Google Git
Sign in
nest-open-source / manifest_repos / sdk / 6a1507de03e5575cec9b8f2dea709f3ed9b81426 / . / qca-nss-clients / exports / nss_ipsecmgr.h
blob: e5d2b7be8eba44918669264d382056a42b57209b [file] [log] [blame]
/*
**************************************************************************
* Copyright (c) 2014-2019, 2021 The Linux Foundation. All rights reserved.
* Permission to use, copy, modify, and/or distribute this software for
* any purpose with or without fee is hereby granted, provided that the
* above copyright notice and this permission notice appear in all copies.
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
**************************************************************************
*/
/*
* @file nss_ipsecmgr.h
* NSS IPSec Manager interface definitions.
*/
#ifndef __NSS_IPSECMGR_H
#define __NSS_IPSECMGR_H
/**
* @addtogroup nss_ipsec_manager_subsystem
* @{
*/
#define NSS_IPSECMGR_TUN_NAME "ipsectun%d" /**< IPsec tunnel name. */
/**
* Length of the header added after encapsulation.
*
* This estimate must be accurate but large enough to accomodate most use cases.
*/
#define NSS_IPSECMGR_TUN_MAX_HDR_LEN 96
/*
* Space required in the head and tail of the buffer.
*/
#define NSS_IPSECMGR_TUN_HEADROOM 128 /**< Size of the buffer headroom. */
#define NSS_IPSECMGR_TUN_TAILROOM 192 /**< Size of the buffer tailroom. */
#define NSS_IPSECMGR_TUN_MTU(x) (x - NSS_IPSECMGR_TUN_MAX_HDR_LEN)
/**< MTU of the IPsec tunnel. */
#define NSS_IPSECMGR_NATT_PORT_DATA 4500 /**< Number of the NATT port. */
#define NSS_IPSECMGR_CIPHER_KEYLEN_MAX 32 /**< Max cipher key length. */
#define NSS_IPSECMGR_AUTH_KEYLEN_MAX 32 /**< Max auth key length. */
#define NSS_IPSECMGR_NONCE_SIZE_MAX 4 /**< Max nonce size. */
/**
* nss_ipsecmgr_event_type
* Event types for the IPsec manager.
*/
enum nss_ipsecmgr_event_type {
NSS_IPSECMGR_EVENT_NONE = 0,
NSS_IPSECMGR_EVENT_SA_STATS, /**< Event type for IPsec mangager SA stats. */
NSS_IPSECMGR_EVENT_MAX
};
/**
* nss_ipsecmgr_status
* Return statuses for IPsec manager.
*/
typedef enum nss_ipsecmgr_status {
NSS_IPSECMGR_OK, /**< Status ok. */
NSS_IPSECMGR_FAIL, /**< Failed due to unknown reason. */
NSS_IPSECMGR_FAIL_NOMEM, /**< Failed to allocate memory. */
NSS_IPSECMGR_FAIL_NOCRYPTO, /**< Failed to allocate crypto resource. */
NSS_IPSECMGR_FAIL_MESSAGE, /**< Failed to message the NSS. */
NSS_IPSECMGR_FAIL_ADD_DB, /**< Failed to add to database. */
NSS_IPSECMGR_FAIL_FLOW_ALLOC, /**< Failed to alloc flow. */
NSS_IPSECMGR_FAIL_FLOW, /**< Failed to find the flow. */
NSS_IPSECMGR_INVALID_CTX, /**< Invalid context */
NSS_IPSECMGR_INVALID_ALGO, /**< Invalid algorithm. */
NSS_IPSECMGR_INVALID_IPVER, /**< Invalid IP version. */
NSS_IPSECMGR_INVALID_CRYPTO_IDX,/**< Invalid crypto index */
NSS_IPSECMGR_INVALID_KEYLEN, /**< Invalid key length for cipher or authentication. */
NSS_IPSECMGR_INVALID_WINDOW, /**< Invalid window size. */
NSS_IPSECMGR_INVALID_SA, /**< Ivalid SA. */
NSS_IPSECMGR_DUPLICATE_SA, /**< Duplicate SA allocation. */
NSS_IPSECMGR_DUPLICATE_FLOW, /**< Duplicate flow allocation. */
} nss_ipsecmgr_status_t;
/**
* nss_ipsecmgr_algo
* IPsec manager supported cryptographic algorithms.
*/
enum nss_ipsecmgr_algo {
NSS_IPSECMGR_ALGO_AES_CBC_SHA1_HMAC, /**< AES_CBC_SHA1_HMAC. */
NSS_IPSECMGR_ALGO_AES_CBC_SHA256_HMAC, /**< AES_CBC_SHA256_HMAC. */
NSS_IPSECMGR_ALGO_3DES_CBC_SHA1_HMAC, /**< 3DES_CBC_SHA1_HMAC. */
NSS_IPSECMGR_ALGO_3DES_CBC_SHA256_HMAC, /**< 3DES_CBC_SHA256_HMAC. */
NSS_IPSECMGR_ALGO_NULL_CIPHER_SHA1_HMAC, /**< NULL_CIPHER_SHA1_HMAC. */
NSS_IPSECMGR_ALGO_NULL_CIPHER_SHA256_HMAC, /**< NULL_CIPHER_SHA256_HMAC. */
NSS_IPSECMGR_ALGO_AES_GCM_GMAC_RFC4106, /**< AES GCM/GMAC based on RFC4106 */
NSS_IPSECMGR_ALGO_AES_CBC_MD5_HMAC, /**< AES_CBC_MD5_HMAC. */
NSS_IPSECMGR_ALGO_3DES_CBC_MD5_HMAC, /**< 3DES_CBC_MD5_HMAC. */
NSS_IPSECMGR_ALGO_AES_CBC_SHA384_HMAC, /**< AES CBC SHA384 HMAC. */
NSS_IPSECMGR_ALGO_AES_CBC_SHA512_HMAC, /**< AES CBC SHA512 HMAC. */
NSS_IPSECMGR_ALGO_MAX
};
/**
* nss_ipsecmgr_sa_type
* Types of security associations in IPsec manager.
*/
enum nss_ipsecmgr_sa_type {
NSS_IPSECMGR_SA_TYPE_NONE = 0,
NSS_IPSECMGR_SA_TYPE_ENCAP, /**< Encap type SA. */
NSS_IPSECMGR_SA_TYPE_DECAP, /**< Decap type SA. */
NSS_IPSECMGR_SA_TYPE_MAX
};
/**
* nss_ipsecmgr_crypto_keys
* Information required to configure crypto session for IPsec.
*/
struct nss_ipsecmgr_crypto_keys {
const uint8_t *cipher_key; /**< Cipher key. */
const uint8_t *auth_key; /**< Authentication key. */
const uint8_t *nonce; /**< Nonce. */
uint16_t cipher_keylen; /**< Cipher key length. */
uint16_t auth_keylen; /**< Authentication key length. */
uint16_t nonce_size; /**< Nonce size. */
};
/**
* nss_ipsecmgr_crypto_index
* Information about a pre-configured crypto session.
*/
struct nss_ipsecmgr_crypto_index {
uint16_t session; /**< Crypto session index. */
uint8_t blk_len; /**< Cipher block length. */
uint8_t iv_len; /**< Cipher IV length. */
};
/**
* nss_ipsecmgr_sa_cmn
* Common information necessary to configure an SA.
*/
struct nss_ipsecmgr_sa_cmn {
enum nss_ipsecmgr_algo algo; /**< Supported crypto algorithms */
struct nss_ipsecmgr_crypto_keys keys; /**< Crypto keys */
struct nss_ipsecmgr_crypto_index index; /**< Crypto index or offset */
uint8_t icv_len; /**< Hash length. */
bool skip_trailer; /**< Skip the ESP trailer for encapsulation. */
bool enable_esn; /**< Enable the extended sequence number. */
bool enable_natt; /**< NAT-T is required. */
bool crypto_has_keys; /**< Crypto configured with keys. */
bool transport_mode; /**< True, if IPSec is in transport mode. */
};
/**
* nss_ipsecmgr_sa_encap
* SA information for an encapsulation flow.
*
* For DSCP marking, use the following settings:
* - Copy inner header to outer header:
* - dscp_copy = 1
* - dscp = 0
* - Fixed mark on outer header:
* - dscp_copy = 0
* - dscp = <0 to 63>
* - Transmit default
* SA with TX default is used when host originating flows don't have
* an explicit inner flow rule programmed for IPsec.
*/
struct nss_ipsecmgr_sa_encap {
uint32_t seq_start; /**< Starting sequence number (Not used) */
uint8_t ttl_hop_limit; /**< Time-to-Live or hop limit. */
uint8_t dscp; /**< Default DSCP value of the security association. */
uint8_t df; /**< Don't-Fragment value for the outer header, if nocopy is selected. */
bool copy_dscp; /**< Copy DSCP from the inner header to the outer header. */
bool copy_df; /**< Copy DF from the inner header to the outer header. */
bool tx_default; /**< TX SA(one per tunnel) for host traffic, without a flow rule.*/
};
/**
* nss_ipsecmgr_sa_decap
* SA information for a decapsulation flow.
*/
struct nss_ipsecmgr_sa_decap {
uint32_t replay_fail_thresh; /**< Threshold for consecutive hash failures in replay. */
uint16_t replay_win; /**< Sequence number window size for anti-replay. */
};
/**
* nss_ipsecmgr_sa_data
* Security association information for the IPsec manager.
*
* Note: Zero out structure before filling the fields.
*/
struct nss_ipsecmgr_sa_data {
struct nss_ipsecmgr_sa_cmn cmn; /**< Common configuration information for SA. */
enum nss_ipsecmgr_sa_type type; /**< Type of SA. */
struct nss_ipsecmgr_sa_encap encap; /**< Information for encap type SA. */
struct nss_ipsecmgr_sa_decap decap; /**< Information for decap type SA. */
};
/**
* nss_ipsecmgr_sa_tuple
* SA information for the IPsec manager.
*
* Note: Protocol/Next Header defaults to ESP for outer.
* Zero out structure before filling the fields.
*/
struct nss_ipsecmgr_sa_tuple {
uint32_t src_ip[4]; /**< IPv6 source IP. */
uint32_t dest_ip[4]; /**< IPv6 destination IP. */
uint32_t spi_index; /**< SPI index of the encapsulating security payload (ESP). */
uint16_t sport; /**< Source port. */
uint16_t dport; /**< Destination port. */
uint8_t proto_next_hdr; /**< Protocol (ESP or NAT-T) */
uint8_t ip_version; /**< IP version 4/6. */
uint8_t res[2]; /**< Reserved */
};
/**
* nss_ipsecmgr_flow_tuple
* Flow information for the IPsec manager.
*
* Note: Zero out structure before filling the fields.
*/
struct nss_ipsecmgr_flow_tuple {
uint32_t src_ip[4]; /**< Source IP. */
uint32_t dest_ip[4]; /**< Destination IP. */
uint32_t spi_index; /**< ESP SPI index for decapsulation flows. */
uint16_t sport; /**< Source Port (unused). */
uint16_t dport; /**< Destination Port (unused). */
uint8_t proto_next_hdr; /**< Transport layer proto_next_hdr. */
uint8_t ip_version; /**< IP version 4/6. */
uint8_t use_pattern; /**< User defined flow identifier. */
};
/**
* nss_ipsecmgr_sa_stats
* Security association statistics exported by the IPsec manager.
*/
struct nss_ipsecmgr_sa_stats {
struct nss_ipsecmgr_sa_tuple sa; /**< Security association information. */
uint64_t seq_start; /**< Starting sequence number. */
uint64_t seq_cur; /**< Current sequence number. */
uint32_t pkt_bytes; /**< Number of bytes processed. */
uint32_t pkt_count; /**< Number of packets processed. */
uint32_t pkt_failed; /**< Number of packets failed in processing. */
uint16_t window_size; /**< Current size of the window. */
uint16_t replay_fail_alarm; /**< Alarm for consecutive hash fail. */
uint32_t fail_replay_win; /**< Failure in anti-replay; packet outside the window */
uint32_t fail_replay_dup; /**< Failure in anti-replay; duplicate records */
uint32_t fail_auth; /**< Failure in authenticating the data */
};
/**
* nss_ipsecmgr_event
* Event information for the IPsec manager.
*/
struct nss_ipsecmgr_event {
enum nss_ipsecmgr_event_type type; /**< Event type. */
union {
struct nss_ipsecmgr_sa_stats stats; /**< Security association statistics. */
} data; /**< Event information. */
};
/**
* nss_ipsecmgr_sa_info
* Crypto information for an already created SA.
*/
struct nss_ipsecmgr_sa_info {
uint16_t session_idx; /**< Crypto Session index */
uint16_t hdr_len; /**< Encap header length */
uint16_t trailer_len; /**< Encap Trailer length */
uint8_t blk_len; /**< Cipher Block length */
uint8_t iv_len; /**< Cipher IV lengh */
uint8_t hash_len; /**< Hash lengh */
uint8_t res[3]; /**< Reserved */
};
/**
* nss_ipsecmgr_sa_cmn_init_keys
* Fill and initialize common information for SA creation with crypto keys.
*
* @datatypes
* nss_ipsecmgr_sa_cmn \n
* nss_ipsecmgr_algo \n
*
* @param[in/out] cmn Pointer to the common IPsec manager SA configuration information.
* @param[in] algo The AEAD algorithm combination.
* @param[in] cipher_key Pointer to the cipher key.
* @param[in] cipher_keylen Cipher key length.
* @param[in] auth_key Pointer to the authentication key.
* @param[in] auth_keylen Authentication key length.
* @param[in] nonce Pointer to the nonce.
* @param[in] nonce_size Size of the nonce.
* @param[in] hash_len Length of hash to be computed.
* @param[in] no_trailer ESP trailer is required or not.
* @param[in] esn Extended Sequence Number is required or not.
* @param[in] natt NAT-T is required or not.
*
* @return
* Success or failure.
*/
static inline bool nss_ipsecmgr_sa_cmn_init_keys(struct nss_ipsecmgr_sa_cmn *cmn, enum nss_ipsecmgr_algo algo,
const uint8_t *cipher_key, uint16_t cipher_keylen,
const uint8_t *auth_key, uint16_t auth_keylen,
const uint8_t *nonce, uint16_t nonce_size, uint8_t hash_len,
bool no_trailer, bool esn, bool natt)
{
if (algo >= NSS_IPSECMGR_ALGO_MAX)
return false;
if (cipher_keylen > NSS_IPSECMGR_CIPHER_KEYLEN_MAX)
return false;
if (auth_keylen > NSS_IPSECMGR_AUTH_KEYLEN_MAX)
return false;
if (nonce_size > NSS_IPSECMGR_NONCE_SIZE_MAX)
return false;
if (!cipher_key || !auth_key)
return false;
cmn->algo = algo;
cmn->keys.cipher_key = cipher_key;
cmn->keys.auth_key = auth_key;
cmn->keys.nonce = nonce;
cmn->keys.cipher_keylen = cipher_keylen;
cmn->keys.auth_keylen = auth_keylen;
cmn->keys.nonce_size = nonce_size;
cmn->icv_len = hash_len;
cmn->skip_trailer = no_trailer;
cmn->enable_esn = esn;
cmn->enable_natt = natt;
cmn->crypto_has_keys = true;
cmn->transport_mode = false;
return true;
}
/**
* nss_ipsecmgr_sa_cmn_init_idx
* Fill and initialize common information for SA creation with crypto index or secure offset.
*
* @datatypes
* nss_ipsecmgr_sa_cmn \n
* nss_ipsecmgr_algo \n
*
* @param[in/out] cmn Pointer to the common IPsec manager SA configuration information.
* @param[in] algo The AEAD algorithm combination.
* @param[in] crypto_idx Crypto session index to be associated with this context.
* @param[in] hash_len Length of hash to be computed.
* @param[in] secure_key Keys used for cipher and authentication are secure or not.
* @param[in] no_trailer ESP trailer is required or not.
* @param[in] esn Extended Sequence Number is required or not.
* @param[in] natt NAT-T is required or not.
*
* @return
* Success or failure.
*/
static inline bool nss_ipsecmgr_sa_cmn_init_idx(struct nss_ipsecmgr_sa_cmn *cmn, enum nss_ipsecmgr_algo algo,
uint16_t crypto_idx, uint8_t blk_len, uint8_t iv_len,
uint8_t hash_len, bool transport_mode, bool no_trailer, bool esn,
bool natt)
{
if (algo >= NSS_IPSECMGR_ALGO_MAX)
return false;
cmn->algo = algo;
cmn->index.session = crypto_idx;
cmn->index.blk_len = blk_len;
cmn->index.iv_len = iv_len;
cmn->icv_len = hash_len;
cmn->enable_esn = esn;
cmn->enable_natt = natt;
cmn->skip_trailer = no_trailer;
cmn->crypto_has_keys = false;
cmn->transport_mode = transport_mode;
return true;
}
/**
* nss_ipsecmgr_sa_set_transport
* Enable transport mode for an SA thats is getting initialized.
*
* @datatypes
* nss_ipsecmgr_sa_cmn \n
*
* @param[in/out] cmn Pointer to the common IPsec manager SA configuration information.
*/
static inline void nss_ipsecmgr_sa_set_transport(struct nss_ipsecmgr_sa_cmn *cmn)
{
cmn->transport_mode = true;
}
#ifdef __KERNEL__ /* only kernel will use. */
/**
* Callback function for receiving IPsec data.
*
* @datatypes
* sk_buff
*
* @param[in] app_data Pointer to the application data.
* @param[in] skb Pointer to the data socket buffer.
*/
typedef void (*nss_ipsecmgr_data_callback_t)(void *app_data, struct sk_buff *skb);
/**
* Callback function for receiving IPsec events.
*
* @datatypes
* nss_ipsecmgr_event
*
* @param[in] app_data Pointer to the application data.
* @param[in] ev Pointer to the event.
*/
typedef void (*nss_ipsecmgr_event_callback_t)(void *app_data, struct nss_ipsecmgr_event *ev);
/**
* nss_ipsecmgr_callback
* Callback information.
*/
struct nss_ipsecmgr_callback {
void *app_data; /**< Context of the caller. */
struct net_device *skb_dev; /**< Net device to use for Socket Buffer. */
nss_ipsecmgr_data_callback_t data_cb; /**< Data callback function. */
nss_ipsecmgr_event_callback_t event_cb; /**< Event callback function. */
nss_ipsecmgr_data_callback_t except_cb; /**< Outer exception callback function. */
};
/**
* nss_ipsecmgr_tunnel_add
* Adds a new IPsec tunnel.
*
* @datatypes
* nss_ipsecmgr_callback
*
* @param[in] cb Pointer to the message callback.
*
* @return
* Linux NETDEVICE or NULL.
*/
struct net_device *nss_ipsecmgr_tunnel_add(struct nss_ipsecmgr_callback *cb);
/**
* nss_ipsecmgr_tunnel_del
* Deletes an existing IPsec tunnel.
*
* @datatypes
* net_device
*
* @param[in] tun Pointer to the network device associated with the tunnel.
*
* @return
* Success or failure.
*/
void nss_ipsecmgr_tunnel_del(struct net_device *tun);
/**
* nss_ipsecmgr_sa_add
* Adds a security association to the offload database.
*
* @datatypes
* net_device \n
* nss_ipsecmgr_sa_tuple \n
* nss_ipsecmgr_sa_data \n
*
* @param[in] tun Pointer to the network device associated with the tunnel.
* @param[in] sa Pointer to tuple representing the SA.
* @param[in] data Pointer to the security association data to add.
* @param[out] if_num Pointer to the IPsec inner or outer interface number.
*
* @return
* nss_ipsecmgr_status.
*/
nss_ipsecmgr_status_t nss_ipsecmgr_sa_add(struct net_device *tun, struct nss_ipsecmgr_sa_tuple *sa,
struct nss_ipsecmgr_sa_data *data, uint32_t *if_num);
/**
* nss_ipsecmgr_sa_add_sync
* Adds a security association to the offload database synchronously.
*
* @datatypes
* net_device \n
* nss_ipsecmgr_sa_tuple \n
* nss_ipsecmgr_sa_data \n
*
* @param[in] tun Pointer to the network device associated with the tunnel.
* @param[in] sa Pointer to tuple representing the SA.
* @param[in] data Pointer to the security association data to add.
* @param[out] if_num Pointer to the IPsec inner or outer interface number.
*
* @return
* nss_ipsecmgr_status.
*/
nss_ipsecmgr_status_t nss_ipsecmgr_sa_add_sync(struct net_device *tun, struct nss_ipsecmgr_sa_tuple *sa,
struct nss_ipsecmgr_sa_data *data, uint32_t *if_num);
/**
* nss_ipsecmgr_sa_del
* Deletes a security association.
*
* @datatypes
* net_device \n
* nss_ipsecmgr_sa_tuple
*
* @param[in] tun Pointer to the network device associated with the tunnel.
* @param[in] tuple Pointer to SA tuple to delete.
*
* @return
*/
void nss_ipsecmgr_sa_del(struct net_device *tun, struct nss_ipsecmgr_sa_tuple *tuple);
/**
* nss_ipsecmgr_flow_add
* Adds an encapsulation flow rule to the IPsec offload database.
*
* @datatypes
* net_device \n
* nss_ipsecmgr_flow_tuple \n
* nss_ipsecmgr_sa_tuple
*
* @param[in] tun Pointer to the network device associated with the tunnel.
* @param[in] flow Pointer to the inner flow to add.
* @param[in] sa Pointer to the outer flow of the SA to be added to.
*
* @return
* nss_ipsecmgr_status.
*/
nss_ipsecmgr_status_t nss_ipsecmgr_flow_add(struct net_device *tun, struct nss_ipsecmgr_flow_tuple *flow,
struct nss_ipsecmgr_sa_tuple *sa);
/**
* nss_ipsecmgr_flow_add_sync
* Adds an encapsulation flow rule to the IPsec offload database.
*
* @datatypes
* net_device \n
* nss_ipsecmgr_flow_tuple \n
* nss_ipsecmgr_sa_tuple
*
* @param[in] tun Pointer to the network device associated with the tunnel.
* @param[in] flow Pointer to the inner flow to add.
* @param[in] sa Pointer to the outer flow of the SA to be added to.
*
* @return
* nss_ipsecmgr_status.
*/
nss_ipsecmgr_status_t nss_ipsecmgr_flow_add_sync(struct net_device *tun, struct nss_ipsecmgr_flow_tuple *flow,
struct nss_ipsecmgr_sa_tuple *sa);
/**
* nss_ipsecmgr_flow_del
* Deletes an encapsulation flow rule from the IPsec offload database.
*
* @datatypes
* net_device \n
* nss_ipsecmgr_flow_tuple \n
* nss_ipsecmgr_sa_tuple
*
* @param[in] tun Pointer to the network device associated with the tunnel.
* @param[in] flow Pointer to the inner flow to delete.
* @param[in] sa Pointer to the SA tuple to be deleted from.
*
* @return
*/
void nss_ipsecmgr_flow_del(struct net_device *tun, struct nss_ipsecmgr_flow_tuple *flow,
struct nss_ipsecmgr_sa_tuple *sa);
/**
* nss_ipsecmgr_flow_get_sa
* Finds SA associated with given Flow.
*
* @datatypes
* net_device \n
* nss_ipsecmgr_flow_tuple \n
* nss_ipsecmgr_sa_tuple
*
* @param[in] tun Pointer to the network device associated with the tunnel.
* @param[in] flow Pointer to the inner flow to look.
* @param[out] sa Pointer to SA tuple to fill.
*
* @return
* nss_ipsecmgr_status.
*/
nss_ipsecmgr_status_t nss_ipsecmgr_flow_get_sa(struct net_device *tun, struct nss_ipsecmgr_flow_tuple *flow,
struct nss_ipsecmgr_sa_tuple *sa);
/*
* nss_ipsecmgr_sa_verify()
* Check if SA is present.
*
* @datatypes
* net_device \n
* nss_ipsecmgr_sa_tuple
*
* @param[in] tun Pointer to the network device associated with the tunnel.
* @param[in] sa Pointer to SA tuple to use for tx.
*
* @return
* Returns true if the SA is present.
*/
bool nss_ipsecmgr_sa_verify(struct net_device *tun, struct nss_ipsecmgr_sa_tuple *sa);
/*
* nss_ipsecmgr_sa_tx_inner()
* Offload given SKB to NSS for inner processing.
*
* @datatypes
* net_device \n
* nss_ipsecmgr_sa_tuple \n
* sk_buff
*
* @param[in] tun Pointer to the network device associated with the tunnel.
* @param[in] sa Pointer to SA tuple to use for tx.
* @param[in] skb Pointer to SKB to be offload.
*
* @return
* Status of the transmit operation.
*/
nss_ipsecmgr_status_t nss_ipsecmgr_sa_tx_inner(struct net_device *tun, struct nss_ipsecmgr_sa_tuple *sa,
struct sk_buff *skb);
/*
* nss_ipsecmgr_sa_tx_outer()
* Offload given SKB to NSS for outer processing.
*
* @datatypes
* net_device \n
* nss_ipsecmgr_sa_tuple \n
* sk_buff
*
* @param[in] tun Pointer to the network device associated with the tunnel.
* @param[in] sa Pointer to SA tuple to use for tx.
* @param[in] skb Pointer to SKB to be offload.
*
* @return
* Status of the transmit operation.
*/
nss_ipsecmgr_status_t nss_ipsecmgr_sa_tx_outer(struct net_device *tun, struct nss_ipsecmgr_sa_tuple *sa,
struct sk_buff *skb);
/*
* nss_ipsecmgr_cra_name2algo()
* Get ipsecmgr algo from cra name.
*
* @param[in] cra_name Name of the crypto algo.
*
* @return
* nss_ipsecmgr_algo
*/
enum nss_ipsecmgr_algo nss_ipsecmgr_cra_name2algo(const char *cra_name);
/*
* nss_ipsecmgr_sa_get_info()
* Get Crypto information for an already created SA.
*
* @datatypes
* net_device \n
* nss_ipsecmgr_sa_tuple \n
* nss_ipsecmgr_sa_info
*
* @param[in] tun Pointer to the network device associated with the tunnel.
* @param[in] sa Pointer to the SA tuple for which info is to be retrieved.
* @param[out] info Pointer to the SA info to fill.
*
* @return
* Success or failure.
*/
bool nss_ipsecmgr_sa_get_info(struct net_device *tun, struct nss_ipsecmgr_sa_tuple *sa,
struct nss_ipsecmgr_sa_info *info);
#endif /* __KERNEL__ */
#endif /* __NSS_IPSECMGR_H */