@@ -749,8 +749,7 @@ create_ipsec_session(struct rte_mempool *sess_mp,
else
sess_conf.ipsec.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
- struct rte_security_ctx *ctx = (struct rte_security_ctx *)
- rte_cryptodev_get_sec_ctx(dev_id);
+ void *ctx = rte_cryptodev_get_sec_ctx(dev_id);
/* Create security session */
return (void *)rte_security_session_create(ctx, &sess_conf, sess_mp);
@@ -853,8 +852,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
.crypto_xform = &cipher_xform
};
- struct rte_security_ctx *ctx = (struct rte_security_ctx *)
- rte_cryptodev_get_sec_ctx(dev_id);
+ void *ctx = rte_cryptodev_get_sec_ctx(dev_id);
/* Create security session */
return (void *)rte_security_session_create(ctx, &sess_conf, sess_mp);
@@ -901,8 +899,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
} },
.crypto_xform = &cipher_xform
};
- struct rte_security_ctx *ctx = (struct rte_security_ctx *)
- rte_cryptodev_get_sec_ctx(dev_id);
+ void *ctx = rte_cryptodev_get_sec_ctx(dev_id);
/* Create security session */
return (void *)rte_security_session_create(ctx, &sess_conf, sess_mp);
@@ -53,8 +53,7 @@ cperf_latency_test_free(struct cperf_latency_ctx *ctx)
else if (ctx->options->op_type == CPERF_PDCP ||
ctx->options->op_type == CPERF_DOCSIS ||
ctx->options->op_type == CPERF_IPSEC) {
- struct rte_security_ctx *sec_ctx =
- rte_cryptodev_get_sec_ctx(ctx->dev_id);
+ void *sec_ctx = rte_cryptodev_get_sec_ctx(ctx->dev_id);
rte_security_session_destroy(sec_ctx, ctx->sess);
}
#endif
@@ -67,11 +67,9 @@ cperf_pmd_cyclecount_test_free(struct cperf_pmd_cyclecount_ctx *ctx)
#ifdef RTE_LIB_SECURITY
if (ctx->options->op_type == CPERF_PDCP ||
ctx->options->op_type == CPERF_DOCSIS) {
- struct rte_security_ctx *sec_ctx =
- (struct rte_security_ctx *)
- rte_cryptodev_get_sec_ctx(ctx->dev_id);
- rte_security_session_destroy(sec_ctx,
- (void *)ctx->sess);
+ void *sec_ctx = rte_cryptodev_get_sec_ctx(ctx->dev_id);
+
+ rte_security_session_destroy(sec_ctx, (void *)ctx->sess);
} else
#endif
rte_cryptodev_sym_session_free(ctx->dev_id, ctx->sess);
@@ -44,12 +44,9 @@ cperf_throughput_test_free(struct cperf_throughput_ctx *ctx)
else if (ctx->options->op_type == CPERF_PDCP ||
ctx->options->op_type == CPERF_DOCSIS ||
ctx->options->op_type == CPERF_IPSEC) {
- struct rte_security_ctx *sec_ctx =
- (struct rte_security_ctx *)
- rte_cryptodev_get_sec_ctx(ctx->dev_id);
- rte_security_session_destroy(
- sec_ctx,
- (void *)ctx->sess);
+ void *sec_ctx = rte_cryptodev_get_sec_ctx(ctx->dev_id);
+
+ rte_security_session_destroy(sec_ctx, (void *)ctx->sess);
}
#endif
else
@@ -48,8 +48,8 @@ cperf_verify_test_free(struct cperf_verify_ctx *ctx)
else if (ctx->options->op_type == CPERF_PDCP ||
ctx->options->op_type == CPERF_DOCSIS ||
ctx->options->op_type == CPERF_IPSEC) {
- struct rte_security_ctx *sec_ctx =
- rte_cryptodev_get_sec_ctx(ctx->dev_id);
+ void *sec_ctx = rte_cryptodev_get_sec_ctx(ctx->dev_id);
+
rte_security_session_destroy(sec_ctx, ctx->sess);
}
#endif
@@ -344,7 +344,7 @@ test_security_session_perf(void *arg)
struct rte_security_session_conf sess_conf;
int i, ret, nb_sessions, nb_sess_total;
struct rte_security_session **sess;
- struct rte_security_ctx *sec_ctx;
+ void *sec_ctx;
double setup_rate, destroy_rate;
uint64_t setup_ms, destroy_ms;
struct lcore_conf *conf = arg;
@@ -8931,9 +8931,7 @@ security_proto_supported(enum rte_security_session_action_type action,
const struct rte_security_capability *capability;
uint16_t i = 0;
- struct rte_security_ctx *ctx = (struct rte_security_ctx *)
- rte_cryptodev_get_sec_ctx(
- ts_params->valid_devs[0]);
+ void *ctx = rte_cryptodev_get_sec_ctx(ts_params->valid_devs[0]);
capabilities = rte_security_capabilities_get(ctx);
@@ -8973,9 +8971,7 @@ static int test_pdcp_proto(int i, int oop, enum rte_crypto_cipher_operation opc,
struct crypto_unittest_params *ut_params = &unittest_params;
uint8_t *plaintext;
int ret = TEST_SUCCESS;
- struct rte_security_ctx *ctx = (struct rte_security_ctx *)
- rte_cryptodev_get_sec_ctx(
- ts_params->valid_devs[0]);
+ void *ctx = rte_cryptodev_get_sec_ctx(ts_params->valid_devs[0]);
struct rte_cryptodev_info dev_info;
uint64_t feat_flags;
@@ -9180,9 +9176,7 @@ test_pdcp_proto_SGL(int i, int oop,
unsigned int trn_data = 0;
struct rte_cryptodev_info dev_info;
uint64_t feat_flags;
- struct rte_security_ctx *ctx = (struct rte_security_ctx *)
- rte_cryptodev_get_sec_ctx(
- ts_params->valid_devs[0]);
+ void *ctx = rte_cryptodev_get_sec_ctx(ts_params->valid_devs[0]);
struct rte_mbuf *temp_mbuf;
rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
@@ -9905,7 +9899,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[],
struct ipsec_test_data *res_d_tmp = NULL;
uint8_t input_text[IPSEC_TEXT_MAX_LEN];
int salt_len, i, ret = TEST_SUCCESS;
- struct rte_security_ctx *ctx;
+ void *ctx;
uint32_t src, dst;
uint32_t verify;
@@ -11088,9 +11082,7 @@ test_docsis_proto_uplink(const void *data)
uint32_t crc_data_len;
int ret = TEST_SUCCESS;
- struct rte_security_ctx *ctx = (struct rte_security_ctx *)
- rte_cryptodev_get_sec_ctx(
- ts_params->valid_devs[0]);
+ void *ctx = rte_cryptodev_get_sec_ctx(ts_params->valid_devs[0]);
/* Verify the capabilities */
struct rte_security_capability_idx sec_cap_idx;
@@ -11272,9 +11264,7 @@ test_docsis_proto_downlink(const void *data)
int32_t cipher_len, crc_len;
int ret = TEST_SUCCESS;
- struct rte_security_ctx *ctx = (struct rte_security_ctx *)
- rte_cryptodev_get_sec_ctx(
- ts_params->valid_devs[0]);
+ void *ctx = rte_cryptodev_get_sec_ctx(ts_params->valid_devs[0]);
/* Verify the capabilities */
struct rte_security_capability_idx sec_cap_idx;
@@ -1249,7 +1249,7 @@ test_ipsec_status_check(const struct ipsec_test_data *td,
}
int
-test_ipsec_stats_verify(struct rte_security_ctx *ctx,
+test_ipsec_stats_verify(void *ctx,
void *sess,
const struct ipsec_test_flags *flags,
enum rte_security_ipsec_sa_direction dir)
@@ -302,7 +302,7 @@ int test_ipsec_status_check(const struct ipsec_test_data *td,
enum rte_security_ipsec_sa_direction dir,
int pkt_num);
-int test_ipsec_stats_verify(struct rte_security_ctx *ctx,
+int test_ipsec_stats_verify(void *ctx,
void *sess,
const struct ipsec_test_flags *flags,
enum rte_security_ipsec_sa_direction dir);
@@ -136,7 +136,7 @@ init_packet(struct rte_mempool *mp, const uint8_t *data, unsigned int len)
static int
init_mempools(unsigned int nb_mbuf)
{
- struct rte_security_ctx *sec_ctx;
+ void *sec_ctx;
uint16_t nb_sess = 512;
uint32_t sess_sz;
char s[64];
@@ -482,7 +482,7 @@ test_macsec_post_process(struct rte_mbuf *m, const struct mcs_test_vector *td,
}
static void
-mcs_stats_dump(struct rte_security_ctx *ctx, enum mcs_op op,
+mcs_stats_dump(void *ctx, enum mcs_op op,
void *rx_sess, void *tx_sess,
uint8_t rx_sc_id, uint8_t tx_sc_id,
uint16_t rx_sa_id[], uint16_t tx_sa_id[])
@@ -667,7 +667,7 @@ mcs_stats_dump(struct rte_security_ctx *ctx, enum mcs_op op,
}
static int
-mcs_stats_check(struct rte_security_ctx *ctx, enum mcs_op op,
+mcs_stats_check(void *ctx, enum mcs_op op,
const struct mcs_test_opts *opts,
const struct mcs_test_vector *td,
void *rx_sess, void *tx_sess,
@@ -900,7 +900,7 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
struct rte_security_macsec_sa sa_conf = {0};
struct rte_security_macsec_sc sc_conf = {0};
struct mcs_err_vector err_vector = {0};
- struct rte_security_ctx *ctx;
+ void *ctx;
int nb_rx = 0, nb_sent;
int i, j = 0, ret, id, an = 0;
uint8_t tci_off;
@@ -908,7 +908,7 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs
memset(rx_pkts_burst, 0, sizeof(rx_pkts_burst[0]) * opts->nb_td);
- ctx = (struct rte_security_ctx *)rte_eth_dev_get_sec_ctx(port_id);
+ ctx = rte_eth_dev_get_sec_ctx(port_id);
if (ctx == NULL) {
printf("Ethernet device doesn't support security features.\n");
return TEST_SKIPPED;
@@ -136,7 +136,7 @@ static struct rte_flow *default_flow[RTE_MAX_ETHPORTS];
/* Create Inline IPsec session */
static int
create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid,
- void **sess, struct rte_security_ctx **ctx,
+ void **sess, void **ctx,
uint32_t *ol_flags, const struct ipsec_test_flags *flags,
struct rte_security_session_conf *sess_conf)
{
@@ -149,7 +149,7 @@ create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid,
struct rte_security_capability_idx sec_cap_idx;
const struct rte_security_capability *sec_cap;
enum rte_security_ipsec_sa_direction dir;
- struct rte_security_ctx *sec_ctx;
+ void *sec_ctx;
uint32_t verify;
sess_conf->action_type = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL;
@@ -221,7 +221,7 @@ create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid,
sess_conf->userdata = (void *) sa;
- sec_ctx = (struct rte_security_ctx *)rte_eth_dev_get_sec_ctx(portid);
+ sec_ctx = rte_eth_dev_get_sec_ctx(portid);
if (sec_ctx == NULL) {
printf("Ethernet device doesn't support security features.\n");
return TEST_SKIPPED;
@@ -503,7 +503,7 @@ init_packet(struct rte_mempool *mp, const uint8_t *data, unsigned int len, bool
static int
init_mempools(unsigned int nb_mbuf)
{
- struct rte_security_ctx *sec_ctx;
+ void *sec_ctx;
uint16_t nb_sess = 512;
uint32_t sess_sz;
char s[64];
@@ -846,7 +846,7 @@ test_ipsec_with_reassembly(struct reassembly_vector *vector,
struct rte_crypto_sym_xform auth_in = {0};
struct rte_crypto_sym_xform aead_in = {0};
struct ipsec_test_data sa_data;
- struct rte_security_ctx *ctx;
+ void *ctx;
unsigned int i, nb_rx = 0, j;
uint32_t ol_flags;
bool outer_ipv4;
@@ -1113,7 +1113,7 @@ test_ipsec_inline_proto_process(struct ipsec_test_data *td,
struct rte_crypto_sym_xform auth = {0};
struct rte_crypto_sym_xform aead = {0};
struct sa_expiry_vector vector = {0};
- struct rte_security_ctx *ctx;
+ void *ctx;
int nb_rx = 0, nb_sent;
uint32_t ol_flags;
int i, j = 0, ret;
@@ -1398,7 +1398,7 @@ test_ipsec_inline_proto_process_with_esn(struct ipsec_test_data td[],
struct rte_mbuf *tx_pkt = NULL;
int nb_rx, nb_sent;
void *ses;
- struct rte_security_ctx *ctx;
+ void *ctx;
uint32_t ol_flags;
bool outer_ipv4;
int i, ret;
@@ -139,9 +139,6 @@ Deprecation Notices
which got error interrupt to the application,
so that application can reset that particular queue pair.
-* security: Hide structures ``rte_security_ops`` and ``rte_security_ctx``
- as these are internal to DPDK library and drivers.
-
* eventdev: The single-event (non-burst) enqueue and dequeue operations,
used by static inline burst enqueue and dequeue functions in ``rte_eventdev.h``,
will be removed in DPDK 23.11.
@@ -144,6 +144,9 @@ API Changes
except ``rte_thread_setname()`` and ``rte_ctrl_thread_create()`` which are
replaced with ``rte_thread_set_name()`` and ``rte_thread_create_control()``.
+* security: Structures ``rte_security_ops`` and ``rte_security_ctx`` were moved to
+ internal library headers not visible to application.
+
ABI Changes
-----------
@@ -568,7 +568,7 @@ process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx,
static inline void
process_pkts(struct lcore_conf *qconf, struct rte_mbuf **pkts,
- uint8_t nb_pkts, uint16_t portid, struct rte_security_ctx *ctx)
+ uint8_t nb_pkts, uint16_t portid, void *ctx)
{
struct ipsec_traffic traffic;
@@ -205,7 +205,7 @@ verify_ipsec_capabilities(struct rte_security_ipsec_xform *ipsec_xform,
static inline int
-verify_security_capabilities(struct rte_security_ctx *ctx,
+verify_security_capabilities(void *ctx,
struct rte_security_session_conf *sess_conf,
uint32_t *ol_flags)
{
@@ -327,9 +327,7 @@ create_lookaside_session(struct ipsec_ctx *ipsec_ctx_lcore[],
};
if (ips->type == RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) {
- struct rte_security_ctx *ctx = (struct rte_security_ctx *)
- rte_cryptodev_get_sec_ctx(
- cdev_id);
+ void *ctx = rte_cryptodev_get_sec_ctx(cdev_id);
/* Set IPsec parameters in conf */
set_ipsec_conf(sa, &(sess_conf.ipsec));
@@ -411,7 +409,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
struct rte_ipsec_session *ips)
{
int32_t ret = 0;
- struct rte_security_ctx *sec_ctx;
+ void *sec_ctx;
struct rte_security_session_conf sess_conf = {
.action_type = ips->type,
.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
@@ -490,9 +488,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
struct rte_flow_error err;
int ret = 0;
- sec_ctx = (struct rte_security_ctx *)
- rte_eth_dev_get_sec_ctx(
- sa->portid);
+ sec_ctx = rte_eth_dev_get_sec_ctx(sa->portid);
if (sec_ctx == NULL) {
RTE_LOG(ERR, IPSEC,
" rte_eth_dev_get_sec_ctx failed\n");
@@ -657,8 +653,7 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
return -1;
}
} else if (ips->type == RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) {
- sec_ctx = (struct rte_security_ctx *)
- rte_eth_dev_get_sec_ctx(sa->portid);
+ sec_ctx = rte_eth_dev_get_sec_ctx(sa->portid);
if (sec_ctx == NULL) {
RTE_LOG(ERR, IPSEC,
@@ -279,7 +279,7 @@ struct cnt_blk {
struct lcore_rx_queue {
uint16_t port_id;
uint8_t queue_id;
- struct rte_security_ctx *sec_ctx;
+ void *sec_ctx;
} __rte_cache_aligned;
struct buffer {
@@ -20,7 +20,7 @@
struct port_drv_mode_data {
void *sess;
- struct rte_security_ctx *ctx;
+ void *ctx;
};
typedef void (*ipsec_worker_fn_t)(void);
@@ -119,7 +119,7 @@ adjust_ipv6_pktlen(struct rte_mbuf *m, const struct rte_ipv6_hdr *iph,
}
static __rte_always_inline void
-prepare_one_packet(struct rte_security_ctx *ctx, struct rte_mbuf *pkt,
+prepare_one_packet(void *ctx, struct rte_mbuf *pkt,
struct ipsec_traffic *t)
{
uint32_t ptype = pkt->packet_type;
@@ -230,7 +230,7 @@ prepare_one_packet(struct rte_security_ctx *ctx, struct rte_mbuf *pkt,
}
static __rte_always_inline void
-prepare_traffic(struct rte_security_ctx *ctx, struct rte_mbuf **pkts,
+prepare_traffic(void *ctx, struct rte_mbuf **pkts,
struct ipsec_traffic *t, uint16_t nb_pkts)
{
int32_t i;
@@ -60,11 +60,12 @@ rte_security_oop_dynfield_register(void)
}
void *
-rte_security_session_create(struct rte_security_ctx *instance,
+rte_security_session_create(void *ctx,
struct rte_security_session_conf *conf,
struct rte_mempool *mp)
{
struct rte_security_session *sess = NULL;
+ struct rte_security_ctx *instance = ctx;
uint32_t sess_priv_size;
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_create, NULL, NULL);
@@ -93,10 +94,10 @@ rte_security_session_create(struct rte_security_ctx *instance,
}
int
-rte_security_session_update(struct rte_security_ctx *instance,
- void *sess,
- struct rte_security_session_conf *conf)
+rte_security_session_update(void *ctx, void *sess, struct rte_security_session_conf *conf)
{
+ struct rte_security_ctx *instance = ctx;
+
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_update, -EINVAL,
-ENOTSUP);
RTE_PTR_OR_ERR_RET(sess, -EINVAL);
@@ -106,8 +107,10 @@ rte_security_session_update(struct rte_security_ctx *instance,
}
unsigned int
-rte_security_session_get_size(struct rte_security_ctx *instance)
+rte_security_session_get_size(void *ctx)
{
+ struct rte_security_ctx *instance = ctx;
+
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_get_size, 0, 0);
return (sizeof(struct rte_security_session) +
@@ -115,10 +118,10 @@ rte_security_session_get_size(struct rte_security_ctx *instance)
}
int
-rte_security_session_stats_get(struct rte_security_ctx *instance,
- void *sess,
- struct rte_security_stats *stats)
+rte_security_session_stats_get(void *ctx, void *sess, struct rte_security_stats *stats)
{
+ struct rte_security_ctx *instance = ctx;
+
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_stats_get, -EINVAL,
-ENOTSUP);
/* Parameter sess can be NULL in case of getting global statistics. */
@@ -128,8 +131,9 @@ rte_security_session_stats_get(struct rte_security_ctx *instance,
}
int
-rte_security_session_destroy(struct rte_security_ctx *instance, void *sess)
+rte_security_session_destroy(void *ctx, void *sess)
{
+ struct rte_security_ctx *instance = ctx;
int ret;
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_destroy, -EINVAL,
@@ -149,9 +153,9 @@ rte_security_session_destroy(struct rte_security_ctx *instance, void *sess)
}
int
-rte_security_macsec_sc_create(struct rte_security_ctx *instance,
- struct rte_security_macsec_sc *conf)
+rte_security_macsec_sc_create(void *ctx, struct rte_security_macsec_sc *conf)
{
+ struct rte_security_ctx *instance = ctx;
int sc_id;
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sc_create, -EINVAL, -ENOTSUP);
@@ -165,9 +169,9 @@ rte_security_macsec_sc_create(struct rte_security_ctx *instance,
}
int
-rte_security_macsec_sa_create(struct rte_security_ctx *instance,
- struct rte_security_macsec_sa *conf)
+rte_security_macsec_sa_create(void *ctx, struct rte_security_macsec_sa *conf)
{
+ struct rte_security_ctx *instance = ctx;
int sa_id;
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sa_create, -EINVAL, -ENOTSUP);
@@ -181,9 +185,10 @@ rte_security_macsec_sa_create(struct rte_security_ctx *instance,
}
int
-rte_security_macsec_sc_destroy(struct rte_security_ctx *instance, uint16_t sc_id,
+rte_security_macsec_sc_destroy(void *ctx, uint16_t sc_id,
enum rte_security_macsec_direction dir)
{
+ struct rte_security_ctx *instance = ctx;
int ret;
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sc_destroy, -EINVAL, -ENOTSUP);
@@ -199,9 +204,10 @@ rte_security_macsec_sc_destroy(struct rte_security_ctx *instance, uint16_t sc_id
}
int
-rte_security_macsec_sa_destroy(struct rte_security_ctx *instance, uint16_t sa_id,
+rte_security_macsec_sa_destroy(void *ctx, uint16_t sa_id,
enum rte_security_macsec_direction dir)
{
+ struct rte_security_ctx *instance = ctx;
int ret;
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sa_destroy, -EINVAL, -ENOTSUP);
@@ -217,10 +223,12 @@ rte_security_macsec_sa_destroy(struct rte_security_ctx *instance, uint16_t sa_id
}
int
-rte_security_macsec_sc_stats_get(struct rte_security_ctx *instance, uint16_t sc_id,
+rte_security_macsec_sc_stats_get(void *ctx, uint16_t sc_id,
enum rte_security_macsec_direction dir,
struct rte_security_macsec_sc_stats *stats)
{
+ struct rte_security_ctx *instance = ctx;
+
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sc_stats_get, -EINVAL, -ENOTSUP);
RTE_PTR_OR_ERR_RET(stats, -EINVAL);
@@ -228,10 +236,12 @@ rte_security_macsec_sc_stats_get(struct rte_security_ctx *instance, uint16_t sc_
}
int
-rte_security_macsec_sa_stats_get(struct rte_security_ctx *instance, uint16_t sa_id,
+rte_security_macsec_sa_stats_get(void *ctx, uint16_t sa_id,
enum rte_security_macsec_direction dir,
struct rte_security_macsec_sa_stats *stats)
{
+ struct rte_security_ctx *instance = ctx;
+
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sa_stats_get, -EINVAL, -ENOTSUP);
RTE_PTR_OR_ERR_RET(stats, -EINVAL);
@@ -239,10 +249,9 @@ rte_security_macsec_sa_stats_get(struct rte_security_ctx *instance, uint16_t sa_
}
int
-__rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
- void *sess,
- struct rte_mbuf *m, void *params)
+__rte_security_set_pkt_metadata(void *ctx, void *sess, struct rte_mbuf *m, void *params)
{
+ struct rte_security_ctx *instance = ctx;
#ifdef RTE_DEBUG
RTE_PTR_OR_ERR_RET(sess, -EINVAL);
RTE_PTR_OR_ERR_RET(instance, -EINVAL);
@@ -255,19 +264,21 @@ __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
}
const struct rte_security_capability *
-rte_security_capabilities_get(struct rte_security_ctx *instance)
+rte_security_capabilities_get(void *ctx)
{
+ struct rte_security_ctx *instance = ctx;
+
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, capabilities_get, NULL, NULL);
return instance->ops->capabilities_get(instance->device);
}
const struct rte_security_capability *
-rte_security_capability_get(struct rte_security_ctx *instance,
- struct rte_security_capability_idx *idx)
+rte_security_capability_get(void *ctx, struct rte_security_capability_idx *idx)
{
const struct rte_security_capability *capabilities;
const struct rte_security_capability *capability;
+ struct rte_security_ctx *instance = ctx;
uint16_t i = 0;
RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, capabilities_get, NULL, NULL);
@@ -401,12 +412,12 @@ static int
security_capabilities_from_dev_id(int dev_id, const void **caps)
{
const struct rte_security_capability *capabilities;
- struct rte_security_ctx *sec_ctx;
+ void *sec_ctx;
if (rte_cryptodev_is_valid_dev(dev_id) == 0)
return -EINVAL;
- sec_ctx = (struct rte_security_ctx *)rte_cryptodev_get_sec_ctx(dev_id);
+ sec_ctx = rte_cryptodev_get_sec_ctx(dev_id);
RTE_PTR_OR_ERR_RET(sec_ctx, -EINVAL);
capabilities = rte_security_capabilities_get(sec_ctx);
@@ -56,30 +56,6 @@ enum rte_security_ipsec_tunnel_type {
#define RTE_SECURITY_IPSEC_TUNNEL_VERIFY_DST_ADDR 0x1
#define RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR 0x2
-/**
- * Security context for crypto/eth devices
- *
- * Security instance for each driver to register security operations.
- * The application can get the security context from the crypto/eth device id
- * using the APIs rte_cryptodev_get_sec_ctx()/rte_eth_dev_get_sec_ctx()
- * This structure is used to identify the device(crypto/eth) for which the
- * security operations need to be performed.
- */
-struct rte_security_ctx {
- void *device;
- /**< Crypto/ethernet device attached */
- const struct rte_security_ops *ops;
- /**< Pointer to security ops for the device */
- uint16_t sess_cnt;
- /**< Number of sessions attached to this context */
- uint16_t macsec_sc_cnt;
- /**< Number of MACsec SC attached to this context */
- uint16_t macsec_sa_cnt;
- /**< Number of MACsec SA attached to this context */
- uint32_t flags;
- /**< Flags for security context */
-};
-
#define RTE_SEC_CTX_F_FAST_SET_MDATA 0x00000001
/**< Driver uses fast metadata update without using driver specific callback.
* For fast mdata, mbuf dynamic field would be registered by driver
@@ -695,7 +671,7 @@ struct rte_security_session_conf {
* - On failure, NULL
*/
void *
-rte_security_session_create(struct rte_security_ctx *instance,
+rte_security_session_create(void *instance,
struct rte_security_session_conf *conf,
struct rte_mempool *mp);
@@ -711,7 +687,7 @@ rte_security_session_create(struct rte_security_ctx *instance,
*/
__rte_experimental
int
-rte_security_session_update(struct rte_security_ctx *instance,
+rte_security_session_update(void *instance,
void *sess,
struct rte_security_session_conf *conf);
@@ -725,7 +701,7 @@ rte_security_session_update(struct rte_security_ctx *instance,
* - 0 if device is invalid or does not support the operation.
*/
unsigned int
-rte_security_session_get_size(struct rte_security_ctx *instance);
+rte_security_session_get_size(void *instance);
/**
* Free security session header and the session private data and
@@ -742,7 +718,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance);
* - other negative values in case of freeing private data errors.
*/
int
-rte_security_session_destroy(struct rte_security_ctx *instance, void *sess);
+rte_security_session_destroy(void *instance, void *sess);
/**
* @warning
@@ -761,7 +737,7 @@ rte_security_session_destroy(struct rte_security_ctx *instance, void *sess);
*/
__rte_experimental
int
-rte_security_macsec_sc_create(struct rte_security_ctx *instance,
+rte_security_macsec_sc_create(void *instance,
struct rte_security_macsec_sc *conf);
/**
@@ -780,7 +756,7 @@ rte_security_macsec_sc_create(struct rte_security_ctx *instance,
*/
__rte_experimental
int
-rte_security_macsec_sc_destroy(struct rte_security_ctx *instance, uint16_t sc_id,
+rte_security_macsec_sc_destroy(void *instance, uint16_t sc_id,
enum rte_security_macsec_direction dir);
/**
@@ -800,7 +776,7 @@ rte_security_macsec_sc_destroy(struct rte_security_ctx *instance, uint16_t sc_id
*/
__rte_experimental
int
-rte_security_macsec_sa_create(struct rte_security_ctx *instance,
+rte_security_macsec_sa_create(void *instance,
struct rte_security_macsec_sa *conf);
/**
@@ -819,7 +795,7 @@ rte_security_macsec_sa_create(struct rte_security_ctx *instance,
*/
__rte_experimental
int
-rte_security_macsec_sa_destroy(struct rte_security_ctx *instance, uint16_t sa_id,
+rte_security_macsec_sa_destroy(void *instance, uint16_t sa_id,
enum rte_security_macsec_direction dir);
/** Device-specific metadata field type */
@@ -889,6 +865,27 @@ static inline bool rte_security_dynfield_is_registered(void)
return rte_security_dynfield_offset >= 0;
}
+#define RTE_SECURITY_CTX_FLAGS_OFF 4
+/**
+ * Get security flags from security instance.
+ */
+static inline uint32_t
+rte_security_ctx_flags_get(void *ctx)
+{
+ return *((uint32_t *)ctx + RTE_SECURITY_CTX_FLAGS_OFF);
+}
+
+/**
+ * Set security flags in security instance.
+ */
+static inline void
+rte_security_ctx_flags_set(void *ctx, uint32_t flags)
+{
+ uint32_t *data;
+ data = (((uint32_t *)ctx) + RTE_SECURITY_CTX_FLAGS_OFF);
+ *data = flags;
+}
+
#define RTE_SECURITY_SESS_OPAQUE_DATA_OFF 0
#define RTE_SECURITY_SESS_FAST_MDATA_OFF 1
/**
@@ -933,7 +930,7 @@ rte_security_session_fast_mdata_set(void *sess, uint64_t fdata)
/** Function to call PMD specific function pointer set_pkt_metadata() */
__rte_experimental
-int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
+int __rte_security_set_pkt_metadata(void *instance,
void *sess,
struct rte_mbuf *m, void *params);
@@ -951,12 +948,12 @@ int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
* - On failure, a negative value.
*/
static inline int
-rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
+rte_security_set_pkt_metadata(void *instance,
void *sess,
struct rte_mbuf *mb, void *params)
{
/* Fast Path */
- if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) {
+ if (rte_security_ctx_flags_get(instance) & RTE_SEC_CTX_F_FAST_SET_MDATA) {
*rte_security_dynfield(mb) = (rte_security_dynfield_t)
rte_security_session_fast_mdata_get(sess);
return 0;
@@ -1105,7 +1102,7 @@ struct rte_security_stats {
*/
__rte_experimental
int
-rte_security_session_stats_get(struct rte_security_ctx *instance,
+rte_security_session_stats_get(void *instance,
void *sess,
struct rte_security_stats *stats);
@@ -1125,7 +1122,7 @@ rte_security_session_stats_get(struct rte_security_ctx *instance,
*/
__rte_experimental
int
-rte_security_macsec_sa_stats_get(struct rte_security_ctx *instance,
+rte_security_macsec_sa_stats_get(void *instance,
uint16_t sa_id, enum rte_security_macsec_direction dir,
struct rte_security_macsec_sa_stats *stats);
@@ -1145,7 +1142,7 @@ rte_security_macsec_sa_stats_get(struct rte_security_ctx *instance,
*/
__rte_experimental
int
-rte_security_macsec_sc_stats_get(struct rte_security_ctx *instance,
+rte_security_macsec_sc_stats_get(void *instance,
uint16_t sc_id, enum rte_security_macsec_direction dir,
struct rte_security_macsec_sc_stats *stats);
@@ -1296,7 +1293,7 @@ struct rte_security_capability_idx {
* - Return NULL if no capabilities available.
*/
const struct rte_security_capability *
-rte_security_capabilities_get(struct rte_security_ctx *instance);
+rte_security_capabilities_get(void *instance);
/**
* Query if a specific capability is available on security instance
@@ -1310,7 +1307,7 @@ rte_security_capabilities_get(struct rte_security_ctx *instance);
* - Return NULL if the capability not matched on security instance.
*/
const struct rte_security_capability *
-rte_security_capability_get(struct rte_security_ctx *instance,
+rte_security_capability_get(void *instance,
struct rte_security_capability_idx *idx);
#ifdef __cplusplus
@@ -37,6 +37,30 @@ struct rte_security_session {
/**< Private session material, variable size (depends on driver) */
};
+/**
+ * Security context for crypto/eth devices
+ *
+ * Security instance for each driver to register security operations.
+ * The application can get the security context from the crypto/eth device id
+ * using the APIs rte_cryptodev_get_sec_ctx()/rte_eth_dev_get_sec_ctx()
+ * This structure is used to identify the device(crypto/eth) for which the
+ * security operations need to be performed.
+ */
+struct rte_security_ctx {
+ void *device;
+ /**< Crypto/ethernet device attached */
+ const struct rte_security_ops *ops;
+ /**< Pointer to security ops for the device */
+ uint32_t flags;
+ /**< Flags for security context */
+ uint16_t sess_cnt;
+ /**< Number of sessions attached to this context */
+ uint16_t macsec_sc_cnt;
+ /**< Number of MACsec SC attached to this context */
+ uint16_t macsec_sa_cnt;
+ /**< Number of MACsec SA attached to this context */
+};
+
/**
* Helper macro to get driver private data
*/