1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
/* SPDX-License-Identifier: BSD-3-Clause
* Copyright (c) 2014-2018 Linaro Limited
*/
/** @cond _ODP_HIDE_FROM_DOXYGEN_ */
#ifndef ODP_IPSEC_CACHE_H_
#define ODP_IPSEC_CACHE_H_
#ifdef __cplusplus
extern "C" {
#endif
#include <odp_api.h>
#include <odp/helper/ipsec.h>
#include <odp_ipsec_misc.h>
#include <odp_ipsec_sa_db.h>
/**
* Mode specified on command line indicating how to exercise API
*/
typedef enum {
CRYPTO_API_SYNC, /**< Synchronous mode */
CRYPTO_API_ASYNC, /**< Asynchronous mode */
} crypto_api_mode_e;
/**
* IPsec cache data base entry
*/
typedef struct ipsec_cache_entry_s {
struct ipsec_cache_entry_s *next; /**< Next entry on list */
odp_bool_t async; /**< ASYNC or SYNC mode */
int sa_flags;
uint32_t src_ip; /**< Source v4 address */
uint32_t dst_ip; /**< Destination v4 address */
sa_mode_t mode; /**< SA mode - transport/tun */
uint32_t tun_src_ip; /**< Tunnel src IPv4 addr */
uint32_t tun_dst_ip; /**< Tunnel dst IPv4 addr */
struct {
odp_cipher_alg_t alg; /**< Cipher algorithm */
uint32_t spi; /**< Cipher SPI */
uint32_t block_len; /**< Cipher block length */
uint32_t iv_len; /**< Cipher IV length */
ipsec_key_t key; /**< Cipher key */
} esp;
struct {
odp_auth_alg_t alg; /**< Auth algorithm */
uint32_t spi; /**< Auth SPI */
uint32_t icv_len; /**< Auth ICV length */
ipsec_key_t key; /**< Auth key */
} ah;
/* Per SA state */
struct {
odp_crypto_session_t session; /**< Crypto session handle */
uint32_t esp_seq; /**< ESP TX sequence number */
uint32_t ah_seq; /**< AH TX sequence number */
odp_u16be_t tun_hdr_id; /**< Tunnel header IP ID */
} state;
} ipsec_cache_entry_t;
/**
* IPsec cache data base global structure
*/
typedef struct ipsec_cache_s {
uint32_t index; /**< Index of next available entry */
ipsec_cache_entry_t *in_list; /**< List of active input entries */
ipsec_cache_entry_t *out_list; /**< List of active output entries */
ipsec_cache_entry_t array[MAX_DB]; /**< Entry storage */
} ipsec_cache_t;
/** Global pointer to ipsec_cache db */
extern ipsec_cache_t *ipsec_cache;
/** Initialize IPsec cache */
void init_ipsec_cache(void);
/**
* Create an entry in the IPsec cache
*
* @param cipher_sa Cipher SA DB entry pointer
* @param auth_sa Auth SA DB entry pointer
* @param tun Tunnel DB entry pointer
* @param api_mode Crypto API mode for testing
* @param in Direction (input versus output)
* @param completionq Completion queue
* @param out_pool Output buffer pool
*
* @return 0 if successful else -1
*/
int create_ipsec_cache_entry(sa_db_entry_t *cipher_sa,
sa_db_entry_t *auth_sa,
tun_db_entry_t *tun,
crypto_api_mode_e api_mode,
odp_bool_t in,
odp_queue_t completionq,
odp_pool_t out_pool);
/**
* Find a matching IPsec cache entry for input packet
*
* @param src_ip Source IPv4 address
* @param dst_ip Destination IPv4 address
* @param ah Pointer to AH header in packet else NULL
* @param esp Pointer to ESP header in packet else NULL
*
* @return pointer to IPsec cache entry else NULL
*/
ipsec_cache_entry_t *find_ipsec_cache_entry_in(uint32_t src_ip,
uint32_t dst_ip,
odph_ahhdr_t *ah,
odph_esphdr_t *esp);
/**
* Find a matching IPsec cache entry for output packet
*
* @param src_ip Source IPv4 address
* @param dst_ip Destination IPv4 address
* @param proto IPv4 protocol (currently all protocols match)
*
* @return pointer to IPsec cache entry else NULL
*/
ipsec_cache_entry_t *find_ipsec_cache_entry_out(uint32_t src_ip,
uint32_t dst_ip,
uint8_t proto);
int destroy_ipsec_cache(void);
#ifdef __cplusplus
}
#endif
#endif
|
