@@ -59,8 +59,12 @@ typedef enum odp_ipsec_op_mode_t {
/** Inline IPSEC operation
*
* Packet input/output is connected directly to IPSEC inbound/outbound
- * processing. Application uses asynchronous or inline IPSEC
- * operations.
+ * processing. Packet post IPSEC operations are delivered to virtual
+ * PKTIO interface corresponding to the PKTIO on which packet was
+ * recieved. Further classification/Hashing(inbound) will be applied to
+ * packet post IPSEC as defined in PKTIO configuration of virtual
+ * interface.
+ * Application may use asynchronous IPSEC operations as well.
*/
ODP_IPSEC_OP_MODE_INLINE,
@@ -226,6 +230,24 @@ typedef struct odp_ipsec_outbound_config_t {
} odp_ipsec_outbound_config_t;
+typedef union odp_ipsec_protocols_t {
+ /** Cipher algorithms */
+ struct {
+ /** ODP_IPSEC_ESP */
+ uint32_t esp : 1;
+
+ /** ODP_IPSEC_AH */
+ uint32_t ah : 1;
+
+ } bit;
+
+ /** All bits of the bit field structure
+ *
+ * This field can be used to set/clear all flags, or bitwise
+ * operations over the entire structure. */
+ uint32_t all_bits;
+} odp_ipsec_protocols_t;
+
/**
* IPSEC capability
*/
@@ -264,6 +286,9 @@ typedef struct odp_ipsec_capability_t {
*/
uint8_t hard_limit_sec;
+ /** Supported ipsec Protocols */
+ odp_ipsec_protocols_t protocols;
+
/** Supported cipher algorithms */
odp_crypto_cipher_algos_t ciphers;
@@ -554,21 +579,6 @@ typedef enum odp_ipsec_lookup_mode_t {
} odp_ipsec_lookup_mode_t;
/**
- * Result event pipeline configuration
- */
-typedef enum odp_ipsec_pipeline_t {
- /** Do not pipeline */
- ODP_IPSEC_PIPELINE_NONE = 0,
-
- /** Send IPSEC result events to the classifier.
- *
- * IPSEC capability 'pipeline_cls' determines if pipelined
- * classification is supported. */
- ODP_IPSEC_PIPELINE_CLS
-
-} odp_ipsec_pipeline_t;
-
-/**
* IPSEC Security Association (SA) parameters
*/
typedef struct odp_ipsec_sa_param_t {
@@ -632,31 +642,13 @@ typedef struct odp_ipsec_sa_param_t {
*/
uint32_t mtu;
- /** Select pipelined destination for IPSEC result events
- *
- * Asynchronous and inline modes generate result events. Select where
- * those events are sent. Inbound SAs may choose to use pipelined
- * classification. The default value is ODP_IPSEC_PIPELINE_NONE.
- */
- odp_ipsec_pipeline_t pipeline;
-
/** Destination queue for IPSEC events
*
- * Operations in asynchronous or inline mode enqueue resulting events
+ * Operations in asynchronous mode enqueue resulting events
* into this queue.
*/
odp_queue_t dest_queue;
- /** Classifier destination CoS for IPSEC result events
- *
- * Result events for successfully decapsulated packets are sent to
- * classification through this CoS. Other result events are sent to
- * 'dest_queue'. This field is considered only when 'pipeline' is
- * ODP_IPSEC_PIPELINE_CLS. The CoS must not be shared between any pktio
- * interface default CoS.
- */
- odp_cos_t dest_cos;
-
/** User defined SA context pointer
*
* User defined context pointer associated with the SA.
@@ -1136,6 +1136,22 @@ uint64_t odp_pktin_ts_res(odp_pktio_t pktio);
* @return Packet input timestamp
*/
odp_time_t odp_pktin_ts_from_ns(odp_pktio_t pktio, uint64_t ns);
+/**
+ * Returns virtual IPSEC PKTIO for a given PKTIO interface when inbound_ipsec is
+ * enabled on PKTIO interface.
+ *
+ * Inline processed IPSEC packets will be delivered to this virtual PKTIO interface
+ * User can enable classification/Hashing on this interface in same manner as on
+ * normal PKTIO interface. L2 classification rules will not apply to this pktio
+ * as only valid L3 packet are delivered on this interface.
+ *
+ * @param pktio Packet IO handle
+ *
+ * @return virtual IPSEC PKT IO handle. returns ODP_PKTIO_INVALID in case IPSec
+ * is not enabled on the PKTIO.
+ */
+odp_pktio_t odp_pktio_ipsec_pktio(odp_pktio_t pktio, uint64_t ns);
+
/**
* @}
Signed-off-by: Nikhil Agarwal <nikhil.agarwal@linaro.org> --- include/odp/api/spec/ipsec.h | 64 ++++++++++++++++++---------------------- include/odp/api/spec/packet_io.h | 16 ++++++++++ 2 files changed, 44 insertions(+), 36 deletions(-) -- 2.9.3