diff mbox series

[API-NEXT,v2,5/6] api: ipsec: outbound TFC padding and dummy packets

Message ID 1516719624-9914-6-git-send-email-odpbot@yandex.ru
State New
Headers show
Series [API-NEXT,v2,1/6] api: ipsec: IP header parameter types | expand

Commit Message

Github ODP bot Jan. 23, 2018, 3 p.m. UTC 
From: Petri Savolainen <petri.savolainen@linaro.org>


Specify how application can request TFC padding and dummy
packet creation at output. Application can use
odp_ipsec_out_opt_t options to reguest addition of TFC
padding, or creation of a TFC dummy packet
(next header = 59). IP parameter override options are needed
for tunnel mode dummy packet creation as there's no IP header
to copy e.g. DSCP or flow label values to tunnel IP header.

Signed-off-by: Petri Savolainen <petri.savolainen@linaro.org>

---
/** Email created from pull request 403 (psavol:next-ipsec-tfc)
 ** https://github.com/Linaro/odp/pull/403
 ** Patch: https://github.com/Linaro/odp/pull/403.patch
 ** Base sha: 44974a09b01c79adb9637a5dff38539598a76737
 ** Merge commit sha: 537da7cd2083945c4673ac0dd7b29beb6825bce7
 **/
 include/odp/api/spec/ipsec.h | 41 ++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 40 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h
index 27ff16691..217447060 100644
--- a/include/odp/api/spec/ipsec.h
+++ b/include/odp/api/spec/ipsec.h
@@ -991,6 +991,21 @@  typedef struct odp_ipsec_out_opt_t {
 			/** Use fragmentation mode option */
 			uint32_t frag_mode: 1;
 
+			/** Use IP parameters option */
+			uint32_t ip_param:  1;
+
+			/** Use TFC padding length option */
+			uint32_t tfc_pad:   1;
+
+			/** Tunnel mode TFC dummy packet. This can be used only
+			 *  in tunnel mode. When the flag is set, packet length
+			 *  and content is ignore and instead a TFC dummy packet
+			 *  is created during IPSEC operation. The dummy packet
+			 *  length is defined by 'tfc_pad_len' option. If the SA
+			 *  is configured to copy IP header fields from inner
+			 *  IP packet, those fields must be passed with
+			 *  IP parameters option. */
+			uint32_t tfc_dummy: 1;
 		} flag;
 
 		/** All flag bits */
@@ -1000,6 +1015,24 @@  typedef struct odp_ipsec_out_opt_t {
 	/** Fragmentation mode */
 	odp_ipsec_frag_mode_t frag_mode;
 
+	/** Union of IP parameters */
+	union {
+		/** Override IPv4 parameters in outer header creation.
+		 *  IP addresses are ignored. */
+		odp_ipsec_ipv4_param_t ipv4;
+
+		/** Override IPv6 parameters in outer header creation.
+		 *  IP addresses are ignored. */
+		odp_ipsec_ipv6_param_t ipv6;
+	};
+
+	/** TFC padding length
+	 *
+	 *  Number of TFC padding bytes added to the packet during IPSEC
+	 *  processing. Implementation guarantees that the padding does not
+	 *  contain any confidential information. */
+	uint32_t tfc_pad_len;
+
 } odp_ipsec_out_opt_t;
 
 /**
@@ -1297,7 +1330,13 @@  int odp_ipsec_in(const odp_packet_t pkt_in[], int num_in,
  * The operation does packet transformation according to IPSEC standards (see
  * e.g. RFC 4302 and 4303). Resulting packets are well formed IP packets
  * with IPSEC, etc headers constructed according to the standards. The amount
- * and content of packet data before the IP header is undefined.
+ * and content of packet data before the IP header is undefined. Use outbound
+ * operation parameters to specify the amount of TFC padding appended to
+ * the packet during IPSEC transformation. Options can be used also to create
+ * TFC dummy packets. Packet data content is ignored in tunnel mode TFC dummy
+ * packet creation as tfc_pad_len option defines solely the packet length.
+ * In all other cases, payload length for the IPSEC transformation is specified
+ * by odp_packet_len() minus odp_packet_l3_offset() plus tfc_pad_len option.
  *
  * Each successfully transformed packet has a valid value for these metadata:
  * - L3 offset: Offset to the first byte of the (outmost) IP header