Library Functions Manual

NAME¶

rte_ipsec.h

SYNOPSIS¶

#include <rte_ipsec_sa.h>
#include <rte_mbuf.h>
#include <rte_ipsec_group.h>

Data Structures¶

struct rte_ipsec_state
struct rte_ipsec_sa_pkt_func
struct rte_ipsec_session

Functions¶

int rte_ipsec_session_prepare (struct rte_ipsec_session *ss)
static uint16_t rte_ipsec_pkt_crypto_prepare (const struct rte_ipsec_session *ss, struct rte_mbuf *mb[], struct rte_crypto_op *cop[], uint16_t num)
static __rte_experimental uint16_t rte_ipsec_pkt_crypto_prepare_stateless (const struct rte_ipsec_session *ss, struct rte_mbuf *mb[], struct rte_crypto_op *cop[], uint16_t num, struct rte_ipsec_state *state)
static __rte_experimental uint16_t rte_ipsec_pkt_cpu_prepare_stateless (const struct rte_ipsec_session *ss, struct rte_mbuf *mb[], uint16_t num, struct rte_ipsec_state *state)
static uint16_t rte_ipsec_pkt_process (const struct rte_ipsec_session *ss, struct rte_mbuf *mb[], uint16_t num)
int rte_ipsec_telemetry_sa_add (const struct rte_ipsec_sa *sa)
void rte_ipsec_telemetry_sa_del (const struct rte_ipsec_sa *sa)

Detailed Description¶

RTE IPsec support.

librte_ipsec provides a framework for data-path IPsec protocol processing (ESP/AH).

Definition in file rte_ipsec.h.

Function Documentation¶

int rte_ipsec_session_prepare (struct rte_ipsec_session * ss)¶

Checks that inside given rte_ipsec_session crypto/security fields are filled correctly and setups function pointers based on these values. Expects that all fields except IPsec processing function pointers (pkt_func) will be filled correctly by caller.

Parameters

ss Pointer to the rte_ipsec_session object

Returns

Zero if operation completed successfully.
-EINVAL if the parameters are invalid.

static uint16_t rte_ipsec_pkt_crypto_prepare (const struct rte_ipsec_session * ss, struct rte_mbuf * mb[], struct rte_crypto_op * cop[], uint16_t num) [inline], [static]¶

For input mbufs and given IPsec session prepare crypto ops that can be enqueued into the cryptodev associated with given session. expects that for each input packet:

•: l2_len, l3_len are setup correctly Note that erroneous mbufs are not freed by the function, but are placed beyond last valid mbuf in the mb array. It is a user responsibility to handle them further.

Parameters

ss Pointer to the rte_ipsec_session object the packets belong to.
mb The address of an array of num pointers to rte_mbuf structures which contain the input packets.
cop The address of an array of num pointers to the output rte_crypto_op structures.
num The maximum number of packets to process.

Returns

Number of successfully processed packets, with error code set in rte_errno.

Definition at line 138 of file rte_ipsec.h.

static __rte_experimental uint16_t rte_ipsec_pkt_crypto_prepare_stateless (const struct rte_ipsec_session * ss, struct rte_mbuf * mb[], struct rte_crypto_op * cop[], uint16_t num, struct rte_ipsec_state * state) [inline], [static]¶

Same as rte_ipsec_pkt_crypto_prepare, but processing is done based on IPsec state provided by the 'state' parameter. Internal IPsec state won't be updated when this API is called.

For input mbufs and given IPsec session prepare crypto ops that can be enqueued into the cryptodev associated with given session. expects that for each input packet:

•: l2_len, l3_len are setup correctly Note that erroneous mbufs are not freed by the function, but are placed beyond last valid mbuf in the mb array. It is a user responsibility to handle them further.

Parameters

Returns

Number of successfully processed packets, with error code set in rte_errno.

Definition at line 180 of file rte_ipsec.h.

static __rte_experimental uint16_t rte_ipsec_pkt_cpu_prepare_stateless (const struct rte_ipsec_session * ss, struct rte_mbuf * mb[], uint16_t num, struct rte_ipsec_state * state) [inline], [static]¶

Same as rte_ipsec_pkt_crypto_prepare_stateless, but processing is done in synchronous mode.

Parameters

ss Pointer to the rte_ipsec_session object the packets belong to.
mb The address of an array of num pointers to rte_mbuf structures which contain the input packets.
num The maximum number of packets to process.
state The IPsec state to be used for processing current batch of packets.

Returns

Number of successfully processed packets, with error code set in rte_errno.

Definition at line 205 of file rte_ipsec.h.

static uint16_t rte_ipsec_pkt_process (const struct rte_ipsec_session * ss, struct rte_mbuf * mb[], uint16_t num) [inline], [static]¶

Finalise processing of packets after crypto-dev finished with them or process packets that are subjects to inline IPsec offload. Expects that for each input packet:

•: l2_len, l3_len are setup correctly Output mbufs will be: inbound - decrypted & authenticated, ESP(AH) related headers removed, l2_len and l3_len fields are updated. outbound - appropriate mbuf fields (ol_flags, tx_offloads, etc.) properly setup, if necessary - IP headers updated, ESP(AH) fields added, Note that erroneous mbufs are not freed by the function, but are placed beyond last valid mbuf in the mb array. It is a user responsibility to handle them further.

Parameters

Returns

Number of successfully processed packets, with error code set in rte_errno.

Definition at line 235 of file rte_ipsec.h.

int rte_ipsec_telemetry_sa_add (const struct rte_ipsec_sa * sa)¶

Enable per SA telemetry for a specific SA. Note that this function is not thread safe

Parameters

sa Pointer to the rte_ipsec_sa object that will have telemetry enabled.

Returns

0 on success, negative value otherwise.

void rte_ipsec_telemetry_sa_del (const struct rte_ipsec_sa * sa)¶

Disable per SA telemetry for a specific SA. Note that this function is not thread safe

Parameters

sa Pointer to the rte_ipsec_sa object that will have telemetry disabled.

Author¶

Generated automatically by Doxygen for DPDK from the source code.

Version 24.11.2

DPDK

Source file:	rte_ipsec_pkt_process.3.en.gz (from dpdk-doc 24.11.2-1)
Source last updated:	2025-04-23T11:29:39Z
Converted to HTML:	2025-04-23T21:06:34Z