From patchwork Fri Mar 24 15:04:38 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petri Savolainen X-Patchwork-Id: 95958 Delivered-To: patch@linaro.org Received: by 10.140.89.233 with SMTP id v96csp88370qgd; Fri, 24 Mar 2017 08:05:58 -0700 (PDT) X-Received: by 10.200.58.101 with SMTP id w92mr9083138qte.292.1490367958331; Fri, 24 Mar 2017 08:05:58 -0700 (PDT) Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id h26si2114380qkh.256.2017.03.24.08.05.58; Fri, 24 Mar 2017 08:05:58 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id BE340642E7; Fri, 24 Mar 2017 15:05:48 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAD_ENC_HEADER,BAYES_00, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id EBE0560F59; Fri, 24 Mar 2017 15:05:11 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 1BFC360F26; Fri, 24 Mar 2017 15:05:07 +0000 (UTC) Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40123.outbound.protection.outlook.com [40.107.4.123]) by lists.linaro.org (Postfix) with ESMTPS id 4BEF560D39 for ; Fri, 24 Mar 2017 15:05:00 +0000 (UTC) Received: from AM5PR0701CA0061.eurprd07.prod.outlook.com (10.169.145.151) by VI1PR07MB1005.eurprd07.prod.outlook.com (10.161.110.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.947.2; Fri, 24 Mar 2017 15:04:58 +0000 Received: from VE1EUR03FT025.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e09::206) by AM5PR0701CA0061.outlook.office365.com (2603:10a6:203:2::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1005.2 via Frontend Transport; Fri, 24 Mar 2017 15:04:57 +0000 Received-SPF: SoftFail (protection.outlook.com: domain of transitioning linaro.org discourages use of 131.228.2.241 as permitted sender) Received: from mailrelay.int.nokia.com (131.228.2.241) by VE1EUR03FT025.mail.protection.outlook.com (10.152.18.74) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.977.7 via Frontend Transport; Fri, 24 Mar 2017 15:04:57 +0000 Received: from fihe3nok0735.emea.nsn-net.net (localhost [127.0.0.1]) by fihe3nok0735.emea.nsn-net.net (8.14.9/8.14.5) with ESMTP id v2OF4fd2018370 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 24 Mar 2017 17:04:41 +0200 Received: from 10.144.19.15 ([10.144.104.219]) by fihe3nok0735.emea.nsn-net.net (8.14.9/8.14.5) with ESMTP id v2OF4fE4018344 (version=TLSv1/SSLv3 cipher=AES128-SHA256 bits=128 verify=NOT) for ; Fri, 24 Mar 2017 17:04:41 +0200 X-HPESVCS-Source-Ip: 10.144.104.219 From: Petri Savolainen To: Date: Fri, 24 Mar 2017 17:04:38 +0200 Message-ID: <1490367881-16266-1-git-send-email-petri.savolainen@linaro.org> X-Mailer: git-send-email 2.8.1 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report: CIP:131.228.2.241; IPV:CAL; CTRY:FI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(39850400002)(39450400003)(39410400002)(39860400002)(39840400002)(2980300002)(189002)(199003)(9170700003)(33646002)(50466002)(5003940100001)(50226002)(6916009)(81166006)(575784001)(47776003)(305945005)(8676002)(77096006)(38730400002)(106466001)(8936002)(2351001)(105596002)(110136004)(48376002)(6666003)(2906002)(53936002)(50986999)(86362001)(22756006)(189998001)(36756003)(356003)(5660300001)(217873001); DIR:OUT; SFP:1102; SCL:1; SRVR:VI1PR07MB1005; H:mailrelay.int.nokia.com; FPR:; SPF:SoftFail; MLV:sfv; MX:1; A:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; VE1EUR03FT025; 1:fTpzN3qWsQ4AIQhIQ/36VbpvkurrqZ26KMDGxl9+VDQ4k05aSBWCQNM+yklHn4ZIrPGeXgFapvqJgiSenhp9dXRATJDAXPNSJ+tsGaKLKQ18/qkcTNyiU02Q2I9VKpjWU2KgoW25wJA3IEAOew8sDR+8ItqvsRrT0pNxsgJrzeVXFURB2EDiO0t35raA4Lw6ing+up1VO8sDfDbLttnbsEPLAcOysLyhQAO5OJIkRSAdi/Zzc8uPasuWeil4QTSm57vbocBexDKoEHWctsaSI5i92rsDMp5bX0PMpx2K9AaQ+7nRVJquw8GZADcG2ZyLJFrsqFn2LNd+zqR+BNizQFl0YPmldq76RtfaqL6fPfeiU4YXMiYoCmLF2yGR9yGbAlniBbq54Hbuah3FBdOK1/xErlfA+lM4MkY6N51FTERNIzcuuRl/Ar5PVa7cblqcJIFtrxTdekADX/gcDKOucT47uxR7zp0cZou7ipbrPuU5fnJXQEJhtMOzMZ+Q4GY8 MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: 25c578f4-6aa9-4d5d-6325-08d472c72318 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075); SRVR:VI1PR07MB1005; X-Microsoft-Exchange-Diagnostics: 1; VI1PR07MB1005; 3:3xUfRAuJJnBlysov2ZnzejRYqtRWH41cSIiB8dTi5xSWSyTFVNRtiRqUpz3R4Ygj3Xk10v+OBsZIWPHf/+88GOKPLLJoKrHrgoZ1zapBQIviGQOT57V9qhjn8BsowTphGyT9xHnD+9i6Jwes4E+3ZxsagmTrkSnPUDI0k12wFVJupOqzur8ub8nSp5sXOUz3+n68QcT8fxTJZjm2q26Hiq36c16N9sOyvEhXnpHWiCjOXhVn2oy3yokfII6L7XiBWGUPUS3VM6BUmhdOF0EJ3APKTjANtpGopCce0pl6rferialQmdJ4V/eh2i2w+nEjegKTH6dnFMRkBqFsYDOA02tHXV7ygf0eSf7Y7rY2dRIz1NxA+n80+cYcyxK10QfTSuu+jbgBTX78BJjMWKUD7g==; 25:Zn8AhRJQYtXm1kjdrcGZsJFJEuT6xjmvCBg7qzJloQ42fxG7OCgLSnhfgiBUJUae8Fti0083dJMRjUZR1VTEGdEvP+tRjilox0t+Kl+rC4KfNwJjLomM4o4ASVo7goLoc/Kw4hMwCHi3E2n8QsGyDDknB65R0VHImTmNt5bYXSWP47ONn+d9Mnwn2P0dTkJ4IgSRWCf7uqcJUyxFVN6HaaOp8m9d/TFqDuXtRvZNB98to6ffD5aSKJynY8LkwuzkR1m4YcwNBFlundo6hBeFFNCEUYZ0yZ8W9mPSL2YZFQpt+iboiMaom3Uk1lGW3rnljhRvYW8NZiZJiszDJOXpPoGah55rzSEQqFKF7PwTVIx4gCwI1hU2z9+tmVGTjn3iDiaW0pwrs1eVi03M8jsCIYUSd1F47JRc1pmq++yWqBHHAEUMr3mZ0+mmtIQ90w0Wl/tTPmO7XjfLQ+lZ/hbdLA== X-Microsoft-Exchange-Diagnostics: 1; VI1PR07MB1005; 31:3i9vEdJ2qTID5fAIor8HQjSch6iAzBh5BI9BjMD7zJDXwFp7lFz8K4EDO3Pvwcny2PQJEnIgSmoQ6MFU7ZzYFZh3yreg7o1L4MzfNYbQraMT00uyfR02/woOdDGRbuJofjL/uqXh65JnJYW1ElMBN7/kB2IcpXX4YaZwAo4/S6arlAcKOGQAkNTkd9NlU7P+/2U4rEu5Ig6RrkQIHEHtuKKFWPTgwidh5UawClor6fM7xkkzrOfYpLeDBUh6Lmpl; 20:tDu3eOgk/E94g4cSmxonGPKr57ikMU9DSz9G/NEZXQrNl7+uBYahk1aNlro9m0gOdbH/Aup6G9Kga0jjZpQZ40YvTmi7HVYYRgI9O6eiu6W7sBMT7ehM+TK3DL44s2N09hVYuvlmIn95E5aUHeDQDOWLfAxoRMn6qogV6fvlgCiNPG86TX2/FE3FD4LPIdKLHT1MEB0eNyFrIvWA+TXX3wD3Zifd6WFRdoSeN/BeP6Haqer1JGgNGEVCKtbOoAt12XsxXs6sNckKFth7zyoC5cr+QDY2QlNKJlN65pTbxpk4LB2PfJCq1c05dmss8HEiQwqcV1MVstrgz5PvFeDnCqDfAKwajTsz9LTCXCsGPsrMOki8xrZWpNgXXGnL3wscSL7mnp/qDGAoFDJKLNR0beY2D12l1RUCWBOfcAVxfGwQVM0PVhxubmT+x/Il8gmeBEFxkx4M5gvtjbXR0hYRv687+XdekP9/SRcaZ/naiKvM5UP+q+uUByrvTgZADul/A4v+MzusBYLMAzLaB7f3vW/BYOqK9dSYPry0XNWwoJdNHP1Glf3Z4u/oF036BxWRcrF6pMCJRA6bUKgsjVFVmRLcKGjRJMOSIL8rpQ+/ET4= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(8121501046)(13023025)(13021025)(13013025)(5005006)(10201501046)(3002001)(6055026)(6041248)(20161123562025)(20161123560025)(20161123558025)(20161123555025)(20161123564025)(6072148); SRVR:VI1PR07MB1005; BCL:0; PCL:0; RULEID:; SRVR:VI1PR07MB1005; X-Microsoft-Exchange-Diagnostics: 1; VI1PR07MB1005; 4:cuWDJJaxizK2/+4UjweBt0LiJHC56lDtZKpToJkCI07x+w2BmbXQ7TgwClImlkh6RCSADyBtd8LyfmgpFyd5lKapZYTv9Fey6JjFphpmzdLlEFT8bMXvj+AgpgTDWuWpQglp2s+D2o67/HQ2CxhA4mricoI/5mcT9EnrHy5V79PwitfkFH43C1RgxhRyzTukeBLceRnoHLy6F3vGA0Nih98QsXWGp+QBl+L1fk8FynsjFPVMda5SU4D6qynB5kg9oSrXr50iF6d4URnErhgGiIqZgzojpKonRb2grWIMfvpsxZkMukitwdKVFSWf6mhND3VgTYwJ5AJWUQdqWlcQ9dFrNlPClpbIWVyJ5HlrlvvCxl54YqLRuFs8i9nTeMG6RWpMxAVLKB2p0Hc/FyFQ5bdAh8uXCmPea3NnyKjZ6Z6QvQnFdCXkMuiq8thgrqkjHCcln45fN468QB6ulBzRs4iTn4fY/D1ZsHB5Al9GmWTuEbTgkZV90cktyHgBNpmGA2qFrvwZY1wz5kO9QC6njnwh4Ne5xwVPufYdml0ZDMaR4b+m7jiiqLpIuiyscZPlmsW/EGruYeWygWFjnu0XezP3xZ3kk+x1Kaq6+yeDy9JgA+0EsdEHNyEkMWJOgXBzRFGyz2VfUaaxP0DflgjG7UcXx+xcABqDQuKVzaanXfPQenX9sTvzh1S8zjLEhHAB X-Forefront-PRVS: 0256C18696 X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; VI1PR07MB1005; 23:3M9wvplwboLheMI21enenCU/cVLFiViy+wXHehuxs?= /T5JQfJGdQFHnUYjacaMoghoKwraA/snUuydGBKfRRF/kYvVJNUSIRRCZulN/+Ce4ZYoMo+lffNuOVmxrjhm0/xo00j7OJ5h7fhhg5T0U4lFMhkAz5wF0fzjgDQxDZH30vIArBUf4BhYNb+1wqj1JK9vHqeLuwcYtKFkZnj8qBTHmb9r/Ivh7VI1rO4ZvrMh8CbWdN+s3xhHGvvg0T9CFehK0AP6BQOYTffdFDBdyNBIP9X5cqpsWJpqZO71cYrZdbUmyqFO57gX2FtUeeNZsoDTJ8hXohVsy1i0882QkZa1CBS78EY5qM1hCc7G2tqBWAW6H9JMDtP0sfAksrnT5LuOtFya4jGnKCjxoOPy2Rsvou1VIY6wB8T3OC9+qf9ZP7HEmHEIS+wqydA2LPNZy6uk49Y3PkLwNctJMgHqtlg5jxncBMgrFCUODJDxlTMLsxOWWIXLngGSWH9zz2nUJ2IH+HYqidkdxhXtjfMXy7wrm8nhBlnRSznB7oCK+9wUIXhPENHIidW89kkfV1veAm/L/+Du/P1NRRXYWN3vcZZNfqr8bLe6z7B066fbIlGqRjZPSFniGMBn8XFHgKZ4+gL608DY2FM2kgnHmmx0dfoKN3ipgb4cUf+U2uftC3J4ABZepDV4WQLaW32BeGlrakcRI2jCaI9cyojZho2g19JLERb/iq26uPVy6eX3zgQOioPkqFQPlY4r6OoPlw2+RittDU3J5dYxX837r5roZlJbl3g6v/AJTQ9bJVo5T8ZE+IFIOO7oFkg2Fpmd+o7N1uTUROTRCdwpXqALyNHoiGgHgJN16mL5Dw8JOW+5ZZF+URZx1GNH+PK6pEkkHVO1AiXCspxw6mgCnkbzaJvFfFvY7z/MeZUn5niplfHDty5Qr9fhB4MVTyRpPx5CMVwjLm0G4C/yD7XuVLio+BepkhIDwRrCXDySrxNF962jshLd1/EETAIriRYHJDcBZjU5vCT X-Microsoft-Exchange-Diagnostics: 1; VI1PR07MB1005; 6:w8WNwQ0AGpoR0NQuOuSmXUGaOKecghIPnhYh+i4QAzc3RGtTF1zD4r/NxFLe+gjFoz/xmKP4WfeABHc2UhbTJnVhUuyqr0lZB24iGLtE2k44MU11okqD9pTtSFIAhYiqDnvQ/JdxKy1EmseBuTjBYPl7+XL6WLfeKcXSAirBV5D09gb1e6NkK85nziHWV+SUynLnh/EyJl7kom/g47+MuW6h5xiOik2knMrx2DA9qwtb4LsFxZ/76nWflV8mFaDbXkucxZEzx2VUBeu/is17lhW080uQTYXVISLQjc8yElo1q74JJG2shgXwXUGNNjC9M7l6QFVlH3NLuoEWDsjut8mUUrgBG88bioDj/gXzNAY9go0WNtMYE5iYdKqiYlOKDRUiGi5vsRcixd98Y+OY4uwXnv0zqDdTIkCKqhUgUY8=; 5:GaOs1yRoJV6rYIVb7JWTXTqWkzfxV+j/fQ03ier6RQXoQX5mAmidh8noqvkbAJT6+DBWXVeheBHbwCHgA9ON5n85DrrFnMB54XS1+isbzlir+9FIsMKgXcnQc+AukfkzlQDzCe+c81INPkE00/cCvQ==; 24:mcC0xydMZx4onTJY+OFyxgPwR8Mkj5AsJAxjv8WzyF7tYes+xSFjVCfNqUfMyEiImvR59lDGJBkokqxF2At5EwI4qGv54Y7lNFH7ZRLfcOo= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; VI1PR07MB1005; 7:l9FBYcIxR57sj/PGy1CJ2RKpoLbycNKyi4uDFreEkYilRDbl5H8PyAPMSjMd6UEcXekG+LSPJbtIBTlqaRNsW5C1O44esEw3w1SlvvLdM+ivTENG8grWnym5srzV06EwbIYk91K66hjvUKg1nGsRjiqPYeIqGZVemwuOlzP712tRjGLpFbgNb9fGjfIYwYmF8XJoDocsmKECrovEXzBZTWJodC6HQdY9izXQhEtGvVwUpQqeUizXs0YuL4BiT6Iy/BZdIfvku19uP/tR/1lWMK2fDQUnqaVD5bFkyRmhFLyGNLLUT74whCmurP13yNR65dquq65ppE3pFo9FReGaHA== X-OriginatorOrg: nokia.onmicrosoft.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Mar 2017 15:04:57.6910 (UTC) X-MS-Exchange-CrossTenant-Id: 5d471751-9675-428d-917b-70f44f9630b0 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5d471751-9675-428d-917b-70f44f9630b0; Ip=[131.228.2.241]; Helo=[mailrelay.int.nokia.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB1005 Subject: [lng-odp] [API-NEXT PATCH v3 1/4] api: ipsec: extend lookaside API X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" Added configuration option for inbound SPI range (for lookups). Removed unique SPI requirement and added config option for overlap. Added default queue for lookup misses. Added SA disable function and status event for the response from it. The same event may be used for e.g. IPSEC statistics, etc queries. Improved outbound fragmentation documentation. Signed-off-by: Petri Savolainen --- include/odp/api/spec/event.h | 2 +- include/odp/api/spec/ipsec.h | 191 +++++++++++++++++++++++++++++++++---------- 2 files changed, 151 insertions(+), 42 deletions(-) -- 2.8.1 diff --git a/include/odp/api/spec/event.h b/include/odp/api/spec/event.h index 75c0bbc..f22efce 100644 --- a/include/odp/api/spec/event.h +++ b/include/odp/api/spec/event.h @@ -39,7 +39,7 @@ extern "C" { * @typedef odp_event_type_t * ODP event types: * ODP_EVENT_BUFFER, ODP_EVENT_PACKET, ODP_EVENT_TIMEOUT, - * ODP_EVENT_CRYPTO_COMPL, ODP_EVENT_IPSEC_RESULT + * ODP_EVENT_CRYPTO_COMPL, ODP_EVENT_IPSEC_RESULT, ODP_EVENT_IPSEC_STATUS */ /** diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h index 66222d8..d3e51bc 100644 --- a/include/odp/api/spec/ipsec.h +++ b/include/odp/api/spec/ipsec.h @@ -56,6 +56,34 @@ typedef enum odp_ipsec_op_mode_t { } odp_ipsec_op_mode_t; /** + * Configuration options for IPSEC inbound processing + */ +typedef struct odp_ipsec_inbound_config_t { + /** Default destination queue for IPSEC events + * + * When inbound SA lookup fails in asynchronous or inline modes, + * resulting IPSEC events are enqueued into this queue. + */ + odp_queue_t default_queue; + + /** Constraints for SPI values of inbound SAs for which lookup is + * enabled. Minimal range size and unique SPI values may improve + * performance. */ + struct { + /** Minimum inbound SPI value. Default value is 0. */ + uint32_t min; + + /** Maximum inbound SPI value. Default value is UINT32_MAX. */ + uint32_t max; + + /** Inbound SPI values may overlap. Default value is 0. */ + odp_bool_t overlap; + + } spi_lookup; + +} odp_ipsec_inbound_config_t; + +/** * IPSEC capability */ typedef struct odp_ipsec_capability_t { @@ -111,6 +139,13 @@ typedef struct odp_ipsec_config_t { */ odp_ipsec_op_mode_t op_mode; + /** Maximum number of IPSEC SAs that application will use + * simultaneously */ + uint32_t max_num_sa; + + /** IPSEC inbound processing configuration */ + odp_ipsec_inbound_config_t inbound; + } odp_ipsec_config_t; /** @@ -349,8 +384,10 @@ typedef enum odp_ipsec_lookup_mode_t { /** Inbound SA lookup is disabled. */ ODP_IPSEC_LOOKUP_DISABLED = 0, - /** Inbound SA lookup is enabled. Used SPI values must be unique. */ - ODP_IPSEC_LOOKUP_IN_UNIQUE_SA + /** Inbound SA lookup is enabled. Lookup matches only SPI value. + * SA lookup failure status (error.sa_lookup) is reported through + * odp_ipsec_packet_result_t. */ + ODP_IPSEC_LOOKUP_SPI } odp_ipsec_lookup_mode_t; @@ -529,6 +566,29 @@ void odp_ipsec_sa_param_init(odp_ipsec_sa_param_t *param); odp_ipsec_sa_t odp_ipsec_sa_create(odp_ipsec_sa_param_t *param); /** + * Disable IPSEC SA + * + * Application must use this call to disable a SA before destroying it. The call + * marks the SA disabled, so that IPSEC implementation stops using it. For + * example, inbound SPI lookups will not match any more. Application must + * stop providing the SA as parameter to new IPSEC input/output operations + * before calling disable. Packets in progress during the call may still match + * the SA and be processed successfully. + * + * When in synchronous operation mode, the call will return when it's possible + * to destroy the SA. In asynchronous mode, the same is indicated by an + * ODP_EVENT_IPSEC_STATUS event sent to the queue specified for the SA. + * + * @param sa IPSEC SA to be disabled + * + * @retval 0 On success + * @retval <0 On failure + * + * @see odp_ipsec_sa_destroy() + */ +int odp_ipsec_sa_disable(odp_ipsec_sa_t sa); + +/** * Destroy IPSEC SA * * Destroy an unused IPSEC SA. Result is undefined if the SA is being used @@ -567,55 +627,59 @@ typedef struct odp_ipsec_op_opt_t { #define ODP_IPSEC_OK 0 /** IPSEC operation status */ -typedef union odp_ipsec_status_t { - /** Error flags */ - struct { - /** Protocol error. Not a valid ESP or AH packet. */ - uint32_t proto : 1; +typedef struct odp_ipsec_op_status_t { + union { + /** Error flags */ + struct { + /** Protocol error. Not a valid ESP or AH packet. */ + uint32_t proto : 1; - /** SA lookup failed */ - uint32_t sa_lookup : 1; + /** SA lookup failed */ + uint32_t sa_lookup : 1; - /** Authentication failed */ - uint32_t auth : 1; + /** Authentication failed */ + uint32_t auth : 1; - /** Anti-replay check failed */ - uint32_t antireplay : 1; + /** Anti-replay check failed */ + uint32_t antireplay : 1; - /** Other algorithm error */ - uint32_t alg : 1; + /** Other algorithm error */ + uint32_t alg : 1; - /** Packet does not fit into the given MTU size */ - uint32_t mtu : 1; + /** Packet does not fit into the given MTU size */ + uint32_t mtu : 1; - /** Soft lifetime expired: seconds */ - uint32_t soft_exp_sec : 1; + /** Soft lifetime expired: seconds */ + uint32_t soft_exp_sec : 1; - /** Soft lifetime expired: bytes */ - uint32_t soft_exp_bytes : 1; + /** Soft lifetime expired: bytes */ + uint32_t soft_exp_bytes : 1; - /** Soft lifetime expired: packets */ - uint32_t soft_exp_packets : 1; + /** Soft lifetime expired: packets */ + uint32_t soft_exp_packets : 1; - /** Hard lifetime expired: seconds */ - uint32_t hard_exp_sec : 1; + /** Hard lifetime expired: seconds */ + uint32_t hard_exp_sec : 1; - /** Hard lifetime expired: bytes */ - uint32_t hard_exp_bytes : 1; + /** Hard lifetime expired: bytes */ + uint32_t hard_exp_bytes : 1; - /** Hard lifetime expired: packets */ - uint32_t hard_exp_packets : 1; - } error; + /** Hard lifetime expired: packets */ + uint32_t hard_exp_packets : 1; - /** All bits of the bit field structure - * - * This field can be used to set, clear or compare multiple flags. - * For example, 'status.all != ODP_IPSEC_OK' checks if there are any - * errors. - */ - uint32_t all; + } error; -} odp_ipsec_status_t; + /** All error bits + * + * This field can be used to set, clear or compare multiple + * flags. For example, 'status.all_error != ODP_IPSEC_OK' + * checks if there are + * any errors. + */ + uint32_t all_error; + }; + +} odp_ipsec_op_status_t; /** * IPSEC operation input parameters @@ -673,14 +737,15 @@ typedef struct odp_ipsec_op_param_t { */ typedef struct odp_ipsec_packet_result_t { /** IPSEC operation status */ - odp_ipsec_status_t status; + odp_ipsec_op_status_t status; /** Number of output packets created from the corresponding input packet * * Without fragmentation offload this is always one. However, if the * input packet was fragmented during the operation this is larger than - * one for the first fragment and zero for the rest of the fragments - * (following the first one in the 'pkt' array). + * one for the first returned fragment and zero for the rest of the + * fragments. All the fragments (of the same source packet) are stored + * consecutively in the 'pkt' array. */ int num_out; @@ -745,6 +810,34 @@ typedef struct odp_ipsec_op_result_t { } odp_ipsec_op_result_t; /** + * IPSEC status ID + */ +typedef enum odp_ipsec_status_id_t { + /** Response to SA disable command */ + ODP_IPSEC_STATUS_SA_DISABLE = 0 + +} odp_ipsec_status_id_t; + +/** + * IPSEC status content + */ +typedef struct odp_ipsec_status_t { + /** IPSEC status ID */ + odp_ipsec_status_id_t id; + + /** Return value from the operation + * + * 0: Success + * <0: Failure + */ + int ret; + + /** IPSEC SA that was target of the operation */ + odp_ipsec_sa_t sa; + +} odp_ipsec_status_t; + +/** * Inbound synchronous IPSEC operation * * This operation does inbound IPSEC processing in synchronous mode @@ -897,6 +990,22 @@ int odp_ipsec_out_enq(const odp_ipsec_op_param_t *input); int odp_ipsec_result(odp_ipsec_op_result_t *result, odp_event_t event); /** + * Get IPSEC status information from an ODP_EVENT_IPSEC_STATUS event + * + * Copies IPSEC status information from an event. The event must be of + * type ODP_EVENT_IPSEC_STATUS. + * + * @param[out] status Pointer to status information structure for output. + * @param event An ODP_EVENT_IPSEC_STATUS event + * + * @retval 0 On success + * @retval <0 On failure + * + * @see odp_ipsec_sa_disable() + */ +int odp_ipsec_status(odp_ipsec_status_t *status, odp_event_t event); + +/** * Update MTU for outbound IP fragmentation * * When IP fragmentation offload is enabled, the SA is created with an MTU.