From patchwork Thu Sep 30 12:58:30 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Archana Muniganti X-Patchwork-Id: 100093 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 1A0E1A0C41; Thu, 30 Sep 2021 14:58:53 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 01D7D410EF; Thu, 30 Sep 2021 14:58:53 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id BD6EC4067E for ; Thu, 30 Sep 2021 14:58:51 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18UAAG67028249; Thu, 30 Sep 2021 05:58:50 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=Fj5s2Xg+KniugQTnWr3X4fxSoA6fnpA8VKvvJEE38bg=; b=AKVfgam2FmiT+Ou5m38b6aM7P39P6few7gcDhndJJHImV0YXU5gjidtktaQ33ciYoLRe jjoOXCTUNMDC3QzbtCnBbJRLnMlolSMhIBNLkhD7sho+LrwGZs9Pwhh7ID8WDTcBHio7 21E93OzIUAG3qCRlYICHfnel2glX7qdEkb785oVcpMsruqq1AQFeLyMlLmA7JJVZympf 7GHeIUzLf1gH2knByN0m7CuFf46dD1bwmSKtpMbtLGRe/K3eLKRzpufMVnpFMliCVonW Au7ZlZc0hvIBcw6nbENhdE2gii/+XHhOBHJjq84J1X/95XouNBbMofjja4XNQ49uiXMp 5w== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com with ESMTP id 3bd3g3accm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 30 Sep 2021 05:58:50 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Thu, 30 Sep 2021 05:58:47 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Thu, 30 Sep 2021 05:58:47 -0700 Received: from hyd1409.caveonetworks.com.com (unknown [10.29.45.15]) by maili.marvell.com (Postfix) with ESMTP id 5C99D3F706D; Thu, 30 Sep 2021 05:58:44 -0700 (PDT) From: Archana Muniganti To: , , , , CC: Archana Muniganti , , , , , Date: Thu, 30 Sep 2021 18:28:30 +0530 Message-ID: <20210930125832.15807-2-marchana@marvell.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20210930125832.15807-1-marchana@marvell.com> References: <20210930125832.15807-1-marchana@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: pJegdvJ-wXwBbTNz8-OQ4FDzmIKAbTt3 X-Proofpoint-ORIG-GUID: pJegdvJ-wXwBbTNz8-OQ4FDzmIKAbTt3 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-30_04,2021-09-30_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v4 1/3] security: add SA config option for inner pkt csum X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add inner packet IPv4 hdr and L4 checksum enable options in conf. These will be used in case of protocol offload. Per SA, application could specify whether the checksum(compute/verify) can be offloaded to security device. Signed-off-by: Archana Muniganti Acked-by: Konstantin Ananyev --- doc/guides/cryptodevs/features/default.ini | 1 + doc/guides/rel_notes/deprecation.rst | 4 +-- doc/guides/rel_notes/release_21_11.rst | 4 +++ lib/cryptodev/rte_cryptodev.h | 2 ++ lib/security/rte_security.h | 31 ++++++++++++++++++++++ 5 files changed, 40 insertions(+), 2 deletions(-) diff --git a/doc/guides/cryptodevs/features/default.ini b/doc/guides/cryptodevs/features/default.ini index c24814de98..96d95ddc81 100644 --- a/doc/guides/cryptodevs/features/default.ini +++ b/doc/guides/cryptodevs/features/default.ini @@ -33,6 +33,7 @@ Non-Byte aligned data = Sym raw data path API = Cipher multiple data units = Cipher wrapped key = +Inner checksum = ; ; Supported crypto algorithms of a default crypto driver. diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst index 05fc2fdee7..8308e00ed4 100644 --- a/doc/guides/rel_notes/deprecation.rst +++ b/doc/guides/rel_notes/deprecation.rst @@ -232,8 +232,8 @@ Deprecation Notices IPsec payload MSS (Maximum Segment Size), and ESN (Extended Sequence Number). * security: The IPsec SA config options ``struct rte_security_ipsec_sa_options`` - will be updated with new fields to support new features like IPsec inner - checksum, TSO in case of protocol offload. + will be updated with new fields to support new features like TSO in case of + protocol offload. * ipsec: The structure ``rte_ipsec_sa_prm`` will be extended with a new field ``hdr_l3_len`` to configure tunnel L3 header length. diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst index 3ade7fe5ac..5480f05a99 100644 --- a/doc/guides/rel_notes/release_21_11.rst +++ b/doc/guides/rel_notes/release_21_11.rst @@ -196,6 +196,10 @@ ABI Changes ``rte_security_ipsec_xform`` to allow applications to configure SA soft and hard expiry limits. Limits can be either in number of packets or bytes. +* security: The new options ``ip_csum_enable`` and ``l4_csum_enable`` were added + in structure ``rte_security_ipsec_sa_options`` to indicate whether inner + packet IPv4 header checksum and L4 checksum need to be offloaded to + security device. Known Issues ------------ diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h index bb01f0f195..d9271a6c45 100644 --- a/lib/cryptodev/rte_cryptodev.h +++ b/lib/cryptodev/rte_cryptodev.h @@ -479,6 +479,8 @@ rte_cryptodev_asym_get_xform_enum(enum rte_crypto_asym_xform_type *xform_enum, /**< Support operations on multiple data-units message */ #define RTE_CRYPTODEV_FF_CIPHER_WRAPPED_KEY (1ULL << 26) /**< Support wrapped key in cipher xform */ +#define RTE_CRYPTODEV_FF_SECURITY_INNER_CSUM (1ULL << 27) +/**< Support inner checksum computation/verification */ /** * Get the name of a crypto device feature flag diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h index ab1a6e1f65..0c5636377e 100644 --- a/lib/security/rte_security.h +++ b/lib/security/rte_security.h @@ -230,6 +230,37 @@ struct rte_security_ipsec_sa_options { * * 0: Do not match UDP ports */ uint32_t udp_ports_verify : 1; + + /** Compute/verify inner packet IPv4 header checksum in tunnel mode + * + * * 1: For outbound, compute inner packet IPv4 header checksum + * before tunnel encapsulation and for inbound, verify after + * tunnel decapsulation. + * * 0: Inner packet IP header checksum is not computed/verified. + * + * The checksum verification status would be set in mbuf using + * PKT_RX_IP_CKSUM_xxx flags. + * + * Inner IP checksum computation can also be enabled(per operation) + * by setting the flag PKT_TX_IP_CKSUM in mbuf. + */ + uint32_t ip_csum_enable : 1; + + /** Compute/verify inner packet L4 checksum in tunnel mode + * + * * 1: For outbound, compute inner packet L4 checksum before + * tunnel encapsulation and for inbound, verify after + * tunnel decapsulation. + * * 0: Inner packet L4 checksum is not computed/verified. + * + * The checksum verification status would be set in mbuf using + * PKT_RX_L4_CKSUM_xxx flags. + * + * Inner L4 checksum computation can also be enabled(per operation) + * by setting the flags PKT_TX_TCP_CKSUM or PKT_TX_SCTP_CKSUM or + * PKT_TX_UDP_CKSUM or PKT_TX_L4_MASK in mbuf. + */ + uint32_t l4_csum_enable : 1; }; /** IPSec security association direction */