X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=lib%2Flibrte_security%2Frte_security.h;h=c75c12183ab36662cd4816294feeaea0e9547dec;hb=ca33590b6af032bff57d9cc70455660466a654b2;hp=7e687d294cb5b253e14a1d671f4c813e7a1b7e64;hpb=055c52583a2794da8ba1e85a48cce3832372b12f;p=deb_dpdk.git

diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
index 7e687d29..c75c1218 100644
--- a/lib/librte_security/rte_security.h
+++ b/lib/librte_security/rte_security.h
@@ -52,6 +52,7 @@ extern "C" {
 #include <netinet/ip.h>
 #include <netinet/ip6.h>
 
+#include <rte_compat.h>
 #include <rte_common.h>
 #include <rte_crypto.h>
 #include <rte_mbuf.h>
@@ -60,7 +61,7 @@ extern "C" {
 
 /** IPSec protocol mode */
 enum rte_security_ipsec_sa_mode {
-	RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+	RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT = 1,
 	/**< IPSec Transport mode */
 	RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
 	/**< IPSec Tunnel mode */
@@ -68,7 +69,7 @@ enum rte_security_ipsec_sa_mode {
 
 /** IPSec Protocol */
 enum rte_security_ipsec_sa_protocol {
-	RTE_SECURITY_IPSEC_SA_PROTO_AH,
+	RTE_SECURITY_IPSEC_SA_PROTO_AH = 1,
 	/**< AH protocol */
 	RTE_SECURITY_IPSEC_SA_PROTO_ESP,
 	/**< ESP protocol */
@@ -76,7 +77,7 @@ enum rte_security_ipsec_sa_protocol {
 
 /** IPSEC tunnel type */
 enum rte_security_ipsec_tunnel_type {
-	RTE_SECURITY_IPSEC_TUNNEL_IPV4,
+	RTE_SECURITY_IPSEC_TUNNEL_IPV4 = 1,
 	/**< Outer header is IPv4 */
 	RTE_SECURITY_IPSEC_TUNNEL_IPV6,
 	/**< Outer header is IPv6 */
@@ -94,7 +95,7 @@ enum rte_security_ipsec_tunnel_type {
 struct rte_security_ctx {
 	void *device;
 	/**< Crypto/ethernet device attached */
-	struct rte_security_ops *ops;
+	const struct rte_security_ops *ops;
 	/**< Pointer to security ops for the device */
 	uint16_t sess_cnt;
 	/**< Number of sessions attached to this context */
@@ -228,6 +229,7 @@ struct rte_security_ipsec_xform {
  */
 struct rte_security_macsec_xform {
 	/** To be Filled */
+	int dummy;
 };
 
 /**
@@ -252,7 +254,7 @@ enum rte_security_session_action_type {
 
 /** Security session protocol definition */
 enum rte_security_session_protocol {
-	RTE_SECURITY_PROTOCOL_IPSEC,
+	RTE_SECURITY_PROTOCOL_IPSEC = 1,
 	/**< IPsec Protocol */
 	RTE_SECURITY_PROTOCOL_MACSEC,
 	/**< MACSec Protocol */
@@ -266,6 +268,7 @@ struct rte_security_session_conf {
 	/**< Type of action to be performed on the session */
 	enum rte_security_session_protocol protocol;
 	/**< Security protocol to be configured */
+	RTE_STD_C11
 	union {
 		struct rte_security_ipsec_xform ipsec;
 		struct rte_security_macsec_xform macsec;
@@ -273,6 +276,8 @@ struct rte_security_session_conf {
 	/**< Configuration parameters for security session */
 	struct rte_crypto_sym_xform *crypto_xform;
 	/**< Security Session Crypto Transformations */
+	void *userdata;
+	/**< Application specific userdata to be saved with session */
 };
 
 struct rte_security_session {
@@ -290,7 +295,7 @@ struct rte_security_session {
  *  - On success, pointer to session
  *  - On failure, NULL
  */
-struct rte_security_session *
+struct rte_security_session * __rte_experimental
 rte_security_session_create(struct rte_security_ctx *instance,
 			    struct rte_security_session_conf *conf,
 			    struct rte_mempool *mp);
@@ -305,11 +310,23 @@ rte_security_session_create(struct rte_security_ctx *instance,
  *  - On success returns 0
  *  - On failure return errno
  */
-int
+int __rte_experimental
 rte_security_session_update(struct rte_security_ctx *instance,
 			    struct rte_security_session *sess,
 			    struct rte_security_session_conf *conf);
 
+/**
+ * Get the size of the security session data for a device.
+ *
+ * @param   instance	security instance.
+ *
+ * @return
+ *   - Size of the private data, if successful
+ *   - 0 if device is invalid or does not support the operation.
+ */
+unsigned int __rte_experimental
+rte_security_session_get_size(struct rte_security_ctx *instance);
+
 /**
  * Free security session header and the session private data and
  * return it to its original mempool.
@@ -322,7 +339,7 @@ rte_security_session_update(struct rte_security_ctx *instance,
  *  - -EINVAL if session is NULL.
  *  - -EBUSY if not all device private data has been freed.
  */
-int
+int __rte_experimental
 rte_security_session_destroy(struct rte_security_ctx *instance,
 			     struct rte_security_session *sess);
 
@@ -339,18 +356,36 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
  *  - On success, zero.
  *  - On failure, a negative value.
  */
-int
+int __rte_experimental
 rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
 			      struct rte_security_session *sess,
 			      struct rte_mbuf *mb, void *params);
 
+/**
+ * Get userdata associated with the security session which processed the
+ * packet. This userdata would be registered while creating the session, and
+ * application can use this to identify the SA etc. Device-specific metadata
+ * in the mbuf would be used for this.
+ *
+ * This is valid only for inline processed ingress packets.
+ *
+ * @param   instance	security instance
+ * @param   md		device-specific metadata set in mbuf
+ *
+ * @return
+ *  - On success, userdata
+ *  - On failure, NULL
+ */
+void * __rte_experimental
+rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md);
+
 /**
  * Attach a session to a symmetric crypto operation
  *
  * @param	sym_op	crypto operation
  * @param	sess	security session
  */
-static inline int
+static inline int __rte_experimental
 __rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
 			      struct rte_security_session *sess)
 {
@@ -359,13 +394,13 @@ __rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
 	return 0;
 }
 
-static inline void *
+static inline void * __rte_experimental
 get_sec_session_private_data(const struct rte_security_session *sess)
 {
 	return sess->sess_private_data;
 }
 
-static inline void
+static inline void __rte_experimental
 set_sec_session_private_data(struct rte_security_session *sess,
 			     void *private_data)
 {
@@ -381,7 +416,7 @@ set_sec_session_private_data(struct rte_security_session *sess,
  * @param	op	crypto operation
  * @param	sess	security session
  */
-static inline int
+static inline int __rte_experimental
 rte_security_attach_session(struct rte_crypto_op *op,
 			    struct rte_security_session *sess)
 {
@@ -406,6 +441,7 @@ struct rte_security_stats {
 	enum rte_security_session_protocol protocol;
 	/**< Security protocol to be configured */
 
+	RTE_STD_C11
 	union {
 		struct rte_security_macsec_stats macsec;
 		struct rte_security_ipsec_stats ipsec;
@@ -422,7 +458,7 @@ struct rte_security_stats {
  *  - On success return 0
  *  - On failure errno
  */
-int
+int __rte_experimental
 rte_security_session_stats_get(struct rte_security_ctx *instance,
 			       struct rte_security_session *sess,
 			       struct rte_security_stats *stats);
@@ -450,6 +486,7 @@ struct rte_security_capability {
 		/**< IPsec capability */
 		struct {
 			/* To be Filled */
+			int dummy;
 		} macsec;
 		/**< MACsec capability */
 	};
@@ -486,6 +523,7 @@ struct rte_security_capability_idx {
 	enum rte_security_session_action_type action;
 	enum rte_security_session_protocol protocol;
 
+	RTE_STD_C11
 	union {
 		struct {
 			enum rte_security_ipsec_sa_protocol proto;
@@ -504,7 +542,7 @@ struct rte_security_capability_idx {
  *   - Returns array of security capabilities.
  *   - Return NULL if no capabilities available.
  */
-const struct rte_security_capability *
+const struct rte_security_capability * __rte_experimental
 rte_security_capabilities_get(struct rte_security_ctx *instance);
 
 /**
@@ -518,7 +556,7 @@ rte_security_capabilities_get(struct rte_security_ctx *instance);
  *     index criteria.
  *   - Return NULL if the capability not matched on security instance.
  */
-const struct rte_security_capability *
+const struct rte_security_capability * __rte_experimental
 rte_security_capability_get(struct rte_security_ctx *instance,
 			    struct rte_security_capability_idx *idx);