IPSec Packet Formats | Intel IXP400 specs

Intel® IXP400 Software

Access-Layer Components: Security (IxCryptoAcc) API

Figure 31. Relationship Between IPSec Protocol and Algorithms

ESP	AH
Encryption	Authentication
Algorithm	Algorithm
	B2307-02

7.4.2IPSec Packet Formats

IPSec standards have defined packet formats. The authentication header (AH) provides data integrity and the encapsulating security payload (ESP) provides confidentiality and data integrity. In conjunction with SHA1 and MD5 algorithms, both AH and ESP provide data integrity. The IxCryptoAcc component supports both different modes of authentication. The ICV is calculated through SHA1 or MD5 and inserted into the AH packet and ESP packet.

In ESP authentication mode, the ICV is appended at the end of the packet, which is after the ESP trailer if encryption is required.

Figure 32. ESP Packet Structure

Security Parameters Index (SPI)
Sequence Number
Payload Data (Variable Length)	Authenticated
	Encrypted
Padding (0-255 Bytes)
Pad Length	Next Header
Authentication Data (Variable Length)
	B2311-02

April 2005	IXP400 Software Version 2.0	Programmer’s Guide
98	Document Number: 252539, Revision: 007

Image 98

Intel IXP400 manual IPSec Packet Formats, Relationship Between IPSec Protocol and Algorithms

Contents

Intel IXP400 Software Programmer’s Guide Intel IXP400 Software IXP400 Software Version Contents 1.1 100 118 152 Contents Access-Layer Components 225 17.9 Operating System Adsl Driver Figures 102 Tables AQM 300 Revision History Date Revision Description Hardware Supported by this Release Introduction1Versions Supported by this Document Intended Audience Chapters Description How to Use this DocumentAbout the Processors Related Documents Document Title Document # Acronym Description AcronymsDocument Title Document # CPU HSS MSB SIP Software Architecture Overview High-Level Overview Deliverable Model Software Architecture Overview Development Tools Access Library Source Code DocumentationOperating System Support Release Directory Structure Ixposal Include Src Ixp400xscalesw \---include +---npeMh Statistics and MIBs Threading and Locking PolicyPolled and Interrupt Operation Global Dependency Chart Global Dependencies This page is intentionally left blank Overview Buffer ManagementWhat’s New Buffer Management Intel IXP400 Software Buffer Flow Ixpbuf User Interface Raw Buffers Ixpbuf Structure Ixpbuf Structure and Macros Osal Ixpbuf structure and macros API User Interface to Ixpbuf Pool Management Fields Ixmbuf OS-Dependent Buffer Format Ixpbuf ixctrl Structure Ixne IXP400 NPE Shared Structure Mapping of Ixmbuf to Shared Structure Ixpbuf NPE Shared Structure Ixnext Ixosalmbufnextbufferinpktptr Ixmbuf StructureInternal Ixmbuf Field Format Sheet 1 Ixreserved Ixmbuf Field Details Sheet 1 Field / Macro Purpose Used by Access-Layer?Internal Ixmbuf Field Format Sheet 2 Ixmbuf Field Details Sheet 2 Mapping to OS Native Buffer TypesVxWorks* Mblk Buffer Linux* skbuff Buffer Ixmbuf to Mblk Mapping Following fields will get updated in the skbuffer Buffer Translation Functions Caching Strategy Tx Path Buffer Management Tx Cache Flushing Example Rx PathCaching Strategy Summary Intel IXP400 Software This page is intentionally left blank Access-Layer Components ATM Driver Access IxAtmdAcc API IxAtmdAcc Component Features Access-Layer Components ATM Driver Access IxAtmdAcc API ATM Traffic-Shaping Services Configuration ServicesUtopia Port-Configuration Service VC-Configuration Services Transmission Services Scheduled Transmission Buffer Transmission for a Scheduled Port Schedule Table Description Transmission Triggers Tx-Low Notification Transmit-Done Processing Tx Done Recycling Using a Threshold Level Transmit Done Based on a Threshold Level Tx Done Recycling Using a Polling Mechanism Transmit Disconnect Receive Services Tx Disconnect Receive Based on a Threshold Level Receive Triggers Rx-Free-Low NotificationReceive Processing Rx Using a Threshold Level RX Using a Polling Mechanism Receive Disconnect Buffer Allocation Buffer ContentsBuffer Management Ixpbuf Fields Modified During Reception Sheet 1 Ixpbuf Fields Required for TransmissionIxpbuf Fields of Available Buffers for Reception Field Description Buffer-Size Constraints Error HandlingAPI-Usage Errors Buffer-Chaining Constraints Cause Consequences and Side Effects Corrective Action Real-Time ErrorsReal-Time Errors IxAtmm Overview Access-Layer Components ATM Manager IxAtmm APIIxAtmm Component Features Access-Layer Components ATM Manager IxAtmm API Utopia Level-2 Port Initialization ATM-Port Management Service Model Services Provided by Ixatmm Tx/Rx Control Configuration Configuration of Traffic Control Mechanism Management Interfaces Error HandlingDependencies Memory Requirements Performance Access-Layer Components ATM Transmit Scheduler IxAtmSch IxAtmSch Component Features Traffic Type Supported Num VCs Access-Layer Components ATM Transmit Scheduler IxAtmSch APISupported Traffic Types Connection Admission Control CAC Function Scheduling and Traffic Shaping Schedule Table Maximum Cells Value maxCells Schedule Service ModelMinimum Cells Value minCellsToSchedule Timing and Idle Cells IxAtmSch Data Memory Usage Code SizeData Memory Per VC Data Per Port Data Total Latency Access-Layer Components Security IxCryptoAcc API IxCryptoAcc Interfaces Access-Layer Components Security IxCryptoAcc APIIxCryptoAcc API Architecture Basic API Flow Context Registration and the Cryptographic Context Database Basic IxCryptoAcc API Flow Intel IXP400 Software IxCryptoAcc API Call Process Flow for CCD Updates IxCryptoAcc Data Memory Usage Sheet 1 Buffer and Queue ManagementMemory Requirements Structure Size in Bytes Total Size in Bytes Dependencies IxCryptoAcc Data Memory Usage Sheet 2 Other API Functionality IxCryptoAccHashKeyGenerate Import and Export of Cryptographic Technology IPSec ServicesEndianness IPSec Background and Implementation IxCryptoAcc, NPE and IPSec Stack Scope IPSec Packet Formats Relationship Between IPSec Protocol and Algorithms Authentication Header Reference ESP Dataflow Reference AH Dataflow ESP Data Flow Hardware Acceleration for IPSec Services IPSec API Call Flow IPSec API Call Flow Special API Use Cases Hmac with Key Size Greater Than 64 Bytes CCM Operation Flow AES CBC Encryption For MIC WEP Background and Implementation WEP ServicesIPSec Assumptions, Dependencies, and Limitations Hardware Acceleration for WEP Services WEP Frame with Request Parameters IxCryptoAccXscaleWepPerform WEP API Call FlowIxCryptoAccNpeWepPerform NPE Microcode Images WEP Perform API Call Flow SSL and TLS Protocol Usage Models AuthenticationCombined Mode Operations Encryption/Decryption Supported Encryption Algorithms Supported Encryption and Authentication AlgorithmsEncryption Algorithms Cipher Key Sizes Parity Bit Actual Key Size Electronic Code Book ECB Counter Mode CTRCipher Modes Cipher Block Chaining CBC Authentication Algorithm Data Block Size Bits Key Size Bits Authentication AlgorithmsSupported Authentication Algorithms 114 Document Number 252539, Revision Assumptions Access-Layer Components DMA Access Driver IxDmaAcc APIFeatures DMA Access-Layer API Access-Layer Components DMA Access Driver IxDmaAcc API IxDmaAcc Component Overview Parameters Description IxDmaAccDescriptorManager Destination Address Transfer ModeSource Address Transfer Width Addressing Modes Transfer Length Increment Transfer ModeSupported Modes 122 Document Number 252539, Revision Data Flow Control Flow DMA Initialization IxDmaAcc Control Flow DMA Configuration and Data Transfer IxDMAcc Initialization DMA Transfer Operation Restrictions of the DMA Transfer Little Endian Access-Layer Components Ethernet Access IxEthAcc API IxEthAcc Overview Role of the Ethernet NPE Microcode Ethernet Access Layers Architectural OverviewAccess-Layer Components Ethernet Access IxEthAcc API Learning/Filtering Database 4 MAC/PHY ConfigurationQueue Manager Ethernet Access Layers Component Features Ethernet Access Layers Block Diagram Data Plane Transmission Flow Port InitializationEthernet Frame Transmission Transmit Buffer Management and Priority Ethernet Transmit Frame Data Buffer Flow TxEnetDone Tx Fifo Priority Using Chained IXOSALMBUFs for Transmission / Buffer SizingEthernet Frame Reception Receive Flow Ethernet Receive Frame API Overview Supplying Buffers Receive Buffer Management and PriorityBuffer Sizing Programmer’s Guide Codelet or client application Recycling Buffers Rx Fifo Priority QoS ModeFreeing Buffers Additional Receive Path Information No Receive Polling Maximum Ethernet Frame Size Control PathData-Plane Endianness IxEthAcc and Secondary Components MII I/O MAC Duplex SettingsEthernet MAC Control Frame Check Sequence MAC Filtering Promiscuous ModeNon-Promiscuous Mode 1.6 802.3x Flow Control NPE Loopback InitializationShared Data Structures Emergency Security Port Shutdown Ixosalmbuf Structure Format Ixpneflags Field Format Queue Field Description Eth 150 Document Number 252539, Revision Ixosalmbuf Port ID Field Format Ixpneflags.linkprot Field Values Management InformationIxosalmbuf Port ID Field Values Field Bit Values Managed Objects for Ethernet Receive Object Increment Criteria Managed Objects for Ethernet Transmit Access-Layer Components Ethernet Database IxEthDB API IxEthDB Functional Behavior Learning and Filtering Access-Layer Components Ethernet Database IxEthDB APIMAC Address Learning and Filtering Node Port Definitions Learning/Filtering General CharacteristicsOther MAC Learning/Filtering Usage Models Aging Port Dependency MapProvisioning Static and Dynamic Entries Record Management Database MaintenanceFrame Size Filtering MAC Address Block/Admission Source MAC Address FirewallFiltering Example Based Upon Maximum Frame Size 10.3.4 802.1Q Vlan Invalid MAC Address Filtering Vlan Tagged MAC Frame Format Background Vlan Data in Ethernet FramesUntagged MAC Frame Format Vlan Tag Format Database Records Associated With Vlan IDsAcceptable Frame Type Filtering Ingress Tagging and Tag Removal Port-Based Vlan Membership Filtering Port and VLAN-Based Egress Tagging and Tag Removal Special Conditions Tag Mode Frame Status Action Egress Vlan Tagging/Untagging Behavior Matrix Priority Aware Transmission 10.3.5 802.1Q User Priority / QoS SupportPort ID Extraction Receive Priority Queuing QoS on Receive for 802.1Q Tagged Frames Priority to Traffic Class Mapping QoS on Receive for Untagged Frames Background 802.3 and 802.11 Frame Formats Default Priority to Traffic Class Mapping10.3.6 802.3 / 802.11 Frame Conversion IEEE802.11 Frame Format IEEE802.11 Frame Control FC Field Format AP-STA and AP-AP Modes How the 802.3 / 802.11 Frame Conversion Feature Works Receive Path Transmit Path Field AP to STA mode AP to AP modeTo 802.11 Header Conversion Rules Input 802.11 Frame Values Output 802.3 Frame Field Values 10.3.6.3 802.3 / 802.11 API Details11 to 802.3 Header Conversion Rules Frame Type Initialization Spanning Tree Protocol Port SettingsIxEthDB API IxEthDB Feature Set Feature SetAdditional Database Features User-Defined Field Promiscuous-Mode Requirement Dependencies on IxEthAcc ConfigurationDatabase Clear FCS Appending 180 Document Number 252539, Revision Access-Layer Components Ethernet PHY IxEthMii API Supported PHYs Access-Layer Components Ethernet PHY IxEthMii API PHYs Supported by IxEthMii Access-Layer Components Feature Control IxFeatureCtrl API Hardware Feature Control Product ID Values Using the Product ID-Related FunctionsAccess-Layer Components Feature Control IxFeatureCtrl API Bits Description Using the Feature Control Register Functions Feature Control Register Values Sheet 1 Component Check by Other APIs Software ConfigurationFeature Control Register Values Sheet 2 Document Number 252539, Revision 187 188 Document Number 252539, Revision Access-Layer Components HSS-Access IxHssAcc API IxHssAcc Interfaces Access-Layer Components HSS-Access IxHssAcc API FeaturesIxHssAcc API Overview Access-Layer Components HSS-Access IxHssAcc API HSS and Hdlc Theory and Coprocessor Operation Intel X S cale C ore HSS Tx Freq Pj Max ns Cj Max ns Aj Max ns HSS Output Clock Jitter and Error CharacterizationHSS Tx Clock Output frequencies and PPM Error Jitter Type Jitter Definition Jitter DefinitionsHSS Frame Output Characterization Actual Frame Length µs High-Level API Call Flow Key Assumptions IxHssAcc Component Dependencies HSS Port Initialization Details IxHssAccPortInit 198 Document Number 252539, Revision IxHssAccChanConnect Channelized Connect and EnableHSS Channelized Operation 200 Document Number 252539, Revision Channelized Tx/Rx Methods Channelized Connect CallBack Polled Channelized Transmit and Receive Channelized Disconnect Packetized Connect and EnableHSS Packetized Operation IxHssAccPktPortConnect Document Number 252539, Revision 205 Packetized Tx Packetized Connect Document Number 252539, Revision 207 Packetized Rx Packetized Transmit Document Number 252539, Revision 209 Packetized Receive Buffer Allocation Data-Flow Overview 13.6.5 56-Kbps, Packetized Raw ModeData Flow in Packetized Service Packetized Disconnect 212 Document Number 252539, Revision HSS Packetized Receive Buffering Data Flow in Channelized Service HSS Packetized Transmit Buffering Document Number 252539, Revision 215 HSS Channelized Receive Operation HSS Channelized Transmit Operation 218 Document Number 252539, Revision Loading NPE Microcode from a File Versus Loaded from Memory Access-Layer Components NPE-Downloader IxNpeDl APIMicrocode Images NPE Microcode Library Customization Access-Layer Components NPE-Downloader IxNpeDl APIStandard Usage Example NPE Image Compatibility NPE-A Images Image Name Description NPE-B Images NPE-C Images Sheet 1 NPE-C Images Sheet 2 Custom Usage ExampleIxNpeDl Uninitialization Deprecated APIs Access-Layer Components NPE Message Handler IxNpeMh API Interrupt-Driven Operation Access-Layer Components NPE Message Handler IxNpeMh APIInitializing the IxNpeMh Polled Operation Uninitializing IxNpeMh Sending an NPE Message Customer / Demo Code Sending an NPE Message with ResponseClient IxNpeMh IxNpeMh Receiving Unsolicited Messages from NPE to Software Client Client Customer / Demo Code IxNpeMh Component Dependencies 232 Document Number 252539, Revision Background Access-Layer Components Parity Error Notifier IxParityENAccIntroduction Network Processing Engines Scrubbing/Memory Scrub DDR Sdram Memory Controller Unit MCU Switching Coprocessor in NPE B SwcpAHB Queue Manager AQM Expansion Bus Controller Interrupt Prioritization Parity Error InterruptsInterrupt Bit Default Priority Software Secondary Effects of Parity Interrupts IxParityENAcc API Details FeaturesFeature Hardware Component Software Support Recoverable IxParityENAcc Dependency Diagram IxParityENAcc API Usage Scenarios Summary Parity Error Notification Scenario Parity Error Notification Sequence Parity Error Interrupt Deassertion Conditions Sheet 1 Interrupt Bit Source API Invoked by Summary Parity Error Recovery Scenario Parity Error Interrupt Deassertion Conditions Sheet 2 Summary Parity Error Prevention Scenario Parity Error Notification Detailed Scenarios Data Abort with No Parity Error Data Abort followed by Unrelated Parity Error Notification Data Abort Caused by Parity Error Data Abort with both Related and Unrelated Parity Errors Access-Layer Components Performance Profiling IxPerfProfAcc Intel XScale Core PMU Internal Bus PMU Counter Buffer Overflow Idle-Cycle Counter Utilities ‘Xcycle’ Interrupt Handling IxPerfProfAcc Dependencies Using the API Threading API Usage for Intel XScale Core PMU Event and Clock Counting 254 Document Number 252539, Revision Time-Based Sampling Display Performance Counters Display Clock Counter Event-Based Sampling Iii. Print out the first five elements 258 Document Number 252539, Revision C0112788 No lower symbol found. Module kernel Using Intel XScale Core PMU to Determine Cache Efficiency Internal Bus PMU IxPerfProfAccBusPmuStart Xcycle Idlecycle Counter Perform the same calculation for the rest of the PECs Display Xcycle Measurement Access-Layer Components Queue Manager IxQMgr API Features and Hardware Interface Access-Layer Components Queue Manager IxQMgr API Document Number 252539, Revision 267 Dispatcher Configuration ValuesAQM Configuration Attributes Attribute Description Values Dispatcher Modes 270 Document Number 252539, Revision AQM Livelock Prevention Dispatcher in Context of a Polling Mechanism Document Number 252539, Revision 273 274 Document Number 252539, Revision Access-Layer Components Synchronous Serial Port IxSspAcc IxSspAcc API Details IxSspAcc Dependencies Initialization and General Data Model Interrupt ModeIxSspAcc API Usage Models 278 Document Number 252539, Revision Interrupt Scenario Polling Mode Init Transmit Receive 282 Document Number 252539, Revision Access-Layer Components Time Sync IxTimeSyncAcc API Synchronization Sequence Access-Layer Components Time Sync IxTimeSyncAcc APIIeee 1588 PTP Protocol Overview Ieee 1588 Hardware Assist Block Overview Block Diagram of Intel IXP46X Network Processor Detailed Information Hardware Feature Options Default State IPv6 and VLAN-Tagged Ethernet Frames Ieee 1588 PTP Client Application IxTimeSyncAcc API DetailsIxTimeSyncAcc Additional Hardware Information Document Number 252539, Revision 289 Polling for Transmit and Receive Timestamps Interrupt Mode OperationsIxTimeSyncAcc API Usage Scenarios Polled Mode Operations Interrupt Servicing of Target Time Reached Condition Polling for Auxiliary Snapshot Values Access-Layer Components UART-Access IxUARTAcc API Interface Description Uart / OS Dependencies Fifo Versus Polled ModeAccess-Layer Components UART-Access IxUARTAcc API Uart Services Models 296 Document Number 252539, Revision Access-Layer Components USB Access ixUSB API USB Controller Background Packet Formats Access-Layer Components USB Access ixUSB APIIN, OUT, and Setup Token Packet Format SOF Token Packet Format Handshake Packet Format Transaction FormatsData Packet Format Bits 023 Bytes Action Token Packet Data Packet Handshake Packet Bulk Transaction FormatsIsochronous Transaction Formats Action Token Packet Data Packet Control Transaction Formats Control Write SetupControl Transaction Formats, Set-Up Stage Interrupt Transaction Formats IxUSB API Interfaces IxUSB Setup RequestsAPI interfaces Available for Access Layer Host-Device Request Summary Sheet 1 Request Name Configuration Host-Device Request Summary Sheet 2 Frame Synchronization IxUSB Endpoint Stall FeatureIxUSB Send and Receive Requests IxUSB Error Handling Stall on OUT Transactions Detailed Error Codes Error due to unknown reasons USB Data Flow USB Dependencies Codelets CodeletsATM Codelet IxAtmCodelet Ethernet Access Codelet IxEthAccCodelet Crypto Access Codelet IxCryptoAccCodeletDMA Access Codelet IxDmaAccCodelet Ethernet AAL-5 Codelet IxEthAal5App HSS Access Codelet IxHssAccCodelet Parity Error Notifier Codelet IxParityENAccCodelet USB Rndis Codelet IxUSBRNDIS Performance Profiling Codelet IxPerfProfAccCodeletTime Sync Codelet IxTimeSyncAccCodelet Operating System Abstraction Layer Osal Operating System Abstraction Layer Osal Osal Architecture Core Module OS-Independent Core ModuleOS-Dependent Module Buffer Management Module Buffer Translation Module Osal Library StructureBackward Compatibility Module Document Number 252539, Revision 317 C lu d e Osal Modules and Related Interfaces Core Module IPC Osal Core Interface Sheet 1 Thread Osal Core Interface Sheet 2 Osal Buffer Management Interface Buffer Management Module24.6.3 I/O Memory and Endianness Support Module Ixosalmmapvirttophys Osal I/O Memory and Endianness Interface Sheet 1 Supporting a New OS Osal I/O Memory and Endianness Interface Sheet 2 Supporting New Platforms Example 1. Global Memory Map Definitions Ixstaticmap Adsl Driver Overview Adsl DriverDevice Support Adsl API Adsl Line Open/Close Overview Example of Adsl Line Open Call Sequence Limitations and Constraints 2C Driver IxI2cDrv 26.3 I2C Driver API Details I2C Driver IxI2cDrv Arbitration Loss Error 2C Driver IxI2cDrv 26.4 I2C Driver API Usage Models Bus ErrorMaster-Interrupt Mode Initialization Support Functions I2C Driver IxI2cDrv Slave-Interrupt ModeSlave-Polling Mode Example Sequence Flows for Slave Mode Sequence Flow Diagram for Slave Transmit in Interrupt Mode Sequence Flow Diagram for Slave Receive in Polling Mode 26.4.3 I2C Using Gpio Versus Dedicated I2C Hardware Sequence Flow Diagram for Slave Transmit in Polling Mode 340 Document Number 252539, Revision Endianness in Intel IXP400 Software Endianness in Intel IXP400 SoftwareBasics of Endianness Endianness When Memory is Shared Nature of Endianness Hardware or Software? Casting a Pointer Between Types of Different Sizes Software Considerations and ImplicationsCoding Pitfalls Little-Endian/Big-Endian Network Stacks and Protocols Here is what the macro ntohl looks like in actual code Macro Source Code Best Practices in Coding of Endian-IndependenceMacro Examples Endian Conversion Avoid 346 Document Number 252539, Revision April Document Number 252539, Revision 347 Supporting Little-Endian Mode Reasons for Choosing a Particular LE Coherency Mode Hardware Switches Silicon Endianness Controls Intel XScale Core Endianness Mode MMU Byteswapen Bit Little-Endian Data Coherence Enable/DisableMMU P-Attribute Bit Forcebyteswap Bit Summary of Silicon Controls Silicon VersionsPCI Bus Swap Endian Hardware Summary IXP46X network processors A-0 stepping Part Number Brief Description APB Peripherals April 2005 NPE Message Handler IxNpeMh Ethernet Access Component IxEthAccNPE Downloader IxNpeDl Data Plane Ixosalmbuf Data Payload One Half-Word-Aligned Ethernet Frame LE Address Coherent Intel XScale Core Read of IP Header LE Data Coherent Intel IXP400 Software IxEthAcc and IxEthDB Summary Ethernet Access MIB StatisticsLearning Database Function ATM and HSS 27.5.4 PCIIntel IXP400 Software OS Abstraction Endian Conversion Macros VxWorks* ConsiderationsIntel IXP400 Software Macros #defines VxWorks* Data Coherent Swap Code Intel IXP400 Software Version Little-Endian Support Yes/No Software VersionsIntel IXP400 Software Versions