From patchwork Fri Mar 3 14:23:08 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petri Savolainen X-Patchwork-Id: 94843 Delivered-To: patch@linaro.org Received: by 10.140.82.71 with SMTP id g65csp259750qgd; Fri, 3 Mar 2017 06:25:33 -0800 (PST) X-Received: by 10.200.55.181 with SMTP id d50mr3165310qtc.140.1488551133549; Fri, 03 Mar 2017 06:25:33 -0800 (PST) Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id g67si9464202qkf.69.2017.03.03.06.25.33; Fri, 03 Mar 2017 06:25:33 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 375DE634EF; Fri, 3 Mar 2017 14:25:33 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=BAD_ENC_HEADER,BAYES_00, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL, SPF_HELO_PASS, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id D97F362D92; Fri, 3 Mar 2017 14:25:25 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 90F48609BE; Fri, 3 Mar 2017 14:25:15 +0000 (UTC) Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0118.outbound.protection.outlook.com [104.47.0.118]) by lists.linaro.org (Postfix) with ESMTPS id D138962DA1 for ; Fri, 3 Mar 2017 14:24:44 +0000 (UTC) Received: from AM5PR0701CA0063.eurprd07.prod.outlook.com (2603:10a6:203:2::25) by DB5PR07MB0823.eurprd07.prod.outlook.com (2a01:111:e400:5106::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.947.2; Fri, 3 Mar 2017 14:24:42 +0000 Received: from VE1EUR03FT035.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e09::209) by AM5PR0701CA0063.outlook.office365.com (2603:10a6:203:2::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.961.8 via Frontend Transport; Fri, 3 Mar 2017 14:24:41 +0000 Received-SPF: SoftFail (protection.outlook.com: domain of transitioning linaro.org discourages use of 131.228.2.35 as permitted sender) Received: from hybrid2.ext.net.nokia.com (131.228.2.35) by VE1EUR03FT035.mail.protection.outlook.com (10.152.18.110) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.933.11 via Frontend Transport; Fri, 3 Mar 2017 14:24:41 +0000 Received: from fihe3nok1347.nsn-intra.net (10.158.36.135) by fihe3nok1346.nsn-intra.net (10.158.36.134) with Microsoft SMTP Server (TLS) id 15.1.466.34; Fri, 3 Mar 2017 16:24:37 +0200 Received: from mailrelay.int.nokia.com (10.130.128.30) by fihe3nok1347.nsn-intra.net (10.158.36.135) with Microsoft SMTP Server (TLS) id 15.1.466.34 via Frontend Transport; Fri, 3 Mar 2017 16:24:37 +0200 Received: from fihe3nok0735.emea.nsn-net.net (localhost [127.0.0.1]) by fihe3nok0735.emea.nsn-net.net (8.14.9/8.14.5) with ESMTP id v23EN95u023558 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 3 Mar 2017 16:23:09 +0200 Received: from 10.144.19.15 ([10.144.104.219]) by fihe3nok0735.emea.nsn-net.net (8.14.9/8.14.5) with ESMTP id v23EN86o023545 (version=TLSv1/SSLv3 cipher=AES128-SHA256 bits=128 verify=NOT) for ; Fri, 3 Mar 2017 16:23:08 +0200 X-HPESVCS-Source-Ip: 10.144.104.219 From: Petri Savolainen To: Date: Fri, 3 Mar 2017 16:23:08 +0200 Message-ID: <1488550988-2652-2-git-send-email-petri.savolainen@linaro.org> X-Mailer: git-send-email 2.8.1 In-Reply-To: <1488550988-2652-1-git-send-email-petri.savolainen@linaro.org> References: <1488550988-2652-1-git-send-email-petri.savolainen@linaro.org> MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report: CIP:131.228.2.35; IPV:NLI; CTRY:FI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(7916002)(39850400002)(39450400003)(39860400002)(39410400002)(39840400002)(2980300002)(199003)(189002)(9170700003)(86362001)(36756003)(356003)(305945005)(106466001)(81166006)(5660300001)(8676002)(50226002)(105596002)(8936002)(22756006)(47776003)(50466002)(189998001)(77096006)(2906002)(2351001)(626004)(2950100002)(38730400002)(450100001)(110136004)(53936002)(48376002)(50986999)(33646002)(92566002)(5003940100001)(6916009)(76176999)(217873001); DIR:OUT; SFP:1102; SCL:1; SRVR:DB5PR07MB0823; H:hybrid2.ext.net.nokia.com; FPR:; SPF:SoftFail; MLV:sfv; A:1; MX:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; VE1EUR03FT035; 1:Uy9oCLc4lzavGW7dg3j3thLfF7r/76XpBpA3YDbJUPEGl6x6dA6W/PAjLrDRoH5Hl5v3cWFC4jCFbdsaEZIFWvKaDox/hF9GyycI2XN4MUY1hWTteEzOWno7+qjsGxWdNOE+TAv1XQDrfxCD+cWEJUw9bikXWaKGDbzAXuGnJpbKjH1nqBnKuwIRObCrDOvdS7XOSpwwn1JJPlKnr3GGnKkbJjRc3J1K2vum9T1CyyqxSJ8j1d1KUX7XDvU/dZ2hOzOhghrA2RXAGAvGEx59e7Ub0Z8QyYP4qJhB15gc0WCEHzg+QRBRlzA87gxrlE48my1LJsflfynMWRYOXbo7uCUNE97NlPymI/3HcAO1+JpHNLpr88a2TkzwSiwI4hWreLAX55VEoHhocRb0wiAt87cVOLgK9fnN6AXRwuA0yMneFdpg1uQvqmNK1p1qqlMn0P3VfGodaqpI32af3ipsYIrbMxywL4i1dCNFHmaJpoA= X-MS-Office365-Filtering-Correlation-Id: bc9c3be0-3585-4f1f-ea67-08d46241082c X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001); SRVR:DB5PR07MB0823; X-Microsoft-Exchange-Diagnostics: 1; DB5PR07MB0823; 3:HC7Ji/jAGi4gj7QmmLi0WnmwpWNXPxA+CLRoBvSS0qXYC/ZR8WbOifPcB8qpssjeQykRZ+xCORKahPJH+n5r7ahds+GWuvfiA6KDY9j3TXraL89vESvE/aze7MLR7iYGqScjsutWBKGRbCnkG518obClI6ziwGZVws28bCPe512hf71LQBqbtZgyb8fLXjtZ8czuQePUFGnEvaGP0R5FYN20pC1LKDwsGqSwDVuNcvlbP7JUsV58hiZCGSddFR/cdecsBs5tLKpwzQ5Oain/kuGGCbtv0x/yst148Ki5SvYZ+CImlAU6tvOevqiU8cwCN2n9O8kGVOIgtHTRLBiAzfGZPXvZnSXDwpsta7DjOQnv7wz7qFkLFPvx7vuDbdXg; 25:2thkYUlPBiKYsGjTl/DpVGEFB76FNkDozlfJDEsAUvlG6eZUbLXjz7xnq+9Gw4QZyyZI2h7b6jYO08AbQ2HeYzmikIOLR4XS/KNRpbxal+gq7BfvQApHgyJ2OQDj+OnJqWpFVzRay0hQ3xSVHExtmFYq8Mea/RSdDjA7dz0kkIlZIkbdH/BweV1BsyFpg3HoQ1Wls0Tm6GQpsaZWNz1eFLCBCirMVlXsCEPiJkoC8uhT5B66wp1qcYxKVqMABONhtSTDV63q3bPAmFUAZRN6Sfk4377wTfk9RURWw2swPSue1vkoD/bQFlMidv2NCcYnM6QLQ0pKGtX/xDZrQP8qpZIT9Y3lBXbIWEfpkBOfk3341hxuezr762HH9Ar5smJmtlMbt3P7O7i1nac10ygYA1nLVCzo3pDUPtBaBtv47/tyL1ejHCVgFPkb2dv/HU3HBwbDjfUbBosy81zK37pMlw== X-Microsoft-Exchange-Diagnostics: 1; DB5PR07MB0823; 31:kMFwFghh26JQabLxNDo7oO9nbfoSC+ulgY6KeSGEBJkYwWcw3u4jJqkw2NEvJJUQEBXVGZplIVqGLOYjtpsaCIgnaNrxvVnc/plOB85zJ7rKi7chxXIIu9xchCnJzXPTDxa07mLalQRrfTQWEXkCC21LMKaYXFIF09XmI2I0z3qjg2UTMkw0TRrMx89UFiDNkbBygs0UVCkbVWXkpov57NolhulLjpUjiV7VdK9XXSrQR5cubPKAjtyjfk8PHTDTubNmgIZCX0GUvGN7saCU4Q==; 20:qaJkO/ZJBf1m8TeQHgFab9r1zh1wzEvB4vD11J+sCGcsTmrLAvKHypdtHc0v0Z8sylnTWeLaM1k8sWKNSR5TMl13FVxRrV0fB5nyxJiYP+qZEDFkb9CSQu66FrgxrYIhpHfn58Q6YWtsVqxHUu7aDVF651oXYgBovrItsy3xb/vp+YPFjjD0grAeTemy24c2uiFDWCdD2OLuyvtu2Jwoeq4A78DuuBioP6u2a29QpkapaluIs/DK8aZnrnUaArIeHEXiY0CpAvfyn38RZiKpVGTiD3YfAbm8xQPw2jE4FWVzvF0kePnxMqtOEyjcdG/yYyAh1pX7lO02ia04A7ukmxqyjjzK3JltJUbVg9aneb9lzDWSYxiWqVIUMCNYGLwxSNXgOOvNOtnsZ3u3Cym7DJgLDPXx82kYN4P9+Qu/1d5oWopRWy4KeosMDM2whLK0L0EjesP5q5v4TfvqI8xujx6F6nwLJVErGq4uI0/UJw1kff22eS/unfYA4v0cbTGW0aDW+WL7Gcv5g+226Ty7kTadAvHL6ZQ5odV73DAMxQsGAFRaHB0cCIxLiyWioaIKjnYYlgBf45hIkBWpiVYD/kbwjp66+lqaHMyieGdLXFk= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(131327999870524); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(13016025)(8121501046)(5005006)(13018025)(10201501046)(3002001)(6055026)(6041248)(20161123558025)(20161123555025)(20161123562025)(20161123560025)(20161123564025)(6072148); SRVR:DB5PR07MB0823; BCL:0; PCL:0; RULEID:; SRVR:DB5PR07MB0823; X-Microsoft-Exchange-Diagnostics: 1; DB5PR07MB0823; 4:WLSf/3elWWbKQxentl5MpxWbFhMQdALZjsIVfXn8t6nos6d2iMCCdyuURX05lcblBiszC4BN89aE3haj95HVAuQdt8M+P1fn1Ux4O0K7BC/MmuGkIOvE4r2as5MO53xdnnL2Q9SPR84z207vMj0ATzRwz4b+tBZD3+e7SO0y/QN6tpRtOQlAJ0R1Fx0CH48g+mYO9BObQ7mhC8oIiR3sxQe6CJdnbJ5du0F6rUsZSMo0KHmny4K9U8sGDCSCpP0LP7JEFOc6FHcWb6fpe+KI5LMrZ/Cd+JZn9y3BRpTzs1MAPMPfrWd4PW2b7a7Edw3vwMP0LP6yDXYMOvOBRa8svNTfMN9fIA3ilUfEyvCBWEf64Q37WodMXcRaaDQWRXn2w8sSf/EPKN92HeLW5gFe9+EJ05yQnz7uH+ckvsi0aP8nLmicA0KGI29Yfis7ArFq2cME5fUMM/ashhBeVGm4G1mkY8yenHe4brjyYKec1pghxs3AiZGshmbNqzc0MLm8ZtnWJ9WgqY7OhYt/0jyrmWJlTQShdz3rzdxPiqdbhJjef5dRLKv6TWRCw2MzN9oj11kwo6KSrkevlbdZwzzE82gHbzPgFbu4iBHQ/UxKiCuTFosCu507FGZ0H3uu5drgbKSVcQygo+NejTtT30ot0wlvwpqd6P/5W6WGwyzRuker3E4aDB9NU8u7tiAWnVpk0q/AE7/FNqO+DWYF5HmnTw== X-Forefront-PRVS: 0235CBE7D0 X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DB5PR07MB0823; 23:oStsfGy9r7VIoOwWy8weh9CTTiOCAZFAlJlpCzosv?= 11oNDCv2YQkaZ4dTesqaqzlE/0nsF1X7uzkn9mhPGC64JQ6RNmucfx/nYacqcZYwQMw5UrhEuQ7IfHpU6g6WP0BG0qu8JOsEQkgbiK1nuTesab3eorIZpB+CqeVGlfI7pZxLTknyz0QbZzFpcXD7wTLmNaOWXoSTzXNZKtZGWLwlbEEfkUkVAsinvxYPpu1bonCoufBpCnupBzxZxqMxDVX1EhBW1SfQmCJaERTr3inbLZTgZYzNN5beafWgGK4GB71qQAees6KXW1mSdoROHd4YRsGwFAmD/jrptCEDeYi65EqdHOH+bH0s6i+j9W2J9OdYAXkTSiD0k4ryDnUkmPbLj3JaeqOq4oUODb3oTxKLDGM8HXgeQtZ5F5l8lEuez3Gqqmc0KV99e4U6o9YX3HjaSlw+fX5UMMEKqi3lrOBVJX/7Eypd9szf+qUMRp9jV3P+sDXKjrUKG0gPASq8cyCjSG9bxlDhGk5axhkfUyU7H9dIwukqtIJySSGmQYfnXFEYmzvVbtzB7iygbL8qihFeMMg/vHJcW5cmvuEwMCVO+nkCiOj/gsDsf9ZUNUWgc5VEkUGu4eWqL406uoosezSS9UhNY0RfEaTW2OV0pXWeyoupj0ZMke6EGkC0mnzllas1XQAK4c+AklTLSJh0B7dpjwPUKW7HkLU4J18rbeEiQv+aJACh6BtZXhM8vefVC/3B19mhBJmsjUusfrt6eKsHGBagwd0su3634w3NzFa4pIl/4JIJv503XzAVqb2z6TL7TLxu2xQg008QX6ymZI6Vm8cZOX1tFONxZ8NE99TTzWCVr103cPE2iPgNTQi9/VQI27VSLl3xl7Fpcrle0j9LyY2tCukpqEY0FcOQjfK+vSAjbPP5ybAyCiYU6BsYzpRlvcLEsnEgLs0kQpFvfKzhgP9DqP8oLmaDKPX59YfFQZuANZS3uhWWHkjeIlY8c7AJmENH60m0sP77WqRD/oxRnneZxEfkilLDKV+zrl4/s1kCS9PhaG//ax/bnoPD/xQGfN5uC7ZGXGFAhkGyOO2 X-Microsoft-Exchange-Diagnostics: 1; DB5PR07MB0823; 6:NisdarjtHlnaXSK018RpMOwyYkl1uGDUzc05LSIAQqK/mosnmrZyju5UvTlfOCbIB4MNT1mhFVAE2R/Qc1KSNdS734dxpiQyWS53H3t6INnFApsf4PNmlTt+yebBN2KP+28tGJGzxaZ1lfuWqDsGi0hIRckEJ945bfde2E0EAqD0bRA9l5cGDOuznIzwaBGgFMVO4+GToZ6Xb6vIkhIGaqAE7H7jb0Z9eS1ueOCMHNobJDkxGxXuG4nct653W8QxTcPdaQ1QuG4l9/nhz+PF72fIRGSfR8GhPRaTVTtHg3bPVF42ZT0+lwPon0NVbMmgsSS4TBY1r0iN2eFqWvKYJMw3FMFKVobJyWXxWaevbnzkrvj+VBfBeFFREArikjMi7L6y3vRvcihES48SCIvVU+5z8B8K4TCiTwFkIGyhbxY=; 5:9U2saIE2A1e3xbOJw3g/e9Xr+ov0nWt7h2iVTx8ynw0OJpQnCbEmXw360Wsff/jwfCjOm3EE7TbbG3mKt0GVsoUFYsLwsow8g2w1b6izpMMu7A9Dyz49bBxbDjVRmRinC/o6FK9XvKzafacj4i/7+w==; 24:jed6lSnHHkQQvpoPb7eC/hj1T6TjwyYcxNlAAx0tZJkCN5v/sTs6i0CiF288JcejV67hYHDmkchH1Z5kL2c1VQjVxPCseTOed4FR8LIsBeY= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DB5PR07MB0823; 7:PwEVR7eqZGqO5f+ZDH22RMgidL6JzunjiAADbj9jB3r7nkW9SpSWges/oORRexDRcMf6DTE0bx6yyRsSQNLVKEZjcFmmaS0Og+mhKGE86vW+4lM+R0T4VpgdZpFen03GAr/5vezXfDuTjDgF3IB0C0S+y3Iytx6ZphJ322lWCz009LemE+dsRrfzaTMKinUjJ8EAVJeZpiGdhozF+MvgSsz3eyXozdRBD2Ks1kqEx+Pw6rrMsFaZVScURPNMGcNe2IAM0+hEN+cBMsN626r9bf73ULduRl7lL9c2AsOh0Fiyrvm4RTQwCfo8qCUEvpu3vVi6ACgxCeJhYLhvwVqfmg== X-OriginatorOrg: nokia.onmicrosoft.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Mar 2017 14:24:41.4702 (UTC) X-MS-Exchange-CrossTenant-Id: 5d471751-9675-428d-917b-70f44f9630b0 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5d471751-9675-428d-917b-70f44f9630b0; Ip=[131.228.2.35]; Helo=[hybrid2.ext.net.nokia.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR07MB0823 Subject: [lng-odp] [RFC API-NEXT PATCH 2/2] api: ipsec: add inline IPSEC support X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" Added support for inline IPSEC processing on packet input and output. Signed-off-by: Petri Savolainen --- include/odp/api/spec/ipsec.h | 134 +++++++++++++++++++++++++++++++++++---- include/odp/api/spec/packet_io.h | 27 ++++++++ 2 files changed, 149 insertions(+), 12 deletions(-) -- 2.8.1 diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h index e57c7df..445216c 100644 --- a/include/odp/api/spec/ipsec.h +++ b/include/odp/api/spec/ipsec.h @@ -19,6 +19,7 @@ extern "C" { #endif #include +#include /** @defgroup odp_ipsec ODP IPSEC * Operations of IPSEC API. @@ -51,7 +52,15 @@ typedef enum odp_ipsec_op_mode_t { * Application uses asynchronous IPSEC operations, * which return results via events. */ - ODP_IPSEC_OP_MODE_ASYNC + ODP_IPSEC_OP_MODE_ASYNC, + + /** Inline IPSEC operation + * + * Packet input/output is connected directly to IPSEC inbound/outbound + * processing. Application uses asynchronous or inline IPSEC + * operations. + */ + ODP_IPSEC_OP_MODE_INLINE } odp_ipsec_op_mode_t; @@ -78,6 +87,14 @@ typedef struct odp_ipsec_capability_t { */ uint8_t op_mode_async; + /** Inline IPSEC operation mode (ODP_IPSEC_OP_MODE_INLINE) support + * + * 0: Inline IPSEC operation is not supported + * 1: Inline IPSEC operation is supported + * 2: Inline IPSEC operation is supported and preferred + */ + uint8_t op_mode_inline; + /** Soft expiry limit in seconds support * * 0: Limit is not supported @@ -605,7 +622,7 @@ typedef struct odp_ipsec_op_opt_t { #define ODP_IPSEC_OK 0 /** IPSEC operation status */ -typedef union odp_ipsec_status_t { +typedef union odp_ipsec_op_status_t { /** Error flags */ struct { /** Protocol error. Not a valid ESP or AH packet. */ @@ -653,7 +670,24 @@ typedef union odp_ipsec_status_t { */ uint32_t all; -} odp_ipsec_status_t; +} odp_ipsec_op_status_t; + +/** IPSEC operation flags */ +typedef union odp_ipsec_op_flags_t { + /** Operation flags */ + struct { + /** Packet was processed in inline mode */ + uint32_t inline_mode : 1; + + } bit; + + /** All bits of the bit field structure + * + * This field can be used to set, clear or compare multiple flags. + */ + uint32_t all; + +} odp_ipsec_op_flags_t; /** * IPSEC operation input parameters @@ -707,11 +741,51 @@ typedef struct odp_ipsec_op_param_t { } odp_ipsec_op_param_t; /** + * Outbound inline IPSEC operation parameters + */ +typedef struct odp_ipsec_inline_op_param_t { + /** Packet output interface for inline output operation + * + * Outbound inline IPSEC operation uses this packet IO interface to + * output the packet after a successful IPSEC transformation. The pktio + * must have been configured to operate in inline IPSEC mode. + */ + odp_pktio_t pktio; + + /** Outer headers for inline output operation + * + * Outbound inline IPSEC operation uses this information to prepend + * outer headers to the IPSEC packet before sending it out. + */ + struct { + /** Points to first byte of outer headers to be copied in + * front of the outgoing IPSEC packet */ + uint8_t *ptr; + + /** Outer header length in bytes */ + uint32_t len; + } outer_hdr; + +} odp_ipsec_inline_op_param_t; + +/** + * Additional information about the inbound inline IPSEC processed packet + */ +typedef struct odp_ipsec_orig_packet_t { + /** VLAN Tag Control Information (TCI) of the original packet */ + uint16_t vlan_tci; + +} odp_ipsec_orig_packet_t; + +/** * IPSEC operation result for a packet */ typedef struct odp_ipsec_packet_result_t { /** IPSEC operation status */ - odp_ipsec_status_t status; + odp_ipsec_op_status_t status; + + /** IPSEC operation flags */ + odp_ipsec_op_flags_t flags; /** Number of output packets created from the corresponding input packet * @@ -732,6 +806,12 @@ typedef struct odp_ipsec_packet_result_t { */ odp_ipsec_sa_t sa; + /** Additional information about the packet before inbound + * inline processing. This is valid only when flags.bit.inline_mode is + * set. + */ + odp_ipsec_orig_packet_t orig; + } odp_ipsec_packet_result_t; /** @@ -761,6 +841,8 @@ typedef struct odp_ipsec_op_result_t { * has_l3, has_l4, has_ipv4, has_ipv6, has_ipfrag, * has_ipsec, has_udp, has_tcp, etc depending on * the resulted packet format + * * pktio: For inbound inline IPSEC processed packets, original + * packet input interface * * @see odp_packet_l3_offset(), odp_packet_l4_offset(), * odp_packet_has_ipv4(), odp_packet_has_ipv6(), @@ -867,10 +949,10 @@ int odp_ipsec_out(const odp_ipsec_op_param_t *input, /** * Inbound asynchronous IPSEC operation * - * This operation does inbound IPSEC processing in asynchronous mode - * (ODP_IPSEC_OP_MODE_ASYNC). It processes packets otherwise identically to - * odp_ipsec_in(), but outputs all results through one or more - * ODP_EVENT_IPSEC_RESULT events with the following ordering considerations. + * This operation does inbound IPSEC processing in asynchronous mode. It + * processes packets otherwise identically to odp_ipsec_in(), but outputs all + * results through one or more ODP_EVENT_IPSEC_RESULT events with the following + * ordering considerations. * * Asynchronous mode maintains (operation input) packet order per SA when * application calls the operation within an ordered or atomic scheduler context @@ -880,6 +962,9 @@ int odp_ipsec_out(const odp_ipsec_op_param_t *input, * events for the same SA are enqueued in order, and packet handles (for the * same SA) are stored in order within an event. * + * The function may be used also in inline processing mode, e.g. for IPSEC + * packets for which inline processing is not possible. + * * @param input Operation input parameters * * @return Number of input packets consumed (0 ... input.num_pkt) @@ -892,10 +977,10 @@ int odp_ipsec_in_enq(const odp_ipsec_op_param_t *input); /** * Outbound asynchronous IPSEC operation * - * This operation does outbound IPSEC processing in asynchronous mode - * (ODP_IPSEC_OP_MODE_ASYNC). It processes packets otherwise identically to - * odp_ipsec_out(), but outputs all results through one or more - * ODP_EVENT_IPSEC_RESULT events with the following ordering considerations. + * This operation does outbound IPSEC processing in asynchronous mode. It + * processes packets otherwise identically to odp_ipsec_out(), but outputs all + * results through one or more ODP_EVENT_IPSEC_RESULT events with the following + * ordering considerations. * * Asynchronous mode maintains (operation input) packet order per SA when * application calls the operation within an ordered or atomic scheduler context @@ -905,6 +990,9 @@ int odp_ipsec_in_enq(const odp_ipsec_op_param_t *input); * events for the same SA are enqueued in order, and packet handles (for the * same SA) are stored in order within an event. * + * The function may be used also in inline processing mode, e.g. for IPSEC + * packets for which inline processing is not possible. + * * @param input Operation input parameters * * @return Number of input packets consumed (0 ... input.num_pkt) @@ -915,6 +1003,28 @@ int odp_ipsec_in_enq(const odp_ipsec_op_param_t *input); int odp_ipsec_out_enq(const odp_ipsec_op_param_t *input); /** + * Outbound inline IPSEC operation + * + * This operation does outbound inline IPSEC processing for the packets. It's + * otherwise identical to odp_ipsec_out_enq(), but outputs all successfully + * transformed packets to the specified output interface, instead of generating + * result events for those. + * + * Inline operation parameters are defined per packet. The array of parameters + * must have 'op_param.num_pkt' elements and is pointed to by 'inline_param'. + * + * @param op_param Operation parameters + * @param inline_param Outbound inline operation specific parameters + * + * @return Number of packets consumed (0 ... op_param.num_pkt) + * @retval <0 On failure + * + * @see odp_ipsec_out_enq() + */ +int odp_ipsec_out_inline(const odp_ipsec_op_param_t *op_param, + const odp_ipsec_inline_op_param_t *inline_param); + +/** * Get IPSEC results from an ODP_EVENT_IPSEC_RESULT event * * Copies IPSEC operation results from an event. The event must be of diff --git a/include/odp/api/spec/packet_io.h b/include/odp/api/spec/packet_io.h index cec1f22..56bd9e7 100644 --- a/include/odp/api/spec/packet_io.h +++ b/include/odp/api/spec/packet_io.h @@ -407,6 +407,33 @@ typedef struct odp_pktio_config_t { * interface capability before enabling the same. */ odp_bool_t enable_loop; + /** Inbound IPSEC inlined with packet input + * + * Enable/disable inline inbound IPSEC operation. When enabled packet + * input directs all IPSEC packets automatically to IPSEC inbound + * processing. IPSEC configuration is done through the IPSEC API. + * + * 0: Disable inbound IPSEC inline operation (default) + * 1: Enable inbound IPSEC inline operation + * + * @see odp_ipsec_config(), odp_ipsec_sa_create() + */ + odp_bool_t inbound_ipsec; + + /** Outbound IPSEC inlined with packet output + * + * Enable/disable inline outbound IPSEC operation. When enabled IPSEC + * outbound processing can send outgoing IPSEC packets directly + * to the pktio interface for output. IPSEC configuration is done + * through the IPSEC API. + * + * 0: Disable outbound IPSEC inline operation (default) + * 1: Enable outbound IPSEC inline operation + * + * @see odp_ipsec_config(), odp_ipsec_sa_create() + */ + odp_bool_t outbound_ipsec; + } odp_pktio_config_t; /**