LXR dpdk/lib/librte_ipsec/rte_ipsec

   1
   2/* SPDX-License-Identifier: BSD-3-Clause
   3 * Copyright(c) 2019 Intel Corporation
   4 */
   5
   6#ifndef _RTE_IPSEC_SAD_H_
   7#define _RTE_IPSEC_SAD_H_
   8
   9#include <stdint.h>
  10
  11#include <rte_compat.h>
  12
  13/**
  14 * @file rte_ipsec_sad.h
  15 *
  16 * RTE IPsec security association database (SAD) support.
  17 * Contains helper functions to lookup and maintain SAD
  18 */
  19
  20#ifdef __cplusplus
  21extern "C" {
  22#endif
  23
  24struct rte_ipsec_sad;
  25
  26/** Type of key */
  27enum {
  28        RTE_IPSEC_SAD_SPI_ONLY = 0,
  29        RTE_IPSEC_SAD_SPI_DIP,
  30        RTE_IPSEC_SAD_SPI_DIP_SIP,
  31        RTE_IPSEC_SAD_KEY_TYPE_MASK,
  32};
  33
  34struct rte_ipsec_sadv4_key {
  35        uint32_t spi;
  36        uint32_t dip;
  37        uint32_t sip;
  38};
  39
  40struct rte_ipsec_sadv6_key {
  41        uint32_t spi;
  42        uint8_t dip[16];
  43        uint8_t sip[16];
  44};
  45
  46union rte_ipsec_sad_key {
  47        struct rte_ipsec_sadv4_key      v4;
  48        struct rte_ipsec_sadv6_key      v6;
  49};
  50
  51/** Max number of characters in SAD name. */
  52#define RTE_IPSEC_SAD_NAMESIZE          64
  53/** Flag to create SAD with ipv6 dip and sip addresses */
  54#define RTE_IPSEC_SAD_FLAG_IPV6                 0x1
  55/** Flag to support reader writer concurrency */
  56#define RTE_IPSEC_SAD_FLAG_RW_CONCURRENCY       0x2
  57
  58/** IPsec SAD configuration structure */
  59struct rte_ipsec_sad_conf {
  60        /** CPU socket ID where rte_ipsec_sad should be allocated */
  61        int             socket_id;
  62        /** maximum number of SA for each type of key */
  63        uint32_t        max_sa[RTE_IPSEC_SAD_KEY_TYPE_MASK];
  64        /** RTE_IPSEC_SAD_FLAG_* flags */
  65        uint32_t        flags;
  66};
  67
  68/**
  69 * Add a rule into the SAD. Could be safely called with concurrent lookups
  70 *  if RTE_IPSEC_SAD_FLAG_RW_CONCURRENCY flag was configured on creation time.
  71 *  While with this flag multi-reader - one-writer model Is MT safe,
  72 *  multi-writer model is not and required extra synchronisation.
  73 *
  74 * @param sad
  75 *   SAD object handle
  76 * @param key
  77 *   pointer to the key
  78 * @param key_type
  79 *   key type (spi only/spi+dip/spi+dip+sip)
  80 * @param sa
  81 *   Pointer associated with the key to save in a SAD
  82 *   Must be 4 bytes aligned.
  83 * @return
  84 *   0 on success, negative value otherwise
  85 */
  86int
  87rte_ipsec_sad_add(struct rte_ipsec_sad *sad,
  88        const union rte_ipsec_sad_key *key,
  89        int key_type, void *sa);
  90
  91/**
  92 * Delete a rule from the SAD. Could be safely called with concurrent lookups
  93 *  if RTE_IPSEC_SAD_FLAG_RW_CONCURRENCY flag was configured on creation time.
  94 *  While with this flag multi-reader - one-writer model Is MT safe,
  95 *  multi-writer model is not and required extra synchronisation.
  96 *
  97 * @param sad
  98 *   SAD object handle
  99 * @param key
 100 *   pointer to the key
 101 * @param key_type
 102 *   key type (spi only/spi+dip/spi+dip+sip)
 103 * @return
 104 *   0 on success, negative value otherwise
 105 */
 106int
 107rte_ipsec_sad_del(struct rte_ipsec_sad *sad,
 108        const union rte_ipsec_sad_key *key,
 109        int key_type);
 110/*
 111 * Create SAD
 112 *
 113 * @param name
 114 *  SAD name
 115 * @param conf
 116 *  Structure containing the configuration
 117 * @return
 118 *  Handle to SAD object on success
 119 *  NULL otherwise with rte_errno set to an appropriate values.
 120 */
 121struct rte_ipsec_sad *
 122rte_ipsec_sad_create(const char *name, const struct rte_ipsec_sad_conf *conf);
 123
 124/**
 125 * Find an existing SAD object and return a pointer to it.
 126 *
 127 * @param name
 128 *  Name of the SAD object as passed to rte_ipsec_sad_create()
 129 * @return
 130 *  Pointer to sad object or NULL if object not found with rte_errno
 131 *  set appropriately. Possible rte_errno values include:
 132 *   - ENOENT - required entry not available to return.
 133 */
 134struct rte_ipsec_sad *
 135rte_ipsec_sad_find_existing(const char *name);
 136
 137/**
 138 * Destroy SAD object.
 139 *
 140 * @param sad
 141 *   pointer to the SAD object
 142 * @return
 143 *   None
 144 */
 145void
 146rte_ipsec_sad_destroy(struct rte_ipsec_sad *sad);
 147
 148/**
 149 * Lookup multiple keys in the SAD.
 150 *
 151 * @param sad
 152 *   SAD object handle
 153 * @param keys
 154 *   Array of keys to be looked up in the SAD
 155 * @param sa
 156 *   Pointer assocoated with the keys.
 157 *   If the lookup for the given key failed, then corresponding sa
 158 *   will be NULL
 159 * @param n
 160 *   Number of elements in keys array to lookup.
 161 *  @return
 162 *   -EINVAL for incorrect arguments, otherwise number of successful lookups.
 163 */
 164int
 165rte_ipsec_sad_lookup(const struct rte_ipsec_sad *sad,
 166        const union rte_ipsec_sad_key *keys[],
 167        void *sa[], uint32_t n);
 168
 169#ifdef __cplusplus
 170}
 171#endif
 172
 173#endif /* _RTE_IPSEC_SAD_H_ */
 174