NVIDIA DOCA SDK Data Center on a Chip Framework Documentation
Macros | Functions | Variables
flow_encrypt.c File Reference
#include <rte_ethdev.h>
#include <doca_log.h>
#include <doca_bitfield.h>
#include <pack.h>
#include <utils.h>
#include "doca_flow.h"
#include "flow_encrypt.h"
Include dependency graph for flow_encrypt.c:

Go to the source code of this file.

Macros

#define ENCAP_DST_IP_IDX_IP4   30 /* index in encap raw data for destination IPv4 */
 
#define ENCAP_DST_IP_IDX_IP6   38 /* index in encap raw data for destination IPv4 */
 
#define ENCAP_IP_ID_IDX_IP4   18 /* index in encap raw data for IPv4 ID */
 
#define ENCAP_IDX_SRC_MAC   6 /* index in encap raw data for source mac */
 
#define ENCAP_DST_UDP_PORT_IDX   2 /* index in encap raw data for UDP destination port */
 
#define ENCAP_ESP_SPI_IDX_TUNNEL_IP4   34 /* index in encap raw data for esp SPI in IPv4 tunnel */
 
#define ENCAP_ESP_SPI_IDX_TUNNEL_IP6   54 /* index in encap raw data for esp SPI in IPv6 tunnel */
 
#define ENCAP_ESP_SPI_IDX_TRANSPORT   0 /* index in encap raw data for esp SPI in transport mode*/
 
#define ENCAP_ESP_SPI_IDX_UDP_TRANSPORT   8 /* index in encap raw data for esp SPI in transport over UDP mode*/
 
#define ENCAP_ESP_SN_IDX_TUNNEL_IP4   38 /* index in encap raw data for esp SN in IPv4 tunnel */
 
#define ENCAP_ESP_SN_IDX_TUNNEL_IP6   58 /* index in encap raw data for esp SN in IPv6 tunnel */
 
#define ENCAP_ESP_SN_IDX_TRANSPORT   4 /* index in encap raw data for esp SN in transport mode*/
 
#define ENCAP_ESP_SN_IDX_UDP_TRANSPORT   12 /* index in encap raw data for esp SN in transport over UDP mode*/
 
#define ENCAP_MARKER_HEADER_SIZE   8 /* non-ESP marker header size */
 
#define PADDING_ALIGN   4 /* padding alignment */
 

Functions

 DOCA_LOG_REGISTER (IPSEC_SECURITY_GW::flow_encrypt)
 
static void create_transport_encap (struct encrypt_rule *rule, bool sw_sn_inc, uint8_t *reformat_data, uint16_t *reformat_data_sz)
 
static void create_udp_transport_encap (struct encrypt_rule *rule, bool sw_sn_inc, uint8_t *reformat_data, uint16_t *reformat_data_sz)
 
static void create_ipv4_tunnel_encap (struct encrypt_rule *rule, bool sw_sn_inc, struct doca_flow_header_eth *eth_header, uint8_t *reformat_data, uint16_t *reformat_data_sz)
 
static void create_ipv6_tunnel_encap (struct encrypt_rule *rule, bool sw_sn_inc, struct doca_flow_header_eth *eth_header, uint8_t *reformat_data, uint16_t *reformat_data_sz)
 
static doca_error_t create_egress_ip_classifier (struct doca_flow_port *port, bool is_root, bool debug_mode, struct encrypt_pipes *encrypt_pipes, struct ipsec_security_gw_config *app_cfg)
 
static doca_error_t add_vxlan_encap_pipe_entry (struct doca_flow_port *port, struct security_gateway_pipe_info *pipe, struct ipsec_security_gw_config *app_cfg)
 
static doca_error_t create_vxlan_encap_pipe (struct doca_flow_port *port, int port_id, struct ipsec_security_gw_config *app_cfg)
 
static doca_error_t create_marker_encap_pipe (struct doca_flow_port *port, uint16_t port_id, struct ipsec_security_gw_config *app_cfg)
 
static doca_error_t create_ipsec_encrypt_pipe (struct doca_flow_port *port, uint16_t port_id, int expected_entries, struct ipsec_security_gw_config *app_cfg, enum doca_flow_l3_meta l3_type, struct security_gateway_pipe_info *pipe_info)
 
static doca_error_t create_ipsec_src_ip6_pipe (struct doca_flow_port *port, bool debug_mode, int expected_entries, enum doca_flow_l4_type_ext protocol_type, struct doca_flow_pipe *hairpin_pipe, struct security_gateway_pipe_info *pipe_info)
 
static doca_error_t create_ipsec_hairpin_pipe (struct doca_flow_port *port, bool debug_mode, int expected_entries, enum doca_flow_l4_type_ext protocol_type, enum doca_flow_l3_type l3_type, struct doca_flow_fwd *fwd, struct security_gateway_pipe_info *pipe_info)
 
static doca_error_t create_control_pipe (struct doca_flow_port *port, bool is_root, bool debug_mode, struct security_gateway_pipe_info *pipe_info)
 
static bool is_perf_bw (struct ipsec_security_gw_config *app_cfg)
 
static doca_error_t add_control_pipe_entries (struct security_gateway_pipe_info *control_pipe, struct encrypt_pipes *pipes, bool perf_bw, bool debug_mode, bool is_root)
 
static void create_ipsec_encrypt_shared_object_transport (struct doca_flow_crypto_encap_action *crypto_cfg, struct encrypt_rule *rule)
 
static void create_ipsec_encrypt_shared_object_transport_over_udp (struct doca_flow_crypto_encap_action *crypto_cfg, struct encrypt_rule *rule)
 
static void create_ipsec_encrypt_shared_object_tunnel (struct doca_flow_crypto_encap_action *crypto_cfg, struct encrypt_rule *rule, struct doca_flow_header_eth *eth_header)
 
static doca_error_t create_ipsec_encrypt_shared_object (struct ipsec_security_gw_sa_attrs *app_sa_attrs, struct ipsec_security_gw_config *app_cfg, uint32_t ipsec_id)
 
static void get_pipe_for_rule (struct encrypt_rule *rule, struct encrypt_pipes *pipes, bool src_ip6, struct security_gateway_pipe_info **pipe)
 
static doca_error_t add_src_ip6_entry (struct doca_flow_port *port, struct encrypt_rule *rule, struct encrypt_pipes *pipes, struct entries_status *hairpin_status, uint32_t src_ip_id, uint16_t queue_id, bool debug_mode, int i)
 
static doca_error_t add_five_tuple_match_entry (struct doca_flow_port *port, struct encrypt_rule *rule, struct ipsec_security_gw_config *app_cfg, int nb_rules, int i, uint16_t queue_id, struct entries_status *hairpin_status)
 
doca_error_t add_encrypt_entry (struct encrypt_rule *rule, int rule_id, struct ipsec_security_gw_ports_map **ports, struct ipsec_security_gw_config *app_cfg)
 
doca_error_t bind_encrypt_ids (int nb_rules, struct doca_flow_port *port)
 
doca_error_t add_encrypt_entries (struct ipsec_security_gw_config *app_cfg, struct ipsec_security_gw_ports_map *ports[], uint16_t queue_id, int nb_rules, int rule_offset)
 
doca_error_t ipsec_security_gw_create_encrypt_egress (struct ipsec_security_gw_ports_map *ports[], struct ipsec_security_gw_config *app_cfg)
 
doca_error_t ipsec_security_gw_insert_encrypt_rules (struct ipsec_security_gw_ports_map *ports[], struct ipsec_security_gw_config *app_cfg)
 
static doca_error_t prepare_packet_tunnel (struct rte_mbuf **m, struct ipsec_security_gw_core_ctx *ctx, uint32_t rule_idx)
 
static doca_error_t prepare_packet_transport (struct rte_mbuf **m, struct ipsec_security_gw_core_ctx *ctx, uint32_t rule_idx, bool udp_transport)
 
doca_error_t handle_unsecured_packets_received (struct rte_mbuf **packet, struct ipsec_security_gw_core_ctx *ctx)
 

Variables

static const uint8_t esp_pad_bytes [15]
 
static uint16_t current_ip_id
 

Macro Definition Documentation

◆ ENCAP_DST_IP_IDX_IP4

#define ENCAP_DST_IP_IDX_IP4   30 /* index in encap raw data for destination IPv4 */

Definition at line 38 of file flow_encrypt.c.

◆ ENCAP_DST_IP_IDX_IP6

#define ENCAP_DST_IP_IDX_IP6   38 /* index in encap raw data for destination IPv4 */

Definition at line 39 of file flow_encrypt.c.

◆ ENCAP_DST_UDP_PORT_IDX

#define ENCAP_DST_UDP_PORT_IDX   2 /* index in encap raw data for UDP destination port */

Definition at line 42 of file flow_encrypt.c.

◆ ENCAP_ESP_SN_IDX_TRANSPORT

#define ENCAP_ESP_SN_IDX_TRANSPORT   4 /* index in encap raw data for esp SN in transport mode*/

Definition at line 49 of file flow_encrypt.c.

◆ ENCAP_ESP_SN_IDX_TUNNEL_IP4

#define ENCAP_ESP_SN_IDX_TUNNEL_IP4   38 /* index in encap raw data for esp SN in IPv4 tunnel */

Definition at line 47 of file flow_encrypt.c.

◆ ENCAP_ESP_SN_IDX_TUNNEL_IP6

#define ENCAP_ESP_SN_IDX_TUNNEL_IP6   58 /* index in encap raw data for esp SN in IPv6 tunnel */

Definition at line 48 of file flow_encrypt.c.

◆ ENCAP_ESP_SN_IDX_UDP_TRANSPORT

#define ENCAP_ESP_SN_IDX_UDP_TRANSPORT   12 /* index in encap raw data for esp SN in transport over UDP mode*/

Definition at line 50 of file flow_encrypt.c.

◆ ENCAP_ESP_SPI_IDX_TRANSPORT

#define ENCAP_ESP_SPI_IDX_TRANSPORT   0 /* index in encap raw data for esp SPI in transport mode*/

Definition at line 45 of file flow_encrypt.c.

◆ ENCAP_ESP_SPI_IDX_TUNNEL_IP4

#define ENCAP_ESP_SPI_IDX_TUNNEL_IP4   34 /* index in encap raw data for esp SPI in IPv4 tunnel */

Definition at line 43 of file flow_encrypt.c.

◆ ENCAP_ESP_SPI_IDX_TUNNEL_IP6

#define ENCAP_ESP_SPI_IDX_TUNNEL_IP6   54 /* index in encap raw data for esp SPI in IPv6 tunnel */

Definition at line 44 of file flow_encrypt.c.

◆ ENCAP_ESP_SPI_IDX_UDP_TRANSPORT

#define ENCAP_ESP_SPI_IDX_UDP_TRANSPORT   8 /* index in encap raw data for esp SPI in transport over UDP mode*/

Definition at line 46 of file flow_encrypt.c.

◆ ENCAP_IDX_SRC_MAC

#define ENCAP_IDX_SRC_MAC   6 /* index in encap raw data for source mac */

Definition at line 41 of file flow_encrypt.c.

◆ ENCAP_IP_ID_IDX_IP4

#define ENCAP_IP_ID_IDX_IP4   18 /* index in encap raw data for IPv4 ID */

Definition at line 40 of file flow_encrypt.c.

◆ ENCAP_MARKER_HEADER_SIZE

#define ENCAP_MARKER_HEADER_SIZE   8 /* non-ESP marker header size */

Definition at line 52 of file flow_encrypt.c.

◆ PADDING_ALIGN

#define PADDING_ALIGN   4 /* padding alignment */

Definition at line 53 of file flow_encrypt.c.

Function Documentation

◆ add_control_pipe_entries()

static doca_error_t add_control_pipe_entries ( struct security_gateway_pipe_info control_pipe,
struct encrypt_pipes pipes,
bool  perf_bw,
bool  debug_mode,
bool  is_root 
)
static

Definition at line 1244 of file flow_encrypt.c.

◆ add_encrypt_entries()

doca_error_t add_encrypt_entries ( struct ipsec_security_gw_config app_cfg,
struct ipsec_security_gw_ports_map ports[],
uint16_t  queue_id,
int  nb_rules,
int  rule_offset 
)

Definition at line 1835 of file flow_encrypt.c.

◆ add_encrypt_entry()

doca_error_t add_encrypt_entry ( struct encrypt_rule rule,
int  rule_id,
struct ipsec_security_gw_ports_map **  ports,
struct ipsec_security_gw_config app_cfg 
)

Definition at line 1694 of file flow_encrypt.c.

◆ add_five_tuple_match_entry()

static doca_error_t add_five_tuple_match_entry ( struct doca_flow_port *  port,
struct encrypt_rule rule,
struct ipsec_security_gw_config app_cfg,
int  nb_rules,
int  i,
uint16_t  queue_id,
struct entries_status hairpin_status 
)
static

Definition at line 1604 of file flow_encrypt.c.

◆ add_src_ip6_entry()

static doca_error_t add_src_ip6_entry ( struct doca_flow_port *  port,
struct encrypt_rule rule,
struct encrypt_pipes pipes,
struct entries_status hairpin_status,
uint32_t  src_ip_id,
uint16_t  queue_id,
bool  debug_mode,
int  i 
)
static

Definition at line 1535 of file flow_encrypt.c.

◆ add_vxlan_encap_pipe_entry()

static doca_error_t add_vxlan_encap_pipe_entry ( struct doca_flow_port *  port,
struct security_gateway_pipe_info pipe,
struct ipsec_security_gw_config app_cfg 
)
static

Definition at line 461 of file flow_encrypt.c.

◆ bind_encrypt_ids()

doca_error_t bind_encrypt_ids ( int  nb_rules,
struct doca_flow_port *  port 
)

Definition at line 1806 of file flow_encrypt.c.

◆ create_control_pipe()

static doca_error_t create_control_pipe ( struct doca_flow_port *  port,
bool  is_root,
bool  debug_mode,
struct security_gateway_pipe_info pipe_info 
)
static

Definition at line 1167 of file flow_encrypt.c.

◆ create_egress_ip_classifier()

static doca_error_t create_egress_ip_classifier ( struct doca_flow_port *  port,
bool  is_root,
bool  debug_mode,
struct encrypt_pipes encrypt_pipes,
struct ipsec_security_gw_config app_cfg 
)
static

Definition at line 313 of file flow_encrypt.c.

◆ create_ipsec_encrypt_pipe()

static doca_error_t create_ipsec_encrypt_pipe ( struct doca_flow_port *  port,
uint16_t  port_id,
int  expected_entries,
struct ipsec_security_gw_config app_cfg,
enum doca_flow_l3_meta  l3_type,
struct security_gateway_pipe_info pipe_info 
)
static

Definition at line 776 of file flow_encrypt.c.

◆ create_ipsec_encrypt_shared_object()

static doca_error_t create_ipsec_encrypt_shared_object ( struct ipsec_security_gw_sa_attrs app_sa_attrs,
struct ipsec_security_gw_config app_cfg,
uint32_t  ipsec_id 
)
static

Definition at line 1459 of file flow_encrypt.c.

◆ create_ipsec_encrypt_shared_object_transport()

static void create_ipsec_encrypt_shared_object_transport ( struct doca_flow_crypto_encap_action crypto_cfg,
struct encrypt_rule rule 
)
static

Definition at line 1416 of file flow_encrypt.c.

◆ create_ipsec_encrypt_shared_object_transport_over_udp()

static void create_ipsec_encrypt_shared_object_transport_over_udp ( struct doca_flow_crypto_encap_action crypto_cfg,
struct encrypt_rule rule 
)
static

Definition at line 1428 of file flow_encrypt.c.

◆ create_ipsec_encrypt_shared_object_tunnel()

static void create_ipsec_encrypt_shared_object_tunnel ( struct doca_flow_crypto_encap_action crypto_cfg,
struct encrypt_rule rule,
struct doca_flow_header_eth eth_header 
)
static

Definition at line 1441 of file flow_encrypt.c.

◆ create_ipsec_hairpin_pipe()

static doca_error_t create_ipsec_hairpin_pipe ( struct doca_flow_port *  port,
bool  debug_mode,
int  expected_entries,
enum doca_flow_l4_type_ext  protocol_type,
enum doca_flow_l3_type  l3_type,
struct doca_flow_fwd fwd,
struct security_gateway_pipe_info pipe_info 
)
static

Definition at line 1057 of file flow_encrypt.c.

◆ create_ipsec_src_ip6_pipe()

static doca_error_t create_ipsec_src_ip6_pipe ( struct doca_flow_port *  port,
bool  debug_mode,
int  expected_entries,
enum doca_flow_l4_type_ext  protocol_type,
struct doca_flow_pipe *  hairpin_pipe,
struct security_gateway_pipe_info pipe_info 
)
static

Definition at line 947 of file flow_encrypt.c.

◆ create_ipv4_tunnel_encap()

static void create_ipv4_tunnel_encap ( struct encrypt_rule rule,
bool  sw_sn_inc,
struct doca_flow_header_eth eth_header,
uint8_t *  reformat_data,
uint16_t *  reformat_data_sz 
)
static

Definition at line 174 of file flow_encrypt.c.

◆ create_ipv6_tunnel_encap()

static void create_ipv6_tunnel_encap ( struct encrypt_rule rule,
bool  sw_sn_inc,
struct doca_flow_header_eth eth_header,
uint8_t *  reformat_data,
uint16_t *  reformat_data_sz 
)
static

Definition at line 236 of file flow_encrypt.c.

◆ create_marker_encap_pipe()

static doca_error_t create_marker_encap_pipe ( struct doca_flow_port *  port,
uint16_t  port_id,
struct ipsec_security_gw_config app_cfg 
)
static

Definition at line 625 of file flow_encrypt.c.

◆ create_transport_encap()

static void create_transport_encap ( struct encrypt_rule rule,
bool  sw_sn_inc,
uint8_t *  reformat_data,
uint16_t *  reformat_data_sz 
)
static

Definition at line 83 of file flow_encrypt.c.

◆ create_udp_transport_encap()

static void create_udp_transport_encap ( struct encrypt_rule rule,
bool  sw_sn_inc,
uint8_t *  reformat_data,
uint16_t *  reformat_data_sz 
)
static

Definition at line 131 of file flow_encrypt.c.

◆ create_vxlan_encap_pipe()

static doca_error_t create_vxlan_encap_pipe ( struct doca_flow_port *  port,
int  port_id,
struct ipsec_security_gw_config app_cfg 
)
static

Definition at line 527 of file flow_encrypt.c.

◆ DOCA_LOG_REGISTER()

DOCA_LOG_REGISTER ( IPSEC_SECURITY_GW::flow_encrypt  )

◆ get_pipe_for_rule()

static void get_pipe_for_rule ( struct encrypt_rule rule,
struct encrypt_pipes pipes,
bool  src_ip6,
struct security_gateway_pipe_info **  pipe 
)
static

Definition at line 1497 of file flow_encrypt.c.

◆ handle_unsecured_packets_received()

doca_error_t handle_unsecured_packets_received ( struct rte_mbuf **  packet,
struct ipsec_security_gw_core_ctx ctx 
)

Definition at line 2409 of file flow_encrypt.c.

◆ ipsec_security_gw_create_encrypt_egress()

doca_error_t ipsec_security_gw_create_encrypt_egress ( struct ipsec_security_gw_ports_map ports[],
struct ipsec_security_gw_config app_cfg 
)

Definition at line 1973 of file flow_encrypt.c.

◆ ipsec_security_gw_insert_encrypt_rules()

doca_error_t ipsec_security_gw_insert_encrypt_rules ( struct ipsec_security_gw_ports_map ports[],
struct ipsec_security_gw_config app_cfg 
)

Definition at line 2046 of file flow_encrypt.c.

◆ is_perf_bw()

static bool is_perf_bw ( struct ipsec_security_gw_config app_cfg)
inlinestatic

Definition at line 1223 of file flow_encrypt.c.

◆ prepare_packet_transport()

static doca_error_t prepare_packet_transport ( struct rte_mbuf **  m,
struct ipsec_security_gw_core_ctx ctx,
uint32_t  rule_idx,
bool  udp_transport 
)
static

Definition at line 2295 of file flow_encrypt.c.

◆ prepare_packet_tunnel()

static doca_error_t prepare_packet_tunnel ( struct rte_mbuf **  m,
struct ipsec_security_gw_core_ctx ctx,
uint32_t  rule_idx 
)
static

Definition at line 2197 of file flow_encrypt.c.

Variable Documentation

◆ current_ip_id

uint16_t current_ip_id
static

Definition at line 73 of file flow_encrypt.c.

◆ esp_pad_bytes

const uint8_t esp_pad_bytes[15]
static
Initial value:
= {
1,
2,
3,
4,
5,
6,
7,
8,
9,
10,
11,
12,
13,
14,
15,
}

Definition at line 55 of file flow_encrypt.c.