22 set_ipsec_conf(struct ipsec_sa *sa, struct rte_security_ipsec_xform *ipsec)  in set_ipsec_conf()  argument
27 		if (IS_IP4_TUNNEL(sa->flags)) {  in set_ipsec_conf()
33 				(uint8_t *)&sa->src.ip.ip4, 4);  in set_ipsec_conf()
36 				(uint8_t *)&sa->dst.ip.ip4, 4);  in set_ipsec_conf()
37 		} else if (IS_IP6_TUNNEL(sa->flags)) {  in set_ipsec_conf()
45 				(uint8_t *)&sa->src.ip.ip6.ip6_b, 16);  in set_ipsec_conf()
48 				(uint8_t *)&sa->dst.ip.ip6.ip6_b, 16);  in set_ipsec_conf()
54 	ipsec->options.udp_encap = sa->udp_encap;  in set_ipsec_conf()
58 create_lookaside_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa,  in create_lookaside_session()  argument
68 	key.cipher_algo = (uint8_t)sa->cipher_algo;  in create_lookaside_session()
69 	key.auth_algo = (uint8_t)sa->auth_algo;  in create_lookaside_session()
70 	key.aead_algo = (uint8_t)sa->aead_algo;  in create_lookaside_session()
86 			"%u qp %u\n", sa->spi,  in create_lookaside_session()
96 				.spi = sa->spi,  in create_lookaside_session()
97 				.salt = sa->salt,  in create_lookaside_session()
100 				.direction = sa->direction,  in create_lookaside_session()
102 				.mode = (IS_TUNNEL(sa->flags)) ?  in create_lookaside_session()
106 			.crypto_xform = sa->xforms,  in create_lookaside_session()
117 			set_ipsec_conf(sa, &(sess_conf.ipsec));  in create_lookaside_session()
147 				ips->crypto.ses, sa->xforms,  in create_lookaside_session()
154 	sa->cdev_id_qp = cdev_id_qp;  in create_lookaside_session()
160 create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,  in create_inline_session()  argument
169 			.spi = sa->spi,  in create_inline_session()
170 			.salt = sa->salt,  in create_inline_session()
173 			.direction = sa->direction,  in create_inline_session()
176 		.crypto_xform = sa->xforms,  in create_inline_session()
180 	if (IS_TRANSPORT(sa->flags)) {  in create_inline_session()
182 		if (IS_IP4(sa->flags)) {  in create_inline_session()
187 				sa->src.ip.ip4;  in create_inline_session()
189 				sa->dst.ip.ip4;  in create_inline_session()
190 		} else if (IS_IP6(sa->flags)) {  in create_inline_session()
195 				sa->src.ip.ip6.ip6_b, 16);  in create_inline_session()
197 				sa->dst.ip.ip6.ip6_b, 16);  in create_inline_session()
199 	} else if (IS_TUNNEL(sa->flags)) {  in create_inline_session()
202 		if (IS_IP4(sa->flags)) {  in create_inline_session()
207 				sa->src.ip.ip4;  in create_inline_session()
209 				sa->dst.ip.ip4;  in create_inline_session()
210 		} else if (IS_IP6(sa->flags)) {  in create_inline_session()
215 				sa->src.ip.ip6.ip6_b, 16);  in create_inline_session()
217 				sa->dst.ip.ip6.ip6_b, 16);  in create_inline_session()
224 	if (sa->udp_encap) {  in create_inline_session()
226 		sess_conf.ipsec.udp.sport = htons(sa->udp.sport);  in create_inline_session()
227 		sess_conf.ipsec.udp.dport = htons(sa->udp.dport);  in create_inline_session()
230 	if (sa->esn > 0) {  in create_inline_session()
232 		sess_conf.ipsec.esn.value = sa->esn;  in create_inline_session()
237 		sa->spi, sa->portid);  in create_inline_session()
246 					sa->portid);  in create_inline_session()
271 			    sec_cap->ipsec.direction == sa->direction)  in create_inline_session()
284 		sa->pattern[0].type = RTE_FLOW_ITEM_TYPE_ETH;  in create_inline_session()
286 		if (IS_IP6(sa->flags)) {  in create_inline_session()
287 			sa->pattern[1].mask = &rte_flow_item_ipv6_mask;  in create_inline_session()
288 			sa->pattern[1].type = RTE_FLOW_ITEM_TYPE_IPV6;  in create_inline_session()
289 			sa->pattern[1].spec = &sa->ipv6_spec;  in create_inline_session()
291 			memcpy(sa->ipv6_spec.hdr.dst_addr,  in create_inline_session()
292 				sa->dst.ip.ip6.ip6_b, 16);  in create_inline_session()
293 			memcpy(sa->ipv6_spec.hdr.src_addr,  in create_inline_session()
294 			       sa->src.ip.ip6.ip6_b, 16);  in create_inline_session()
295 		} else if (IS_IP4(sa->flags)) {  in create_inline_session()
296 			sa->pattern[1].mask = &rte_flow_item_ipv4_mask;  in create_inline_session()
297 			sa->pattern[1].type = RTE_FLOW_ITEM_TYPE_IPV4;  in create_inline_session()
298 			sa->pattern[1].spec = &sa->ipv4_spec;  in create_inline_session()
300 			sa->ipv4_spec.hdr.dst_addr = sa->dst.ip.ip4;  in create_inline_session()
301 			sa->ipv4_spec.hdr.src_addr = sa->src.ip.ip4;  in create_inline_session()
304 		sa->esp_spec.hdr.spi = rte_cpu_to_be_32(sa->spi);  in create_inline_session()
306 		if (sa->udp_encap) {  in create_inline_session()
308 			sa->udp_spec.hdr.dst_port =  in create_inline_session()
309 					rte_cpu_to_be_16(sa->udp.dport);  in create_inline_session()
310 			sa->udp_spec.hdr.src_port =  in create_inline_session()
311 					rte_cpu_to_be_16(sa->udp.sport);  in create_inline_session()
313 			sa->pattern[2].mask = &rte_flow_item_udp_mask;  in create_inline_session()
314 			sa->pattern[2].type = RTE_FLOW_ITEM_TYPE_UDP;  in create_inline_session()
315 			sa->pattern[2].spec = &sa->udp_spec;  in create_inline_session()
317 			sa->pattern[3].type = RTE_FLOW_ITEM_TYPE_ESP;  in create_inline_session()
318 			sa->pattern[3].spec = &sa->esp_spec;  in create_inline_session()
319 			sa->pattern[3].mask = &rte_flow_item_esp_mask;  in create_inline_session()
321 			sa->pattern[4].type = RTE_FLOW_ITEM_TYPE_END;  in create_inline_session()
323 			sa->pattern[2].type = RTE_FLOW_ITEM_TYPE_ESP;  in create_inline_session()
324 			sa->pattern[2].spec = &sa->esp_spec;  in create_inline_session()
325 			sa->pattern[2].mask = &rte_flow_item_esp_mask;  in create_inline_session()
327 			sa->pattern[3].type = RTE_FLOW_ITEM_TYPE_END;  in create_inline_session()
330 		sa->action[0].type = RTE_FLOW_ACTION_TYPE_SECURITY;  in create_inline_session()
331 		sa->action[0].conf = ips->security.ses;  in create_inline_session()
333 		sa->action[1].type = RTE_FLOW_ACTION_TYPE_END;  in create_inline_session()
335 		sa->attr.egress = (sa->direction ==  in create_inline_session()
337 		sa->attr.ingress = (sa->direction ==  in create_inline_session()
339 		if (sa->attr.ingress) {  in create_inline_session()
352 			if (flow_info_tbl[sa->portid].rx_def_flow)  in create_inline_session()
355 			ret = rte_eth_dev_info_get(sa->portid, &dev_info);  in create_inline_session()
359 					sa->portid, strerror(-ret));  in create_inline_session()
363 			sa->action[2].type = RTE_FLOW_ACTION_TYPE_END;  in create_inline_session()
365 			sa->action[1].type = RTE_FLOW_ACTION_TYPE_RSS;  in create_inline_session()
366 			sa->action[1].conf = &action_rss;  in create_inline_session()
367 			ret = rte_eth_dev_rss_hash_conf_get(sa->portid,  in create_inline_session()
385 			ret = rte_flow_validate(sa->portid, &sa->attr,  in create_inline_session()
386 						sa->pattern, sa->action,  in create_inline_session()
391 			sa->action[1].type = RTE_FLOW_ACTION_TYPE_QUEUE;  in create_inline_session()
392 			sa->action[1].conf =  in create_inline_session()
396 			ret = rte_flow_validate(sa->portid, &sa->attr,  in create_inline_session()
397 						sa->pattern, sa->action,  in create_inline_session()
400 			sa->action[1].type = RTE_FLOW_ACTION_TYPE_END;  in create_inline_session()
401 			sa->action[1].conf = NULL;  in create_inline_session()
402 			ret = rte_flow_validate(sa->portid, &sa->attr,  in create_inline_session()
403 						sa->pattern, sa->action,  in create_inline_session()
407 		} else if (sa->attr.egress &&  in create_inline_session()
410 			sa->action[1].type =  in create_inline_session()
412 			sa->action[2].type =  in create_inline_session()
416 		sa->flow = rte_flow_create(sa->portid,  in create_inline_session()
417 				&sa->attr, sa->pattern, sa->action, &err);  in create_inline_session()
418 		if (sa->flow == NULL) {  in create_inline_session()
429 				rte_eth_dev_get_sec_ctx(sa->portid);  in create_inline_session()
438 		set_ipsec_conf(sa, &(sess_conf.ipsec));  in create_inline_session()
451 		sess_conf.userdata = (void *) sa;  in create_inline_session()
477 			    sec_cap->ipsec.direction == sa->direction)  in create_inline_session()
496 create_ipsec_esp_flow(struct ipsec_sa *sa)  in create_ipsec_esp_flow()  argument
500 	if (sa->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {  in create_ipsec_esp_flow()
505 	if (sa->flags == TRANSPORT) {  in create_ipsec_esp_flow()
510 	sa->action[0].type = RTE_FLOW_ACTION_TYPE_QUEUE;  in create_ipsec_esp_flow()
511 	sa->pattern[0].type = RTE_FLOW_ITEM_TYPE_ETH;  in create_ipsec_esp_flow()
512 	sa->action[0].conf = &(struct rte_flow_action_queue) {  in create_ipsec_esp_flow()
513 				.index = sa->fdir_qid,  in create_ipsec_esp_flow()
515 	sa->attr.egress = 0;  in create_ipsec_esp_flow()
516 	sa->attr.ingress = 1;  in create_ipsec_esp_flow()
517 	if (IS_IP6(sa->flags)) {  in create_ipsec_esp_flow()
518 		sa->pattern[1].mask = &rte_flow_item_ipv6_mask;  in create_ipsec_esp_flow()
519 		sa->pattern[1].type = RTE_FLOW_ITEM_TYPE_IPV6;  in create_ipsec_esp_flow()
520 		sa->pattern[1].spec = &sa->ipv6_spec;  in create_ipsec_esp_flow()
521 		memcpy(sa->ipv6_spec.hdr.dst_addr,  in create_ipsec_esp_flow()
522 			sa->dst.ip.ip6.ip6_b, sizeof(sa->dst.ip.ip6.ip6_b));  in create_ipsec_esp_flow()
523 		memcpy(sa->ipv6_spec.hdr.src_addr,  in create_ipsec_esp_flow()
524 			sa->src.ip.ip6.ip6_b, sizeof(sa->src.ip.ip6.ip6_b));  in create_ipsec_esp_flow()
525 		sa->pattern[2].type = RTE_FLOW_ITEM_TYPE_ESP;  in create_ipsec_esp_flow()
526 		sa->pattern[2].spec = &sa->esp_spec;  in create_ipsec_esp_flow()
527 		sa->pattern[2].mask = &rte_flow_item_esp_mask;  in create_ipsec_esp_flow()
528 		sa->esp_spec.hdr.spi = rte_cpu_to_be_32(sa->spi);  in create_ipsec_esp_flow()
529 		sa->pattern[3].type = RTE_FLOW_ITEM_TYPE_END;  in create_ipsec_esp_flow()
530 	} else if (IS_IP4(sa->flags)) {  in create_ipsec_esp_flow()
531 		sa->pattern[1].mask = &rte_flow_item_ipv4_mask;  in create_ipsec_esp_flow()
532 		sa->pattern[1].type = RTE_FLOW_ITEM_TYPE_IPV4;  in create_ipsec_esp_flow()
533 		sa->pattern[1].spec = &sa->ipv4_spec;  in create_ipsec_esp_flow()
534 		sa->ipv4_spec.hdr.dst_addr = sa->dst.ip.ip4;  in create_ipsec_esp_flow()
535 		sa->ipv4_spec.hdr.src_addr = sa->src.ip.ip4;  in create_ipsec_esp_flow()
536 		sa->pattern[2].type = RTE_FLOW_ITEM_TYPE_ESP;  in create_ipsec_esp_flow()
537 		sa->pattern[2].spec = &sa->esp_spec;  in create_ipsec_esp_flow()
538 		sa->pattern[2].mask = &rte_flow_item_esp_mask;  in create_ipsec_esp_flow()
539 		sa->esp_spec.hdr.spi = rte_cpu_to_be_32(sa->spi);  in create_ipsec_esp_flow()
540 		sa->pattern[3].type = RTE_FLOW_ITEM_TYPE_END;  in create_ipsec_esp_flow()
542 	sa->action[1].type = RTE_FLOW_ACTION_TYPE_END;  in create_ipsec_esp_flow()
544 	ret = rte_flow_validate(sa->portid, &sa->attr, sa->pattern, sa->action,  in create_ipsec_esp_flow()
551 	sa->flow = rte_flow_create(sa->portid, &sa->attr, sa->pattern,  in create_ipsec_esp_flow()
552 					sa->action, &err);  in create_ipsec_esp_flow()
553 	if (!sa->flow) {  in create_ipsec_esp_flow()
600 	struct ipsec_sa *sa;  in ipsec_enqueue()  local
613 		sa = ipsec_mask_saptr(sas[i]);  in ipsec_enqueue()
614 		priv->sa = sa;  in ipsec_enqueue()
615 		ips = ipsec_get_primary_session(sa);  in ipsec_enqueue()
625 				create_lookaside_session(ipsec_ctx, sa, ips)) {  in ipsec_enqueue()
634 					sa->udp_encap != 1)) {  in ipsec_enqueue()
660 				create_lookaside_session(ipsec_ctx, sa, ips)) {  in ipsec_enqueue()
668 			ret = xform_func(pkts[i], sa, &priv->cop);  in ipsec_enqueue()
692 			ret = xform_func(pkts[i], sa, &priv->cop);  in ipsec_enqueue()
707 		RTE_ASSERT(sa->cdev_id_qp < ipsec_ctx->nb_qps);  in ipsec_enqueue()
708 		enqueue_cop(&ipsec_ctx->tbl[sa->cdev_id_qp], &priv->cop);  in ipsec_enqueue()
718 	struct ipsec_sa *sa;  in ipsec_inline_dequeue()  local
726 		sa = priv->sa;  in ipsec_inline_dequeue()
727 		ret = xform_func(pkt, sa, &priv->cop);  in ipsec_inline_dequeue()
745 	struct ipsec_sa *sa;  in ipsec_dequeue()  local
768 			sa = priv->sa;  in ipsec_dequeue()
770 			RTE_ASSERT(sa != NULL);  in ipsec_dequeue()
772 			if (ipsec_get_action_type(sa) ==  in ipsec_dequeue()
774 				ret = xform_func(pkt, sa, cops[j]);  in ipsec_dequeue()
779 			} else if (ipsec_get_action_type(sa) ==  in ipsec_dequeue()