18218713bf
Putting a '__attribute__((deprecated))' in the middle of a function
prototype does not result in the expected result with gcc (while clang
is fine with this syntax).
$ cat deprecated.c
void * __attribute__((deprecated)) incorrect() { return 0; }
__attribute__((deprecated)) void *correct(void) { return 0; }
int main(int argc, char *argv[]) { incorrect(); correct(); return 0; }
$ gcc -o deprecated.o -c deprecated.c
deprecated.c: In function ‘main’:
deprecated.c:3:1: warning: ‘correct’ is deprecated (declared at
deprecated.c:2) [-Wdeprecated-declarations]
int main(int argc, char *argv[]) { incorrect(); correct(); return 0; }
^
Move the tag on a separate line and make it the first thing of function
prototypes.
This is not perfect but we will trust reviewers to catch the other not
so easy to detect patterns.
sed -i \
-e '/^\([^#].*\)\?__rte_experimental */{' \
-e 's//\1/; s/ *$//; i\' \
-e __rte_experimental \
-e '/^$/d}' \
$(git grep -l __rte_experimental -- '*.h')
Special mention for rte_mbuf_data_addr_default():
There is either a bug or a (not yet understood) issue with gcc.
gcc won't drop this inline when unused and rte_mbuf_data_addr_default()
calls rte_mbuf_buf_addr() which itself is experimental.
This results in a build warning when not accepting experimental apis
from sources just including rte_mbuf.h.
For this specific case, we hide the call to rte_mbuf_buf_addr() under
the ALLOW_EXPERIMENTAL_API flag.
Signed-off-by: Adrien Mazarguil <adrien.mazarguil@6wind.com>
Signed-off-by: David Marchand <david.marchand@redhat.com>
158 lines
5.0 KiB
C
158 lines
5.0 KiB
C
/* SPDX-License-Identifier: BSD-3-Clause
|
|
* Copyright(c) 2018 Intel Corporation
|
|
*/
|
|
|
|
#ifndef _RTE_IPSEC_H_
|
|
#define _RTE_IPSEC_H_
|
|
|
|
/**
|
|
* @file rte_ipsec.h
|
|
* @b EXPERIMENTAL: this API may change without prior notice
|
|
*
|
|
* RTE IPsec support.
|
|
* librte_ipsec provides a framework for data-path IPsec protocol
|
|
* processing (ESP/AH).
|
|
*/
|
|
|
|
#include <rte_ipsec_sa.h>
|
|
#include <rte_mbuf.h>
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
struct rte_ipsec_session;
|
|
|
|
/**
|
|
* IPsec session specific functions that will be used to:
|
|
* - prepare - for input mbufs and given IPsec session prepare crypto ops
|
|
* that can be enqueued into the cryptodev associated with given session
|
|
* (see *rte_ipsec_pkt_crypto_prepare* below for more details).
|
|
* - process - finalize processing of packets after crypto-dev finished
|
|
* with them or process packets that are subjects to inline IPsec offload
|
|
* (see rte_ipsec_pkt_process for more details).
|
|
*/
|
|
struct rte_ipsec_sa_pkt_func {
|
|
uint16_t (*prepare)(const struct rte_ipsec_session *ss,
|
|
struct rte_mbuf *mb[],
|
|
struct rte_crypto_op *cop[],
|
|
uint16_t num);
|
|
uint16_t (*process)(const struct rte_ipsec_session *ss,
|
|
struct rte_mbuf *mb[],
|
|
uint16_t num);
|
|
};
|
|
|
|
/**
|
|
* rte_ipsec_session is an aggregate structure that defines particular
|
|
* IPsec Security Association IPsec (SA) on given security/crypto device:
|
|
* - pointer to the SA object
|
|
* - security session action type
|
|
* - pointer to security/crypto session, plus other related data
|
|
* - session/device specific functions to prepare/process IPsec packets.
|
|
*/
|
|
struct rte_ipsec_session {
|
|
/**
|
|
* SA that session belongs to.
|
|
* Note that multiple sessions can belong to the same SA.
|
|
*/
|
|
struct rte_ipsec_sa *sa;
|
|
/** session action type */
|
|
enum rte_security_session_action_type type;
|
|
/** session and related data */
|
|
union {
|
|
struct {
|
|
struct rte_cryptodev_sym_session *ses;
|
|
} crypto;
|
|
struct {
|
|
struct rte_security_session *ses;
|
|
struct rte_security_ctx *ctx;
|
|
uint32_t ol_flags;
|
|
} security;
|
|
};
|
|
/** functions to prepare/process IPsec packets */
|
|
struct rte_ipsec_sa_pkt_func pkt_func;
|
|
} __rte_cache_aligned;
|
|
|
|
/**
|
|
* Checks that inside given rte_ipsec_session crypto/security fields
|
|
* are filled correctly and setups function pointers based on these values.
|
|
* Expects that all fields except IPsec processing function pointers
|
|
* (*pkt_func*) will be filled correctly by caller.
|
|
* @param ss
|
|
* Pointer to the *rte_ipsec_session* object
|
|
* @return
|
|
* - Zero if operation completed successfully.
|
|
* - -EINVAL if the parameters are invalid.
|
|
*/
|
|
__rte_experimental
|
|
int
|
|
rte_ipsec_session_prepare(struct rte_ipsec_session *ss);
|
|
|
|
/**
|
|
* For input mbufs and given IPsec session prepare crypto ops that can be
|
|
* enqueued into the cryptodev associated with given session.
|
|
* expects that for each input packet:
|
|
* - l2_len, l3_len are setup correctly
|
|
* Note that erroneous mbufs are not freed by the function,
|
|
* but are placed beyond last valid mbuf in the *mb* array.
|
|
* It is a user responsibility to handle them further.
|
|
* @param ss
|
|
* Pointer to the *rte_ipsec_session* object the packets belong to.
|
|
* @param mb
|
|
* The address of an array of *num* pointers to *rte_mbuf* structures
|
|
* which contain the input packets.
|
|
* @param cop
|
|
* The address of an array of *num* pointers to the output *rte_crypto_op*
|
|
* structures.
|
|
* @param num
|
|
* The maximum number of packets to process.
|
|
* @return
|
|
* Number of successfully processed packets, with error code set in rte_errno.
|
|
*/
|
|
__rte_experimental
|
|
static inline uint16_t
|
|
rte_ipsec_pkt_crypto_prepare(const struct rte_ipsec_session *ss,
|
|
struct rte_mbuf *mb[], struct rte_crypto_op *cop[], uint16_t num)
|
|
{
|
|
return ss->pkt_func.prepare(ss, mb, cop, num);
|
|
}
|
|
|
|
/**
|
|
* Finalise processing of packets after crypto-dev finished with them or
|
|
* process packets that are subjects to inline IPsec offload.
|
|
* Expects that for each input packet:
|
|
* - l2_len, l3_len are setup correctly
|
|
* Output mbufs will be:
|
|
* inbound - decrypted & authenticated, ESP(AH) related headers removed,
|
|
* *l2_len* and *l3_len* fields are updated.
|
|
* outbound - appropriate mbuf fields (ol_flags, tx_offloads, etc.)
|
|
* properly setup, if necessary - IP headers updated, ESP(AH) fields added,
|
|
* Note that erroneous mbufs are not freed by the function,
|
|
* but are placed beyond last valid mbuf in the *mb* array.
|
|
* It is a user responsibility to handle them further.
|
|
* @param ss
|
|
* Pointer to the *rte_ipsec_session* object the packets belong to.
|
|
* @param mb
|
|
* The address of an array of *num* pointers to *rte_mbuf* structures
|
|
* which contain the input packets.
|
|
* @param num
|
|
* The maximum number of packets to process.
|
|
* @return
|
|
* Number of successfully processed packets, with error code set in rte_errno.
|
|
*/
|
|
__rte_experimental
|
|
static inline uint16_t
|
|
rte_ipsec_pkt_process(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[],
|
|
uint16_t num)
|
|
{
|
|
return ss->pkt_func.process(ss, mb, num);
|
|
}
|
|
|
|
#include <rte_ipsec_group.h>
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif /* _RTE_IPSEC_H_ */
|