Lines Matching defs:sa

23 set_ipsec_conf(struct ipsec_sa *sa, struct rte_security_ipsec_xform *ipsec)
28 		if (IS_IP4_TUNNEL(sa->flags)) {
34 				(uint8_t *)&sa->src.ip.ip4, 4);
37 				(uint8_t *)&sa->dst.ip.ip4, 4);
38 		} else if (IS_IP6_TUNNEL(sa->flags)) {
44 			tunnel->ipv6.src_addr = sa->src.ip.ip6;
45 			tunnel->ipv6.dst_addr = sa->dst.ip.ip6;
51 	ipsec->options.udp_encap = sa->udp_encap;
52 	if (IS_HW_REASSEMBLY_EN(sa->flags))
237 	struct ipsec_sa *sa, struct rte_ipsec_session *ips)
259 		key.cipher_algo = (uint8_t)sa->cipher_algo;
260 		key.auth_algo = (uint8_t)sa->auth_algo;
261 		key.aead_algo = (uint8_t)sa->aead_algo;
294 					sa->spi);
299 					sa->spi);
305 		sa->cqp[lcore_id] = &ipsec_ctx->tbl[cdev_id_qp];
313 			"%u\n", sa->spi, cdev_id);
321 				.spi = sa->spi,
322 				.salt = sa->salt,
325 				.direction = sa->direction,
327 				.mode = (IS_TUNNEL(sa->flags)) ?
331 			.crypto_xform = sa->xforms,
340 			set_ipsec_conf(sa, &(sess_conf.ipsec));
376 		if (verify_crypto_capabilities(info.capabilities, sa->xforms)) {
384 				sa->xforms, skt_ctx->session_pool);
415 create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
424 			.spi = sa->spi,
425 			.salt = sa->salt,
428 			.direction = sa->direction,
431 		.crypto_xform = sa->xforms,
435 	if (IS_TRANSPORT(sa->flags)) {
437 		if (IS_IP4(sa->flags)) {
442 				sa->src.ip.ip4;
444 				sa->dst.ip.ip4;
445 		} else if (IS_IP6(sa->flags)) {
449 			sess_conf.ipsec.tunnel.ipv6.src_addr = sa->src.ip.ip6;
450 			sess_conf.ipsec.tunnel.ipv6.dst_addr = sa->dst.ip.ip6;
452 	} else if (IS_TUNNEL(sa->flags)) {
455 		if (IS_IP4(sa->flags)) {
460 				sa->src.ip.ip4;
462 				sa->dst.ip.ip4;
463 		} else if (IS_IP6(sa->flags)) {
467 			sess_conf.ipsec.tunnel.ipv6.src_addr = sa->src.ip.ip6;
468 			sess_conf.ipsec.tunnel.ipv6.dst_addr = sa->dst.ip.ip6;
475 	if (sa->udp_encap) {
477 		sess_conf.ipsec.udp.sport = htons(sa->udp.sport);
478 		sess_conf.ipsec.udp.dport = htons(sa->udp.dport);
481 	if (sa->esn > 0) {
483 		sess_conf.ipsec.esn.value = sa->esn;
488 		sa->spi, sa->portid);
494 		sec_ctx = rte_eth_dev_get_sec_ctx(sa->portid);
517 		sa->pattern[0].type = RTE_FLOW_ITEM_TYPE_ETH;
519 		if (IS_IP6(sa->flags)) {
520 			sa->pattern[1].mask = &rte_flow_item_ipv6_mask;
521 			sa->pattern[1].type = RTE_FLOW_ITEM_TYPE_IPV6;
522 			sa->pattern[1].spec = &sa->ipv6_spec;
523 			sa->ipv6_spec.hdr.dst_addr = sa->dst.ip.ip6;
524 			sa->ipv6_spec.hdr.src_addr = sa->src.ip.ip6;
525 		} else if (IS_IP4(sa->flags)) {
526 			sa->pattern[1].mask = &rte_flow_item_ipv4_mask;
527 			sa->pattern[1].type = RTE_FLOW_ITEM_TYPE_IPV4;
528 			sa->pattern[1].spec = &sa->ipv4_spec;
530 			sa->ipv4_spec.hdr.dst_addr = sa->dst.ip.ip4;
531 			sa->ipv4_spec.hdr.src_addr = sa->src.ip.ip4;
534 		sa->esp_spec.hdr.spi = rte_cpu_to_be_32(sa->spi);
536 		if (sa->udp_encap) {
538 			sa->udp_spec.hdr.dst_port =
539 					rte_cpu_to_be_16(sa->udp.dport);
540 			sa->udp_spec.hdr.src_port =
541 					rte_cpu_to_be_16(sa->udp.sport);
543 			sa->pattern[2].mask = &rte_flow_item_udp_mask;
544 			sa->pattern[2].type = RTE_FLOW_ITEM_TYPE_UDP;
545 			sa->pattern[2].spec = &sa->udp_spec;
547 			sa->pattern[3].type = RTE_FLOW_ITEM_TYPE_ESP;
548 			sa->pattern[3].spec = &sa->esp_spec;
549 			sa->pattern[3].mask = &rte_flow_item_esp_mask;
551 			sa->pattern[4].type = RTE_FLOW_ITEM_TYPE_END;
553 			sa->pattern[2].type = RTE_FLOW_ITEM_TYPE_ESP;
554 			sa->pattern[2].spec = &sa->esp_spec;
555 			sa->pattern[2].mask = &rte_flow_item_esp_mask;
557 			sa->pattern[3].type = RTE_FLOW_ITEM_TYPE_END;
560 		sa->action[0].type = RTE_FLOW_ACTION_TYPE_SECURITY;
561 		sa->action[0].conf = ips->security.ses;
563 		sa->action[1].type = RTE_FLOW_ACTION_TYPE_END;
565 		sa->attr.egress = (sa->direction ==
567 		sa->attr.ingress = (sa->direction ==
569 		if (sa->attr.ingress) {
582 			if (flow_info_tbl[sa->portid].rx_def_flow)
585 			ret = rte_eth_dev_info_get(sa->portid, &dev_info);
589 					sa->portid, strerror(-ret));
593 			sa->action[2].type = RTE_FLOW_ACTION_TYPE_END;
595 			sa->action[1].type = RTE_FLOW_ACTION_TYPE_RSS;
596 			sa->action[1].conf = &action_rss;
597 			ret = rte_eth_dev_rss_hash_conf_get(sa->portid,
615 			ret = rte_flow_validate(sa->portid, &sa->attr,
616 						sa->pattern, sa->action,
621 			sa->action[1].type = RTE_FLOW_ACTION_TYPE_QUEUE;
622 			sa->action[1].conf =
626 			ret = rte_flow_validate(sa->portid, &sa->attr,
627 						sa->pattern, sa->action,
630 			sa->action[1].type = RTE_FLOW_ACTION_TYPE_END;
631 			sa->action[1].conf = NULL;
632 			ret = rte_flow_validate(sa->portid, &sa->attr,
633 						sa->pattern, sa->action,
637 		} else if (sa->attr.egress &&
640 			sa->action[1].type =
642 			sa->action[2].type =
646 		sa->flow = rte_flow_create(sa->portid,
647 				&sa->attr, sa->pattern, sa->action, &err);
648 		if (sa->flow == NULL) {
656 		sec_ctx = rte_eth_dev_get_sec_ctx(sa->portid);
665 		set_ipsec_conf(sa, &(sess_conf.ipsec));
678 		sess_conf.userdata = (void *) sa;
702 create_ipsec_esp_flow(struct ipsec_sa *sa)
706 	if (sa->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
711 	if (sa->flags == TRANSPORT) {
716 	sa->action[0].type = RTE_FLOW_ACTION_TYPE_QUEUE;
717 	sa->pattern[0].type = RTE_FLOW_ITEM_TYPE_ETH;
718 	sa->action[0].conf = &(struct rte_flow_action_queue) {
719 				.index = sa->fdir_qid,
721 	sa->attr.egress = 0;
722 	sa->attr.ingress = 1;
723 	if (IS_IP6(sa->flags)) {
724 		sa->pattern[1].mask = &rte_flow_item_ipv6_mask;
725 		sa->pattern[1].type = RTE_FLOW_ITEM_TYPE_IPV6;
726 		sa->pattern[1].spec = &sa->ipv6_spec;
727 		sa->ipv6_spec.hdr.dst_addr = sa->dst.ip.ip6;
728 		sa->ipv6_spec.hdr.src_addr = sa->src.ip.ip6;
729 		sa->pattern[2].type = RTE_FLOW_ITEM_TYPE_ESP;
730 		sa->pattern[2].spec = &sa->esp_spec;
731 		sa->pattern[2].mask = &rte_flow_item_esp_mask;
732 		sa->esp_spec.hdr.spi = rte_cpu_to_be_32(sa->spi);
733 		sa->pattern[3].type = RTE_FLOW_ITEM_TYPE_END;
734 	} else if (IS_IP4(sa->flags)) {
735 		sa->pattern[1].mask = &rte_flow_item_ipv4_mask;
736 		sa->pattern[1].type = RTE_FLOW_ITEM_TYPE_IPV4;
737 		sa->pattern[1].spec = &sa->ipv4_spec;
738 		sa->ipv4_spec.hdr.dst_addr = sa->dst.ip.ip4;
739 		sa->ipv4_spec.hdr.src_addr = sa->src.ip.ip4;
740 		sa->pattern[2].type = RTE_FLOW_ITEM_TYPE_ESP;
741 		sa->pattern[2].spec = &sa->esp_spec;
742 		sa->pattern[2].mask = &rte_flow_item_esp_mask;
743 		sa->esp_spec.hdr.spi = rte_cpu_to_be_32(sa->spi);
744 		sa->pattern[3].type = RTE_FLOW_ITEM_TYPE_END;
746 	sa->action[1].type = RTE_FLOW_ACTION_TYPE_END;
748 	ret = rte_flow_validate(sa->portid, &sa->attr, sa->pattern, sa->action,
755 	sa->flow = rte_flow_create(sa->portid, &sa->attr, sa->pattern,
756 					sa->action, &err);
757 	if (!sa->flow) {
804 	struct ipsec_sa *sa;
817 		sa = ipsec_mask_saptr(sas[i]);
818 		priv->sa = sa;
819 		ips = ipsec_get_primary_session(sa);
837 					sa->udp_encap != 1)) {
870 			ret = xform_func(pkts[i], sa, &priv->cop);
894 			ret = xform_func(pkts[i], sa, &priv->cop);
909 		RTE_ASSERT(sa->cqp[ipsec_ctx->lcore_id] != NULL);
910 		enqueue_cop(sa->cqp[ipsec_ctx->lcore_id], &priv->cop);
920 	struct ipsec_sa *sa;
928 		sa = priv->sa;
929 		ret = xform_func(pkt, sa, &priv->cop);
947 	struct ipsec_sa *sa;
970 			sa = priv->sa;
972 			RTE_ASSERT(sa != NULL);
974 			if (ipsec_get_action_type(sa) ==
976 				ret = xform_func(pkt, sa, cops[j]);
981 			} else if (ipsec_get_action_type(sa) ==