> -----Original Message-----
> From: lng-odp [mailto:[email protected]] On Behalf Of
> Bogdan Pricope
> Sent: Thursday, June 22, 2017 9:56 AM
> To: [email protected]
> Subject: [lng-odp] [API-NEXTv2] api: ipsec: reorganize
> odp_ipsec_sa_param_t structure based on SA direction
>
> Signed-off-by: Bogdan Pricope <[email protected]>
> ---
> include/odp/api/spec/ipsec.h | 114 ++++++++++++++++++++++++--------------
> -----
> 1 file changed, 63 insertions(+), 51 deletions(-)
>
> diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h
> index e602e4b..5373ede 100644
> --- a/include/odp/api/spec/ipsec.h
> +++ b/include/odp/api/spec/ipsec.h
> @@ -604,8 +604,8 @@ typedef enum odp_ipsec_ip_version_t {
> * IPSEC Security Association (SA) parameters
> */
> typedef struct odp_ipsec_sa_param_t {
> - /** IPSEC SA direction: inbound or outbound */
> - odp_ipsec_dir_t dir;
Direction is important for selecting parameters. It should remain the first
field of the struct.
> + /** SPI value */
> + uint32_t spi;
SPI is simple value and should remain after more complex configuration options,
which define how the SA works.
>
> /** IPSEC protocol: ESP or AH */
> odp_ipsec_protocol_t proto;
> @@ -616,51 +616,12 @@ typedef struct odp_ipsec_sa_param_t {
> /** Parameters for crypto and authentication algorithms */
> odp_ipsec_crypto_param_t crypto;
>
> - /** Parameters for tunnel mode */
> - odp_ipsec_tunnel_param_t tunnel;
> -
> - /** Fragmentation mode */
> - odp_ipsec_frag_mode_t frag_mode;
> -
> - /** Various SA option flags */
> - odp_ipsec_sa_opt_t opt;
> -
Keep opt here before the union. The inbound/outbound union should be the last
thing in the struct. Everything before it is common for both directions.
> /** SA lifetime parameters */
> odp_ipsec_lifetime_t lifetime;
>
> - /** SA lookup mode */
> - odp_ipsec_lookup_mode_t lookup_mode;
> -
> - /** Minimum anti-replay window size. Use 0 to disable anti-
> replay
> - * service. */
> - uint32_t antireplay_ws;
> -
> /** Initial sequence number */
> uint64_t seq;
This may be moved to outbound struct.
>
> - /** SPI value */
> - uint32_t spi;
> -
> - /** Additional inbound SA lookup parameters. Values are
> considered
> - * only in ODP_IPSEC_LOOKUP_DSTADDR_SPI lookup mode. */
> - struct {
> - /** Select IP version
> - */
> - odp_ipsec_ip_version_t ip_version;
> -
> - /** IP destination address (NETWORK ENDIAN) */
> - void *dst_addr;
> -
> - } lookup_param;
> -
> - /** MTU for outbound IP fragmentation offload
> - *
> - * This is the maximum length of IP packets that outbound
> IPSEC
> - * operations may produce. The value may be updated later with
> - * odp_ipsec_mtu_update().
> - */
> - uint32_t mtu;
> -
> /** Select pipelined destination for resulting events
> *
> * Asynchronous and inline modes generate events. Select where
> @@ -677,16 +638,67 @@ typedef struct odp_ipsec_sa_param_t {
> */
> odp_queue_t dest_queue;
>
> - /** Classifier destination CoS for resulting packets
> - *
> - * Successfully decapsulated packets are sent to
> classification
> - * through this CoS. Other resulting events are sent to
> 'dest_queue'.
> - * This field is considered only when 'pipeline' is
> - * ODP_IPSEC_PIPELINE_CLS. The CoS must not be shared between
> any pktio
> - * interface default CoS. The maximum number of different CoS
> supported
> - * is defined by IPSEC capability max_cls_cos.
> - */
> - odp_cos_t dest_cos;
> + /** IPSEC SA direction: inbound or outbound */
> + odp_ipsec_dir_t dir;
> +
> + /** IPSEC SA direction dependent parameters */
> + union {
> + /** Inbound specific parameters */
> + struct {
> + /** SA lookup mode */
> + odp_ipsec_lookup_mode_t lookup_mode;
> +
> + /** Additional inbound SA lookup
> parameters. Values are
> + * considered only in
> ODP_IPSEC_LOOKUP_DSTADDR_SPI
> + * lookup mode. */
> + struct {
> + /** Select IP version
> + */
> + odp_ipsec_ip_version_t
> ip_version;
> +
> + /** IP destination address
> (NETWORK ENDIAN) */
> + void *dst_addr;
> +
> + } lookup_param;
> +
> + /** Minimum anti-replay window size. Use 0
> to disable
> + * anti-replay service. */
> + uint32_t antireplay_ws;
> +
> + /** Classifier destination CoS for
> resulting packets
> + *
> + * Successfully decapsulated packets are
> sent to
> + * classification through this CoS. Other
> resulting
> + * events are sent to 'dest_queue'.
> + * This field is considered only when
> 'pipeline' is
> + * ODP_IPSEC_PIPELINE_CLS. The CoS must
> not be shared
> + * between any pktio interface default
> CoS. The maximum
> + * number of different CoS supported is
> defined by
> + * IPSEC capability max_cls_cos.
> + */
> + odp_cos_t dest_cos;
> + } inbound;
> +
> + /** Outbound specific parameters */
> + struct {
> + /** Parameters for tunnel mode */
> + odp_ipsec_tunnel_param_t tunnel;
> +
> + /** MTU for outbound IP fragmentation
> offload
> + *
> + * This is the maximum length of IP
> packets that
> + * outbound IPSEC operations may produce.
> The value may
> + * be updated later with
> odp_ipsec_mtu_update().
> + */
> + uint32_t mtu;
> +
> + /** Fragmentation mode */
> + odp_ipsec_frag_mode_t frag_mode;
> + } outbound;
> + };
The union should be the last field on the SA struct.
-Petri
> +
> + /** Various SA option flags */
> + odp_ipsec_sa_opt_t opt;
>
> /** User defined SA context pointer
> *
> --
> 1.9.1
