Provided by: dpdk-doc_24.11.2-2_all 
NAME
rte_ipsec.h
SYNOPSIS
#include <rte_ipsec_sa.h>
#include <rte_mbuf.h>
#include <rte_ipsec_group.h>
Data Structures
struct rte_ipsec_state
struct rte_ipsec_sa_pkt_func
struct rte_ipsec_session
Functions
int rte_ipsec_session_prepare (struct rte_ipsec_session *ss)
static uint16_t rte_ipsec_pkt_crypto_prepare (const struct rte_ipsec_session *ss, struct rte_mbuf *mb[],
struct rte_crypto_op *cop[], uint16_t num)
static __rte_experimental uint16_t rte_ipsec_pkt_crypto_prepare_stateless (const struct rte_ipsec_session
*ss, struct rte_mbuf *mb[], struct rte_crypto_op *cop[], uint16_t num, struct rte_ipsec_state *state)
static __rte_experimental uint16_t rte_ipsec_pkt_cpu_prepare_stateless (const struct rte_ipsec_session
*ss, struct rte_mbuf *mb[], uint16_t num, struct rte_ipsec_state *state)
static uint16_t rte_ipsec_pkt_process (const struct rte_ipsec_session *ss, struct rte_mbuf *mb[],
uint16_t num)
int rte_ipsec_telemetry_sa_add (const struct rte_ipsec_sa *sa)
void rte_ipsec_telemetry_sa_del (const struct rte_ipsec_sa *sa)
Detailed Description
RTE IPsec support.
librte_ipsec provides a framework for data-path IPsec protocol processing (ESP/AH).
Definition in file rte_ipsec.h.
Function Documentation
int rte_ipsec_session_prepare (struct rte_ipsec_session * ss)
Checks that inside given rte_ipsec_session crypto/security fields are filled correctly and setups
function pointers based on these values. Expects that all fields except IPsec processing function
pointers (pkt_func) will be filled correctly by caller.
Parameters
ss Pointer to the rte_ipsec_session object
Returns
• Zero if operation completed successfully.
• -EINVAL if the parameters are invalid.
static uint16_t rte_ipsec_pkt_crypto_prepare (const struct rte_ipsec_session * ss, struct rte_mbuf * mb[],
struct rte_crypto_op * cop[], uint16_t num) [inline], [static]
For input mbufs and given IPsec session prepare crypto ops that can be enqueued into the cryptodev
associated with given session. expects that for each input packet:
• l2_len, l3_len are setup correctly Note that erroneous mbufs are not freed by the function, but are
placed beyond last valid mbuf in the mb array. It is a user responsibility to handle them further.
Parameters
ss Pointer to the rte_ipsec_session object the packets belong to.
mb The address of an array of num pointers to rte_mbuf structures which contain the input packets.
cop The address of an array of num pointers to the output rte_crypto_op structures.
num The maximum number of packets to process.
Returns
Number of successfully processed packets, with error code set in rte_errno.
Definition at line 138 of file rte_ipsec.h.
static __rte_experimental uint16_t rte_ipsec_pkt_crypto_prepare_stateless (const struct rte_ipsec_session *
ss, struct rte_mbuf * mb[], struct rte_crypto_op * cop[], uint16_t num, struct rte_ipsec_state * state)
[inline], [static]
Same as rte_ipsec_pkt_crypto_prepare, but processing is done based on IPsec state provided by the 'state'
parameter. Internal IPsec state won't be updated when this API is called.
For input mbufs and given IPsec session prepare crypto ops that can be enqueued into the cryptodev
associated with given session. expects that for each input packet:
• l2_len, l3_len are setup correctly Note that erroneous mbufs are not freed by the function, but are
placed beyond last valid mbuf in the mb array. It is a user responsibility to handle them further.
Parameters
ss Pointer to the rte_ipsec_session object the packets belong to.
mb The address of an array of num pointers to rte_mbuf structures which contain the input packets.
cop The address of an array of num pointers to the output rte_crypto_op structures.
num The maximum number of packets to process.
state The IPsec state to be used for processing current batch of packets.
Returns
Number of successfully processed packets, with error code set in rte_errno.
Definition at line 180 of file rte_ipsec.h.
static __rte_experimental uint16_t rte_ipsec_pkt_cpu_prepare_stateless (const struct rte_ipsec_session * ss,
struct rte_mbuf * mb[], uint16_t num, struct rte_ipsec_state * state) [inline], [static]
Same as rte_ipsec_pkt_crypto_prepare_stateless, but processing is done in synchronous mode.
Parameters
ss Pointer to the rte_ipsec_session object the packets belong to.
mb The address of an array of num pointers to rte_mbuf structures which contain the input packets.
num The maximum number of packets to process.
state The IPsec state to be used for processing current batch of packets.
Returns
Number of successfully processed packets, with error code set in rte_errno.
Definition at line 205 of file rte_ipsec.h.
static uint16_t rte_ipsec_pkt_process (const struct rte_ipsec_session * ss, struct rte_mbuf * mb[], uint16_t
num) [inline], [static]
Finalise processing of packets after crypto-dev finished with them or process packets that are subjects
to inline IPsec offload. Expects that for each input packet:
• l2_len, l3_len are setup correctly Output mbufs will be: inbound - decrypted & authenticated, ESP(AH)
related headers removed, l2_len and l3_len fields are updated. outbound - appropriate mbuf fields
(ol_flags, tx_offloads, etc.) properly setup, if necessary - IP headers updated, ESP(AH) fields added,
Note that erroneous mbufs are not freed by the function, but are placed beyond last valid mbuf in the
mb array. It is a user responsibility to handle them further.
Parameters
ss Pointer to the rte_ipsec_session object the packets belong to.
mb The address of an array of num pointers to rte_mbuf structures which contain the input packets.
num The maximum number of packets to process.
Returns
Number of successfully processed packets, with error code set in rte_errno.
Definition at line 235 of file rte_ipsec.h.
int rte_ipsec_telemetry_sa_add (const struct rte_ipsec_sa * sa)
Enable per SA telemetry for a specific SA. Note that this function is not thread safe
Parameters
sa Pointer to the rte_ipsec_sa object that will have telemetry enabled.
Returns
0 on success, negative value otherwise.
void rte_ipsec_telemetry_sa_del (const struct rte_ipsec_sa * sa)
Disable per SA telemetry for a specific SA. Note that this function is not thread safe
Parameters
sa Pointer to the rte_ipsec_sa object that will have telemetry disabled.
Author
Generated automatically by Doxygen for DPDK from the source code.
DPDK Version 24.11.2 rte_ipsec.h(3)