Provided by: dpdk-doc_24.11.2-2_all 
NAME
rte_security_ipsec_sa_options
SYNOPSIS
#include <rte_security.h>
Data Fields
uint32_t esn: 1
uint32_t udp_encap: 1
uint32_t copy_dscp: 1
uint32_t copy_flabel: 1
uint32_t copy_df: 1
uint32_t dec_ttl: 1
uint32_t ecn: 1
uint32_t stats: 1
uint32_t iv_gen_disable: 1
uint32_t tunnel_hdr_verify: 2
uint32_t udp_ports_verify: 1
uint32_t ip_csum_enable: 1
uint32_t l4_csum_enable: 1
uint32_t ip_reassembly_en: 1
uint32_t ingress_oop: 1
Detailed Description
IPsec Security Association option flags
Definition at line 111 of file rte_security.h.
Field Documentation
uint32_t esn
Extended Sequence Numbers (ESN)
• 1: Use extended (64 bit) sequence numbers
• 0: Use normal sequence numbers
Definition at line 117 of file rte_security.h.
uint32_t udp_encap
UDP encapsulation
• 1: Do UDP encapsulation/decapsulation so that IPSEC packets can traverse through NAT boxes.
• 0: No UDP encapsulation
Definition at line 125 of file rte_security.h.
uint32_t copy_dscp
Copy DSCP bits
• 1: Copy IPv4 or IPv6 DSCP bits from inner IP header to the outer IP header in encapsulation, and vice
versa in decapsulation.
• 0: Do not change DSCP field.
Definition at line 134 of file rte_security.h.
uint32_t copy_flabel
Copy IPv6 Flow Label
• 1: Copy IPv6 flow label from inner IPv6 header to the outer IPv6 header.
• 0: Outer header is not modified.
Definition at line 142 of file rte_security.h.
uint32_t copy_df
Copy IPv4 Don't Fragment bit
• 1: Copy the DF bit from the inner IPv4 header to the outer IPv4 header.
• 0: Outer header is not modified.
Definition at line 150 of file rte_security.h.
uint32_t dec_ttl
Decrement inner packet Time To Live (TTL) field
• 1: In tunnel mode, decrement inner packet IPv4 TTL or IPv6 Hop Limit after tunnel decapsulation, or
before tunnel encapsulation.
• 0: Inner packet is not modified.
Definition at line 159 of file rte_security.h.
uint32_t ecn
Explicit Congestion Notification (ECN)
• 1: In tunnel mode, enable outer header ECN Field copied from inner header in tunnel encapsulation, or
inner header ECN field construction in decapsulation.
• 0: Inner/outer header are not modified.
Definition at line 168 of file rte_security.h.
uint32_t stats
Security statistics
• 1: Enable per session security statistics collection for this SA, if supported by the driver.
• 0: Disable per session security statistics collection for this SA.
Definition at line 176 of file rte_security.h.
uint32_t iv_gen_disable
Disable IV generation in PMD
• 1: Disable IV generation in PMD. When disabled, IV provided in rte_crypto_op will be used by the PMD.
• 0: Enable IV generation in PMD. When enabled, PMD generated random value would be used and application
is not required to provide IV.
Note: For inline cases, IV generation would always need to be handled by the PMD.
Definition at line 190 of file rte_security.h.
uint32_t tunnel_hdr_verify
Verify tunnel header in inbound
• RTE_SECURITY_IPSEC_TUNNEL_VERIFY_DST_ADDR: Verify destination IP address.
• RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR: Verify both source and destination IP addresses.
Definition at line 199 of file rte_security.h.
uint32_t udp_ports_verify
Verify UDP encapsulation ports in inbound
• 1: Match UDP source and destination ports
• 0: Do not match UDP ports
Definition at line 206 of file rte_security.h.
uint32_t ip_csum_enable
Compute/verify inner packet IPv4 header checksum in tunnel mode
• 1: For outbound, compute inner packet IPv4 header checksum before tunnel encapsulation and for inbound,
verify after tunnel decapsulation.
• 0: Inner packet IP header checksum is not computed/verified.
The checksum verification status would be set in mbuf using RTE_MBUF_F_RX_IP_CKSUM_xxx flags.
Inner IP checksum computation can also be enabled(per operation) by setting the flag
RTE_MBUF_F_TX_IP_CKSUM in mbuf.
Definition at line 221 of file rte_security.h.
uint32_t l4_csum_enable
Compute/verify inner packet L4 checksum in tunnel mode
• 1: For outbound, compute inner packet L4 checksum before tunnel encapsulation and for inbound, verify
after tunnel decapsulation.
• 0: Inner packet L4 checksum is not computed/verified.
The checksum verification status would be set in mbuf using RTE_MBUF_F_RX_L4_CKSUM_xxx flags.
Inner L4 checksum computation can also be enabled(per operation) by setting the flags
RTE_MBUF_F_TX_TCP_CKSUM or RTE_MBUF_F_TX_SCTP_CKSUM or RTE_MBUF_F_TX_UDP_CKSUM or RTE_MBUF_F_TX_L4_MASK
in mbuf.
Definition at line 237 of file rte_security.h.
uint32_t ip_reassembly_en
Enable IP reassembly on inline inbound packets.
• 1: Enable driver to try reassembly of encrypted IP packets for this SA, if supported by the driver.
This feature will work only if user has successfully set IP reassembly config params using
rte_eth_ip_reassembly_conf_set() for the inline Ethernet device. PMD need to register mbuf dynamic
fields using rte_eth_ip_reassembly_dynfield_register() and security session creation would fail if
dynfield is not registered successfully.
• 0: Disable IP reassembly of packets (default).
Definition at line 250 of file rte_security.h.
uint32_t ingress_oop
Enable out of place processing on inline inbound packets.
• 1: Enable driver to perform Out-of-place(OOP) processing for this inline inbound SA if supported by
driver. PMD need to register mbuf dynamic field using rte_security_oop_dynfield_register() and security
session creation would fail if dynfield is not registered successfully.
• 0: Disable OOP processing for this session (default).
Definition at line 261 of file rte_security.h.
Author
Generated automatically by Doxygen for DPDK from the source code.
DPDK Version 24.11.2 rte_security_ipsec_sa_options(3)