xref: /dpdk/lib/ipsec/rte_ipsec_sad.h (revision 9ac91e2f7339e66658ef55b756a06b328e336fde) 
199a2dd95SBruce Richardson 
299a2dd95SBruce Richardson /* SPDX-License-Identifier: BSD-3-Clause
399a2dd95SBruce Richardson  * Copyright(c) 2019 Intel Corporation
499a2dd95SBruce Richardson  */
599a2dd95SBruce Richardson 
699a2dd95SBruce Richardson #ifndef _RTE_IPSEC_SAD_H_
799a2dd95SBruce Richardson #define _RTE_IPSEC_SAD_H_
899a2dd95SBruce Richardson 
999a2dd95SBruce Richardson #include <stdint.h>
1099a2dd95SBruce Richardson 
11*9ac91e2fSRobin Jarry #include <rte_ip6.h>
1299a2dd95SBruce Richardson 
1399a2dd95SBruce Richardson /**
1499a2dd95SBruce Richardson  * @file rte_ipsec_sad.h
1599a2dd95SBruce Richardson  *
1699a2dd95SBruce Richardson  * RTE IPsec security association database (SAD) support.
1799a2dd95SBruce Richardson  * Contains helper functions to lookup and maintain SAD
1899a2dd95SBruce Richardson  */
1999a2dd95SBruce Richardson 
2099a2dd95SBruce Richardson #ifdef __cplusplus
2199a2dd95SBruce Richardson extern "C" {
2299a2dd95SBruce Richardson #endif
2399a2dd95SBruce Richardson 
2499a2dd95SBruce Richardson struct rte_ipsec_sad;
2599a2dd95SBruce Richardson 
2699a2dd95SBruce Richardson /** Type of key */
2799a2dd95SBruce Richardson enum {
2899a2dd95SBruce Richardson 	RTE_IPSEC_SAD_SPI_ONLY = 0,
2999a2dd95SBruce Richardson 	RTE_IPSEC_SAD_SPI_DIP,
3099a2dd95SBruce Richardson 	RTE_IPSEC_SAD_SPI_DIP_SIP,
3199a2dd95SBruce Richardson 	RTE_IPSEC_SAD_KEY_TYPE_MASK,
3299a2dd95SBruce Richardson };
3399a2dd95SBruce Richardson 
3499a2dd95SBruce Richardson struct rte_ipsec_sadv4_key {
3599a2dd95SBruce Richardson 	uint32_t spi;
3699a2dd95SBruce Richardson 	uint32_t dip;
3799a2dd95SBruce Richardson 	uint32_t sip;
3899a2dd95SBruce Richardson };
3999a2dd95SBruce Richardson 
4099a2dd95SBruce Richardson struct rte_ipsec_sadv6_key {
4199a2dd95SBruce Richardson 	uint32_t spi;
42*9ac91e2fSRobin Jarry 	struct rte_ipv6_addr dip;
43*9ac91e2fSRobin Jarry 	struct rte_ipv6_addr sip;
4499a2dd95SBruce Richardson };
4599a2dd95SBruce Richardson 
4699a2dd95SBruce Richardson union rte_ipsec_sad_key {
4799a2dd95SBruce Richardson 	struct rte_ipsec_sadv4_key	v4;
4899a2dd95SBruce Richardson 	struct rte_ipsec_sadv6_key	v6;
4999a2dd95SBruce Richardson };
5099a2dd95SBruce Richardson 
5199a2dd95SBruce Richardson /** Max number of characters in SAD name. */
5299a2dd95SBruce Richardson #define RTE_IPSEC_SAD_NAMESIZE		64
5399a2dd95SBruce Richardson /** Flag to create SAD with ipv6 dip and sip addresses */
5499a2dd95SBruce Richardson #define RTE_IPSEC_SAD_FLAG_IPV6			0x1
5599a2dd95SBruce Richardson /** Flag to support reader writer concurrency */
5699a2dd95SBruce Richardson #define RTE_IPSEC_SAD_FLAG_RW_CONCURRENCY	0x2
5799a2dd95SBruce Richardson 
5899a2dd95SBruce Richardson /** IPsec SAD configuration structure */
5999a2dd95SBruce Richardson struct rte_ipsec_sad_conf {
6099a2dd95SBruce Richardson 	/** CPU socket ID where rte_ipsec_sad should be allocated */
6199a2dd95SBruce Richardson 	int		socket_id;
6299a2dd95SBruce Richardson 	/** maximum number of SA for each type of key */
6399a2dd95SBruce Richardson 	uint32_t	max_sa[RTE_IPSEC_SAD_KEY_TYPE_MASK];
6499a2dd95SBruce Richardson 	/** RTE_IPSEC_SAD_FLAG_* flags */
6599a2dd95SBruce Richardson 	uint32_t	flags;
6699a2dd95SBruce Richardson };
6799a2dd95SBruce Richardson 
6899a2dd95SBruce Richardson /**
6999a2dd95SBruce Richardson  * Add a rule into the SAD. Could be safely called with concurrent lookups
7099a2dd95SBruce Richardson  *  if RTE_IPSEC_SAD_FLAG_RW_CONCURRENCY flag was configured on creation time.
7199a2dd95SBruce Richardson  *  While with this flag multi-reader - one-writer model Is MT safe,
7299a2dd95SBruce Richardson  *  multi-writer model is not and required extra synchronisation.
7399a2dd95SBruce Richardson  *
7499a2dd95SBruce Richardson  * @param sad
7599a2dd95SBruce Richardson  *   SAD object handle
7699a2dd95SBruce Richardson  * @param key
7799a2dd95SBruce Richardson  *   pointer to the key
7899a2dd95SBruce Richardson  * @param key_type
7999a2dd95SBruce Richardson  *   key type (spi only/spi+dip/spi+dip+sip)
8099a2dd95SBruce Richardson  * @param sa
8199a2dd95SBruce Richardson  *   Pointer associated with the key to save in a SAD
8299a2dd95SBruce Richardson  *   Must be 4 bytes aligned.
8399a2dd95SBruce Richardson  * @return
8499a2dd95SBruce Richardson  *   0 on success, negative value otherwise
8599a2dd95SBruce Richardson  */
8699a2dd95SBruce Richardson int
8799a2dd95SBruce Richardson rte_ipsec_sad_add(struct rte_ipsec_sad *sad,
8899a2dd95SBruce Richardson 	const union rte_ipsec_sad_key *key,
8999a2dd95SBruce Richardson 	int key_type, void *sa);
9099a2dd95SBruce Richardson 
9199a2dd95SBruce Richardson /**
9299a2dd95SBruce Richardson  * Delete a rule from the SAD. Could be safely called with concurrent lookups
9399a2dd95SBruce Richardson  *  if RTE_IPSEC_SAD_FLAG_RW_CONCURRENCY flag was configured on creation time.
9499a2dd95SBruce Richardson  *  While with this flag multi-reader - one-writer model Is MT safe,
9599a2dd95SBruce Richardson  *  multi-writer model is not and required extra synchronisation.
9699a2dd95SBruce Richardson  *
9799a2dd95SBruce Richardson  * @param sad
9899a2dd95SBruce Richardson  *   SAD object handle
9999a2dd95SBruce Richardson  * @param key
10099a2dd95SBruce Richardson  *   pointer to the key
10199a2dd95SBruce Richardson  * @param key_type
10299a2dd95SBruce Richardson  *   key type (spi only/spi+dip/spi+dip+sip)
10399a2dd95SBruce Richardson  * @return
10499a2dd95SBruce Richardson  *   0 on success, negative value otherwise
10599a2dd95SBruce Richardson  */
10699a2dd95SBruce Richardson int
10799a2dd95SBruce Richardson rte_ipsec_sad_del(struct rte_ipsec_sad *sad,
10899a2dd95SBruce Richardson 	const union rte_ipsec_sad_key *key,
10999a2dd95SBruce Richardson 	int key_type);
11099a2dd95SBruce Richardson /*
11199a2dd95SBruce Richardson  * Create SAD
11299a2dd95SBruce Richardson  *
11399a2dd95SBruce Richardson  * @param name
11499a2dd95SBruce Richardson  *  SAD name
11599a2dd95SBruce Richardson  * @param conf
11699a2dd95SBruce Richardson  *  Structure containing the configuration
11799a2dd95SBruce Richardson  * @return
11899a2dd95SBruce Richardson  *  Handle to SAD object on success
11999a2dd95SBruce Richardson  *  NULL otherwise with rte_errno set to an appropriate values.
12099a2dd95SBruce Richardson  */
12199a2dd95SBruce Richardson struct rte_ipsec_sad *
12299a2dd95SBruce Richardson rte_ipsec_sad_create(const char *name, const struct rte_ipsec_sad_conf *conf);
12399a2dd95SBruce Richardson 
12499a2dd95SBruce Richardson /**
12599a2dd95SBruce Richardson  * Find an existing SAD object and return a pointer to it.
12699a2dd95SBruce Richardson  *
12799a2dd95SBruce Richardson  * @param name
12899a2dd95SBruce Richardson  *  Name of the SAD object as passed to rte_ipsec_sad_create()
12999a2dd95SBruce Richardson  * @return
13099a2dd95SBruce Richardson  *  Pointer to sad object or NULL if object not found with rte_errno
13199a2dd95SBruce Richardson  *  set appropriately. Possible rte_errno values include:
13299a2dd95SBruce Richardson  *   - ENOENT - required entry not available to return.
13399a2dd95SBruce Richardson  */
13499a2dd95SBruce Richardson struct rte_ipsec_sad *
13599a2dd95SBruce Richardson rte_ipsec_sad_find_existing(const char *name);
13699a2dd95SBruce Richardson 
13799a2dd95SBruce Richardson /**
13899a2dd95SBruce Richardson  * Destroy SAD object.
13999a2dd95SBruce Richardson  *
14099a2dd95SBruce Richardson  * @param sad
14199a2dd95SBruce Richardson  *   pointer to the SAD object
14299a2dd95SBruce Richardson  */
14399a2dd95SBruce Richardson void
14499a2dd95SBruce Richardson rte_ipsec_sad_destroy(struct rte_ipsec_sad *sad);
14599a2dd95SBruce Richardson 
14699a2dd95SBruce Richardson /**
14799a2dd95SBruce Richardson  * Lookup multiple keys in the SAD.
14899a2dd95SBruce Richardson  *
14999a2dd95SBruce Richardson  * @param sad
15099a2dd95SBruce Richardson  *   SAD object handle
15199a2dd95SBruce Richardson  * @param keys
15299a2dd95SBruce Richardson  *   Array of keys to be looked up in the SAD
15399a2dd95SBruce Richardson  * @param sa
1547be78d02SJosh Soref  *   Pointer associated with the keys.
15599a2dd95SBruce Richardson  *   If the lookup for the given key failed, then corresponding sa
15699a2dd95SBruce Richardson  *   will be NULL
15799a2dd95SBruce Richardson  * @param n
15899a2dd95SBruce Richardson  *   Number of elements in keys array to lookup.
15999a2dd95SBruce Richardson  *  @return
16099a2dd95SBruce Richardson  *   -EINVAL for incorrect arguments, otherwise number of successful lookups.
16199a2dd95SBruce Richardson  */
16299a2dd95SBruce Richardson int
16399a2dd95SBruce Richardson rte_ipsec_sad_lookup(const struct rte_ipsec_sad *sad,
16499a2dd95SBruce Richardson 	const union rte_ipsec_sad_key *keys[],
16599a2dd95SBruce Richardson 	void *sa[], uint32_t n);
16699a2dd95SBruce Richardson 
16799a2dd95SBruce Richardson #ifdef __cplusplus
16899a2dd95SBruce Richardson }
16999a2dd95SBruce Richardson #endif
17099a2dd95SBruce Richardson 
17199a2dd95SBruce Richardson #endif /* _RTE_IPSEC_SAD_H_ */
172