From: Radu Nicolau <radu.nicolau@intel.com>
To: Akhil Goyal <gakhil@marvell.com>,
Declan Doherty <declan.doherty@intel.com>
Cc: dev@dpdk.org, Radu Nicolau <radu.nicolau@intel.com>,
Abhijit Sinha <abhijits.sinha@intel.com>,
Daniel Martin Buckley <daniel.m.buckley@intel.com>
Subject: [dpdk-dev] [RFC 01/10] security: add support for TSO on IPsec session
Date: Tue, 6 Jul 2021 12:28:56 +0100 [thread overview]
Message-ID: <20210706112904.3094598-2-radu.nicolau@intel.com> (raw)
In-Reply-To: <20210706112904.3094598-1-radu.nicolau@intel.com>
Allow user to provision a per security session maximum segment size
(MSS) for use when Transmit Segmentation Offload (TSO) is supported.
The MSS value will be used when PKT_TX_TCP_SEG or PKT_TX_UDP_SEG
ol_flags are specified in mbuf.
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Signed-off-by: Abhijit Sinha <abhijits.sinha@intel.com>
Signed-off-by: Daniel Martin Buckley <daniel.m.buckley@intel.com>
---
lib/security/rte_security.h | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 88d31de0a6..45896a77d0 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -181,6 +181,19 @@ struct rte_security_ipsec_sa_options {
* * 0: Disable per session security statistics collection for this SA.
*/
uint32_t stats : 1;
+
+ /** Transmit Segmentation Offload (TSO)
+ *
+ * * 1: Enable per session security TSO support, use MSS value provide
+ * in IPsec security session when PKT_TX_TCP_SEG or PKT_TX_UDP_SEG
+ * ol_flags are set in mbuf.
+ * this SA, if supported by the driver.
+ * * 0: No TSO support for offload IPsec packets. Hardware will not
+ * attempt to segment packet, and packet transmission will fail if
+ * larger than MTU of interface
+ */
+ uint32_t tso : 1;
+
};
/** IPSec security association direction */
@@ -217,6 +230,8 @@ struct rte_security_ipsec_xform {
/**< Anti replay window size to enable sequence replay attack handling.
* replay checking is disabled if the window size is 0.
*/
+ uint32_t mss;
+ /**< IPsec payload Maximum Segment Size */
};
/**
--
2.25.1
next prev parent reply other threads:[~2021-07-06 11:39 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-06 11:28 [dpdk-dev] [RFC 00/10] new features for ipsec and security libraries Radu Nicolau
2021-07-06 11:28 ` Radu Nicolau [this message]
2021-07-06 11:28 ` [dpdk-dev] [RFC 02/10] security: add UDP params for IPsec NAT-T Radu Nicolau
2021-07-06 11:28 ` [dpdk-dev] [RFC 03/10] security: add ESN field to ipsec_xform Radu Nicolau
2021-07-06 11:28 ` [dpdk-dev] [RFC 04/10] mbuf: add IPsec ESP tunnel type Radu Nicolau
2021-07-06 11:29 ` [dpdk-dev] [RFC 05/10] ipsec: add support for AEAD algorithms Radu Nicolau
2021-07-06 11:29 ` [dpdk-dev] [RFC 06/10] ipsec: add transmit segmentation offload support Radu Nicolau
2021-07-06 11:29 ` [dpdk-dev] [RFC 07/10] ipsec: add support for NAT-T Radu Nicolau
2021-07-06 11:29 ` [dpdk-dev] [RFC 08/10] ipsec: add support for SA telemetry Radu Nicolau
2021-08-04 9:56 ` Kinsella, Ray
2021-07-06 11:29 ` [dpdk-dev] [RFC 09/10] ipsec: add support for initial SQN value Radu Nicolau
2021-07-13 13:32 [dpdk-dev] [RFC 00/10] new features for ipsec and security libraries Radu Nicolau
2021-07-13 13:32 ` [dpdk-dev] [RFC 01/10] security: add support for TSO on IPsec session Radu Nicolau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210706112904.3094598-2-radu.nicolau@intel.com \
--to=radu.nicolau@intel.com \
--cc=abhijits.sinha@intel.com \
--cc=daniel.m.buckley@intel.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).