1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2018 Intel Corporation
5 #ifndef _RTE_IPSEC_GROUP_H_
6 #define _RTE_IPSEC_GROUP_H_
9 * @file rte_ipsec_group.h
10 * @b EXPERIMENTAL: this API may change without prior notice
13 * It is not recommended to include this file directly,
14 * include <rte_ipsec.h> instead.
15 * Contains helper functions to process completed crypto-ops
16 * and group related packets by sessions they belong to.
25 * Used to group mbufs by some id.
26 * See below for particular usage.
28 struct rte_ipsec_group
{
32 } id
; /**< grouped by value */
33 struct rte_mbuf
**m
; /**< start of the group */
34 uint32_t cnt
; /**< number of entries in the group */
35 int32_t rc
; /**< status code associated with the group */
39 * Take crypto-op as an input and extract pointer to related ipsec session.
41 * The address of an input *rte_crypto_op* structure.
43 * The pointer to the related *rte_ipsec_session* structure.
45 static inline __rte_experimental
struct rte_ipsec_session
*
46 rte_ipsec_ses_from_crypto(const struct rte_crypto_op
*cop
)
48 const struct rte_security_session
*ss
;
49 const struct rte_cryptodev_sym_session
*cs
;
51 if (cop
->sess_type
== RTE_CRYPTO_OP_SECURITY_SESSION
) {
52 ss
= cop
->sym
[0].sec_session
;
53 return (void *)(uintptr_t)ss
->opaque_data
;
54 } else if (cop
->sess_type
== RTE_CRYPTO_OP_WITH_SESSION
) {
55 cs
= cop
->sym
[0].session
;
56 return (void *)(uintptr_t)cs
->opaque_data
;
62 * Take as input completed crypto ops, extract related mbufs
63 * and group them by rte_ipsec_session they belong to.
64 * For mbuf which crypto-op wasn't completed successfully
65 * PKT_RX_SEC_OFFLOAD_FAILED will be raised in ol_flags.
66 * Note that mbufs with undetermined SA (session-less) are not freed
67 * by the function, but are placed beyond mbufs for the last valid group.
68 * It is a user responsibility to handle them further.
70 * The address of an array of *num* pointers to the input *rte_crypto_op*
73 * The address of an array of *num* pointers to output *rte_mbuf* structures.
75 * The address of an array of *num* to output *rte_ipsec_group* structures.
77 * The maximum number of crypto-ops to process.
79 * Number of filled elements in *grp* array.
81 static inline uint16_t __rte_experimental
82 rte_ipsec_pkt_crypto_group(const struct rte_crypto_op
*cop
[],
83 struct rte_mbuf
*mb
[], struct rte_ipsec_group grp
[], uint16_t num
)
87 struct rte_mbuf
*m
, *dr
[num
];
94 for (i
= 0; i
!= num
; i
++) {
96 m
= cop
[i
]->sym
[0].m_src
;
97 ns
= cop
[i
]->sym
[0].session
;
99 m
->ol_flags
|= PKT_RX_SEC_OFFLOAD
;
100 if (cop
[i
]->status
!= RTE_CRYPTO_OP_STATUS_SUCCESS
)
101 m
->ol_flags
|= PKT_RX_SEC_OFFLOAD_FAILED
;
103 /* no valid session found */
113 * we already have an open group - finalize it,
114 * then open a new one.
118 rte_ipsec_ses_from_crypto(cop
[i
- 1]);
119 grp
[n
].cnt
= mb
+ j
- grp
[n
].m
;
123 /* start new group */
131 /* finalise last group */
133 grp
[n
].id
.ptr
= rte_ipsec_ses_from_crypto(cop
[i
- 1]);
134 grp
[n
].cnt
= mb
+ j
- grp
[n
].m
;
138 /* copy mbufs with unknown session beyond recognised ones */
139 if (k
!= 0 && k
!= num
) {
140 for (i
= 0; i
!= k
; i
++)
151 #endif /* _RTE_IPSEC_GROUP_H_ */