/**
* @file rte_security.h
- * @b EXPERIMENTAL: this API may change without prior notice
*
* RTE Security Common Definitions
*
int dummy;
};
+/**
+ * PDCP Mode of session
+ */
+enum rte_security_pdcp_domain {
+ RTE_SECURITY_PDCP_MODE_CONTROL, /**< PDCP control plane */
+ RTE_SECURITY_PDCP_MODE_DATA, /**< PDCP data plane */
+};
+
+/** PDCP Frame direction */
+enum rte_security_pdcp_direction {
+ RTE_SECURITY_PDCP_UPLINK, /**< Uplink */
+ RTE_SECURITY_PDCP_DOWNLINK, /**< Downlink */
+};
+
+/** PDCP Sequence Number Size selectors */
+enum rte_security_pdcp_sn_size {
+ /** PDCP_SN_SIZE_5: 5bit sequence number */
+ RTE_SECURITY_PDCP_SN_SIZE_5 = 5,
+ /** PDCP_SN_SIZE_7: 7bit sequence number */
+ RTE_SECURITY_PDCP_SN_SIZE_7 = 7,
+ /** PDCP_SN_SIZE_12: 12bit sequence number */
+ RTE_SECURITY_PDCP_SN_SIZE_12 = 12,
+ /** PDCP_SN_SIZE_15: 15bit sequence number */
+ RTE_SECURITY_PDCP_SN_SIZE_15 = 15,
+ /** PDCP_SN_SIZE_18: 18bit sequence number */
+ RTE_SECURITY_PDCP_SN_SIZE_18 = 18
+};
+
+/**
+ * PDCP security association configuration data.
+ *
+ * This structure contains data required to create a PDCP security session.
+ */
+struct rte_security_pdcp_xform {
+ int8_t bearer; /**< PDCP bearer ID */
+ /** Enable in order delivery, this field shall be set only if
+ * driver/HW is capable. See RTE_SECURITY_PDCP_ORDERING_CAP.
+ */
+ uint8_t en_ordering;
+ /** Notify driver/HW to detect and remove duplicate packets.
+ * This field should be set only when driver/hw is capable.
+ * See RTE_SECURITY_PDCP_DUP_DETECT_CAP.
+ */
+ uint8_t remove_duplicates;
+ /** PDCP mode of operation: Control or data */
+ enum rte_security_pdcp_domain domain;
+ /** PDCP Frame Direction 0:UL 1:DL */
+ enum rte_security_pdcp_direction pkt_dir;
+ /** Sequence number size, 5/7/12/15/18 */
+ enum rte_security_pdcp_sn_size sn_size;
+ /** Starting Hyper Frame Number to be used together with the SN
+ * from the PDCP frames
+ */
+ uint32_t hfn;
+ /** HFN Threshold for key renegotiation */
+ uint32_t hfn_threshold;
+};
+
/**
* Security session action type.
*/
/**< IPsec Protocol */
RTE_SECURITY_PROTOCOL_MACSEC,
/**< MACSec Protocol */
+ RTE_SECURITY_PROTOCOL_PDCP,
+ /**< PDCP Protocol */
};
/**
union {
struct rte_security_ipsec_xform ipsec;
struct rte_security_macsec_xform macsec;
+ struct rte_security_pdcp_xform pdcp;
};
/**< Configuration parameters for security session */
struct rte_crypto_sym_xform *crypto_xform;
* - On success, pointer to session
* - On failure, NULL
*/
-struct rte_security_session * __rte_experimental
+struct rte_security_session *
rte_security_session_create(struct rte_security_ctx *instance,
struct rte_security_session_conf *conf,
struct rte_mempool *mp);
* - On success returns 0
* - On failure return errno
*/
-int __rte_experimental
+int
rte_security_session_update(struct rte_security_ctx *instance,
struct rte_security_session *sess,
struct rte_security_session_conf *conf);
* - Size of the private data, if successful
* - 0 if device is invalid or does not support the operation.
*/
-unsigned int __rte_experimental
+unsigned int
rte_security_session_get_size(struct rte_security_ctx *instance);
/**
* - -EINVAL if session is NULL.
* - -EBUSY if not all device private data has been freed.
*/
-int __rte_experimental
+int
rte_security_session_destroy(struct rte_security_ctx *instance,
struct rte_security_session *sess);
* - On success, zero.
* - On failure, a negative value.
*/
-int __rte_experimental
+int
rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
struct rte_security_session *sess,
struct rte_mbuf *mb, void *params);
* - On success, userdata
* - On failure, NULL
*/
-void * __rte_experimental
+void *
rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md);
/**
* @param sym_op crypto operation
* @param sess security session
*/
-static inline int __rte_experimental
+static inline int
__rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
struct rte_security_session *sess)
{
return 0;
}
-static inline void * __rte_experimental
+static inline void *
get_sec_session_private_data(const struct rte_security_session *sess)
{
return sess->sess_private_data;
}
-static inline void __rte_experimental
+static inline void
set_sec_session_private_data(struct rte_security_session *sess,
void *private_data)
{
* @param op crypto operation
* @param sess security session
*/
-static inline int __rte_experimental
+static inline int
rte_security_attach_session(struct rte_crypto_op *op,
struct rte_security_session *sess)
{
};
+struct rte_security_pdcp_stats {
+ uint64_t reserved;
+};
+
struct rte_security_stats {
enum rte_security_session_protocol protocol;
/**< Security protocol to be configured */
union {
struct rte_security_macsec_stats macsec;
struct rte_security_ipsec_stats ipsec;
+ struct rte_security_pdcp_stats pdcp;
};
};
* - On success return 0
* - On failure errno
*/
-int __rte_experimental
+int
rte_security_session_stats_get(struct rte_security_ctx *instance,
struct rte_security_session *sess,
struct rte_security_stats *stats);
int dummy;
} macsec;
/**< MACsec capability */
+ struct {
+ enum rte_security_pdcp_domain domain;
+ /**< PDCP mode of operation: Control or data */
+ uint32_t capa_flags;
+ /**< Capabilitity flags, see RTE_SECURITY_PDCP_* */
+ } pdcp;
+ /**< PDCP capability */
};
const struct rte_cryptodev_capabilities *crypto_capabilities;
/**< Device offload flags */
};
+/** Underlying Hardware/driver which support PDCP may or may not support
+ * packet ordering. Set RTE_SECURITY_PDCP_ORDERING_CAP if it support.
+ * If it is not set, driver/HW assumes packets received are in order
+ * and it will be application's responsibility to maintain ordering.
+ */
+#define RTE_SECURITY_PDCP_ORDERING_CAP 0x00000001
+
+/** Underlying Hardware/driver which support PDCP may or may not detect
+ * duplicate packet. Set RTE_SECURITY_PDCP_DUP_DETECT_CAP if it support.
+ * If it is not set, driver/HW assumes there is no duplicate packet received.
+ */
+#define RTE_SECURITY_PDCP_DUP_DETECT_CAP 0x00000002
+
#define RTE_SECURITY_TX_OLOAD_NEED_MDATA 0x00000001
/**< HW needs metadata update, see rte_security_set_pkt_metadata().
*/
enum rte_security_ipsec_sa_mode mode;
enum rte_security_ipsec_sa_direction direction;
} ipsec;
+ struct {
+ enum rte_security_pdcp_domain domain;
+ uint32_t capa_flags;
+ } pdcp;
};
};
* - Returns array of security capabilities.
* - Return NULL if no capabilities available.
*/
-const struct rte_security_capability * __rte_experimental
+const struct rte_security_capability *
rte_security_capabilities_get(struct rte_security_ctx *instance);
/**
* index criteria.
* - Return NULL if the capability not matched on security instance.
*/
-const struct rte_security_capability * __rte_experimental
+const struct rte_security_capability *
rte_security_capability_get(struct rte_security_ctx *instance,
struct rte_security_capability_idx *idx);
Code Review / deb_dpdk.git / blobdiff