Few comments. Regards Nikhil
-----Original Message----- From: lng-odp [mailto:lng-odp-boun...@lists.linaro.org] On Behalf Of Petri Savolainen Sent: Tuesday, November 15, 2016 2:18 PM To: lng-odp@lists.linaro.org Subject: [lng-odp] [API-NEXT DRAFT] api: ipsec: added IPSEC API Added definitions for a look-a-side IPSEC offload API. In addition to IPSEC packet transformations, it also supports: * inbound SA look up * outbound IP fragmentation Signed-off-by: Petri Savolainen <petri.savolai...@nokia.com> --- include/odp/api/spec/event.h | 2 +- include/odp/api/spec/ipsec.h | 720 +++++++++++++++++++++ include/odp_api.h | 1 + platform/Makefile.inc | 1 + platform/linux-generic/Makefile.am | 2 + platform/linux-generic/include/odp/api/ipsec.h | 36 ++ .../include/odp/api/plat/event_types.h | 1 + .../include/odp/api/plat/ipsec_types.h | 39 ++ 8 files changed, 801 insertions(+), 1 deletion(-) create mode 100644 include/odp/api/spec/ipsec.h create mode 100644 platform/linux-generic/include/odp/api/ipsec.h create mode 100644 platform/linux-generic/include/odp/api/plat/ipsec_types.h diff --git a/include/odp/api/spec/event.h b/include/odp/api/spec/event.h index fdfa52d..75c0bbc 100644 --- a/include/odp/api/spec/event.h +++ b/include/odp/api/spec/event.h @@ -39,7 +39,7 @@ extern "C" { * @typedef odp_event_type_t * ODP event types: * ODP_EVENT_BUFFER, ODP_EVENT_PACKET, ODP_EVENT_TIMEOUT, - * ODP_EVENT_CRYPTO_COMPL + * ODP_EVENT_CRYPTO_COMPL, ODP_EVENT_IPSEC_RESULT */ /** diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h new file mode 100644 index 0000000..b45bcd4 --- /dev/null +++ b/include/odp/api/spec/ipsec.h @@ -0,0 +1,720 @@ +/* Copyright (c) 2016, Linaro Limited + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/** + * @file + * + * ODP IPSEC API + */ + +#ifndef ODP_API_IPSEC_H_ +#define ODP_API_IPSEC_H_ +#include <odp/visibility_begin.h> + +#ifdef __cplusplus +extern "C" { +#endif + +#include <odp/api/crypto.h> + +/** @defgroup odp_ipsec ODP IPSEC + * Operations of IPSEC API. + * @{ + */ + +/** + * @typedef odp_ipsec_sa_t + * IPSEC Security Association (SA) + */ + + /** + * @def ODP_IPSEC_SA_INVALID + * Invalid IPSEC SA + */ + +/** + * IPSEC SA direction + */ +typedef enum odp_ipsec_dir_t { + /** Inbound IPSEC SA */ + ODP_IPSEC_DIR_INBOUND = 0, + + /** Outbound IPSEC SA */ + ODP_IPSEC_DIR_OUTBOUND + +} odp_ipsec_dir_t; + +/** + * IPSEC operation mode + */ +typedef enum odp_ipsec_op_mode_t { + /** Synchronous IPSEC operation + * + * Application uses synchronous IPSEC operations, + * which output all results on function return. + */ + ODP_IPSEC_OP_MODE_SYNC = 0, + + /** Asynchronous IPSEC operation + * + * Application uses asynchronous IPSEC operations, + * which return results via events. + */ + ODP_IPSEC_OP_MODE_ASYNC + +} odp_ipsec_op_mode_t; + +/** + * IPSEC protocol mode + */ +typedef enum odp_ipsec_mode_t { + /** IPSEC tunnel mode */ + ODP_IPSEC_MODE_TUNNEL = 0, + + /** IPSEC transport mode */ + ODP_IPSEC_MODE_TRANSPORT + +} odp_ipsec_mode_t; + +/** + * IPSEC protocol + */ +typedef enum odp_ipsec_proto_t { + /** ESP protocol */ + ODP_IPSEC_ESP = 0, + + /** AH protocol */ + ODP_IPSEC_AH + +} odp_ipsec_proto_t; + +/** + * IPSEC tunnel type + */ +typedef enum odp_ipsec_tunnel_type_t { + /** Outer header is IPv4 */ + ODP_IPSEC_TUNNEL_IPV4 = 0, + + /** Outer header is IPv6 */ + ODP_IPSEC_TUNNEL_IPV6 + +} odp_ipsec_tunnel_type_t; + +/** + * IPSEC crypto parameters + */ +typedef struct odp_ipsec_crypto_param_t { + /** Cipher algorithm */ + odp_cipher_alg_t cipher_alg; + + /** Cipher key */ + odp_crypto_key_t cipher_key; + + /** Authentication algorithm */ + odp_auth_alg_t auth_alg; + + /** Authentication key */ + odp_crypto_key_t auth_key; + +} odp_ipsec_crypto_param_t; + +/** + * IPSEC tunnel parameters + * + * These parameters are used to build outbound tunnel headers. All +values are + * passed in CPU native byte / bit order if not specified otherwise. + * IP addresses must be in NETWORK byte order as those are passed in +with + * pointers and copied byte-by-byte from memory to the packet. + */ +typedef struct odp_ipsec_tunnel_param_t { + /** Tunnel type: IPv4 or IPv6 */ + odp_ipsec_tunnel_type_t type; + + union { + /** IPv4 header parameters */ + struct { + /** IPv4 source address (NETWORK ENDIAN) */ + void *src_addr; + + /** IPv4 destination address (NETWORK ENDIAN) */ + void *dst_addr; + + /** IPv4 Differentiated Services Code Point */ + uint8_t dscp; + + /** IPv4 Don't Fragment bit */ + uint8_t df; + + /** IPv4 Time To Live */ + uint8_t ttl; + } ipv4; + + /** IPv6 header parameters */ + struct { + /** IPv6 source address (NETWORK ENDIAN) */ + void *src_addr; + + /** IPv6 destination address (NETWORK ENDIAN) */ + void *dst_addr; + + /** IPv6 Differentiated Services Code Point */ + uint8_t dscp; + + /** IPv6 flow label */ + uint32_t flabel; + + /** IPv6 hop limit */ + uint8_t hlimit; + } ipv6; + }; +} odp_ipsec_tunnel_param_t; + +/** + * IPSEC SA option flags + */ +typedef struct odp_ipsec_sa_opt_t { + /** Extended Sequence Numbers (ESN) + * + * * 1: Use extended (64 bit) sequence numbers + * * 0: Use normal sequence numbers + */ + uint32_t esn : 1; + + /** UDP encapsulation + * + * * 1: Do UDP encapsulation/decapsulation so that IPSEC packets can + * traverse through NAT boxes. + * * 0: No UDP encapsulation + */ + uint32_t udp_encap : 1; + + /** Copy DSCP bits + * + * * 1: Copy IPv4 or IPv6 DSCP bits from inner IP header to + * the outer IP header in encapsulation, and vice versa in + * decapsulation. + * * 0: Use values from odp_ipsec_tunnel_param_t in encapsulation and + * do not change DSCP field in decapsulation. + */ + uint32_t copy_dscp : 1; + + /** Copy IPv6 Flow Label + * + * * 1: Copy IPv6 flow label from inner IPv6 header to the + * outer IPv6 header. + * * 0: Use value from odp_ipsec_tunnel_param_t + */ + uint32_t copy_flabel : 1; + + /** Copy IPv4 Don't Fragment bit + * + * * 1: Copy the DF bit from the inner IPv4 header to the outer + * IPv4 header. + * * 0: Use value from odp_ipsec_tunnel_param_t + */ + uint32_t copy_df : 1; + + /** Decrement inner packet Time To Live (TTL) field + * + * * 1: In tunnel mode, decrement inner packet IPv4 TTL or + * IPv6 Hop Limit after tunnel decapsulation, or before tunnel + * encapsulation. + * * 0: Inner packet is not modified. + */ + uint32_t dec_ttl : 1; + +} odp_ipsec_sa_opt_t; + +/** + * IPSEC SA lifetime limits + * + * These limits are used for setting up SA lifetime. IPSEC operations +check + * against the limits and output a status code (e.g. soft_exp_bytes) +when + * a limit is crossed. Any number of limits may be used simultaneously. + * Use zero when there is no limit. + */ +typedef struct odp_ipsec_lifetime_t { + /** Soft expiry limits for the session */ + struct { + /** Limit in seconds */ + uint64_t sec; + + /** Limit in bytes */ + uint64_t bytes; + + /** Limit in packet */ + uint64_t packets; + } soft_limit; + + /** Hard expiry limits for the session */ + struct { + /** Limit in seconds */ + uint64_t sec; + + /** Limit in bytes */ + uint64_t bytes; + + /** Limit in packet */ + uint64_t packets; + } hard_limit; +} odp_ipsec_lifetime_t; + +/** + * Fragmentation mode + * + * These options control outbound IP packet fragmentation offload. When +offload + * is enabled, IPSEC operation will determine if fragmentation is +needed and + * does it according to the mode. + */ In hardware implementations, Fragmentation accelerator is a separate block from IPSEC block. Fragmentation accelerator are usually closely associated with NIC card and It will not be advisable to use in lookaside mode. So this functionality(fragmentation in lookaside mode) can only be (optimally)achieved in software. Other way is to ask the IPSEC block to write output in scattered buffer and add IP headers in software. +typedef enum odp_ipsec_frag_mode_t { + /** Do not fragment IP packets */ + ODP_IPSEC_FRAG_DISABLED = 0, + + /** Fragment IP packet before IPSEC operation */ + ODP_IPSEC_FRAG_BEFORE, + + /** Fragment IP packet after IPSEC operation */ + ODP_IPSEC_FRAG_AFTER, + + /** Only check if IP fragmentation is needed, + * do not fragment packets. */ + ODP_IPSEC_FRAG_CHECK +} odp_ipsec_frag_mode_t; + +/** + * Packet lookup mode + */ +typedef enum odp_ipsec_lookup_mode_t { + /** Inbound SA lookup is disabled. */ + ODP_IPSEC_LOOKUP_DISABLED = 0, + + /** Inbound SA lookup is enabled. Used SPI values must be unique. */ + ODP_IPSEC_LOOKUP_IN_UNIQUE_SA IPSEC lookup on incoming side is usually done on SPI and Tunnel dest addr combination. SPI may not be unique always. + +} odp_ipsec_lookup_mode_t; + +/** + * IPSEC Security Association (SA) parameters */ typedef struct +odp_ipsec_sa_param_t { + /** IPSEC SA direction: inbound or outbound */ + odp_ipsec_dir_t dir; + + /** IPSEC operation mode: sync or async */ + odp_ipsec_op_mode_t op_mode; + + /** IPSEC protocol: ESP or AH */ + odp_ipsec_proto_t proto; + + /** Protocol mode: transport or tunnel */ + odp_ipsec_mode_t mode; + + /** Parameters for crypto and authentication algorithms */ + odp_ipsec_crypto_param_t crypto; + + /** Parameters for tunnel mode */ + odp_ipsec_tunnel_param_t tunnel; + + /** Fragmentation mode */ + odp_ipsec_frag_mode_t frag_mode; + + /** Various SA option flags */ + odp_ipsec_sa_opt_t opt; + + /** SA lifetime parameters */ + odp_ipsec_lifetime_t lifetime; + + /** SA lookup mode */ + odp_ipsec_lookup_mode_t lookup_mode; + + /** Minimum anti-replay window size. Use 0 to disable anti-replay + * service. */ + uint32_t antireplay_ws; + + /** Initial sequence number */ + uint64_t seq; + + /** SPI value */ + uint32_t spi; + + /** MTU for outbound IP fragmentation offload + * + * This is the maximum length of IP packets that outbound IPSEC + * operations may produce. The value may be updated later with + * odp_ipsec_mtu_update(). + */ + uint32_t mtu; + + /** Destination queue for IPSEC events + * + * Operations in asynchronous mode enqueue resulting events into + * this queue. + */ + odp_queue_t dest_queue; + + /** User defined SA context pointer + * + * User defined context pointer associated with the SA. + * The implementation may prefetch the context data. Default value + * of the pointer is NULL. + */ + void *context; Shall context be per packet or per SA? + + /** Context data length + * + * User defined context data length in bytes for prefetching. + * The implementation may use this value as a hint for the number of + * context data bytes to prefetch. Default value is zero (no hint). + */ + uint32_t context_len; + +} odp_ipsec_sa_param_t; + +/** + * Initialize IPSEC SA parameters + * + * Initialize an odp_ipsec_sa_param_t to its default values for all fields. + * + * @param param Pointer to the parameter structure + */ +void odp_ipsec_sa_param_init(odp_ipsec_sa_param_t *param); + +/** + * Create IPSEC SA + * + * Create a new IPSEC SA according to the parameters. + * + * @param param IPSEC SA parameters + * + * @return IPSEC SA handle + * @retval ODP_IPSEC_SA_INVALID on failure */ odp_ipsec_sa_t +odp_ipsec_sa_create(odp_ipsec_sa_param_t *param); + +/** + * Destroy IPSEC SA + * + * Destroy an unused IPSEC SA. Result is undefined if the SA is being +used + * (i.e. asynchronous operation is in progress). + * + * @param sa IPSEC SA to be destroyed + * + * @retval 0 On success + * @retval <0 On failure + */ +int odp_ipsec_sa_destroy(odp_ipsec_sa_t sa); + +/** + * Printable format of odp_ipsec_sa_t + * + * @param sa IPSEC SA handle + * + * @return uint64_t value that can be used to print/display this handle +*/ uint64_t odp_ipsec_sa_to_u64(odp_ipsec_sa_t sa); + +/** + * IPSEC operation level options + * + * These may be used to override some SA level options */ typedef +struct odp_ipsec_op_opt_t { + /** Fragmentation mode */ + odp_ipsec_frag_mode_t mode; + +} odp_ipsec_op_opt_t; + +/** IPSEC operation status has no errors */ #define ODP_IPSEC_OK 0 + +/** IPSEC operation status */ +typedef union odp_ipsec_status_t { + /** Error flags */ + struct { + /** ICV check failed */ + uint32_t icv : 1; + + /** Other algorithm error */ + uint32_t alg : 1; + + /** SPI not found */ + uint32_t spi : 1; + + /** Packet does not fit into the given MTU size */ + uint32_t mtu : 1; + + /** Soft lifetime expired: seconds */ + uint32_t soft_exp_sec : 1; + + /** Soft lifetime expired: bytes */ + uint32_t soft_exp_bytes : 1; + + /** Soft lifetime expired: packets */ + uint32_t soft_exp_packets : 1; + + /** Hard lifetime expired: seconds */ + uint32_t hard_exp_sec : 1; + + /** Hard lifetime expired: bytes */ + uint32_t hard_exp_bytes : 1; + + /** Hard lifetime expired: packets */ + uint32_t hard_exp_packets : 1; + } error; + + /** All bits of the bit field structure + * + * This field can be used to set, clear or compare multiple flags. + * For example, 'status.all != ODP_IPSEC_OK' checks if there are any + * errors. + */ + uint32_t all; + +} odp_ipsec_status_t; + +/** + * IPSEC operation input parameters + */ +typedef struct odp_ipsec_op_param_t { + /** Number of packets to be processed */ + int num_pkt; + + /** Number of SAs + * + * Valid values are: + * * 0: No SAs (default) + * * 1: Single SA for all packets + * * num_pkt: SA per packet + */ It would be optimal if multi crypto operations are restricted to single SA only. In case of Async operation you need to submit the packet to hardware queues, queues of different session may be different where you may end up doing multiple single enqueues. + int num_sa; + + /** Number of operation options + * + * Valid values are: + * * 0: No options (default) + * * 1: Single option for all packets + * * num_pkt: An option per packet + */ + int num_opt; + + /** Pointer to an array of packets */ + odp_packet_t *pkt; Do we want to support different buffer allocation modes? + + /** Pointer to an array of IPSEC SAs + * + * May be NULL when num_sa is zero. + */ + odp_ipsec_sa_t *sa; + + /** Pointer to an array of operation options + * + * May be NULL when num_opt is zero. + */ + odp_ipsec_op_opt_t *opt; + +} odp_ipsec_op_param_t; + +/** + * IPSEC operation result for a packet + */ +typedef struct odp_ipsec_packet_result_t { + /** IPSEC operation status */ + odp_ipsec_status_t status; + + /** Number of output packets created from the corresponding input packet + * + * Without fragmentation offload this is always one. However, if the + * input packet was fragmented during the operation this is larger than + * one for the first fragment and zero for the rest of the fragments + * (following the first one in the 'pkt' array). + */ + int num_out; + + /** IPSEC SA that was used to create the packet + * + * Operation updates this SA handle value, when SA look up is performed + * as part of the operation and the look up is successful. Operation + * status code indicates if the look up failed. Otherwise, the SA + * provided by the application is copied here. + */ + odp_ipsec_sa_t sa; + +} odp_ipsec_packet_result_t; + +/** + * IPSEC operation results + */ +typedef struct odp_ipsec_op_result_t { + /** Number of packets + * + * Application sets this to the maximum number of packets the operation + * may output (number of elements in 'pkt' and 'res' arrays). + * The operation updates it with the actual number of packets + * outputted. + */ + int num_pkt; + + /** Pointer to an array of packets + * + * Operation outputs packets into this array. The array must have + * at least 'num_pkt' elements. + */ + odp_packet_t *pkt; + + /** Pointer to an array of per packet operation results + * + * Operation outputs results for each outputted packet into this array. + * The array must have at least 'num_pkt' elements. The results include + * operation status and packet form information for each outputted + * packet. + * + * For example, some packets may not have been transformed due to + * an error, but the original packet is returned with appropriate + * packet result information instead. + */ + odp_ipsec_packet_result_t *res; + +} odp_ipsec_op_result_t; + +/** + * Inbound synchronous IPSEC operation + * + * This operation does inbound IPSEC processing in synchronous mode. + * A successful operation returns the number of packets consumed and +outputs + * a new packet handle as well as an operation result for each outputted packet. + * The operation does not modify packets that it does not consume. It +returns + * a failure and does not process any packets if 'output.num_pkt' is too small. + * + * When 'input.num_sa' is zero, this operation performs SA look up for +each + * packet. Otherwise, application must provide the SA(s) as part of +operation + * input parameters (odp_ipsec_op_param_t). The operation outputs used +SA(s) as + * part of per packet operation results (odp_ipsec_packet_result_t), or +an error + * status if a SA was not found. + * + * Packets are processed in the input order. Packet order is maintained +from + * input 'pkt' array to output 'pkt' array. Packet context pointer +value + * (see odp_packet_user_ptr()) is copied from input to output packets. + * + * @param input Operation input parameters + * @param[out] output Operation results + * + * @return Number of input packets consumed (0 ... input.num_pkt) + * @retval <0 On failure + */ +int odp_ipsec_in(const odp_ipsec_op_param_t *input, + odp_ipsec_op_result_t *output); + +/** + * Outbound synchronous IPSEC operation + * + * This operation does outbound IPSEC processing in synchronous mode. + * A successful operation returns the number of packets consumed and +outputs + * a new packet handle as well as an operation result for each outputted packet. + * The operation does not modify packets that it does not consume. It +returns + * a failure and does not process any packets if 'output.num_pkt' is too small. + * + * When outbound IP fragmentation offload is enabled, the number of +outputted + * packets (and corresponding per packet results) may be greater than + * the number of input packets. In that case, application may examine 'num_out' + * of each packet result (odp_ipsec_packet_result_t) to find out which + * fragments are originated from which input packet. + * + * Packets are processed in the input order. Packet order is maintained +from + * input 'pkt' array to output 'pkt' array. Packet context pointer +value + * (see odp_packet_user_ptr()) is copied from input to output packets. + * + * @param input Operation input parameters + * @param[out] output Operation results + * + * @return Number of input packets consumed (0 ... input.num_pkt) + * @retval <0 On failure + */ +int odp_ipsec_out(const odp_ipsec_op_param_t *input, + odp_ipsec_op_result_t *output); + +/** + * Inbound asynchronous IPSEC operation + * + * This operation does inbound IPSEC processing in asynchronous mode. +It + * processes packets otherwise identically to odp_ipsec_in(), but +outputs all + * results through one or multiple ODP_EVENT_IPSEC_RESULT events. + * + * Packets are processed in the input order. Packet order is maintained +from + * input 'pkt' array to 'pkt' array of each resulting event. Resulting +events + * of the same SA should be enqueued in order and all packets within +the same + * event must be in order. + * + * @param input Operation input parameters + * + * @return Number of input packets consumed (0 ... input.num_pkt) + * @retval <0 On failure + * + * @see odp_ipsec_in(), odp_ipsec_result() */ int +odp_ipsec_in_enq(const odp_ipsec_op_param_t *input); + +/** + * Outbound asynchronous IPSEC operation + * + * This operation does outbound IPSEC processing in asynchronous mode. +It + * processes packets otherwise identically to odp_ipsec_out(), but +outputs all + * results through one or multiple ODP_EVENT_IPSEC_RESULT events. + * + * Packets are processed in the input order. Packet order is maintained +from + * input 'pkt' array to 'pkt' array of each resulting event. Resulting +events + * of the same SA should be enqueued in order and all packets within +the same + * event must be in order. + * + * @param input Operation input parameters + * + * @return Number of input packets consumed (0 ... input.num_pkt) + * @retval <0 On failure + * + * @see odp_ipsec_out(), odp_ipsec_result() */ int +odp_ipsec_out_enq(const odp_ipsec_op_param_t *input); + +/** + * Get IPSEC results from an ODP_EVENT_IPSEC_RESULT event + * + * Copies IPSEC operation results from an event. The event must be of + * type ODP_EVENT_IPSEC_RESULT. The event may be freed after the call. + * + * @param[out] result Pointer to operation result for output + * @param event An ODP_EVENT_IPSEC_RESULT event + * + * @return Number of packets in the event. If this is larger than + * 'result.num_pkt', all packets did not fit into result struct and + * application must call the function again with a larger result struct. + * @retval <0 On failure + */ +int odp_ipsec_result(odp_ipsec_op_result_t *result, odp_event_t event); + +/** + * Update MTU for outbound IP fragmentation + * + * When IP fragmentation offload is enabled, the SA is created with an MTU. + * This call may be used to update MTU at any time. MTU updates are not + * expected to happen very frequently. + * + * @param sa IPSEC SA to be updated + * @param mtu The new MTU value + * + * @retval 0 On success + * @retval <0 On failure + */ +int odp_ipsec_mtu_update(odp_ipsec_sa_t sa, uint32_t mtu); + +/** + * @} + */ + +#ifdef __cplusplus +} +#endif + +#include <odp/visibility_end.h> +#endif diff --git a/include/odp_api.h b/include/odp_api.h index ec7fcd2..73e5309 100644 --- a/include/odp_api.h +++ b/include/odp_api.h @@ -57,6 +57,7 @@ extern "C" { #include <odp/api/spinlock_recursive.h> #include <odp/api/rwlock_recursive.h> #include <odp/api/std_clib.h> +#include <odp/api/ipsec.h> #ifdef __cplusplus } diff --git a/platform/Makefile.inc b/platform/Makefile.inc index b31b95b..aefbf9a 100644 --- a/platform/Makefile.inc +++ b/platform/Makefile.inc @@ -34,6 +34,7 @@ odpapispecinclude_HEADERS = \ $(top_srcdir)/include/odp/api/spec/hash.h \ $(top_srcdir)/include/odp/api/spec/hints.h \ $(top_srcdir)/include/odp/api/spec/init.h \ + $(top_srcdir)/include/odp/api/spec/ipsec.h \ $(top_srcdir)/include/odp/api/spec/packet.h \ $(top_srcdir)/include/odp/api/spec/packet_flags.h \ $(top_srcdir)/include/odp/api/spec/packet_io.h \ diff --git a/platform/linux-generic/Makefile.am b/platform/linux-generic/Makefile.am index 19dc0ba..d2e3e35 100644 --- a/platform/linux-generic/Makefile.am +++ b/platform/linux-generic/Makefile.am @@ -37,6 +37,7 @@ odpapiinclude_HEADERS = \ $(srcdir)/include/odp/api/hash.h \ $(srcdir)/include/odp/api/hints.h \ $(srcdir)/include/odp/api/init.h \ + $(srcdir)/include/odp/api/ipsec.h \ $(srcdir)/include/odp/api/packet_flags.h \ $(srcdir)/include/odp/api/packet.h \ $(srcdir)/include/odp/api/packet_io.h \ @@ -78,6 +79,7 @@ odpapiplatinclude_HEADERS = \ $(srcdir)/include/odp/api/plat/crypto_types.h \ $(srcdir)/include/odp/api/plat/event_types.h \ $(srcdir)/include/odp/api/plat/init_types.h \ + $(srcdir)/include/odp/api/plat/ipsec_types.h \ $(srcdir)/include/odp/api/plat/packet_types.h \ $(srcdir)/include/odp/api/plat/packet_io_types.h \ $(srcdir)/include/odp/api/plat/pool_types.h \ diff --git a/platform/linux-generic/include/odp/api/ipsec.h b/platform/linux-generic/include/odp/api/ipsec.h new file mode 100644 index 0000000..44c5d02 --- /dev/null +++ b/platform/linux-generic/include/odp/api/ipsec.h @@ -0,0 +1,36 @@ +/* Copyright (c) 2016, Linaro Limited + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/** + * @file + * + * ODP IPSEC API - platform specific header */ + +#ifndef ODP_PLAT_IPSEC_H_ +#define ODP_PLAT_IPSEC_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +#include <odp/api/plat/ipsec_types.h> + +/** @ingroup odp_ipsec + * @{ + */ + +/** + * @} + */ + +#include <odp/api/spec/ipsec.h> + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/platform/linux-generic/include/odp/api/plat/event_types.h b/platform/linux-generic/include/odp/api/plat/event_types.h index 9ca0fb8..abaa770 100644 --- a/platform/linux-generic/include/odp/api/plat/event_types.h +++ b/platform/linux-generic/include/odp/api/plat/event_types.h @@ -38,6 +38,7 @@ typedef enum odp_event_type_t { ODP_EVENT_PACKET = 2, ODP_EVENT_TIMEOUT = 3, ODP_EVENT_CRYPTO_COMPL = 4, + ODP_EVENT_IPSEC_RESULT = 5 } odp_event_type_t; /** Get printable format of odp_event_t */ diff --git a/platform/linux-generic/include/odp/api/plat/ipsec_types.h b/platform/linux-generic/include/odp/api/plat/ipsec_types.h new file mode 100644 index 0000000..a36cdad --- /dev/null +++ b/platform/linux-generic/include/odp/api/plat/ipsec_types.h @@ -0,0 +1,39 @@ +/* Copyright (c) 2016, Linaro Limited + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/** + * @file + * + * ODP IPSEC API - platform specific types */ + +#ifndef ODP_PLAT_IPSEC_TYPES_H_ +#define ODP_PLAT_IPSEC_TYPES_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +#include <odp/api/std_types.h> +#include <odp/api/plat/strong_types.h> + +/** @ingroup odp_ipsec + * @{ + */ + +typedef ODP_HANDLE_T(odp_ipsec_sa_t); + +#define ODP_IPSEC_SA_INVALID _odp_cast_scalar(odp_ipsec_sa_t, +0xffffffff) + +/** + * @} + */ + +#ifdef __cplusplus +} +#endif + +#endif -- 2.8.1