[v6,01/10] security: add support for TSO on IPsec session
Checks
Commit Message
Allow user to provision a per security session maximum segment size
(MSS) for use when Transmit Segmentation Offload (TSO) is supported.
The MSS value will be used when PKT_TX_TCP_SEG or PKT_TX_UDP_SEG
ol_flags are specified in mbuf.
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Signed-off-by: Abhijit Sinha <abhijit.sinha@intel.com>
Signed-off-by: Daniel Martin Buckley <daniel.m.buckley@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
---
lib/security/rte_security.h | 15 +++++++++++++++
1 file changed, 15 insertions(+)
Comments
> Allow user to provision a per security session maximum segment size
> (MSS) for use when Transmit Segmentation Offload (TSO) is supported.
> The MSS value will be used when PKT_TX_TCP_SEG or PKT_TX_UDP_SEG
> ol_flags are specified in mbuf.
>
> Signed-off-by: Declan Doherty <declan.doherty@intel.com>
> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
> Signed-off-by: Abhijit Sinha <abhijit.sinha@intel.com>
> Signed-off-by: Daniel Martin Buckley <daniel.m.buckley@intel.com>
> Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
> ---
> lib/security/rte_security.h | 15 +++++++++++++++
> 1 file changed, 15 insertions(+)
>
> diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
> index 2e136d7929..495a228915 100644
> --- a/lib/security/rte_security.h
> +++ b/lib/security/rte_security.h
> @@ -181,6 +181,19 @@ struct rte_security_ipsec_sa_options {
> * * 0: Disable per session security statistics collection for this SA.
> */
> uint32_t stats : 1;
> +
> + /** Transmit Segmentation Offload (TSO)
> + *
> + * * 1: Enable per session security TSO support, use MSS value provide
> + * in IPsec security session when PKT_TX_TCP_SEG or PKT_TX_UDP_SEG
> + * ol_flags are set in mbuf.
> + * this SA, if supported by the driver.
> + * * 0: No TSO support for offload IPsec packets. Hardware will not
> + * attempt to segment packet, and packet transmission will fail if
> + * larger than MTU of interface
> + */
> + uint32_t tso : 1;
> +
> };
>
> /** IPSec security association direction */
> @@ -217,6 +230,8 @@ struct rte_security_ipsec_xform {
> /**< Anti replay window size to enable sequence replay attack handling.
> * replay checking is disabled if the window size is 0.
> */
> + uint32_t mss;
> + /**< IPsec payload Maximum Segment Size */
> };
>
> /**
> --
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> 2.25.1
@@ -181,6 +181,19 @@ struct rte_security_ipsec_sa_options {
* * 0: Disable per session security statistics collection for this SA.
*/
uint32_t stats : 1;
+
+ /** Transmit Segmentation Offload (TSO)
+ *
+ * * 1: Enable per session security TSO support, use MSS value provide
+ * in IPsec security session when PKT_TX_TCP_SEG or PKT_TX_UDP_SEG
+ * ol_flags are set in mbuf.
+ * this SA, if supported by the driver.
+ * * 0: No TSO support for offload IPsec packets. Hardware will not
+ * attempt to segment packet, and packet transmission will fail if
+ * larger than MTU of interface
+ */
+ uint32_t tso : 1;
+
};
/** IPSec security association direction */
@@ -217,6 +230,8 @@ struct rte_security_ipsec_xform {
/**< Anti replay window size to enable sequence replay attack handling.
* replay checking is disabled if the window size is 0.
*/
+ uint32_t mss;
+ /**< IPsec payload Maximum Segment Size */
};
/**