From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 7B23BA0C4C; Tue, 28 Sep 2021 15:26:52 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id B0F09410E6; Tue, 28 Sep 2021 15:26:50 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id B437940E3C for ; Tue, 28 Sep 2021 15:26:49 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18SAIi3M021315; Tue, 28 Sep 2021 06:26:48 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=b8m56H1M0kjZ9LFJFTH30X5i5pG33j5kOP39tBQKEpE=; b=ifxyifFmy+kzW9rxsv0b96d9n/wtEf56FUZDa2rpTN/3NGT0vJQjS4wS3Lc0YX8MIJHs wtPRmRERAEmTkld9Vb+QZjHuskQmKVdpIbI8wqcvXbLaw7jOJLOFTiwZmiEzNmziADDR DQkiT0i9DFl6MTuRkKJbW3xNn6PyVYfJTYBlqj82QdAvAVVMPRtOpf/dA0k9flSEV3zr sU4/3uNJ54k9NNwfKYNq7DxTTg90PODNZ8UGF7s2fd40zpWLvHQ3SOTIR+9rtCCVWP25 UTC25vXE8RP3p0Rb/eUtTRppQC6nVvEpd/Chdo/N/Lcg3yhnw6/vjpHvs3EDOLrmfjKH 2A== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com with ESMTP id 3bc1620qft-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 28 Sep 2021 06:26:48 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 28 Sep 2021 06:26:46 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 28 Sep 2021 06:26:46 -0700 Received: from hyd1409.caveonetworks.com.com (unknown [10.29.45.15]) by maili.marvell.com (Postfix) with ESMTP id BB3073F707E; Tue, 28 Sep 2021 06:26:43 -0700 (PDT) From: Archana Muniganti To: , , , , CC: Archana Muniganti , , , , , Date: Tue, 28 Sep 2021 18:56:28 +0530 Message-ID: <20210928132630.12457-2-marchana@marvell.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20210928132630.12457-1-marchana@marvell.com> References: <20210928132630.12457-1-marchana@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-ORIG-GUID: czf3uBr5j6yus7gNxHzr6AlAvnFGgUik X-Proofpoint-GUID: czf3uBr5j6yus7gNxHzr6AlAvnFGgUik X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-28_05,2021-09-28_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH 1/3] security: add SA config option for inner pkt csum X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add inner packet IPv4 hdr and L4 checksum enable options in conf. These will be used in case of protocol offload. Per SA, application could specify whether the checksum(compute/verify) can be offloaded to security device. Signed-off-by: Archana Muniganti --- doc/guides/rel_notes/deprecation.rst | 4 ++-- doc/guides/rel_notes/release_21_11.rst | 5 +++++ lib/cryptodev/rte_cryptodev.h | 2 ++ lib/security/rte_security.h | 18 ++++++++++++++++++ 4 files changed, 27 insertions(+), 2 deletions(-) diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst index 80ae9a6372..ae2d6ffe33 100644 --- a/doc/guides/rel_notes/deprecation.rst +++ b/doc/guides/rel_notes/deprecation.rst @@ -237,8 +237,8 @@ Deprecation Notices IPsec payload MSS (Maximum Segment Size), and ESN (Extended Sequence Number). * security: The IPsec SA config options ``struct rte_security_ipsec_sa_options`` - will be updated with new fields to support new features like IPsec inner - checksum, TSO in case of protocol offload. + will be updated with new fields to support new features like TSO in case of + protocol offload. * ipsec: The structure ``rte_ipsec_sa_prm`` will be extended with a new field ``hdr_l3_len`` to configure tunnel L3 header length. diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst index e84a8863e9..42ed9ee580 100644 --- a/doc/guides/rel_notes/release_21_11.rst +++ b/doc/guides/rel_notes/release_21_11.rst @@ -197,6 +197,11 @@ ABI Changes * Added SA option to indicate whether UDP ports verification need to be done as part of inbound IPsec processing. +* security: add IPsec SA config option for inner packet checksum + + * Added inner packet IPv4 hdr and L4 checksum enable options in conf. + Per SA, application could specify whether the checksum(compute/verify) + can be offloaded to security device. Known Issues ------------ diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h index bb01f0f195..d9271a6c45 100644 --- a/lib/cryptodev/rte_cryptodev.h +++ b/lib/cryptodev/rte_cryptodev.h @@ -479,6 +479,8 @@ rte_cryptodev_asym_get_xform_enum(enum rte_crypto_asym_xform_type *xform_enum, /**< Support operations on multiple data-units message */ #define RTE_CRYPTODEV_FF_CIPHER_WRAPPED_KEY (1ULL << 26) /**< Support wrapped key in cipher xform */ +#define RTE_CRYPTODEV_FF_SECURITY_INNER_CSUM (1ULL << 27) +/**< Support inner checksum computation/verification */ /** * Get the name of a crypto device feature flag diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h index ae5a2e09c3..47d0b5689c 100644 --- a/lib/security/rte_security.h +++ b/lib/security/rte_security.h @@ -230,6 +230,24 @@ struct rte_security_ipsec_sa_options { * source and destination IP addresses. */ uint32_t tunnel_hdr_verify : 2; + + /** Compute/verify inner packet IPv4 header checksum in tunnel mode + * + * * 1: For outbound, compute inner packet IPv4 header checksum + * before tunnel encapsulation and for inbound, verify after + * tunnel decapsulation. + * * 0: Inner packet IP header checksum is not computed/verified. + */ + uint32_t ip_csum_enable : 1; + + /** Compute/verify inner packet L4 checksum in tunnel mode + * + * * 1: For outbound, compute inner packet L4 checksum before + * tunnel encapsulation and for inbound, verify after + * tunnel decapsulation. + * * 0: Inner packet L4 checksum is not computed/verified. + */ + uint32_t l4_csum_enable : 1; }; /** IPSec security association direction */ -- 2.22.0