Manuals / Intel / Kitchen Appliance / Frozen Dessert Maker

Intel IXP400 manual Hardware Acceleration for IPSec Services, IPSec API Call Flow

Models: IXP400

1 364

Download 364 pages 16.67 Kb

Page 101

Intel® IXP400 Software

Access-Layer Components: Security (IxCryptoAcc) API

Figure 35. AH Data Flow

Application

IP

Header

payload

IPSec Client

Note :

IP mutable fields are handled by IPSec client

	IP	AH	payload
	Header	AH	payload
	Header

Authenticate

Req (SA_ID, ...)

	IP	AH	Auth	payload
	Header		Data

Access Component / Intel XScale® Core

IP

Header

AH

payload

	IP	AH	Auth	payload
	Header		Data

NPE

Processed by

IPSec client

Processed by

NPE

From application

	Authenticate
	Req (SA_ID, ...)
	IP	AH	Auth	payload
	Header		Data

Forward authentication Operation

Note :

ICV is inserted into AH authentication data field

B2460-02

7.4.3Hardware Acceleration for IPSec Services

The IxCryptoAcc API is dependant upon hardware resources within NPE C (also known as Ethernet NPE B) in order to perform many of the cryptographic encryption, decryption, or authentication functions. Specifically, NPE C provides an AES coprocessor, DES coprocessor and a hashing coprocessor (for MD5 and SHA1 calculations).

7.4.4IPSec API Call Flow

Figure 36 on page 102 details the IxCryptoAcc API call flow that occurs when submitted data for processing using IPSec services. The process listed below assumes that the API has been properly configured and that a crypto context has been created and registered in the CCD, as described in “Context Registration and the Cryptographic Context Database” on page 90.

Programmer’s Guide	IXP400 Software Version 2.0	April 2005
	Document Number: 252539, Revision: 007	101

Image 101

Intel IXP400 manual Hardware Acceleration for IPSec Services, IPSec API Call Flow

Contents

Programmer’s Guide Intel IXP400 SoftwareIXP400 Software Version Intel IXP400 SoftwareContents 1.1 100 118 152 Contents Access-Layer Components 225 17.9 Operating System Adsl Driver Figures 102 Tables AQM 300 Date Revision Description Revision HistoryVersions Supported by this Document Introduction1Hardware Supported by this Release Intended AudienceChapters Description How to Use this DocumentAbout the Processors Document Title Document # Related DocumentsAcronym Description AcronymsDocument Title Document # CPU HSS MSB SIP High-Level Overview Software Architecture OverviewSoftware Architecture Overview Deliverable ModelDevelopment Tools Access Library Source Code DocumentationOperating System Support Ixposal Include Src Ixp400xscalesw Release Directory Structure\---include +---npeMh Statistics and MIBs Threading and Locking PolicyPolled and Interrupt Operation Global Dependencies Global Dependency ChartThis page is intentionally left blank Overview Buffer ManagementWhat’s New Intel IXP400 Software Buffer Flow Buffer ManagementRaw Buffers Ixpbuf User InterfaceIxpbuf Structure and Macros Ixpbuf StructureOsal Ixpbuf structure and macros API User Interface to Ixpbuf Ixmbuf OS-Dependent Buffer Format Pool Management FieldsIxne IXP400 NPE Shared Structure Ixpbuf ixctrl StructureIxpbuf NPE Shared Structure Mapping of Ixmbuf to Shared StructureInternal Ixmbuf Field Format Sheet 1 Ixmbuf StructureIxnext Ixosalmbufnextbufferinpktptr IxreservedIxmbuf Field Details Sheet 1 Field / Macro Purpose Used by Access-Layer?Internal Ixmbuf Field Format Sheet 2 Ixmbuf Field Details Sheet 2 Mapping to OS Native Buffer TypesVxWorks* Mblk Buffer Ixmbuf to Mblk Mapping Linux* skbuff BufferBuffer Translation Functions Following fields will get updated in the skbufferTx Path Caching StrategyBuffer Management Tx Cache Flushing Example Rx PathCaching Strategy Summary Intel IXP400 Software This page is intentionally left blank IxAtmdAcc Component Features Access-Layer Components ATM Driver Access IxAtmdAcc APIAccess-Layer Components ATM Driver Access IxAtmdAcc API ATM Traffic-Shaping Services Configuration ServicesUtopia Port-Configuration Service VC-Configuration Services Transmission Services Buffer Transmission for a Scheduled Port Scheduled TransmissionSchedule Table Description Transmit-Done Processing Transmission Triggers Tx-Low NotificationTransmit Done Based on a Threshold Level Tx Done Recycling Using a Threshold LevelTransmit Disconnect Tx Done Recycling Using a Polling MechanismTx Disconnect Receive ServicesReceive Based on a Threshold Level Receive Triggers Rx-Free-Low NotificationReceive Processing Rx Using a Threshold Level Receive Disconnect RX Using a Polling MechanismBuffer Allocation Buffer ContentsBuffer Management Ixpbuf Fields of Available Buffers for Reception Ixpbuf Fields Required for TransmissionIxpbuf Fields Modified During Reception Sheet 1 Field DescriptionAPI-Usage Errors Error HandlingBuffer-Size Constraints Buffer-Chaining ConstraintsCause Consequences and Side Effects Corrective Action Real-Time ErrorsReal-Time Errors IxAtmm Overview Access-Layer Components ATM Manager IxAtmm APIIxAtmm Component Features Utopia Level-2 Port Initialization Access-Layer Components ATM Manager IxAtmm APIATM-Port Management Service Model Services Provided by Ixatmm Tx/Rx Control Configuration Configuration of Traffic Control Mechanism Dependencies Error HandlingManagement Interfaces Memory RequirementsPerformance IxAtmSch Component Features Access-Layer Components ATM Transmit Scheduler IxAtmSchTraffic Type Supported Num VCs Access-Layer Components ATM Transmit Scheduler IxAtmSch APISupported Traffic Types Connection Admission Control CAC Function Schedule Table Scheduling and Traffic ShapingMaximum Cells Value maxCells Schedule Service ModelMinimum Cells Value minCellsToSchedule Timing and Idle Cells Data Memory Code SizeIxAtmSch Data Memory Usage Per VC Data Per Port Data TotalLatency Access-Layer Components Security IxCryptoAcc API IxCryptoAcc Interfaces Access-Layer Components Security IxCryptoAcc APIIxCryptoAcc API Architecture Basic API Flow Basic IxCryptoAcc API Flow Context Registration and the Cryptographic Context DatabaseIntel IXP400 Software IxCryptoAcc API Call Process Flow for CCD Updates Memory Requirements Buffer and Queue ManagementIxCryptoAcc Data Memory Usage Sheet 1 Structure Size in Bytes Total Size in BytesIxCryptoAcc Data Memory Usage Sheet 2 DependenciesIxCryptoAccHashKeyGenerate Other API FunctionalityEndianness IPSec ServicesImport and Export of Cryptographic Technology IPSec Background and ImplementationIxCryptoAcc, NPE and IPSec Stack Scope Relationship Between IPSec Protocol and Algorithms IPSec Packet FormatsReference ESP Dataflow Authentication HeaderESP Data Flow Reference AH DataflowIPSec API Call Flow Hardware Acceleration for IPSec ServicesIPSec API Call Flow Hmac with Key Size Greater Than 64 Bytes Special API Use CasesCCM Operation Flow AES CBC Encryption For MIC WEP Background and Implementation WEP ServicesIPSec Assumptions, Dependencies, and Limitations WEP Frame with Request Parameters Hardware Acceleration for WEP ServicesIxCryptoAccNpeWepPerform WEP API Call FlowIxCryptoAccXscaleWepPerform NPE Microcode ImagesWEP Perform API Call Flow Combined Mode Operations AuthenticationSSL and TLS Protocol Usage Models Encryption/DecryptionEncryption Algorithms Supported Encryption and Authentication AlgorithmsSupported Encryption Algorithms Cipher Key Sizes Parity Bit Actual Key SizeCipher Modes Counter Mode CTRElectronic Code Book ECB Cipher Block Chaining CBCAuthentication Algorithm Data Block Size Bits Key Size Bits Authentication AlgorithmsSupported Authentication Algorithms 114 Document Number 252539, Revision Assumptions Access-Layer Components DMA Access Driver IxDmaAcc APIFeatures Access-Layer Components DMA Access Driver IxDmaAcc API DMA Access-Layer APIIxDmaAcc Component Overview IxDmaAccDescriptorManager Parameters DescriptionSource Address Transfer ModeDestination Address Transfer WidthTransfer Length Addressing ModesIncrement Transfer ModeSupported Modes 122 Document Number 252539, Revision Control Flow Data FlowIxDmaAcc Control Flow DMA InitializationIxDMAcc Initialization DMA Configuration and Data TransferDMA Transfer Operation Restrictions of the DMA Transfer Little Endian IxEthAcc Overview Access-Layer Components Ethernet Access IxEthAcc APIRole of the Ethernet NPE Microcode Ethernet Access Layers Architectural OverviewAccess-Layer Components Ethernet Access IxEthAcc API Learning/Filtering Database 4 MAC/PHY ConfigurationQueue Manager Ethernet Access Layers Component Features Data Plane Ethernet Access Layers Block DiagramTransmission Flow Port InitializationEthernet Frame Transmission Transmit Buffer Management and Priority TxEnetDone Ethernet Transmit Frame Data Buffer FlowTx Fifo Priority Using Chained IXOSALMBUFs for Transmission / Buffer SizingEthernet Frame Reception Ethernet Receive Frame API Overview Receive FlowSupplying Buffers Receive Buffer Management and PriorityBuffer Sizing Codelet or client application Programmer’s GuideRecycling Buffers Rx Fifo Priority QoS ModeFreeing Buffers No Receive Polling Additional Receive Path InformationMaximum Ethernet Frame Size Control PathData-Plane Endianness IxEthAcc and Secondary Components Ethernet MAC Control MAC Duplex SettingsMII I/O Frame Check SequenceNon-Promiscuous Mode Promiscuous ModeMAC Filtering 1.6 802.3x Flow ControlShared Data Structures InitializationNPE Loopback Emergency Security Port ShutdownIxpneflags Field Format Ixosalmbuf Structure FormatQueue Field Description Eth 150 Document Number 252539, Revision Ixosalmbuf Port ID Field Format Ixosalmbuf Port ID Field Values Management InformationIxpneflags.linkprot Field Values Field Bit ValuesObject Increment Criteria Managed Objects for Ethernet ReceiveManaged Objects for Ethernet Transmit IxEthDB Functional Behavior Access-Layer Components Ethernet Database IxEthDB APILearning and Filtering Access-Layer Components Ethernet Database IxEthDB APIMAC Address Learning and Filtering Node Port Definitions Learning/Filtering General CharacteristicsOther MAC Learning/Filtering Usage Models Aging Port Dependency MapProvisioning Static and Dynamic Entries Record Management Database MaintenanceFrame Size Filtering MAC Address Block/Admission Source MAC Address FirewallFiltering Example Based Upon Maximum Frame Size Invalid MAC Address Filtering 10.3.4 802.1Q VlanVlan Tagged MAC Frame Format Background Vlan Data in Ethernet FramesUntagged MAC Frame Format Vlan Tag Format Database Records Associated With Vlan IDsAcceptable Frame Type Filtering Port-Based Vlan Membership Filtering Ingress Tagging and Tag RemovalPort and VLAN-Based Egress Tagging and Tag Removal Special Conditions Egress Vlan Tagging/Untagging Behavior Matrix Tag Mode Frame Status ActionPriority Aware Transmission 10.3.5 802.1Q User Priority / QoS SupportPort ID Extraction QoS on Receive for 802.1Q Tagged Frames Receive Priority QueuingQoS on Receive for Untagged Frames Priority to Traffic Class Mapping10.3.6 802.3 / 802.11 Frame Conversion Default Priority to Traffic Class MappingBackground 802.3 and 802.11 Frame Formats IEEE802.11 Frame FormatAP-STA and AP-AP Modes IEEE802.11 Frame Control FC Field FormatReceive Path How the 802.3 / 802.11 Frame Conversion Feature WorksTransmit Path Field AP to STA mode AP to AP modeTo 802.11 Header Conversion Rules 11 to 802.3 Header Conversion Rules 10.3.6.3 802.3 / 802.11 API DetailsInput 802.11 Frame Values Output 802.3 Frame Field Values Frame TypeInitialization Spanning Tree Protocol Port SettingsIxEthDB API Additional Database Features Feature SetIxEthDB Feature Set User-Defined FieldDatabase Clear Dependencies on IxEthAcc ConfigurationPromiscuous-Mode Requirement FCS Appending180 Document Number 252539, Revision Supported PHYs Access-Layer Components Ethernet PHY IxEthMii APIPHYs Supported by IxEthMii Access-Layer Components Ethernet PHY IxEthMii APIHardware Feature Control Access-Layer Components Feature Control IxFeatureCtrl APIAccess-Layer Components Feature Control IxFeatureCtrl API Using the Product ID-Related FunctionsProduct ID Values Bits DescriptionFeature Control Register Values Sheet 1 Using the Feature Control Register FunctionsComponent Check by Other APIs Software ConfigurationFeature Control Register Values Sheet 2 Document Number 252539, Revision 187 188 Document Number 252539, Revision Access-Layer Components HSS-Access IxHssAcc API IxHssAcc Interfaces Access-Layer Components HSS-Access IxHssAcc API FeaturesIxHssAcc API Overview Access-Layer Components HSS-Access IxHssAcc API Intel X S cale C ore HSS and Hdlc Theory and Coprocessor OperationHSS Tx Freq Pj Max ns Cj Max ns Aj Max ns HSS Output Clock Jitter and Error CharacterizationHSS Tx Clock Output frequencies and PPM Error HSS Frame Output Characterization Jitter DefinitionsJitter Type Jitter Definition Actual Frame Length µsHigh-Level API Call Flow IxHssAcc Component Dependencies Key AssumptionsIxHssAccPortInit HSS Port Initialization Details198 Document Number 252539, Revision IxHssAccChanConnect Channelized Connect and EnableHSS Channelized Operation 200 Document Number 252539, Revision Channelized Connect Channelized Tx/Rx MethodsPolled CallBackChannelized Transmit and Receive HSS Packetized Operation Packetized Connect and EnableChannelized Disconnect IxHssAccPktPortConnectDocument Number 252539, Revision 205 Packetized Connect Packetized TxDocument Number 252539, Revision 207 Packetized Transmit Packetized RxDocument Number 252539, Revision 209 Packetized Receive Data Flow in Packetized Service 13.6.5 56-Kbps, Packetized Raw ModeBuffer Allocation Data-Flow Overview Packetized Disconnect212 Document Number 252539, Revision HSS Packetized Receive Buffering HSS Packetized Transmit Buffering Data Flow in Channelized ServiceDocument Number 252539, Revision 215 HSS Channelized Receive Operation HSS Channelized Transmit Operation 218 Document Number 252539, Revision Loading NPE Microcode from a File Versus Loaded from Memory Access-Layer Components NPE-Downloader IxNpeDl APIMicrocode Images Standard Usage Example Access-Layer Components NPE-Downloader IxNpeDl APINPE Microcode Library Customization NPE Image CompatibilityImage Name Description NPE-A ImagesNPE-C Images Sheet 1 NPE-B ImagesNPE-C Images Sheet 2 Custom Usage ExampleIxNpeDl Uninitialization Deprecated APIs Access-Layer Components NPE Message Handler IxNpeMh API Initializing the IxNpeMh Access-Layer Components NPE Message Handler IxNpeMh APIInterrupt-Driven Operation Polled OperationSending an NPE Message Uninitializing IxNpeMhClient Sending an NPE Message with ResponseCustomer / Demo Code IxNpeMhIxNpeMh Client Customer / Demo Code Receiving Unsolicited Messages from NPE to Software ClientIxNpeMh Component Dependencies 232 Document Number 252539, Revision Background Access-Layer Components Parity Error Notifier IxParityENAccIntroduction Scrubbing/Memory Scrub Network Processing EnginesAHB Queue Manager AQM Switching Coprocessor in NPE B SwcpDDR Sdram Memory Controller Unit MCU Expansion Bus ControllerInterrupt Bit Default Priority Software Parity Error InterruptsInterrupt Prioritization Secondary Effects of Parity InterruptsIxParityENAcc API Details FeaturesFeature Hardware Component Software Support Recoverable IxParityENAcc API Usage Scenarios IxParityENAcc Dependency DiagramParity Error Notification Sequence Summary Parity Error Notification ScenarioInterrupt Bit Source API Invoked by Parity Error Interrupt Deassertion Conditions Sheet 1Parity Error Interrupt Deassertion Conditions Sheet 2 Summary Parity Error Recovery ScenarioParity Error Notification Detailed Scenarios Summary Parity Error Prevention ScenarioData Abort with No Parity Error Data Abort followed by Unrelated Parity Error Notification Data Abort Caused by Parity Error Data Abort with both Related and Unrelated Parity Errors Access-Layer Components Performance Profiling IxPerfProfAcc Intel XScale Core PMU Counter Buffer Overflow Internal Bus PMUIdle-Cycle Counter Utilities ‘Xcycle’ IxPerfProfAcc Dependencies Interrupt HandlingThreading Using the APIEvent and Clock Counting API Usage for Intel XScale Core PMU254 Document Number 252539, Revision Display Performance Counters Time-Based SamplingDisplay Clock Counter Iii. Print out the first five elements Event-Based Sampling258 Document Number 252539, Revision C0112788 No lower symbol found. Module kernel Using Intel XScale Core PMU to Determine Cache Efficiency Internal Bus PMU IxPerfProfAccBusPmuStart Perform the same calculation for the rest of the PECs Xcycle Idlecycle CounterDisplay Xcycle Measurement Access-Layer Components Queue Manager IxQMgr API Access-Layer Components Queue Manager IxQMgr API Features and Hardware InterfaceDocument Number 252539, Revision 267 AQM Configuration Attributes Configuration ValuesDispatcher Attribute Description ValuesDispatcher Modes 270 Document Number 252539, Revision AQM Dispatcher in Context of a Polling Mechanism Livelock PreventionDocument Number 252539, Revision 273 274 Document Number 252539, Revision IxSspAcc API Details Access-Layer Components Synchronous Serial Port IxSspAccIxSspAcc Dependencies Initialization and General Data Model Interrupt ModeIxSspAcc API Usage Models 278 Document Number 252539, Revision Interrupt Scenario Polling Mode Init Transmit Receive 282 Document Number 252539, Revision Access-Layer Components Time Sync IxTimeSyncAcc API Synchronization Sequence Access-Layer Components Time Sync IxTimeSyncAcc APIIeee 1588 PTP Protocol Overview Overview Ieee 1588 Hardware Assist BlockDetailed Information Block Diagram of Intel IXP46X Network ProcessorIPv6 and VLAN-Tagged Ethernet Frames Hardware Feature Options Default StateIxTimeSyncAcc IxTimeSyncAcc API DetailsIeee 1588 PTP Client Application Additional Hardware InformationDocument Number 252539, Revision 289 Polling for Transmit and Receive Timestamps Interrupt Mode OperationsIxTimeSyncAcc API Usage Scenarios Interrupt Servicing of Target Time Reached Condition Polled Mode OperationsPolling for Auxiliary Snapshot Values Interface Description Access-Layer Components UART-Access IxUARTAcc APIUart / OS Dependencies Fifo Versus Polled ModeAccess-Layer Components UART-Access IxUARTAcc API Uart Services Models 296 Document Number 252539, Revision USB Controller Background Access-Layer Components USB Access ixUSB APIIN, OUT, and Setup Token Packet Format Access-Layer Components USB Access ixUSB APIPacket Formats SOF Token Packet FormatData Packet Format Transaction FormatsHandshake Packet Format Bits 023 BytesIsochronous Transaction Formats Bulk Transaction FormatsAction Token Packet Data Packet Handshake Packet Action Token Packet Data PacketControl Transaction Formats, Set-Up Stage Control Write SetupControl Transaction Formats Interrupt Transaction FormatsIxUSB API Interfaces IxUSB Setup RequestsAPI interfaces Available for Access Layer Request Name Host-Device Request Summary Sheet 1Host-Device Request Summary Sheet 2 ConfigurationFrame Synchronization IxUSB Endpoint Stall FeatureIxUSB Send and Receive Requests Stall on OUT Transactions IxUSB Error HandlingError due to unknown reasons Detailed Error CodesUSB Dependencies USB Data FlowCodelets CodeletsATM Codelet IxAtmCodelet DMA Access Codelet IxDmaAccCodelet Crypto Access Codelet IxCryptoAccCodeletEthernet Access Codelet IxEthAccCodelet Ethernet AAL-5 Codelet IxEthAal5AppParity Error Notifier Codelet IxParityENAccCodelet HSS Access Codelet IxHssAccCodeletUSB Rndis Codelet IxUSBRNDIS Performance Profiling Codelet IxPerfProfAccCodeletTime Sync Codelet IxTimeSyncAccCodelet Operating System Abstraction Layer Osal Osal Architecture Operating System Abstraction Layer OsalOS-Dependent Module OS-Independent Core ModuleCore Module Buffer Management ModuleBuffer Translation Module Osal Library StructureBackward Compatibility Module Document Number 252539, Revision 317 C lu d e Core Module Osal Modules and Related InterfacesOsal Core Interface Sheet 1 IPCOsal Core Interface Sheet 2 ThreadOsal Buffer Management Interface Buffer Management Module24.6.3 I/O Memory and Endianness Support Module Osal I/O Memory and Endianness Interface Sheet 1 IxosalmmapvirttophysOsal I/O Memory and Endianness Interface Sheet 2 Supporting a New OSExample 1. Global Memory Map Definitions Supporting New PlatformsIxstaticmap Adsl Driver Overview Adsl DriverDevice Support Adsl Line Open/Close Overview Adsl APIExample of Adsl Line Open Call Sequence Limitations and Constraints 26.3 I2C Driver API Details 2C Driver IxI2cDrvI2C Driver IxI2cDrv 2C Driver IxI2cDrv Arbitration Loss ErrorMaster-Interrupt Mode Bus Error26.4 I2C Driver API Usage Models InitializationSupport Functions I2C Driver IxI2cDrv Slave-Interrupt ModeSlave-Polling Mode Example Sequence Flows for Slave Mode Sequence Flow Diagram for Slave Transmit in Interrupt Mode Sequence Flow Diagram for Slave Receive in Polling Mode Sequence Flow Diagram for Slave Transmit in Polling Mode 26.4.3 I2C Using Gpio Versus Dedicated I2C Hardware340 Document Number 252539, Revision Endianness in Intel IXP400 Software Endianness in Intel IXP400 SoftwareBasics of Endianness Nature of Endianness Hardware or Software? Endianness When Memory is SharedCasting a Pointer Between Types of Different Sizes Software Considerations and ImplicationsCoding Pitfalls Little-Endian/Big-Endian Here is what the macro ntohl looks like in actual code Network Stacks and ProtocolsMacro Examples Endian Conversion Best Practices in Coding of Endian-IndependenceMacro Source Code Avoid346 Document Number 252539, Revision Document Number 252539, Revision 347 AprilReasons for Choosing a Particular LE Coherency Mode Supporting Little-Endian ModeSilicon Endianness Controls Hardware SwitchesMMU Intel XScale Core Endianness ModeMMU P-Attribute Bit Little-Endian Data Coherence Enable/DisableByteswapen Bit Forcebyteswap BitPCI Bus Swap Silicon VersionsSummary of Silicon Controls Endian Hardware SummaryPart Number Brief Description IXP46X network processors A-0 steppingAPB Peripherals April 2005 NPE Message Handler IxNpeMh Ethernet Access Component IxEthAccNPE Downloader IxNpeDl Ixosalmbuf Data Payload Data PlaneOne Half-Word-Aligned Ethernet Frame LE Address Coherent Intel XScale Core Read of IP Header LE Data Coherent Intel IXP400 Software IxEthAcc and IxEthDB Summary Ethernet Access MIB StatisticsLearning Database Function ATM and HSS 27.5.4 PCIIntel IXP400 Software OS Abstraction Intel IXP400 Software Macros VxWorks* ConsiderationsEndian Conversion Macros #definesVxWorks* Data Coherent Swap Code Intel IXP400 Software Version Little-Endian Support Yes/No Software VersionsIntel IXP400 Software Versions