[v3,2/7] examples/ipsec-secgw: disable Tx chksum offload for inline
Checks
Commit Message
Enable Tx IPv4 checksum offload only when Tx inline crypto, lookaside
crypto/protocol or cpu crypto is needed.
For Tx Inline protocol offload, checksum computation
is implicitly taken care by HW.
Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
---
examples/ipsec-secgw/ipsec-secgw.c | 3 ---
examples/ipsec-secgw/sa.c | 46 ++++++++++++++++++++++++++++++++------
2 files changed, 39 insertions(+), 10 deletions(-)
@@ -1761,9 +1761,6 @@ port_init(uint16_t portid, uint64_t req_rx_offloads, uint64_t req_tx_offloads)
local_port_conf.txmode.offloads |=
RTE_ETH_TX_OFFLOAD_MBUF_FAST_FREE;
- if (dev_info.tx_offload_capa & RTE_ETH_TX_OFFLOAD_IPV4_CKSUM)
- local_port_conf.txmode.offloads |= RTE_ETH_TX_OFFLOAD_IPV4_CKSUM;
-
printf("port %u configuring rx_offloads=0x%" PRIx64
", tx_offloads=0x%" PRIx64 "\n",
portid, local_port_conf.rxmode.offloads,
@@ -1766,10 +1766,18 @@ sa_check_offloads(uint16_t port_id, uint64_t *rx_offloads,
struct ipsec_sa *rule;
uint32_t idx_sa;
enum rte_security_session_action_type rule_type;
+ struct rte_eth_dev_info dev_info;
+ int ret;
*rx_offloads = 0;
*tx_offloads = 0;
+ ret = rte_eth_dev_info_get(port_id, &dev_info);
+ if (ret != 0)
+ rte_exit(EXIT_FAILURE,
+ "Error during getting device (port %u) info: %s\n",
+ port_id, strerror(-ret));
+
/* Check for inbound rules that use offloads and use this port */
for (idx_sa = 0; idx_sa < nb_sa_in; idx_sa++) {
rule = &sa_in[idx_sa];
@@ -1785,13 +1793,37 @@ sa_check_offloads(uint16_t port_id, uint64_t *rx_offloads,
for (idx_sa = 0; idx_sa < nb_sa_out; idx_sa++) {
rule = &sa_out[idx_sa];
rule_type = ipsec_get_action_type(rule);
- if ((rule_type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO ||
- rule_type ==
- RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL)
- && rule->portid == port_id) {
- *tx_offloads |= RTE_ETH_TX_OFFLOAD_SECURITY;
- if (rule->mss)
- *tx_offloads |= RTE_ETH_TX_OFFLOAD_TCP_TSO;
+ switch (rule_type) {
+ case RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL:
+ /* Checksum offload is not needed for inline protocol as
+ * all processing for Outbound IPSec packets will be
+ * implicitly taken care and for non-IPSec packets,
+ * there is no need of IPv4 Checksum offload.
+ */
+ if (rule->portid == port_id) {
+ *tx_offloads |= RTE_ETH_TX_OFFLOAD_SECURITY;
+ if (rule->mss)
+ *tx_offloads |= (RTE_ETH_TX_OFFLOAD_TCP_TSO |
+ RTE_ETH_TX_OFFLOAD_IPV4_CKSUM);
+ }
+ break;
+ case RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO:
+ if (rule->portid == port_id) {
+ *tx_offloads |= RTE_ETH_TX_OFFLOAD_SECURITY;
+ if (rule->mss)
+ *tx_offloads |=
+ RTE_ETH_TX_OFFLOAD_TCP_TSO;
+ *tx_offloads |= RTE_ETH_TX_OFFLOAD_IPV4_CKSUM;
+ }
+ break;
+ default:
+ /* Enable IPv4 checksum offload even if one of lookaside
+ * SA's are present.
+ */
+ if (dev_info.tx_offload_capa &
+ RTE_ETH_TX_OFFLOAD_IPV4_CKSUM)
+ *tx_offloads |= RTE_ETH_TX_OFFLOAD_IPV4_CKSUM;
+ break;
}
}
return 0;