From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 7DEBFA0547; Wed, 29 Sep 2021 11:08:33 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 323E2410ED; Wed, 29 Sep 2021 11:08:31 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 0A91E410ED for ; Wed, 29 Sep 2021 11:08:29 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18T8e2p8005169; Wed, 29 Sep 2021 02:08:29 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=eNnu20Rs/i3tK8U1fLNPYSL5X73bBCwZy5v37jri4Ms=; b=QFbqcUC8vbs8K0z+j7ug4/JNI0lLQbur8BnJwS/JqrjuDqdW22i0Ugsp9GWKThvcik14 b17a4RlEBMGSjVdWxvt2ivaI4CsPJzak/KJeJiLxiMACEBDImur9HFt1RE+1184vLxHe wUyD7QYxs4f/OtRsIdjVpV8Lis5q+2oRqCcGyenVRa7qU4u+0lVPSlC5P0lW3GTgCRCZ 0yHO4NGEsPWwRkuOoSpPsjVjVZhjOchffTrVgMrIlqoPo0oUy/ODJEDQTHkgnUfBaFFT ngb6aN1pGL8m5zw2VT3mhoohiwkcpXE46dDC+4Z4w/kfmzuaPqts9dyVaVcBzNlNZE41 uQ== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com with ESMTP id 3bcknk8cv3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 29 Sep 2021 02:08:29 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Wed, 29 Sep 2021 02:08:27 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Wed, 29 Sep 2021 02:08:27 -0700 Received: from hyd1409.caveonetworks.com.com (unknown [10.29.45.15]) by maili.marvell.com (Postfix) with ESMTP id AF20A3F707D; Wed, 29 Sep 2021 02:08:24 -0700 (PDT) From: Archana Muniganti To: , , , , CC: Archana Muniganti , , , , , Date: Wed, 29 Sep 2021 14:38:09 +0530 Message-ID: <20210929090811.21030-2-marchana@marvell.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20210929090811.21030-1-marchana@marvell.com> References: <20210929090811.21030-1-marchana@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-GUID: CPWqQLiyroFXxw-p4PjXh4UczoZnowX4 X-Proofpoint-ORIG-GUID: CPWqQLiyroFXxw-p4PjXh4UczoZnowX4 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-29_02,2021-09-28_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v2 1/3] security: add SA config option for inner pkt csum X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add inner packet IPv4 hdr and L4 checksum enable options in conf. These will be used in case of protocol offload. Per SA, application could specify whether the checksum(compute/verify) can be offloaded to security device. Signed-off-by: Archana Muniganti --- doc/guides/cryptodevs/features/default.ini | 1 + doc/guides/rel_notes/deprecation.rst | 4 ++-- doc/guides/rel_notes/release_21_11.rst | 4 ++++ lib/cryptodev/rte_cryptodev.h | 2 ++ lib/security/rte_security.h | 18 ++++++++++++++++++ 5 files changed, 27 insertions(+), 2 deletions(-) diff --git a/doc/guides/cryptodevs/features/default.ini b/doc/guides/cryptodevs/features/default.ini index c24814de98..96d95ddc81 100644 --- a/doc/guides/cryptodevs/features/default.ini +++ b/doc/guides/cryptodevs/features/default.ini @@ -33,6 +33,7 @@ Non-Byte aligned data = Sym raw data path API = Cipher multiple data units = Cipher wrapped key = +Inner checksum = ; ; Supported crypto algorithms of a default crypto driver. diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst index 05fc2fdee7..8308e00ed4 100644 --- a/doc/guides/rel_notes/deprecation.rst +++ b/doc/guides/rel_notes/deprecation.rst @@ -232,8 +232,8 @@ Deprecation Notices IPsec payload MSS (Maximum Segment Size), and ESN (Extended Sequence Number). * security: The IPsec SA config options ``struct rte_security_ipsec_sa_options`` - will be updated with new fields to support new features like IPsec inner - checksum, TSO in case of protocol offload. + will be updated with new fields to support new features like TSO in case of + protocol offload. * ipsec: The structure ``rte_ipsec_sa_prm`` will be extended with a new field ``hdr_l3_len`` to configure tunnel L3 header length. diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst index 8da851cccc..93d1b36889 100644 --- a/doc/guides/rel_notes/release_21_11.rst +++ b/doc/guides/rel_notes/release_21_11.rst @@ -194,6 +194,10 @@ ABI Changes ``rte_security_ipsec_xform`` to allow applications to configure SA soft and hard expiry limits. Limits can be either in number of packets or bytes. +* security: The new options ``ip_csum_enable`` and ``l4_csum_enable`` were added + in structure ``rte_security_ipsec_sa_options`` to indicate whether inner + packet IPv4 header checksum and L4 checksum need to be offloaded to + security device. Known Issues ------------ diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h index bb01f0f195..d9271a6c45 100644 --- a/lib/cryptodev/rte_cryptodev.h +++ b/lib/cryptodev/rte_cryptodev.h @@ -479,6 +479,8 @@ rte_cryptodev_asym_get_xform_enum(enum rte_crypto_asym_xform_type *xform_enum, /**< Support operations on multiple data-units message */ #define RTE_CRYPTODEV_FF_CIPHER_WRAPPED_KEY (1ULL << 26) /**< Support wrapped key in cipher xform */ +#define RTE_CRYPTODEV_FF_SECURITY_INNER_CSUM (1ULL << 27) +/**< Support inner checksum computation/verification */ /** * Get the name of a crypto device feature flag diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h index ab1a6e1f65..945f45ad76 100644 --- a/lib/security/rte_security.h +++ b/lib/security/rte_security.h @@ -230,6 +230,24 @@ struct rte_security_ipsec_sa_options { * * 0: Do not match UDP ports */ uint32_t udp_ports_verify : 1; + + /** Compute/verify inner packet IPv4 header checksum in tunnel mode + * + * * 1: For outbound, compute inner packet IPv4 header checksum + * before tunnel encapsulation and for inbound, verify after + * tunnel decapsulation. + * * 0: Inner packet IP header checksum is not computed/verified. + */ + uint32_t ip_csum_enable : 1; + + /** Compute/verify inner packet L4 checksum in tunnel mode + * + * * 1: For outbound, compute inner packet L4 checksum before + * tunnel encapsulation and for inbound, verify after + * tunnel decapsulation. + * * 0: Inner packet L4 checksum is not computed/verified. + */ + uint32_t l4_csum_enable : 1; }; /** IPSec security association direction */ -- 2.22.0