xref: /dpdk/lib/ipsec/rte_ipsec_sad.h (revision 7917b0d38e92e8b9ec5a870415b791420e10f11a) 
1 
2 /* SPDX-License-Identifier: BSD-3-Clause
3  * Copyright(c) 2019 Intel Corporation
4  */
5 
6 #ifndef _RTE_IPSEC_SAD_H_
7 #define _RTE_IPSEC_SAD_H_
8 
9 #include <stdint.h>
10 
11 
12 /**
13  * @file rte_ipsec_sad.h
14  *
15  * RTE IPsec security association database (SAD) support.
16  * Contains helper functions to lookup and maintain SAD
17  */
18 
19 #ifdef __cplusplus
20 extern "C" {
21 #endif
22 
23 struct rte_ipsec_sad;
24 
25 /** Type of key */
26 enum {
27 	RTE_IPSEC_SAD_SPI_ONLY = 0,
28 	RTE_IPSEC_SAD_SPI_DIP,
29 	RTE_IPSEC_SAD_SPI_DIP_SIP,
30 	RTE_IPSEC_SAD_KEY_TYPE_MASK,
31 };
32 
33 struct rte_ipsec_sadv4_key {
34 	uint32_t spi;
35 	uint32_t dip;
36 	uint32_t sip;
37 };
38 
39 struct rte_ipsec_sadv6_key {
40 	uint32_t spi;
41 	uint8_t dip[16];
42 	uint8_t sip[16];
43 };
44 
45 union rte_ipsec_sad_key {
46 	struct rte_ipsec_sadv4_key	v4;
47 	struct rte_ipsec_sadv6_key	v6;
48 };
49 
50 /** Max number of characters in SAD name. */
51 #define RTE_IPSEC_SAD_NAMESIZE		64
52 /** Flag to create SAD with ipv6 dip and sip addresses */
53 #define RTE_IPSEC_SAD_FLAG_IPV6			0x1
54 /** Flag to support reader writer concurrency */
55 #define RTE_IPSEC_SAD_FLAG_RW_CONCURRENCY	0x2
56 
57 /** IPsec SAD configuration structure */
58 struct rte_ipsec_sad_conf {
59 	/** CPU socket ID where rte_ipsec_sad should be allocated */
60 	int		socket_id;
61 	/** maximum number of SA for each type of key */
62 	uint32_t	max_sa[RTE_IPSEC_SAD_KEY_TYPE_MASK];
63 	/** RTE_IPSEC_SAD_FLAG_* flags */
64 	uint32_t	flags;
65 };
66 
67 /**
68  * Add a rule into the SAD. Could be safely called with concurrent lookups
69  *  if RTE_IPSEC_SAD_FLAG_RW_CONCURRENCY flag was configured on creation time.
70  *  While with this flag multi-reader - one-writer model Is MT safe,
71  *  multi-writer model is not and required extra synchronisation.
72  *
73  * @param sad
74  *   SAD object handle
75  * @param key
76  *   pointer to the key
77  * @param key_type
78  *   key type (spi only/spi+dip/spi+dip+sip)
79  * @param sa
80  *   Pointer associated with the key to save in a SAD
81  *   Must be 4 bytes aligned.
82  * @return
83  *   0 on success, negative value otherwise
84  */
85 int
86 rte_ipsec_sad_add(struct rte_ipsec_sad *sad,
87 	const union rte_ipsec_sad_key *key,
88 	int key_type, void *sa);
89 
90 /**
91  * Delete a rule from the SAD. Could be safely called with concurrent lookups
92  *  if RTE_IPSEC_SAD_FLAG_RW_CONCURRENCY flag was configured on creation time.
93  *  While with this flag multi-reader - one-writer model Is MT safe,
94  *  multi-writer model is not and required extra synchronisation.
95  *
96  * @param sad
97  *   SAD object handle
98  * @param key
99  *   pointer to the key
100  * @param key_type
101  *   key type (spi only/spi+dip/spi+dip+sip)
102  * @return
103  *   0 on success, negative value otherwise
104  */
105 int
106 rte_ipsec_sad_del(struct rte_ipsec_sad *sad,
107 	const union rte_ipsec_sad_key *key,
108 	int key_type);
109 /*
110  * Create SAD
111  *
112  * @param name
113  *  SAD name
114  * @param conf
115  *  Structure containing the configuration
116  * @return
117  *  Handle to SAD object on success
118  *  NULL otherwise with rte_errno set to an appropriate values.
119  */
120 struct rte_ipsec_sad *
121 rte_ipsec_sad_create(const char *name, const struct rte_ipsec_sad_conf *conf);
122 
123 /**
124  * Find an existing SAD object and return a pointer to it.
125  *
126  * @param name
127  *  Name of the SAD object as passed to rte_ipsec_sad_create()
128  * @return
129  *  Pointer to sad object or NULL if object not found with rte_errno
130  *  set appropriately. Possible rte_errno values include:
131  *   - ENOENT - required entry not available to return.
132  */
133 struct rte_ipsec_sad *
134 rte_ipsec_sad_find_existing(const char *name);
135 
136 /**
137  * Destroy SAD object.
138  *
139  * @param sad
140  *   pointer to the SAD object
141  */
142 void
143 rte_ipsec_sad_destroy(struct rte_ipsec_sad *sad);
144 
145 /**
146  * Lookup multiple keys in the SAD.
147  *
148  * @param sad
149  *   SAD object handle
150  * @param keys
151  *   Array of keys to be looked up in the SAD
152  * @param sa
153  *   Pointer associated with the keys.
154  *   If the lookup for the given key failed, then corresponding sa
155  *   will be NULL
156  * @param n
157  *   Number of elements in keys array to lookup.
158  *  @return
159  *   -EINVAL for incorrect arguments, otherwise number of successful lookups.
160  */
161 int
162 rte_ipsec_sad_lookup(const struct rte_ipsec_sad *sad,
163 	const union rte_ipsec_sad_key *keys[],
164 	void *sa[], uint32_t n);
165 
166 #ifdef __cplusplus
167 }
168 #endif
169 
170 #endif /* _RTE_IPSEC_SAD_H_ */
171