Konstantin Ananyev 4d7ea3e145 ipsec: implement SA data-path API
Provide implementation for rte_ipsec_pkt_crypto_prepare() and
rte_ipsec_pkt_process().
Current implementation:
 - supports ESP protocol tunnel mode.
 - supports ESP protocol transport mode.
 - supports ESN and replay window.
 - supports algorithms: AES-CBC, AES-GCM, HMAC-SHA1, NULL.
 - covers all currently defined security session types:
        - RTE_SECURITY_ACTION_TYPE_NONE
        - RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO
        - RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL
        - RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL

For first two types SQN check/update is done by SW (inside the library).
For last two type it is HW/PMD responsibility.

Signed-off-by: Mohammad Abdul Awal <mohammad.abdul.awal@intel.com>
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-01-10 16:57:22 +01:00

85 lines
1.8 KiB
C

/* SPDX-License-Identifier: BSD-3-Clause
* Copyright(c) 2018 Intel Corporation
*/
#ifndef _IPH_H_
#define _IPH_H_
/**
* @file iph.h
* Contains functions/structures/macros to manipulate IPv4/IPv6 headers
* used internally by ipsec library.
*/
/*
* Move preceding (L3) headers down to remove ESP header and IV.
*/
static inline void
remove_esph(char *np, char *op, uint32_t hlen)
{
uint32_t i;
for (i = hlen; i-- != 0; np[i] = op[i])
;
}
/*
* Move preceding (L3) headers up to free space for ESP header and IV.
*/
static inline void
insert_esph(char *np, char *op, uint32_t hlen)
{
uint32_t i;
for (i = 0; i != hlen; i++)
np[i] = op[i];
}
/* update original ip header fields for transport case */
static inline int
update_trs_l3hdr(const struct rte_ipsec_sa *sa, void *p, uint32_t plen,
uint32_t l2len, uint32_t l3len, uint8_t proto)
{
struct ipv4_hdr *v4h;
struct ipv6_hdr *v6h;
int32_t rc;
if ((sa->type & RTE_IPSEC_SATP_IPV_MASK) == RTE_IPSEC_SATP_IPV4) {
v4h = p;
rc = v4h->next_proto_id;
v4h->next_proto_id = proto;
v4h->total_length = rte_cpu_to_be_16(plen - l2len);
} else if (l3len == sizeof(*v6h)) {
v6h = p;
rc = v6h->proto;
v6h->proto = proto;
v6h->payload_len = rte_cpu_to_be_16(plen - l2len -
sizeof(*v6h));
/* need to add support for IPv6 with options */
} else
rc = -ENOTSUP;
return rc;
}
/* update original and new ip header fields for tunnel case */
static inline void
update_tun_l3hdr(const struct rte_ipsec_sa *sa, void *p, uint32_t plen,
uint32_t l2len, rte_be16_t pid)
{
struct ipv4_hdr *v4h;
struct ipv6_hdr *v6h;
if (sa->type & RTE_IPSEC_SATP_MODE_TUNLV4) {
v4h = p;
v4h->packet_id = pid;
v4h->total_length = rte_cpu_to_be_16(plen - l2len);
} else {
v6h = p;
v6h->payload_len = rte_cpu_to_be_16(plen - l2len -
sizeof(*v6h));
}
}
#endif /* _IPH_H_ */