diff mbox series

[v3,4/8] examples/ipsec-secgw: add support for TSO

Message ID	20211001095202.3343782-5-radu.nicolau@intel.com (mailing list archive)
State	Superseded, archived
Delegated to:	akhil goyal
Headers	From: Radu Nicolau <radu.nicolau@intel.com> To: Radu Nicolau <radu.nicolau@intel.com>, Akhil Goyal <gakhil@marvell.com> Cc: dev@dpdk.org, declan.doherty@intel.com, hemant.agrawal@oss.nxp.com Date: Fri, 1 Oct 2021 10:51:58 +0100 Message-Id: <20211001095202.3343782-5-radu.nicolau@intel.com> In-Reply-To: <20211001095202.3343782-1-radu.nicolau@intel.com> References: <20210903112257.303961-1-radu.nicolau@intel.com> <20211001095202.3343782-1-radu.nicolau@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-dev] [PATCH v3 4/8] examples/ipsec-secgw: add support for TSO Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>
Series	IPsec Sec GW new features \| [v3,0/8] IPsec Sec GW new features [v3,1/8] examples/ipsec-secgw: add stats interval argument [v3,2/8] examples/ipsec-secgw: update create inline session [v3,3/8] examples/ipsec-secgw: add support for inline crypto UDP encapsulation [v3,4/8] examples/ipsec-secgw: add support for TSO [v3,5/8] examples/ipsec-secgw: add support for telemetry [v3,6/8] examples/ipsec-secgw: add support for defining initial sequence number value [v3,7/8] examples/ipsec-secgw: add ethdev reset callback [v3,8/8] examples/ipsec-secgw: add support for additional algorithms

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK

Commit Message

Radu Nicolau Oct. 1, 2021, 9:51 a.m. UTC

  Add support to allow user to specific MSS for TSO offload on a per SA
basis. MSS configuration in the context of IPsec is only supported for
outbound SA's in the context of an inline IPsec Crypto offload.

Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
---
 doc/guides/sample_app_ug/ipsec_secgw.rst | 10 ++++++++++
 examples/ipsec-secgw/ipsec-secgw.c       |  4 ++++
 examples/ipsec-secgw/ipsec.h             |  1 +
 examples/ipsec-secgw/ipsec_process.c     |  2 ++
 examples/ipsec-secgw/sa.c                | 12 ++++++++++++
 5 files changed, 29 insertions(+)

Comments

Akhil Goyal Oct. 8, 2021, 6:46 p.m. UTC | #1

> Add support to allow user to specific MSS for TSO offload on a per SA
> basis. MSS configuration in the context of IPsec is only supported for
> outbound SA's in the context of an inline IPsec Crypto offload.
> 
> Signed-off-by: Declan Doherty <declan.doherty@intel.com>
> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
> ---
>  doc/guides/sample_app_ug/ipsec_secgw.rst | 10 ++++++++++
>  examples/ipsec-secgw/ipsec-secgw.c       |  4 ++++
>  examples/ipsec-secgw/ipsec.h             |  1 +
>  examples/ipsec-secgw/ipsec_process.c     |  2 ++
>  examples/ipsec-secgw/sa.c                | 12 ++++++++++++
>  5 files changed, 29 insertions(+)

I think it is worth mentioning in release notes for this feature.

> 
> diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst
> b/doc/guides/sample_app_ug/ipsec_secgw.rst
> index 846cf2b81a..cf7a94f58a 100644
> --- a/doc/guides/sample_app_ug/ipsec_secgw.rst
> +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
> @@ -725,6 +725,16 @@ where each options means:
> 
>     * *udp-encap*
> 
> + ``<mss>``
> +
> + * Maximum segment size for TSO offload, available for egress SAs only.
> +
> + * Optional: Yes, TSO offload not set by default
> +
> + * Syntax:
> +
> +   * *mss N* N is the segment size

Specify units as well.
N is the segment size in bytes

> +
>  Example SA rules:
> 
>  .. code-block:: console
> diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-
> secgw/ipsec-secgw.c
> index 1d30f39450..3da520ec6e 100644
> --- a/examples/ipsec-secgw/ipsec-secgw.c
> +++ b/examples/ipsec-secgw/ipsec-secgw.c
> @@ -399,6 +399,10 @@ prepare_one_packet(struct rte_mbuf *pkt, struct
> ipsec_traffic *t)
>  		pkt->l2_len = 0;
>  		pkt->l3_len = sizeof(*iph4);
>  		pkt->packet_type |= RTE_PTYPE_L3_IPV4;
> +		if  (pkt->packet_type & RTE_PTYPE_L4_TCP)
> +			pkt->l4_len = sizeof(struct rte_tcp_hdr);
> +		else
> +			pkt->l4_len = sizeof(struct rte_udp_hdr);

If the packet is neither TCP nor UDP then?

>  	} else if (eth->ether_type ==
> rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6)) {
>  		int next_proto;
>  		size_t l3len, ext_len;
> diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
> index 50fb7a8b46..36b1ac9355 100644
> --- a/examples/ipsec-secgw/ipsec.h
> +++ b/examples/ipsec-secgw/ipsec.h
> @@ -143,6 +143,7 @@ struct ipsec_sa {
>  	enum rte_security_ipsec_sa_direction direction;
>  	uint8_t udp_encap;
>  	uint16_t portid;
> +	uint16_t mss;
>  	uint8_t fdir_qid;
>  	uint8_t fdir_flag;
> 
> diff --git a/examples/ipsec-secgw/ipsec_process.c b/examples/ipsec-
> secgw/ipsec_process.c
> index 5012e1a6a4..fc2a3cbcd1 100644
> --- a/examples/ipsec-secgw/ipsec_process.c
> +++ b/examples/ipsec-secgw/ipsec_process.c
> @@ -222,6 +222,8 @@ prep_process_group(void *sa, struct rte_mbuf
> *mb[], uint32_t cnt)
>  	for (j = 0; j != cnt; j++) {
>  		priv = get_priv(mb[j]);
>  		priv->sa = sa;
> +		if (priv->sa->mss)
> +			mb[j]->tso_segsz = priv->sa->mss;
>  	}
>  }
> 
> diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
> index b32c168bcc..3851a900dc 100644
> --- a/examples/ipsec-secgw/sa.c
> +++ b/examples/ipsec-secgw/sa.c
> @@ -678,6 +678,16 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
>  			continue;
>  		}
> 
> +		if (strcmp(tokens[ti], "mss") == 0) {
> +			INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
> +			if (status->status < 0)
> +				return;
> +			rule->mss = atoi(tokens[ti]);
> +			if (status->status < 0)
> +				return;
> +			continue;
> +		}
> +
>  		if (strcmp(tokens[ti], "fallback") == 0) {
>  			struct rte_ipsec_session *fb;
> 
> @@ -1326,11 +1336,13 @@ fill_ipsec_sa_prm(struct rte_ipsec_sa_prm
> *prm, const struct ipsec_sa *ss,
>  	if (IS_IP4_TUNNEL(ss->flags)) {
>  		prm->ipsec_xform.tunnel.type =
> RTE_SECURITY_IPSEC_TUNNEL_IPV4;
>  		prm->tun.hdr_len = sizeof(*v4);
> +		prm->tun.hdr_l3_off = 0;
>  		prm->tun.next_proto = rc;
>  		prm->tun.hdr = v4;
>  	} else if (IS_IP6_TUNNEL(ss->flags)) {
>  		prm->ipsec_xform.tunnel.type =
> RTE_SECURITY_IPSEC_TUNNEL_IPV6;
>  		prm->tun.hdr_len = sizeof(*v6);
> +		prm->tun.hdr_l3_off = 0;
>  		prm->tun.next_proto = rc;
>  		prm->tun.hdr = v6;
>  	} else {

Also update print_usage() function with the new options added.
Check in other patches also.

diff mbox series

Patch

diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst
index 846cf2b81a..cf7a94f58a 100644
--- a/doc/guides/sample_app_ug/ipsec_secgw.rst
+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
@@ -725,6 +725,16 @@  where each options means:
 
    * *udp-encap*
 
+ ``<mss>``
+
+ * Maximum segment size for TSO offload, available for egress SAs only.
+
+ * Optional: Yes, TSO offload not set by default
+
+ * Syntax:
+
+   * *mss N* N is the segment size
+
 Example SA rules:
 
 .. code-block:: console
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 1d30f39450..3da520ec6e 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -399,6 +399,10 @@  prepare_one_packet(struct rte_mbuf *pkt, struct ipsec_traffic *t)
 		pkt->l2_len = 0;
 		pkt->l3_len = sizeof(*iph4);
 		pkt->packet_type |= RTE_PTYPE_L3_IPV4;
+		if  (pkt->packet_type & RTE_PTYPE_L4_TCP)
+			pkt->l4_len = sizeof(struct rte_tcp_hdr);
+		else
+			pkt->l4_len = sizeof(struct rte_udp_hdr);
 	} else if (eth->ether_type == rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6)) {
 		int next_proto;
 		size_t l3len, ext_len;
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 50fb7a8b46..36b1ac9355 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -143,6 +143,7 @@  struct ipsec_sa {
 	enum rte_security_ipsec_sa_direction direction;
 	uint8_t udp_encap;
 	uint16_t portid;
+	uint16_t mss;
 	uint8_t fdir_qid;
 	uint8_t fdir_flag;
 
diff --git a/examples/ipsec-secgw/ipsec_process.c b/examples/ipsec-secgw/ipsec_process.c
index 5012e1a6a4..fc2a3cbcd1 100644
--- a/examples/ipsec-secgw/ipsec_process.c
+++ b/examples/ipsec-secgw/ipsec_process.c
@@ -222,6 +222,8 @@  prep_process_group(void *sa, struct rte_mbuf *mb[], uint32_t cnt)
 	for (j = 0; j != cnt; j++) {
 		priv = get_priv(mb[j]);
 		priv->sa = sa;
+		if (priv->sa->mss)
+			mb[j]->tso_segsz = priv->sa->mss;
 	}
 }
 
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index b32c168bcc..3851a900dc 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -678,6 +678,16 @@  parse_sa_tokens(char **tokens, uint32_t n_tokens,
 			continue;
 		}
 
+		if (strcmp(tokens[ti], "mss") == 0) {
+			INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
+			if (status->status < 0)
+				return;
+			rule->mss = atoi(tokens[ti]);
+			if (status->status < 0)
+				return;
+			continue;
+		}
+
 		if (strcmp(tokens[ti], "fallback") == 0) {
 			struct rte_ipsec_session *fb;
 
@@ -1326,11 +1336,13 @@  fill_ipsec_sa_prm(struct rte_ipsec_sa_prm *prm, const struct ipsec_sa *ss,
 	if (IS_IP4_TUNNEL(ss->flags)) {
 		prm->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
 		prm->tun.hdr_len = sizeof(*v4);
+		prm->tun.hdr_l3_off = 0;
 		prm->tun.next_proto = rc;
 		prm->tun.hdr = v4;
 	} else if (IS_IP6_TUNNEL(ss->flags)) {
 		prm->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV6;
 		prm->tun.hdr_len = sizeof(*v6);
+		prm->tun.hdr_l3_off = 0;
 		prm->tun.next_proto = rc;
 		prm->tun.hdr = v6;
 	} else {