pointers
      86                 :            :  * (*pkt_func*) will be filled correctly by caller.
      87                 :            :  * @param ss
      88                 :            :  *   Pointer to the *rte_ipsec_session* object
      89                 :            :  * @return
      90                 :            :  *   - Zero if operation completed successfully.
      91                 :            :  *   - -EINVAL if the parameters are invalid.
      92                 :            :  */
      93                 :            : int
      94                 :            : rte_ipsec_session_prepare(struct rte_ipsec_session *ss);
      95                 :            : 
      96                 :            : /**
      97                 :            :  * For input mbufs and given IPsec session prepare crypto ops that can be
      98                 :            :  * enqueued into the cryptodev associated with given session.
      99                 :            :  * expects that for each input packet:
     100                 :            :  *      - l2_len, l3_len are setup correctly
     101                 :            :  * Note that erroneous mbufs are not freed by the function,
     102                 :            :  * but are placed beyond last valid mbuf in the *mb* array.
     103                 :            :  * It is a user responsibility to handle them further.
     104                 :            :  * @param ss
     105                 :            :  *   Pointer to the *rte_ipsec_session* object the packets belong to.
     106                 :            :  * @param mb
     107                 :            :  *   The address of an array of *num* pointers to *rte_mbuf* structures
     108                 :            :  *   which contain the input packets.
     109                 :            :  * @param cop
     110                 :            :  *   The address of an array of *num* pointers to the output *rte_crypto_op*
     111                 :            :  *   structures.
     112                 :            :  * @param num
     113                 :            :  *   The maximum number of packets to process.
     114                 :            :  * @return
     115                 :            :  *   Number of successfully processed packets, with error code set in rte_errno.
     116                 :            :  */
     117                 :            : static inline uint16_t
     118                 :            : rte_ipsec_pkt_crypto_prepare(const struct rte_ipsec_session *ss,
     119                 :            :         struct rte_mbuf *mb[], struct rte_crypto_op *cop[], uint16_t num)
     120                 :            : {
     121                 :          0 :         return ss->pkt_func.prepare.async(ss, mb, cop, num);
     122                 :            : }
     123                 :            : 
     124                 :            : static inline uint16_t
     125                 :            : rte_ipsec_pkt_cpu_prepare(const struct rte_ipsec_session *ss,
     126                 :            :         struct rte_mbuf *mb[], uint16_t num)
     127                 :            : {
     128                 :            :         return ss->pkt_func.prepare.sync(ss, mb, num);
     129                 :            : }
     130                 :            : 
     131                 :            : /**
     132                 :            :  * Finalise processing of packets after crypto-dev finished with them or
     133                 :            :  * process packets that are subjects to inline IPsec offload.
     134                 :            :  * Expects that for each input packet:
     135                 :            :  *      - l2_len, l3_len are setup correctly
     136                 :            :  * Output mbufs will be:
     137                 :            :  * inbound - decrypted & authenticated, ESP(AH) related headers removed,
     138                 :            :  * *l2_len* and *l3_len* fields are updated.
     139                 :            :  * outbound - appropriate mbuf fields (ol_flags, tx_offloads, etc.)
     140                 :            :  * properly setup, if necessary - IP headers updated, ESP(AH) fields added,
     141                 :            :  * Note that erroneous mbufs are not freed by the function,
     142                 :            :  * but are placed beyond last valid mbuf in the *mb* array.
     143                 :            :  * It is a user responsibility to handle them further.
     144                 :            :  * @param ss
     145                 :            :  *   Pointer to the *rte_ipsec_session* object the packets belong to.
     146                 :            :  * @param mb
     147                 :            :  *   The address of an array of *num* pointers to *rte_mbuf* structures
     148                 :            :  *   which contain the input packets.
     149                 :            :  * @param num
     150                 :            :  *   The maximum number of packets to process.
     151                 :            :  * @return
     152                 :            :  *   Number of successfully processed packets, with error code set in rte_errno.
     153                 :            :  */
     154                 :            : static inline uint16_t
     155                 :            : rte_ipsec_pkt_process(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[],
     156                 :            :         uint16_t num)
     157                 :            : {
     158                 :          0 :         return ss->pkt_func.process(ss, mb, num);
     159                 :            : }
     160                 :            : 
     161                 :            : 
     162                 :            : /**
     163                 :            :  * Enable per SA telemetry for a specific SA.
     164                 :            :  * Note that this function is not thread safe
     165                 :            :  * @param sa
     166                 :            :  *   Pointer to the *rte_ipsec_sa* object that will have telemetry enabled.
     167                 :            :  * @return
     168                 :            :  *   0 on success, negative value otherwise.
     169                 :            :  */
     170                 :            : int
     171                 :            : rte_ipsec_telemetry_sa_add(const struct rte_ipsec_sa *sa);
     172                 :            : 
     173                 :            : /**
     174                 :            :  * Disable per SA telemetry for a specific SA.
     175                 :            :  * Note that this function is not thread safe
     176                 :            :  * @param sa
     177                 :            :  *   Pointer to the *rte_ipsec_sa* object that will have telemetry disabled.
     178                 :            :  */
     179                 :            : void
     180                 :            : rte_ipsec_telemetry_sa_del(const struct rte_ipsec_sa *sa);
     181                 :            : 
     182                 :            : #include <rte_ipsec_group.h>
     183                 :            : 
     184                 :            : #ifdef __cplusplus
     185                 :            : }
     186                 :            : #endif
     187                 :            : 
     188                 :            : #endif /* _RTE_IPSEC_H_ */

Generated by: LCOV version 1.14