diff mbox series

[v6,01/10] security: add support for TSO on IPsec session

Message ID	20210917091747.1528262-2-radu.nicolau@intel.com (mailing list archive)
State	Superseded, archived
Delegated to:	akhil goyal
Headers	From: Radu Nicolau <radu.nicolau@intel.com> To: Akhil Goyal <gakhil@marvell.com>, Declan Doherty <declan.doherty@intel.com> Cc: dev@dpdk.org, mdr@ashroe.eu, konstantin.ananyev@intel.com, vladimir.medvedkin@intel.com, bruce.richardson@intel.com, roy.fan.zhang@intel.com, hemant.agrawal@nxp.com, anoobj@marvell.com, abhijit.sinha@intel.com, daniel.m.buckley@intel.com, marchana@marvell.com, ktejasree@marvell.com, matan@nvidia.com, Radu Nicolau <radu.nicolau@intel.com> Date: Fri, 17 Sep 2021 10:17:38 +0100 Message-Id: <20210917091747.1528262-2-radu.nicolau@intel.com> In-Reply-To: <20210917091747.1528262-1-radu.nicolau@intel.com> References: <20210713133542.3550525-1-radu.nicolau@intel.com> <20210917091747.1528262-1-radu.nicolau@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-dev] [PATCH v6 01/10] security: add support for TSO on IPsec session Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>
Series	new features for ipsec and security libraries \| [v6,00/10] new features for ipsec and security libraries [v6,01/10] security: add support for TSO on IPsec session [v6,02/10] security: add UDP params for IPsec NAT-T [v6,03/10] security: add ESN field to ipsec_xform [v6,04/10] mbuf: add IPsec ESP tunnel type [v6,05/10] ipsec: add support for AEAD algorithms [v6,06/10] ipsec: add transmit segmentation offload support [v6,07/10] ipsec: add support for NAT-T [v6,08/10] ipsec: add support for SA telemetry [v6,09/10] ipsec: add support for initial SQN value [v6,10/10] ipsec: add ol_flags support

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK

Commit Message

Radu Nicolau Sept. 17, 2021, 9:17 a.m. UTC

  Allow user to provision a per security session maximum segment size
(MSS) for use when Transmit Segmentation Offload (TSO) is supported.
The MSS value will be used when PKT_TX_TCP_SEG or PKT_TX_UDP_SEG
ol_flags are specified in mbuf.

Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Signed-off-by: Abhijit Sinha <abhijit.sinha@intel.com>
Signed-off-by: Daniel Martin Buckley <daniel.m.buckley@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
---
 lib/security/rte_security.h | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

Comments

Ananyev, Konstantin Sept. 23, 2021, 12:35 p.m. UTC | #1

> Allow user to provision a per security session maximum segment size
> (MSS) for use when Transmit Segmentation Offload (TSO) is supported.
> The MSS value will be used when PKT_TX_TCP_SEG or PKT_TX_UDP_SEG
> ol_flags are specified in mbuf.
> 
> Signed-off-by: Declan Doherty <declan.doherty@intel.com>
> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
> Signed-off-by: Abhijit Sinha <abhijit.sinha@intel.com>
> Signed-off-by: Daniel Martin Buckley <daniel.m.buckley@intel.com>
> Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
> ---
>  lib/security/rte_security.h | 15 +++++++++++++++
>  1 file changed, 15 insertions(+)
> 
> diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
> index 2e136d7929..495a228915 100644
> --- a/lib/security/rte_security.h
> +++ b/lib/security/rte_security.h
> @@ -181,6 +181,19 @@ struct rte_security_ipsec_sa_options {
>  	 * * 0: Disable per session security statistics collection for this SA.
>  	 */
>  	uint32_t stats : 1;
> +
> +	/** Transmit Segmentation Offload (TSO)
> +	 *
> +	 * * 1: Enable per session security TSO support, use MSS value provide
> +	 *      in IPsec security session when PKT_TX_TCP_SEG or PKT_TX_UDP_SEG
> +	 *      ol_flags are set in mbuf.
> +	 *      this SA, if supported by the driver.
> +	 * * 0: No TSO support for offload IPsec packets. Hardware will not
> +	 *      attempt to segment packet, and packet transmission will fail if
> +	 *      larger than MTU of interface
> +	 */
> +	uint32_t tso : 1;
> +
>  };
> 
>  /** IPSec security association direction */
> @@ -217,6 +230,8 @@ struct rte_security_ipsec_xform {
>  	/**< Anti replay window size to enable sequence replay attack handling.
>  	 * replay checking is disabled if the window size is 0.
>  	 */
> +	uint32_t mss;
> +	/**< IPsec payload Maximum Segment Size */
>  };
> 
>  /**
> --

Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>

> 2.25.1

diff mbox series

Patch

diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 2e136d7929..495a228915 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -181,6 +181,19 @@  struct rte_security_ipsec_sa_options {
 	 * * 0: Disable per session security statistics collection for this SA.
 	 */
 	uint32_t stats : 1;
+
+	/** Transmit Segmentation Offload (TSO)
+	 *
+	 * * 1: Enable per session security TSO support, use MSS value provide
+	 *      in IPsec security session when PKT_TX_TCP_SEG or PKT_TX_UDP_SEG
+	 *      ol_flags are set in mbuf.
+	 *      this SA, if supported by the driver.
+	 * * 0: No TSO support for offload IPsec packets. Hardware will not
+	 *      attempt to segment packet, and packet transmission will fail if
+	 *      larger than MTU of interface
+	 */
+	uint32_t tso : 1;
+
 };
 
 /** IPSec security association direction */
@@ -217,6 +230,8 @@  struct rte_security_ipsec_xform {
 	/**< Anti replay window size to enable sequence replay attack handling.
 	 * replay checking is disabled if the window size is 0.
 	 */
+	uint32_t mss;
+	/**< IPsec payload Maximum Segment Size */
 };
 
 /**