API Reference Manual 1.51.0
Loading...
Searching...
No Matches
api/spec/ipsec_types.h
Go to the documentation of this file.
1/* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright (c) 2016-2018 Linaro Limited
3 * Copyright (c) 2022-2026 Nokia
4 */
5
12#ifndef ODP_API_SPEC_IPSEC_TYPES_H_
13#define ODP_API_SPEC_IPSEC_TYPES_H_
14#include <odp/visibility_begin.h>
15
19#include <odp/api/protocols.h>
20#include <odp/api/std_types.h>
22
23#ifdef __cplusplus
24extern "C" {
25#endif
26
74
96
114
214
227 union {
229 struct {
232 uint32_t inner_ipv4 : 1;
233
236 uint32_t inner_udp : 1;
237
240 uint32_t inner_tcp : 1;
241
244 uint32_t inner_sctp : 1;
245
247
252 uint32_t all_chksum;
253 };
254
256
268 struct {
270 uint8_t frag_mode :1;
271
273 uint8_t tfc_pad :1;
274
276 uint8_t tfc_dummy :1;
277
279 uint8_t ip_param :1;
280
282
284
306
432
441
452
505
517
529
541
553
649
653 void *src_addr;
654
656 void *dst_addr;
657
659 uint8_t dscp;
660
662 uint8_t df;
663
665 uint8_t ttl;
666
668
672 void *src_addr;
673
675 void *dst_addr;
676
678 uint32_t flabel;
679
681 uint8_t dscp;
682
684 uint8_t hlimit;
685
687
709
713typedef struct odp_ipsec_sa_opt_t {
719 uint32_t esn : 1;
720
727 uint32_t udp_encap : 1;
728
737 uint32_t copy_dscp : 1;
738
745 uint32_t copy_flabel : 1;
746
753 uint32_t copy_df : 1;
754
762 uint32_t dec_ttl : 1;
763
765
778typedef struct odp_ipsec_lifetime_t {
780 struct {
782 uint64_t bytes;
783
785 uint64_t packets;
787
789 struct {
791 uint64_t bytes;
792
794 uint64_t packets;
797
819
842
857
869
1018
1022typedef struct odp_ipsec_stats_t {
1024 uint64_t success;
1025
1027 uint64_t proto_err;
1028
1030 uint64_t auth_err;
1031
1034
1036 uint64_t alg_err;
1037
1039 uint64_t mtu_err;
1040
1043
1046
1056
1060typedef struct odp_ipsec_sa_info_t {
1070
1072 union {
1074 struct {
1076 struct {
1081
1089
1100
1102 struct {
1110 uint64_t seq_num;
1111
1113 union {
1115 struct {
1121
1123 struct {
1131 };
1133
1135#define ODP_IPSEC_OK 0
1136
1138typedef struct odp_ipsec_error_t {
1140 union {
1142 struct {
1145 uint32_t proto : 1;
1146
1148 uint32_t sa_lookup : 1;
1149
1151 uint32_t auth : 1;
1152
1154 uint32_t antireplay : 1;
1155
1157 uint32_t alg : 1;
1158
1160 uint32_t mtu : 1;
1161
1163 uint32_t hard_exp_bytes : 1;
1164
1166 uint32_t hard_exp_packets : 1;
1167 };
1168
1175 uint32_t all;
1176 };
1177
1179
1181typedef struct odp_ipsec_warn_t {
1183 union {
1185 struct {
1187 uint32_t soft_exp_bytes : 1;
1188
1190 uint32_t soft_exp_packets : 1;
1191 };
1192
1197 uint32_t all;
1198 };
1199
1201
1205 union {
1207 struct {
1210
1213 };
1214
1218 uint64_t all;
1219
1220 };
1221
1223
1225typedef struct odp_ipsec_op_flag_t {
1227 union {
1229 struct {
1231 uint32_t inline_mode : 1;
1232
1233 };
1234
1239 uint32_t all;
1240 };
1241
1243
1253typedef struct odp_ipsec_out_opt_t {
1255 union {
1258 struct {
1260 uint32_t frag_mode: 1;
1261
1263 uint32_t tfc_pad: 1;
1264
1273 uint32_t tfc_dummy: 1;
1274
1276 uint32_t ip_param: 1;
1277
1279
1284 uint32_t all_flags;
1285 };
1286
1289
1297 uint32_t tfc_pad_len;
1298
1300 union {
1304
1308 };
1309
1311
1346
1374
1424
1476
1503
1525
1530#ifdef __cplusplus
1531}
1532#endif
1533
1534#include <odp/visibility_end.h>
1535#endif
ODP classification descriptor.
ODP crypto.
ODP Packet IO.
Standard C language types and definitions for ODP.
ODP Traffic manager.
odp_cipher_alg_t
Crypto API cipher algorithm.
odp_auth_alg_t
Crypto API authentication algorithm.
odp_ipsec_test_sa_operation_t
IPSEC TEST SA operation.
odp_ipsec_op_mode_t
IPSEC operation mode.
odp_ipsec_lookup_mode_t
Packet lookup mode.
odp_ipsec_status_id_t
IPSEC status ID.
odp_ipsec_pipeline_t
IPSEC pipeline configuration.
odp_ipsec_frag_mode_t
Fragmentation mode.
odp_ipsec_protocol_t
IPSEC protocol.
odp_ipsec_ip_version_t
IPSEC header type.
odp_ipsec_tunnel_type_t
IPSEC tunnel type.
odp_ipsec_mode_t
IPSEC protocol mode.
odp_ipsec_dir_t
IPSEC SA direction.
@ ODP_IPSEC_TEST_SA_UPDATE_ANTIREPLAY_WINDOW_TOP
Update highest authenticated sequence number.
@ ODP_IPSEC_TEST_SA_UPDATE_SEQ_NUM
Update next sequence number.
@ ODP_IPSEC_OP_MODE_INLINE
Inline IPSEC operation.
@ ODP_IPSEC_OP_MODE_SYNC
Synchronous IPSEC operation.
@ ODP_IPSEC_OP_MODE_ASYNC
Asynchronous IPSEC operation.
@ ODP_IPSEC_OP_MODE_DISABLED
IPSEC is disabled in inbound / outbound direction.
@ ODP_IPSEC_LOOKUP_SPI
Inbound SA lookup is enabled.
@ ODP_IPSEC_LOOKUP_DISABLED
Inbound SA lookup is disabled for the SA.
@ ODP_IPSEC_LOOKUP_DSTADDR_SPI
Inbound SA lookup is enabled.
@ ODP_IPSEC_STATUS_SA_DISABLE
Response to SA disable command.
@ ODP_IPSEC_STATUS_WARN
Warning from inline IPSEC processing.
@ ODP_IPSEC_PIPELINE_CLS
Send resulting packets to the classifier.
@ ODP_IPSEC_PIPELINE_NONE
Do not pipeline.
@ ODP_IPSEC_FRAG_AFTER
Fragment IP packet after IPSEC operation.
@ ODP_IPSEC_FRAG_BEFORE
Fragment IP packet before IPSEC operation.
@ ODP_IPSEC_FRAG_DISABLED
Do not fragment IP packets.
@ ODP_IPSEC_FRAG_CHECK
Only check if IP fragmentation is needed, do not fragment packets.
@ ODP_IPSEC_AH
AH protocol.
@ ODP_IPSEC_ESP
ESP protocol.
@ ODP_IPSEC_IPV4
Header is IPv4.
@ ODP_IPSEC_IPV6
Header is IPv6.
@ ODP_IPSEC_TUNNEL_IPV4
Outer header is IPv4.
@ ODP_IPSEC_TUNNEL_IPV6
Outer header is IPv6.
@ ODP_IPSEC_MODE_TRANSPORT
IPSEC transport mode.
@ ODP_IPSEC_MODE_TUNNEL
IPSEC tunnel mode.
@ ODP_IPSEC_DIR_OUTBOUND
Outbound IPSEC SA.
@ ODP_IPSEC_DIR_INBOUND
Inbound IPSEC SA.
odp_proto_layer_t
Protocol layer.
#define ODP_IPV6_ADDR_SIZE
IPv6 address size.
#define ODP_IPV4_ADDR_SIZE
IPv4 address size.
bool odp_bool_t
Boolean type.
odp_support_t
ODP support.
odp_tm_handle_t odp_tm_queue_t
Each odp_tm_queue_t value is an opaque ODP handle representing a specific tm_queue within a specific ...
ODP protocols.
Crypto API key structure.
Authentication algorithm capabilities.
uint32_t icv_len
ICV length in bytes.
uint32_t key_len
Key length in bytes.
odp_reass_capability_t reassembly
Post-IPsec reassembly capability.
odp_ipsec_out_op_capability_t out_op
Outbound operation specific capabilities.
odp_bool_t reass_inline
Support of reassembly after inline inbound IPsec processing.
uint32_t max_cls_cos
Maximum number of different destination CoSes in classification pipelining.
odp_crypto_cipher_algos_t ciphers
Supported cipher algorithms.
odp_support_t frag_after
Fragment after IPsec support.
odp_support_t inline_ipsec_tm
Support of traffic manager (TM) after inline outbound IPSEC processing.
odp_pktin_vector_capability_t vector
Support for returning completion packets as vectors.
odp_bool_t queue_type_sched
Scheduled queue support.
odp_support_t op_mode_sync
Synchronous IPSEC operation mode (ODP_IPSEC_OP_MODE_SYNC) support.
odp_support_t frag_before
Fragment before IPsec support.
odp_support_t op_mode_inline_in
Inline inbound IPSEC operation mode (ODP_IPSEC_OP_MODE_INLINE) support.
odp_support_t op_mode_inline_out
Inline outgoing IPSEC operation mode (ODP_IPSEC_OP_MODE_INLINE) support.
odp_support_t pipeline_cls
Support of pipelined classification (ODP_IPSEC_PIPELINE_CLS) of resulting inbound packets.
uint32_t max_antireplay_ws
Maximum anti-replay window size.
uint32_t max_num_sa
Maximum number of IPSEC SAs.
odp_proto_chksums_t chksums_in
Inner packet checksum check offload support in inbound direction.
odp_support_t op_mode_async
Asynchronous IPSEC operation mode (ODP_IPSEC_OP_MODE_ASYNC) support.
odp_crypto_auth_algos_t auths
Supported authentication algorithms.
uint32_t max_queues
Maximum number of different destination queues.
odp_support_t retain_header
Support of retaining outer headers (retain_outer) in inbound inline processed packets.
odp_bool_t queue_type_plain
Plain queue support.
odp_bool_t reass_async
Support of reassembly after inbound processing in odp_ipsec_in_enq()
odp_ipsec_test_capability_t test
IPSEC TEST capabilities.
odp_support_t proto_ah
IP Authenticated Header (ODP_IPSEC_AH) support.
Cipher algorithm capabilities.
uint32_t key_len
Key length in bytes.
IPSEC configuration options.
odp_pktin_vector_config_t vector
Packet vector configuration for async and inline operations.
odp_ipsec_op_mode_t outbound_mode
Outbound IPSEC operation mode.
odp_ipsec_inbound_config_t inbound
IPSEC inbound processing configuration.
odp_bool_t stats_en
Enable stats collection.
uint32_t max_num_sa
Maximum number of IPSEC SAs that application will use simultaneously.
odp_ipsec_outbound_config_t outbound
IPSEC outbound processing configuration.
odp_ipsec_op_mode_t inbound_mode
Inbound IPSEC operation mode.
IPSEC crypto parameters.
uint32_t icv_len
Length of integrity check value (ICV) in bytes.
odp_crypto_key_t auth_key
Authentication key.
odp_crypto_key_t auth_key_extra
Extra keying material for authentication algorithm.
odp_auth_alg_t auth_alg
Authentication algorithm.
odp_crypto_key_t cipher_key_extra
Extra keying material for cipher algorithm.
odp_cipher_alg_t cipher_alg
Cipher algorithm.
odp_crypto_key_t cipher_key
Cipher key.
uint32_t sa_lookup
SA lookup failed.
uint32_t antireplay
Anti-replay check failed.
uint32_t auth
Authentication failed.
uint32_t alg
Other algorithm error.
uint32_t hard_exp_bytes
Hard lifetime expired: bytes.
uint32_t mtu
Packet does not fit into the given MTU size.
uint32_t hard_exp_packets
Hard lifetime expired: packets.
uint32_t all
All error bits.
uint32_t proto
Protocol error.
IPSEC inbound operation parameters.
const odp_ipsec_sa_t * sa
Pointer to an array of IPSEC SAs.
Configuration options for IPSEC inbound processing.
odp_bool_t spi_overlap
Select if SPI values for SA lookup are unique or may contain the same SPI value multiple times.
uint32_t max_spi
Maximum SPI value for SA lookup.
odp_reass_config_t reassembly
Post-IPsec reassembly configuration.
odp_bool_t reass_async
Attempt reassembly after inbound IPsec processing in odp_ipsec_in_enq().
odp_queue_t default_queue
Default destination queue for IPSEC events.
uint32_t min_spi
Minimum SPI value for SA lookup.
struct odp_ipsec_inbound_config_t::@42 lookup
Constraints for SPI values used with inbound SA lookup.
odp_proto_layer_t parse_level
Parse packet headers after IPSEC transformation.
odp_proto_layer_t retain_outer
Retain outer headers.
odp_bool_t reass_inline
Attempt reassembly after inline inbound IPsec processing.
odp_proto_chksums_t chksums
Flags to control IPSEC payload data checks up to the selected parse level.
IPv4 header parameters.
uint8_t ttl
IPv4 Time To Live.
uint8_t df
IPv4 Don't Fragment bit.
void * src_addr
IPv4 source address (NETWORK ENDIAN)
uint8_t dscp
IPv4 Differentiated Services Code Point.
void * dst_addr
IPv4 destination address (NETWORK ENDIAN)
IPv6 header parameters.
uint8_t hlimit
IPv6 hop limit.
uint8_t dscp
IPv6 Differentiated Services Code Point.
void * src_addr
IPv6 source address (NETWORK ENDIAN)
void * dst_addr
IPv6 destination address (NETWORK ENDIAN)
uint32_t flabel
IPv6 flow label.
IPSEC SA lifetime limits.
uint64_t bytes
Limit in bytes.
uint64_t packets
Limit in packet.
struct odp_ipsec_lifetime_t::@51 hard_limit
Hard expiry limits for the session.
struct odp_ipsec_lifetime_t::@50 soft_limit
Soft expiry limits for the session.
IPSEC operation flags.
uint32_t all
All flag bits.
uint32_t inline_mode
Packet was processed in inline mode.
IPSEC operation status.
odp_ipsec_error_t error
IPSEC errors.
uint64_t all
All status bits.
odp_ipsec_warn_t warn
IPSEC warnings.
Outbound inline IPSEC operation parameters.
odp_pktio_t pktio
Packet output interface for inline outbound operation without TM.
struct odp_ipsec_out_inline_param_t::@86 outer_hdr
Outer headers for inline output operation.
odp_tm_queue_t tm_queue
TM queue for inline outbound operation.
uint32_t len
Outer header length in bytes.
const uint8_t * ptr
Points to first byte of outer headers to be copied in front of the outgoing IPSEC packet.
Capabilities regarding IPsec outbound operation parameters.
uint8_t ip_param
IP parameters option supported.
uint8_t tfc_dummy
TFC dummy packet option supported.
uint8_t frag_mode
fragmentation mode option supported
uint8_t tfc_pad
TFC padding length option supported.
struct odp_ipsec_out_op_capability_t::@46 opt
Supported outbound operation option flags.
IPSEC outbound operation options.
odp_ipsec_frag_mode_t frag_mode
Fragmentation mode.
struct odp_ipsec_out_opt_t::@81::@85 flag
Option flags.
uint32_t all_flags
All flag bits.
uint32_t tfc_pad_len
TFC padding length.
odp_ipsec_ipv6_param_t ipv6
Override IPv6 parameters in outer header creation.
odp_ipsec_ipv4_param_t ipv4
Override IPv4 parameters in outer header creation.
uint32_t tfc_pad
Use TFC padding length option.
uint32_t ip_param
Use IP parameters option.
uint32_t frag_mode
Use fragmentation mode option.
uint32_t tfc_dummy
Tunnel mode TFC dummy packet.
IPSEC outbound operation parameters.
int num_opt
Number of outbound operation options.
const odp_ipsec_sa_t * sa
Pointer to an array of IPSEC SAs.
const odp_ipsec_out_opt_t * opt
Pointer to an array of outbound operation options.
Configuration options for IPSEC outbound processing.
uint32_t inner_sctp
Insert SCTP header checksum on the payload packet before IPSEC transformation.
struct odp_ipsec_outbound_config_t::@43::@45 chksum
Mapping for individual bits.
uint32_t inner_ipv4
Insert IPv4 header checksum on the payload packet before IPSEC transformation.
uint32_t inner_tcp
Insert TCP header checksum on the payload packet before IPSEC transformation.
uint32_t all_chksum
All bits of the bit field structure.
uint32_t inner_udp
Insert UDP header checksum on the payload packet before IPSEC transformation.
IPSEC operation result for a packet.
uint32_t len
Outer header length in bytes.
uint32_t orig_ip_len
Total IP length of the original ESP or AH packet before IPsec decapsulation.
uint8_t * ptr
Points to the first byte of retained outer headers.
odp_ipsec_op_status_t status
IPSEC operation status.
struct odp_ipsec_packet_result_t::@87 outer_hdr
Packet outer header status before inbound inline processing.
odp_ipsec_sa_t sa
IPSEC SA that was used to create the packet.
odp_ipsec_op_flag_t flag
IPSEC operation flags.
IPSEC SA information.
odp_ipsec_sa_param_t param
IPsec SA parameters.
struct odp_ipsec_sa_info_t::@57::@60::@62::@63 ipv4
IPv4.
uint64_t seq_num
Sequence number.
struct odp_ipsec_sa_info_t::@57::@60 outbound
Outbound specific parameters.
uint8_t src_addr[ODP_IPV4_ADDR_SIZE]
IPv4 source address.
uint8_t dst_addr[ODP_IPV6_ADDR_SIZE]
IP destination address (NETWORK ENDIAN) to be matched in addition to SPI value.
struct odp_ipsec_sa_info_t::@57::@60::@62::@64 ipv6
IPv6.
union odp_ipsec_sa_info_t::@57::@60::@62 tunnel
Tunnel IP address.
uint64_t antireplay_window_top
Antireplay window top.
struct odp_ipsec_sa_info_t::@57::@59::@61 lookup_param
Additional SA lookup parameters.
struct odp_ipsec_sa_info_t::@57::@59 inbound
Inbound specific parameters.
uint32_t antireplay_ws
Antireplay window size.
IPSEC SA option flags.
uint32_t copy_dscp
Copy DSCP bits.
uint32_t dec_ttl
Decrement inner packet Time To Live (TTL) field.
uint32_t copy_flabel
Copy IPv6 Flow Label.
uint32_t udp_encap
UDP encapsulation.
uint32_t copy_df
Copy IPv4 Don't Fragment bit.
uint32_t esn
Extended Sequence Numbers (ESN)
IPSEC Security Association (SA) parameters.
odp_ipsec_frag_mode_t frag_mode
Fragmentation mode The default value is ODP_IPSEC_FRAG_DISABLED.
odp_ipsec_crypto_param_t crypto
Parameters for crypto and authentication algorithms.
odp_queue_t dest_queue
Destination queue for IPSEC events.
odp_ipsec_mode_t mode
IPSEC protocol mode: transport or tunnel.
odp_ipsec_sa_opt_t opt
Various SA option flags.
odp_ipsec_ip_version_t ip_version
Select IP version.
struct odp_ipsec_sa_param_t::@52::@55 outbound
Outbound specific parameters.
odp_bool_t reassembly_en
Enable reassembly of IPsec tunneled fragments.
odp_ipsec_pipeline_t pipeline
Select pipelined destination for resulting events.
struct odp_ipsec_sa_param_t::@52::@54 inbound
Inbound specific parameters.
odp_ipsec_dir_t dir
IPSEC SA direction: inbound or outbound.
odp_ipsec_tunnel_param_t tunnel
Parameters for tunnel mode.
uint32_t antireplay_ws
Minimum anti-replay window size.
uint32_t mtu
MTU for outbound IP fragmentation offload.
odp_ipsec_lifetime_t lifetime
SA lifetime parameters.
struct odp_ipsec_sa_param_t::@52::@54::@56 lookup_param
Additional SA lookup parameters.
void * context
User defined SA context pointer.
uint32_t context_len
Context data length.
odp_ipsec_protocol_t proto
IPSEC protocol: ESP or AH.
odp_cos_t dest_cos
Classifier destination CoS for resulting packets.
odp_ipsec_lookup_mode_t lookup_mode
SA lookup mode The default value is ODP_IPSEC_LOOKUP_DISABLED.
void * dst_addr
IP destination address (NETWORK ENDIAN) to be matched in addition to SPI value.
IPSEC stats content.
uint64_t hard_exp_pkts_err
Number of packets with hard lifetime(packets) expired.
uint64_t auth_err
Number of packets with authentication errors.
uint64_t proto_err
Number of packets with protocol errors.
uint64_t mtu_err
Number of packets with MTU errors.
uint64_t antireplay_err
Number of packets with antireplay check failures.
uint64_t success_bytes
Total bytes of packet data processed by IPsec SA in success cases.
uint64_t alg_err
Number of packets with algorithm errors.
uint64_t hard_exp_bytes_err
Number of packets with hard lifetime(bytes) expired.
uint64_t success
Number of packets processed successfully.
IPSEC status content.
int result
Result of the operation.
odp_ipsec_warn_t warn
Warnings of an ODP_IPSEC_STATUS_WARN status event.
odp_ipsec_sa_t sa
IPSEC SA that was target of the operation.
odp_ipsec_status_id_t id
IPSEC status ID.
odp_bool_t antireplay_window_top
Highest authenticated sequence number.
odp_bool_t seq_num
Next sequence number value.
struct odp_ipsec_test_capability_t::@47 sa_operations
Parameters supported for sa_update.
IPSEC tunnel parameters.
odp_ipsec_ipv6_param_t ipv6
IPv6 header parameters.
odp_ipsec_tunnel_type_t type
Tunnel type: IPv4 or IPv6.
odp_ipsec_ipv4_param_t ipv4
IPv4 header parameters.
uint32_t all
All warning bits.
uint32_t soft_exp_bytes
Soft lifetime expired: bytes.
uint32_t soft_exp_packets
Soft lifetime expired: packets.
Packet input vector capabilities.
Packet input vector configuration.
Reassembly capabilities.
Fragment reassembly configuration.
Authentication algorithms in a bit field structure.
Cipher algorithms in a bit field structure.
IPSEC TEST SA parameter.
uint64_t antireplay_window_top
Highest authenticated sequence number.
uint64_t seq_num
Next sequence number.
Flags to control packet data checksum checking.