NVIDIA DOCA SDK Data Center on a Chip Framework Documentation
Data Structures | Macros | Functions
policy.h File Reference
#include <sys/un.h>
#include "flow_encrypt.h"
#include "flow_decrypt.h"
Include dependency graph for policy.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  ipsec_security_gw_ipsec_policy
 

Macros

#define MAX_IP_ADDR_LEN   (INET6_ADDRSTRLEN) /* Maximal IP address size */
 
#define POLICY_DIR_IN   (0) /* Ingress traffic */
 
#define POLICY_DIR_OUT   (1) /* Egress traffic */
 
#define POLICY_MODE_TRANSPORT   (0) /* Policy transport mode */
 
#define POLICY_MODE_TUNNEL   (1) /* Policy tunnel mode */
 
#define POLICY_L3_TYPE_IPV4   (4) /* Policy L3 type IPV4 */
 
#define POLICY_L3_TYPE_IPV6   (6) /* Policy L3 type IPV6 */
 
#define POLICY_L4_TYPE_UDP   (IPPROTO_UDP) /* Policy L4 type UDP */
 
#define POLICY_L4_TYPE_TCP   (IPPROTO_TCP) /* Policy L4 type TCP */
 
#define POLICY_KEY_TYPE_128   (0) /* Policy key type 128 */
 
#define POLICY_KEY_TYPE_256   (1) /* Policy key type 256 */
 
#define POLICY_RECORD_MIN_SIZE   (224) /* Record size for Key of 16 bytes */
 
#define POLICY_RECORD_MAX_SIZE   (240) /* Record size for Key of 32 bytes */
 

Functions

void print_policy_attrs (struct ipsec_security_gw_ipsec_policy *policy)
 
doca_error_t ipsec_security_gw_handle_encrypt_policy (struct ipsec_security_gw_config *app_cfg, struct ipsec_security_gw_ports_map *ports[], struct ipsec_security_gw_ipsec_policy *policy, struct encrypt_rule *rule)
 
doca_error_t ipsec_security_gw_handle_decrypt_policy (struct ipsec_security_gw_config *app_cfg, struct doca_flow_port *secured_port, struct ipsec_security_gw_ipsec_policy *policy, struct decrypt_rule *rule)
 

Macro Definition Documentation

◆ MAX_IP_ADDR_LEN

#define MAX_IP_ADDR_LEN   (INET6_ADDRSTRLEN) /* Maximal IP address size */

DOCA Policy for Security Association (SA) Attributes (IPSec):

+--------------—+--------------—+--------------------—+-------------------—+ | MSG length (4) | +--------------—+--------------—+--------------------—+-------------------—+ | src_port (2) | dst_port (2) | +--------------—+--------------—+--------------------—+-------------------—+ | l3_protocol (1) | l4_protocol (1) | outer_l3_protocol (1) | direction (1) | +--------------—+--------------—+--------------------—+-------------------—+ | layer_mode (1) | ESN (1) | icv_length (1) | key_type (1) | +--------------—+--------------—+--------------------—+-------------------—+ | SPI (4) | +--------------—+--------------—+--------------------—+-------------------—+ | salt (4) | +--------------—+--------------—+--------------------—+-------------------—+ | | | src_ip_addr (47) | | | +--------------—+--------------—+--------------------—+-------------------—+ | | | dst_ip_addr (47) | | | +--------------—+--------------—+--------------------—+-------------------—+ | | | outer_src_ip (47) | | | +--------------—+--------------—+--------------------—+-------------------—+ | | | outer_dst_ip (47) | | | +--------------—+--------------—+--------------------—+-------------------—+ | | | enc_key (K) | | | +--------------—+--------------—+--------------------—+-------------------—+

Notes:

  • All fields are to be represented in Network-Order (Big Endian)
  • Each message over UDS transport starts with 4 bytes message length for policy record size
  • Valid policy record sizes (not including message length): 224 bytes (K = 16), 240 Bytes (K = 32)

Fields Explained:

src_port - Inner source port (L4) dst_port - Inner destination port (L4) l3_protocol - Inner L3 protocol: {IPPROTO_IPV4 (0x04), IPPROTO_IPV6 (0x06)} l4_protocol - Inner L4 protocol: {IPPROTO_UDP (0x11), IPPROTO_TCP (0x06)} outer_l3_protocol - Outer L3 protocol: {IPPROTO_IPV4 (0x04), IPPROTO_IPV6 (0x06)} direction - Traffic direction {Ingress traffic (0), Egress traffic (1)} layer_mode - IPSEC mode: {POLICY_MODE_TRANSPORT (0), POLICY_MODE_TUNNEL (1)} ESN - Is ESN enabled? {FALSE (0), TRUE (1)} icv_length - ICV length: {8, 12, 16} key_type - AES Key type: {128 Bits (0), 256 Bits (1)} SPI - Security Parameter Index (SPI) salt - Cryptographic salt src_ip_addr - Inner IP source address - String format, padded with \0 bytes to max size (INET6_ADDRSTRLEN := 46) dst_ip_addr - Inner IP destination address - String format, padded with \0 bytes to max size (INET6_ADDRSTRLEN := 46) outer_src_ip - Outer IP source address - String format, padded with \0 bytes to max size (INET6_ADDRSTRLEN := 46) outer_dst_ip - Outer IP destination address - String format, padded with \0 bytes to max size (INET6_ADDRSTRLEN := 46) enc_key - Encryption key - Length (K) matching key_type (16 bytes / 32 bytes)

Definition at line 108 of file policy.h.

◆ POLICY_DIR_IN

#define POLICY_DIR_IN   (0) /* Ingress traffic */

Definition at line 109 of file policy.h.

◆ POLICY_DIR_OUT

#define POLICY_DIR_OUT   (1) /* Egress traffic */

Definition at line 110 of file policy.h.

◆ POLICY_KEY_TYPE_128

#define POLICY_KEY_TYPE_128   (0) /* Policy key type 128 */

Definition at line 117 of file policy.h.

◆ POLICY_KEY_TYPE_256

#define POLICY_KEY_TYPE_256   (1) /* Policy key type 256 */

Definition at line 118 of file policy.h.

◆ POLICY_L3_TYPE_IPV4

#define POLICY_L3_TYPE_IPV4   (4) /* Policy L3 type IPV4 */

Definition at line 113 of file policy.h.

◆ POLICY_L3_TYPE_IPV6

#define POLICY_L3_TYPE_IPV6   (6) /* Policy L3 type IPV6 */

Definition at line 114 of file policy.h.

◆ POLICY_L4_TYPE_TCP

#define POLICY_L4_TYPE_TCP   (IPPROTO_TCP) /* Policy L4 type TCP */

Definition at line 116 of file policy.h.

◆ POLICY_L4_TYPE_UDP

#define POLICY_L4_TYPE_UDP   (IPPROTO_UDP) /* Policy L4 type UDP */

Definition at line 115 of file policy.h.

◆ POLICY_MODE_TRANSPORT

#define POLICY_MODE_TRANSPORT   (0) /* Policy transport mode */

Definition at line 111 of file policy.h.

◆ POLICY_MODE_TUNNEL

#define POLICY_MODE_TUNNEL   (1) /* Policy tunnel mode */

Definition at line 112 of file policy.h.

◆ POLICY_RECORD_MAX_SIZE

#define POLICY_RECORD_MAX_SIZE   (240) /* Record size for Key of 32 bytes */

Definition at line 120 of file policy.h.

◆ POLICY_RECORD_MIN_SIZE

#define POLICY_RECORD_MIN_SIZE   (224) /* Record size for Key of 16 bytes */

Definition at line 119 of file policy.h.

Function Documentation

◆ ipsec_security_gw_handle_decrypt_policy()

doca_error_t ipsec_security_gw_handle_decrypt_policy ( struct ipsec_security_gw_config app_cfg,
struct doca_flow_port *  secured_port,
struct ipsec_security_gw_ipsec_policy policy,
struct decrypt_rule rule 
)

Definition at line 269 of file policy.c.

◆ ipsec_security_gw_handle_encrypt_policy()

doca_error_t ipsec_security_gw_handle_encrypt_policy ( struct ipsec_security_gw_config app_cfg,
struct ipsec_security_gw_ports_map ports[],
struct ipsec_security_gw_ipsec_policy policy,
struct encrypt_rule rule 
)

Definition at line 244 of file policy.c.

◆ print_policy_attrs()

void print_policy_attrs ( struct ipsec_security_gw_ipsec_policy policy)

Definition at line 296 of file policy.c.