blob: 5dd0c80b33a50ab13ba6ee0cdef94840a65ec784 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
/* SPDX-License-Identifier: BSD-3-Clause
* Copyright (c) 2014-2018 Linaro Limited
*/
/** @cond _ODP_HIDE_FROM_DOXYGEN_ */
#ifndef ODP_IPSEC_CACHE_H_
#define ODP_IPSEC_CACHE_H_
#ifdef __cplusplus
extern "C" {
#endif
#include <odp_api.h>
#include <odp/helper/ipsec.h>
#include <odp_ipsec_misc.h>
#include <odp_ipsec_sa_db.h>
/**
* IPsec cache data base entry
*/
typedef struct ipsec_cache_entry_s {
struct ipsec_cache_entry_s *next; /**< Next entry on list */
uint32_t src_ip; /**< Source v4 address */
uint32_t dst_ip; /**< Destination v4 address */
sa_mode_t mode; /**< SA mode - transport/tun */
uint32_t tun_src_ip; /**< Tunnel src IPv4 addr */
uint32_t tun_dst_ip; /**< Tunnel dst IPv4 addr */
struct {
odp_cipher_alg_t alg; /**< Cipher algorithm */
uint32_t spi; /**< Cipher SPI */
uint32_t block_len; /**< Cipher block length */
uint32_t iv_len; /**< Cipher IV length */
ipsec_key_t key; /**< Cipher key */
} esp;
struct {
odp_auth_alg_t alg; /**< Auth algorithm */
uint32_t spi; /**< Auth SPI */
uint32_t icv_len; /**< Auth ICV length */
ipsec_key_t key; /**< Auth key */
} ah;
odp_ipsec_sa_t ipsec_sa;
} ipsec_cache_entry_t;
/**
* IPsec cache data base global structure
*/
typedef struct ipsec_cache_s {
uint32_t index; /**< Index of next available entry */
ipsec_cache_entry_t *in_list; /**< List of active input entries */
ipsec_cache_entry_t *out_list; /**< List of active output entries */
ipsec_cache_entry_t array[MAX_DB]; /**< Entry storage */
} ipsec_cache_t;
/** Global pointer to ipsec_cache db */
extern ipsec_cache_t *ipsec_cache;
/** Initialize IPsec cache */
void init_ipsec_cache(void);
/**
* Create an entry in the IPsec cache
*
* @param cipher_sa Cipher SA DB entry pointer
* @param auth_sa Auth SA DB entry pointer
* @param tun Tunnel DB entry pointer
* @param in Direction (input versus output)
* @param completionq Completion queue
*
* @return 0 if successful else -1
*/
int create_ipsec_cache_entry(sa_db_entry_t *cipher_sa,
sa_db_entry_t *auth_sa,
tun_db_entry_t *tun,
odp_bool_t in,
odp_queue_t completionq);
/**
* Find a matching IPsec cache entry for input packet
*
* @param src_ip Source IPv4 address
* @param dst_ip Destination IPv4 address
* @param ah Pointer to AH header in packet else NULL
* @param esp Pointer to ESP header in packet else NULL
*
* @return pointer to IPsec cache entry else NULL
*/
ipsec_cache_entry_t *find_ipsec_cache_entry_in(uint32_t src_ip,
uint32_t dst_ip,
odph_ahhdr_t *ah,
odph_esphdr_t *esp);
/**
* Find a matching IPsec cache entry for output packet
*
* @param src_ip Source IPv4 address
* @param dst_ip Destination IPv4 address
* @param proto IPv4 protocol (currently all protocols match)
*
* @return pointer to IPsec cache entry else NULL
*/
ipsec_cache_entry_t *find_ipsec_cache_entry_out(uint32_t src_ip,
uint32_t dst_ip,
uint8_t proto);
int destroy_ipsec_cache(void);
#ifdef __cplusplus
}
#endif
#endif
|