NVIDIA DOCA SDK Data Center on a Chip Framework Documentation
Macros | Functions
flow_decrypt.c File Reference
#include <rte_ethdev.h>
#include <rte_ether.h>
#include <rte_ip.h>
#include <doca_flow.h>
#include <doca_log.h>
#include <doca_bitfield.h>
#include "flow_decrypt.h"
Include dependency graph for flow_decrypt.c:

Go to the source code of this file.

Macros

#define DECAP_MAC_TYPE_IDX   12 /* index in decap raw data for inner l3 type */
 
#define DECAP_IDX_SRC_MAC   6 /* index in decap raw data for source mac */
 
#define DECAP_MARKER_HEADER_SIZE   8 /* non-ESP marker header size */
 
#define UDP_DST_PORT_FOR_ESP   4500 /* the udp dest port will be 4500 when next header is ESP */
 

Functions

 DOCA_LOG_REGISTER (IPSEC_SECURITY_GW::flow_decrypt)
 
static doca_error_t create_ipsec_decrypt_pipe (struct doca_flow_port *port, int expected_entries, enum doca_flow_l3_type l3_type, struct ipsec_security_gw_config *app_cfg, struct security_gateway_pipe_info *pipe_info)
 
static void get_bad_syndrome_pipe_fwd (struct ipsec_security_gw_config *app_cfg, uint16_t *rss_queues, struct doca_flow_fwd *fwd)
 
static doca_error_t create_bad_syndrome_pipe (struct ipsec_security_gw_config *app_cfg, struct doca_flow_port *port, int expected_entries, struct doca_flow_pipe **pipe)
 
static doca_error_t add_bad_syndrome_pipe_entry (struct doca_flow_pipe *pipe, struct decrypt_rule *rule, uint32_t rule_id, struct entries_status *decrypt_status, enum doca_flow_flags_type flags, int queue_id)
 
static doca_error_t add_vxlan_decap_pipe_entry (struct doca_flow_port *port, struct security_gateway_pipe_info *pipe, struct ipsec_security_gw_config *app_cfg)
 
static doca_error_t create_vxlan_decap_pipe (struct doca_flow_port *port, struct ipsec_security_gw_config *app_cfg, struct doca_flow_pipe *next_pipe, struct security_gateway_pipe_info *pipe)
 
static doca_error_t create_ipsec_decap_pipe (struct doca_flow_port *port, struct ipsec_security_gw_config *app_cfg, struct doca_flow_fwd *fwd, struct security_gateway_pipe_info *pipe_info)
 
static doca_error_t create_marker_decap_pipe (struct doca_flow_port *port, struct ipsec_security_gw_config *app_cfg)
 
static void create_tunnel_decap_tunnel (struct doca_flow_header_eth *eth_header, enum doca_flow_l3_type inner_l3_type, uint8_t *reformat_data, uint16_t *reformat_data_sz)
 
static doca_error_t add_decap_pipe_entries (struct ipsec_security_gw_config *app_cfg, struct doca_flow_port *port, struct doca_flow_header_eth *eth_header, struct security_gateway_pipe_info *pipe)
 
static doca_error_t create_control_pipe (struct doca_flow_port *port, bool is_root, bool debug_mode, struct security_gateway_pipe_info *pipe_info)
 
static doca_error_t add_control_pipe_entries (struct security_gateway_pipe_info *control_pipe, struct ipsec_security_gw_config *app_cfg, bool is_root)
 
static doca_error_t create_ipsec_decrypt_shared_object (struct ipsec_security_gw_sa_attrs *app_sa_attrs, struct ipsec_security_gw_config *app_cfg, uint32_t ipsec_id)
 
doca_error_t add_decrypt_entry (struct decrypt_rule *rule, int rule_id, struct doca_flow_port *port, struct ipsec_security_gw_config *app_cfg)
 
doca_error_t bind_decrypt_ids (int nb_rules, int initial_id, struct doca_flow_port *port)
 
doca_error_t add_decrypt_entries (struct ipsec_security_gw_config *app_cfg, struct ipsec_security_gw_ports_map *port, uint16_t queue_id, int nb_rules, int rule_offset)
 
doca_error_t ipsec_security_gw_insert_decrypt_rules (struct ipsec_security_gw_ports_map *ports[], struct ipsec_security_gw_config *app_cfg)
 
static doca_error_t mbuf_get_seg_ofs (struct rte_mbuf *mb, uint32_t offset, struct rte_mbuf **seg_buf, uint32_t *seg_offset)
 
static doca_error_t remove_packet_tail (struct rte_mbuf **m, uint32_t icv_len, uint32_t *next_proto)
 
static doca_error_t decap_packet_tunnel (struct rte_mbuf **m, struct ipsec_security_gw_core_ctx *ctx)
 
static doca_error_t decap_packet_transport (struct rte_mbuf **m, struct ipsec_security_gw_core_ctx *ctx, bool udp_transport)
 
static void get_esp_sn (struct rte_mbuf *m, enum ipsec_security_gw_mode mode, uint32_t *sn)
 
static void anti_replay (uint32_t sn, struct antireplay_state *state, bool *drop)
 
doca_error_t handle_secured_packets_received (struct rte_mbuf **packet, bool bad_syndrome_check, struct ipsec_security_gw_core_ctx *ctx)
 

Macro Definition Documentation

◆ DECAP_IDX_SRC_MAC

#define DECAP_IDX_SRC_MAC   6 /* index in decap raw data for source mac */

Definition at line 38 of file flow_decrypt.c.

◆ DECAP_MAC_TYPE_IDX

#define DECAP_MAC_TYPE_IDX   12 /* index in decap raw data for inner l3 type */

Definition at line 37 of file flow_decrypt.c.

◆ DECAP_MARKER_HEADER_SIZE

#define DECAP_MARKER_HEADER_SIZE   8 /* non-ESP marker header size */

Definition at line 39 of file flow_decrypt.c.

◆ UDP_DST_PORT_FOR_ESP

#define UDP_DST_PORT_FOR_ESP   4500 /* the udp dest port will be 4500 when next header is ESP */

Definition at line 40 of file flow_decrypt.c.

Function Documentation

◆ add_bad_syndrome_pipe_entry()

static doca_error_t add_bad_syndrome_pipe_entry ( struct doca_flow_pipe *  pipe,
struct decrypt_rule rule,
uint32_t  rule_id,
struct entries_status decrypt_status,
enum doca_flow_flags_type  flags,
int  queue_id 
)
static

Definition at line 319 of file flow_decrypt.c.

◆ add_control_pipe_entries()

static doca_error_t add_control_pipe_entries ( struct security_gateway_pipe_info control_pipe,
struct ipsec_security_gw_config app_cfg,
bool  is_root 
)
static

Definition at line 1091 of file flow_decrypt.c.

◆ add_decap_pipe_entries()

static doca_error_t add_decap_pipe_entries ( struct ipsec_security_gw_config app_cfg,
struct doca_flow_port *  port,
struct doca_flow_header_eth eth_header,
struct security_gateway_pipe_info pipe 
)
static

Definition at line 942 of file flow_decrypt.c.

◆ add_decrypt_entries()

doca_error_t add_decrypt_entries ( struct ipsec_security_gw_config app_cfg,
struct ipsec_security_gw_ports_map port,
uint16_t  queue_id,
int  nb_rules,
int  rule_offset 
)

Definition at line 1387 of file flow_decrypt.c.

◆ add_decrypt_entry()

doca_error_t add_decrypt_entry ( struct decrypt_rule rule,
int  rule_id,
struct doca_flow_port *  port,
struct ipsec_security_gw_config app_cfg 
)

Definition at line 1271 of file flow_decrypt.c.

◆ add_vxlan_decap_pipe_entry()

static doca_error_t add_vxlan_decap_pipe_entry ( struct doca_flow_port *  port,
struct security_gateway_pipe_info pipe,
struct ipsec_security_gw_config app_cfg 
)
static

Definition at line 431 of file flow_decrypt.c.

◆ anti_replay()

static void anti_replay ( uint32_t  sn,
struct antireplay_state state,
bool drop 
)
static

Definition at line 1867 of file flow_decrypt.c.

◆ bind_decrypt_ids()

doca_error_t bind_decrypt_ids ( int  nb_rules,
int  initial_id,
struct doca_flow_port *  port 
)

Definition at line 1359 of file flow_decrypt.c.

◆ create_bad_syndrome_pipe()

static doca_error_t create_bad_syndrome_pipe ( struct ipsec_security_gw_config app_cfg,
struct doca_flow_port *  port,
int  expected_entries,
struct doca_flow_pipe **  pipe 
)
static

Definition at line 208 of file flow_decrypt.c.

◆ create_control_pipe()

static doca_error_t create_control_pipe ( struct doca_flow_port *  port,
bool  is_root,
bool  debug_mode,
struct security_gateway_pipe_info pipe_info 
)
static

Definition at line 1028 of file flow_decrypt.c.

◆ create_ipsec_decap_pipe()

static doca_error_t create_ipsec_decap_pipe ( struct doca_flow_port *  port,
struct ipsec_security_gw_config app_cfg,
struct doca_flow_fwd fwd,
struct security_gateway_pipe_info pipe_info 
)
static

Definition at line 578 of file flow_decrypt.c.

◆ create_ipsec_decrypt_pipe()

static doca_error_t create_ipsec_decrypt_pipe ( struct doca_flow_port *  port,
int  expected_entries,
enum doca_flow_l3_type  l3_type,
struct ipsec_security_gw_config app_cfg,
struct security_gateway_pipe_info pipe_info 
)
static

Definition at line 52 of file flow_decrypt.c.

◆ create_ipsec_decrypt_shared_object()

static doca_error_t create_ipsec_decrypt_shared_object ( struct ipsec_security_gw_sa_attrs app_sa_attrs,
struct ipsec_security_gw_config app_cfg,
uint32_t  ipsec_id 
)
static

Definition at line 1240 of file flow_decrypt.c.

◆ create_marker_decap_pipe()

static doca_error_t create_marker_decap_pipe ( struct doca_flow_port *  port,
struct ipsec_security_gw_config app_cfg 
)
static

Definition at line 722 of file flow_decrypt.c.

◆ create_tunnel_decap_tunnel()

static void create_tunnel_decap_tunnel ( struct doca_flow_header_eth eth_header,
enum doca_flow_l3_type  inner_l3_type,
uint8_t *  reformat_data,
uint16_t *  reformat_data_sz 
)
static

Definition at line 891 of file flow_decrypt.c.

◆ create_vxlan_decap_pipe()

static doca_error_t create_vxlan_decap_pipe ( struct doca_flow_port *  port,
struct ipsec_security_gw_config app_cfg,
struct doca_flow_pipe *  next_pipe,
struct security_gateway_pipe_info pipe 
)
static

Definition at line 490 of file flow_decrypt.c.

◆ decap_packet_transport()

static doca_error_t decap_packet_transport ( struct rte_mbuf **  m,
struct ipsec_security_gw_core_ctx ctx,
bool  udp_transport 
)
static

Definition at line 1770 of file flow_decrypt.c.

◆ decap_packet_tunnel()

static doca_error_t decap_packet_tunnel ( struct rte_mbuf **  m,
struct ipsec_security_gw_core_ctx ctx 
)
static

Definition at line 1717 of file flow_decrypt.c.

◆ DOCA_LOG_REGISTER()

DOCA_LOG_REGISTER ( IPSEC_SECURITY_GW::flow_decrypt  )

◆ get_bad_syndrome_pipe_fwd()

static void get_bad_syndrome_pipe_fwd ( struct ipsec_security_gw_config app_cfg,
uint16_t *  rss_queues,
struct doca_flow_fwd fwd 
)
static

Definition at line 170 of file flow_decrypt.c.

◆ get_esp_sn()

static void get_esp_sn ( struct rte_mbuf *  m,
enum ipsec_security_gw_mode  mode,
uint32_t *  sn 
)
static

Definition at line 1832 of file flow_decrypt.c.

◆ handle_secured_packets_received()

doca_error_t handle_secured_packets_received ( struct rte_mbuf **  packet,
bool  bad_syndrome_check,
struct ipsec_security_gw_core_ctx ctx 
)

Definition at line 1905 of file flow_decrypt.c.

◆ ipsec_security_gw_insert_decrypt_rules()

doca_error_t ipsec_security_gw_insert_decrypt_rules ( struct ipsec_security_gw_ports_map ports[],
struct ipsec_security_gw_config app_cfg 
)

Definition at line 1514 of file flow_decrypt.c.

◆ mbuf_get_seg_ofs()

static doca_error_t mbuf_get_seg_ofs ( struct rte_mbuf *  mb,
uint32_t  offset,
struct rte_mbuf **  seg_buf,
uint32_t *  seg_offset 
)
static

Definition at line 1643 of file flow_decrypt.c.

◆ remove_packet_tail()

static doca_error_t remove_packet_tail ( struct rte_mbuf **  m,
uint32_t  icv_len,
uint32_t *  next_proto 
)
static

Definition at line 1678 of file flow_decrypt.c.