[API-NEXT,v3] API: IPSEC: Updating ipsec APIs to support sNIC implementation.

Message ID 20170428095516.10616-1-nikhil.agarwal@linaro.org
State New
Headers show

Commit Message

Nikhil Agarwal April 28, 2017, 9:55 a.m.
Signed-off-by: Nikhil Agarwal <nikhil.agarwal@linaro.org>

---
 include/odp/api/spec/ipsec.h     | 64 ++++++++++++++++++----------------------
 include/odp/api/spec/packet_io.h | 16 ++++++++++
 2 files changed, 44 insertions(+), 36 deletions(-)

-- 
2.9.3

Patch hide | download patch | download mbox

diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h
index e83494d..90ba004 100644
--- a/include/odp/api/spec/ipsec.h
+++ b/include/odp/api/spec/ipsec.h
@@ -59,8 +59,12 @@  typedef enum odp_ipsec_op_mode_t {
 	/** Inline IPSEC operation
 	  *
 	  * Packet input/output is connected directly to IPSEC inbound/outbound
-	  * processing. Application uses asynchronous or inline IPSEC
-	  * operations.
+	  * processing. Packet post IPSEC operations are delivered to virtual
+	  * PKTIO interface corresponding to the PKTIO on which packet was 
+	  * recieved. Further classification/Hashing(inbound) will be applied to
+	  * packet post IPSEC as defined in PKTIO configuration of virtual
+	  * interface.
+	  * Application may use asynchronous IPSEC operations as well.
 	  */
 	ODP_IPSEC_OP_MODE_INLINE,
 
@@ -226,6 +230,24 @@  typedef struct odp_ipsec_outbound_config_t {
 
 } odp_ipsec_outbound_config_t;
 
+typedef union odp_ipsec_protocols_t {
+	/** Cipher algorithms */
+	struct {
+		/** ODP_IPSEC_ESP */
+		uint32_t esp        : 1;
+
+		/** ODP_IPSEC_AH */
+		uint32_t ah         : 1;
+
+	} bit;
+
+	/** All bits of the bit field structure
+	 *
+	 * This field can be used to set/clear all flags, or bitwise
+	 * operations over the entire structure. */
+	uint32_t all_bits;
+} odp_ipsec_protocols_t;
+
 /**
  * IPSEC capability
  */
@@ -264,6 +286,9 @@  typedef struct odp_ipsec_capability_t {
 	 */
 	uint8_t hard_limit_sec;
 
+	/** Supported ipsec Protocols */
+	odp_ipsec_protocols_t protocols;
+
 	/** Supported cipher algorithms */
 	odp_crypto_cipher_algos_t ciphers;
 
@@ -554,21 +579,6 @@  typedef enum odp_ipsec_lookup_mode_t {
 } odp_ipsec_lookup_mode_t;
 
 /**
- * Result event pipeline configuration
- */
-typedef enum odp_ipsec_pipeline_t {
-	/** Do not pipeline */
-	ODP_IPSEC_PIPELINE_NONE = 0,
-
-	/** Send IPSEC result events to the classifier.
-	 *
-	 *  IPSEC capability 'pipeline_cls' determines if pipelined
-	 *  classification is supported. */
-	ODP_IPSEC_PIPELINE_CLS
-
-} odp_ipsec_pipeline_t;
-
-/**
  * IPSEC Security Association (SA) parameters
  */
 typedef struct odp_ipsec_sa_param_t {
@@ -632,31 +642,13 @@  typedef struct odp_ipsec_sa_param_t {
 	 */
 	uint32_t mtu;
 
-	/** Select pipelined destination for IPSEC result events
-	 *
-	 *  Asynchronous and inline modes generate result events. Select where
-	 *  those events are sent. Inbound SAs may choose to use pipelined
-	 *  classification. The default value is ODP_IPSEC_PIPELINE_NONE.
-	 */
-	odp_ipsec_pipeline_t pipeline;
-
 	/** Destination queue for IPSEC events
 	 *
-	 *  Operations in asynchronous or inline mode enqueue resulting events
+	 *  Operations in asynchronous mode enqueue resulting events
 	 *  into this queue.
 	 */
 	odp_queue_t dest_queue;
 
-	/** Classifier destination CoS for IPSEC result events
-	 *
-	 *  Result events for successfully decapsulated packets are sent to
-	 *  classification through this CoS. Other result events are sent to
-	 *  'dest_queue'. This field is considered only when 'pipeline' is
-	 *  ODP_IPSEC_PIPELINE_CLS. The CoS must not be shared between any pktio
-	 *  interface default CoS.
-	 */
-	odp_cos_t dest_cos;
-
 	/** User defined SA context pointer
 	 *
 	 *  User defined context pointer associated with the SA.
diff --git a/include/odp/api/spec/packet_io.h b/include/odp/api/spec/packet_io.h
index 8802089..0270b56 100644
--- a/include/odp/api/spec/packet_io.h
+++ b/include/odp/api/spec/packet_io.h
@@ -1136,6 +1136,22 @@  uint64_t odp_pktin_ts_res(odp_pktio_t pktio);
  * @return Packet input timestamp
  */
 odp_time_t odp_pktin_ts_from_ns(odp_pktio_t pktio, uint64_t ns);
+/**
+ * Returns virtual IPSEC PKTIO for a given PKTIO interface when inbound_ipsec is
+ * enabled on PKTIO interface.
+ *
+ * Inline processed IPSEC packets will be delivered to this virtual PKTIO interface
+ * User can enable classification/Hashing on this interface in same manner as on
+ * normal PKTIO interface. L2 classification rules will not apply to this pktio
+ * as only valid L3 packet are delivered on this interface.
+ *
+ * @param      pktio   Packet IO handle
+ *
+ * @return virtual IPSEC PKT IO handle. returns ODP_PKTIO_INVALID in case IPSec
+ * is not enabled on the PKTIO.
+ */
+odp_pktio_t odp_pktio_ipsec_pktio(odp_pktio_t pktio, uint64_t ns);
+
 
 /**
  * @}