From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 22350A0C45; Mon, 25 Oct 2021 11:11:26 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 08F30407FF; Mon, 25 Oct 2021 11:11:26 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 8E9184003E for ; Mon, 25 Oct 2021 11:11:24 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 19P8eBlW020436; Mon, 25 Oct 2021 02:11:23 -0700 Received: from nam11-dm6-obe.outbound.protection.outlook.com (mail-dm6nam11lp2176.outbound.protection.outlook.com [104.47.57.176]) by mx0b-0016f401.pphosted.com with ESMTP id 3bwdj3a08w-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 25 Oct 2021 02:11:23 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jYrqb1duBhS3eLUUTlW7lviTqH2XPsZ7b1X86mZQfpjeaiNOkLOyaE5Sq+L0Pl5KrCMXZTpOg7w2nr/+fipxljuaZ51WsL2zbiuXSeJXn5z99ItJ4iAIJ9p/Y1YQadNobfGBcsVbCWZRanrETlsW692NbtjFMaNiqoXAEWdbhAqCV0dpqXakW4BeZwHxcgfm+EDqpWRnh89JcDcp9dALKHZnf57ZAc+7I6i6yZiz7vQCJSO+aYrSis9kWtHWanMPYsh7MfdXuQFop60Ecn1/GkZ6H3XyAb5AofIURBzGJl+UAMayqcxGb5hSRsjPIBmcBPDb7laybpl9DnQB/jZKow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5etiOY7jtVdl6ZUfjYM+bwK9NAc0l9tHvRbooaXpoHg=; b=fji7FHmp6SD/RJhbsqnrOi+Vd9JRO7gtk4BSd611kN8ErkQ/q4Q2z3MM4j9HjyEB2wQ7v1Gk4skxUigRX0SUbNkWZkSfEziU5C1C/wlDPmgBvJCDmZ33f3CFxj/hzhlrP2FGmQOUX+hVoZkCuCtPBWMegGBR9yyaYHmI+rECsn3DXIYHsW3NZb5+Ys9UE8oZDtWK37tUEMklCq/d2f3cAdi6ovwb0vZ83Jm2EoN5nIB9SIbfv7QcizpOQi/bTguMj1qqKR1Efb7DKAdVuGMKtEQkVKFetIorDRw7L0IJ0a8ztPlzOHfCY3fZcCxEKNLQrQdMP6GvLBv+1EVS8cRS6g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com; dkim=pass header.d=marvell.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.onmicrosoft.com; s=selector1-marvell-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5etiOY7jtVdl6ZUfjYM+bwK9NAc0l9tHvRbooaXpoHg=; b=SE0V8dtnoUt9ulC40EyQvCo2nQqopfanPAAFft8L+a1DVqY7idb0Gz4gknbQrGXQGNZZu396ilxtRNU0cSHm5wWPAHUcLN/tI/QNwRX10wrysOR2G1i7gqQ9yklZD5ziywo4hmEnQhXGJGVixsCoS/sZgHQJoB05Y5pQWTJCH0Q= Received: from CO6PR18MB4484.namprd18.prod.outlook.com (2603:10b6:5:359::9) by CO1PR18MB4745.namprd18.prod.outlook.com (2603:10b6:303:e8::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.18; Mon, 25 Oct 2021 09:11:21 +0000 Received: from CO6PR18MB4484.namprd18.prod.outlook.com ([fe80::c41e:707:3f91:71b8]) by CO6PR18MB4484.namprd18.prod.outlook.com ([fe80::c41e:707:3f91:71b8%8]) with mapi id 15.20.4628.020; Mon, 25 Oct 2021 09:11:21 +0000 From: Akhil Goyal To: Radu Nicolau , Konstantin Ananyev , Bernard Iremonger , Vladimir Medvedkin CC: "dev@dpdk.org" , Anoob Joseph , Declan Doherty , Abhijit Sinha , Daniel Martin Buckley , Fan Zhang Thread-Topic: [EXT] [PATCH 1/2] ipsec: add transmit segmentation offload support Thread-Index: AQHXxDKnG6LPv9Q3JUu/nEAQns/gIKvjbTng Date: Mon, 25 Oct 2021 09:11:20 +0000 Message-ID: References: <20211018145824.1211074-1-radu.nicolau@intel.com> <20211018145824.1211074-2-radu.nicolau@intel.com> In-Reply-To: <20211018145824.1211074-2-radu.nicolau@intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 7fed0e45-5312-4d8a-9e36-08d997976945 x-ms-traffictypediagnostic: CO1PR18MB4745: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: /JDOE3PPFtB76cv/23KgQnkQjHH2o6xmHEizYWhKg9E11EWAvv1bVliRo2Jh673iFvrLW8mAC02BzkxR1QOKuI5rYtnHDGz2qoIhGE+KujpEwbzCdgirVDMdKsBD1BXppsxHvjX4O5x+IZievIWTLiZJU2jBhsZbqPKkYrmXIyh4ZTAqozbChPdcN8cRqkYO3Fkep1esL/AUgoU+j9Aom/RqzOSqCWywNZ/PL4qyhGv9MII75QERjwTnZSWoz3U3e4MPv9ZWxamCk+nF6lrbAgIDRKg8/xgF9/Wd38MwD8FHX9oiiBKN+/C1qC/pxqjfsESAbttWCArOMGDaM/sLjgbYrNhy/+NOABESHlt/TGqHoFgmsRB15HldC2JWN0ccxqF4hBjs8iyBykXlXDk5Ntr2d7Kj0rAZQx3U7vTbsdKah3E9FEEDDyVOLmqPjHQU+RnbL2CdpZ1VmSijkhkeragk4NzIN6+mPY5ssZ+eGdOG54er7qoItHqrrydMT8/jpeQ1xymHzHsS7qYK5NBcWSg7VKXvia5Unupju/aq8YhhTj1ELtIE2OZWcVnDeGl6Y6O5kmP1UkH6WYnL2Jz0W18Ex46M3QIzum7Hde+AlyKcHJubiakjADri+HXS7IyoJ4NwdeFnUkMrnhk6Gn07PiBr4PODMNyNujCUyAnXfP8tDMvBGcNmfkc4hPZALxVro8zT9LMszgzHRQW9ldVGuA== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO6PR18MB4484.namprd18.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(5660300002)(186003)(55236004)(316002)(71200400001)(7696005)(8936002)(8676002)(55016002)(66476007)(508600001)(6506007)(26005)(4326008)(52536014)(2906002)(54906003)(110136005)(33656002)(38100700002)(38070700005)(122000001)(86362001)(83380400001)(64756008)(66556008)(66946007)(9686003)(66446008)(76116006); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?C/j6uwsCSOKfRZH/zbgaWOFXLFJQvF6fuyZTb0OsH+MQnN71WSm9o/WKGg32?= =?us-ascii?Q?DgFmzRBjJJXjnb37MgYH2oXGkl44OTxD1eCyZEYqU0NuBmykNsaTlfcx/gau?= =?us-ascii?Q?0Y0TKTabnNr8XtHUV0X+vhNT8SpyBFOQHazL4M4MTsVYYPAsEcMOn8JMsd0Q?= =?us-ascii?Q?/AHqPwxkd4K0d92EKoi/WOlseuftTqPiMlKWBir64pTuL9wWcWnAR0WugBXg?= =?us-ascii?Q?3qVNiJ+jn478lMx5t28bsaKUHS9Fv/hODanIs4YS+ElfC2Njvq9nqLO3fK3k?= =?us-ascii?Q?AhO8RxQN6RitLMDjT/1BRyb7as7uvjoHBQOfH20+0kCPn14b7sdmHoZFLNGF?= =?us-ascii?Q?mFRnowQuQXXLgz2Vr8PMnJ1Zbl6lEjpOlX+MmKVOS7dgUQfGb4gWUiHijg96?= =?us-ascii?Q?v6l42Zo8t+q41C2mAs1MTX7p/k/EQ9+igSY2Gc6YOmSwmBcC8CE4SD0KT3Ol?= =?us-ascii?Q?U3SjOu0O2Rzfs6ldOfO/yRSJIqAyc8yGwIcD6hQCD5OQ5k8b2i4PGmDV8rtj?= =?us-ascii?Q?fJ/x+dLxNcCgfA16L4RKDZTiBexkGWnj5RdH6rafYC7VzpUoyDCY3Gl/zfGG?= =?us-ascii?Q?YZ9sMiLbi7jTvl9u0y6YIQnakVulh7+3fI80XTPCHuEsuy54UF2+Z6aKgIR7?= =?us-ascii?Q?OGifgzWiFaGOUslIlH6fQK/MEH4Fwan50OA0p2HIUFudhqdeRLeaioBCXy5D?= =?us-ascii?Q?sYJraM6+g2pEA+tZ31euZ8M8aRwW0mrPLB0L3z+ZUaIUQqXMHzj1KR61lzGV?= =?us-ascii?Q?1sPd+RcbQBu0oyMOI0rC+kt7HD8nUpPJbOFwF6Fod6r5Y7cOJySCllkfPUeY?= =?us-ascii?Q?Ki1nCx4wX99qq8d82ATYzqmBHKo8cObPocmOwTXrObMRxcCzfZoo0bo3r1Rf?= =?us-ascii?Q?NycHIlun40dAKb7WsL2ivwnbtfHMqNslES+P4CYxMya4wu1VGO0mn+l+Lgty?= =?us-ascii?Q?xM3+Kb8pejQQ3PkMsOB+Iw1e+6oaw87LF9zbesDEHEaMNsoXE/1sgF5FX31g?= =?us-ascii?Q?Fz5cDwMG7hoCO4qaqkVU3RZxjia/UT93S8LfkUWLNvxQeJCzKXTbRkAETjF6?= =?us-ascii?Q?XSWazV5/FmKiK9/GJXX+B9spN7XJ2BWCk2jcX9NS/XRL9a1MyJdkNTq84zuM?= =?us-ascii?Q?6hu3FLo9kXXZYXi7CEYcSI2f/lcB2j9aOobpfbc11lLDZrRIJnLoA505PJJJ?= =?us-ascii?Q?jqzUw+xLkJ8VkzpyCVbkQxAnh4rHvaQ9JtVu0f5uNFDi9Yl4yGtk3/PtYcWE?= =?us-ascii?Q?vsuNtkZW2pcKSWJrfghkf+jymwKLlYeeSxOQA1qeY48a2AtXbVJ31G5HG+0P?= =?us-ascii?Q?Tx4zz8dMZz7vFX9qDsP3qP/Dy36iLmk7u4/ex+J+yUjqq+4vZ/YYd75dAHJA?= =?us-ascii?Q?m1fSwIRlIweV+IHZ63y7HqZGHgM6gDNwGLVFWRtyX5Ak9p7OpuYAv1Odbugu?= =?us-ascii?Q?/KIX/4zfrytLSqSxLe25ZnDfinxaKpKrN5SefIDLKyMYsVjhO4brSCR0xeGh?= =?us-ascii?Q?SEhxfAAc8LFd9/9XAJdylboR20SxkuK+VwoQBE8QvQRPXQ22wGV5JIg0nc1T?= =?us-ascii?Q?Aw78nj9UqbWlux0owdZBDVqLO/OE2mU5T3HocgAKmwSWIpwGFcpZLyiayqGu?= =?us-ascii?Q?+z0dhW0ZHWwgsELpTsWdVRc=3D?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: marvell.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CO6PR18MB4484.namprd18.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7fed0e45-5312-4d8a-9e36-08d997976945 X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Oct 2021 09:11:20.9103 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: zhxsgG8U1e1IXPuhkIkpJJ+40B2vsfvK9XmZ+Mv9Q3cepwBEKhNJrzR5EMk9FM8nm1HwRWLNExVriDqBEOnNZg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR18MB4745 X-Proofpoint-GUID: VIdcBxx2JyBfMWvV6Lei95KZMNTnYyFS X-Proofpoint-ORIG-GUID: VIdcBxx2JyBfMWvV6Lei95KZMNTnYyFS X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-10-25_02,2021-10-25_01,2020-04-07_01 Subject: Re: [dpdk-dev] [EXT] [PATCH 1/2] ipsec: add transmit segmentation offload support X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" > Subject: [EXT] [PATCH 1/2] ipsec: add transmit segmentation offload suppo= rt >=20 Title should be ipsec: support TSO > Add support for transmit segmentation offload to inline crypto processing > mode. This offload is not supported by other offload modes, as at a > minimum it requires inline crypto for IPsec to be supported on the > network interface. >=20 > Signed-off-by: Declan Doherty > Signed-off-by: Radu Nicolau > Signed-off-by: Abhijit Sinha > Signed-off-by: Daniel Martin Buckley > Acked-by: Fan Zhang > --- > doc/guides/prog_guide/ipsec_lib.rst | 2 + > doc/guides/rel_notes/release_21_11.rst | 1 + > lib/ipsec/esp_outb.c | 131 +++++++++++++++++++------ > 3 files changed, 106 insertions(+), 28 deletions(-) >=20 > diff --git a/doc/guides/prog_guide/ipsec_lib.rst > b/doc/guides/prog_guide/ipsec_lib.rst > index 1bafdc608c..2a262f8c51 100644 > --- a/doc/guides/prog_guide/ipsec_lib.rst > +++ b/doc/guides/prog_guide/ipsec_lib.rst > @@ -315,6 +315,8 @@ Supported features >=20 > * NAT-T / UDP encapsulated ESP. >=20 > +* TSO support (only for inline crypto mode) > + The word support can be dropped here as it is a list of supported features. > * algorithms: 3DES-CBC, AES-CBC, AES-CTR, AES-GCM, AES_CCM, > CHACHA20_POLY1305, > AES_GMAC, HMAC-SHA1, NULL. >=20 > diff --git a/doc/guides/rel_notes/release_21_11.rst > b/doc/guides/rel_notes/release_21_11.rst > index f6d2bc6f48..955b0bd68f 100644 > --- a/doc/guides/rel_notes/release_21_11.rst > +++ b/doc/guides/rel_notes/release_21_11.rst > @@ -201,6 +201,7 @@ New Features > * Added support for NAT-T / UDP encapsulated ESP > * Added support for SA telemetry. > * Added support for setting a non default starting ESN value. > + * Added support TSO offload support; only supported for inline crypto > mode. The word support is added three times in a single sentence. It can be rephrased as * Added support for TSO in inline crypto mode. >=20 >=20 > Removed Items > diff --git a/lib/ipsec/esp_outb.c b/lib/ipsec/esp_outb.c > index b6c72f58a4..c9fba662f2 100644 > --- a/lib/ipsec/esp_outb.c > +++ b/lib/ipsec/esp_outb.c > @@ -18,7 +18,7 @@ >=20 > typedef int32_t (*esp_outb_prepare_t)(struct rte_ipsec_sa *sa, rte_be64_= t > sqc, > const uint64_t ivp[IPSEC_MAX_IV_QWORD], struct rte_mbuf *mb, > - union sym_op_data *icv, uint8_t sqh_len); > + union sym_op_data *icv, uint8_t sqh_len, uint8_t tso); >=20 > /* > * helper function to fill crypto_sym op for cipher+auth algorithms. > @@ -139,7 +139,7 @@ outb_cop_prepare(struct rte_crypto_op *cop, > static inline int32_t > outb_tun_pkt_prepare(struct rte_ipsec_sa *sa, rte_be64_t sqc, > const uint64_t ivp[IPSEC_MAX_IV_QWORD], struct rte_mbuf *mb, > - union sym_op_data *icv, uint8_t sqh_len) > + union sym_op_data *icv, uint8_t sqh_len, uint8_t tso) > { > uint32_t clen, hlen, l2len, pdlen, pdofs, plen, tlen; > struct rte_mbuf *ml; > @@ -157,11 +157,20 @@ outb_tun_pkt_prepare(struct rte_ipsec_sa *sa, > rte_be64_t sqc, >=20 > /* number of bytes to encrypt */ > clen =3D plen + sizeof(*espt); > - clen =3D RTE_ALIGN_CEIL(clen, sa->pad_align); > + > + /* We don't need to pad/align packet when using TSO offload */ > + if (!tso) > + clen =3D RTE_ALIGN_CEIL(clen, sa->pad_align); > + >=20 > /* pad length + esp tail */ > pdlen =3D clen - plen; > - tlen =3D pdlen + sa->icv_len + sqh_len; > + > + /* We don't append ICV length when using TSO offload */ > + if (!tso) > + tlen =3D pdlen + sa->icv_len + sqh_len; > + else > + tlen =3D pdlen + sqh_len; This is a data path function, 2 extra checks are added for tso in the same = function if (tso) { pdlen =3D clen - plen; tlen =3D pdlen + sqh_len; } else { clen =3D RTE_ALIGN_CEIL(clen, sa->pad_align); pdlen =3D clen - plen; tlen =3D pdlen + sa->icv_len + sqh_len; } >=20 > /* do append and prepend */ > ml =3D rte_pktmbuf_lastseg(mb); > @@ -309,7 +318,7 @@ esp_outb_tun_prepare(const struct > rte_ipsec_session *ss, struct rte_mbuf *mb[], >=20 > /* try to update the packet itself */ > rc =3D outb_tun_pkt_prepare(sa, sqc, iv, mb[i], &icv, > - sa->sqh_len); > + sa->sqh_len, 0); > /* success, setup crypto op */ > if (rc >=3D 0) { > outb_pkt_xprepare(sa, sqc, &icv); > @@ -336,7 +345,7 @@ esp_outb_tun_prepare(const struct > rte_ipsec_session *ss, struct rte_mbuf *mb[], > static inline int32_t > outb_trs_pkt_prepare(struct rte_ipsec_sa *sa, rte_be64_t sqc, > const uint64_t ivp[IPSEC_MAX_IV_QWORD], struct rte_mbuf *mb, > - union sym_op_data *icv, uint8_t sqh_len) > + union sym_op_data *icv, uint8_t sqh_len, uint8_t tso) > { > uint8_t np; > uint32_t clen, hlen, pdlen, pdofs, plen, tlen, uhlen; > @@ -358,11 +367,19 @@ outb_trs_pkt_prepare(struct rte_ipsec_sa *sa, > rte_be64_t sqc, >=20 > /* number of bytes to encrypt */ > clen =3D plen + sizeof(*espt); > - clen =3D RTE_ALIGN_CEIL(clen, sa->pad_align); > + > + /* We don't need to pad/align packet when using TSO offload */ > + if (!tso) > + clen =3D RTE_ALIGN_CEIL(clen, sa->pad_align); >=20 > /* pad length + esp tail */ > pdlen =3D clen - plen; > - tlen =3D pdlen + sa->icv_len + sqh_len; > + > + /* We don't append ICV length when using TSO offload */ > + if (!tso) > + tlen =3D pdlen + sa->icv_len + sqh_len; > + else > + tlen =3D pdlen + sqh_len; Same comment as above. >=20 > /* do append and insert */ > ml =3D rte_pktmbuf_lastseg(mb); > @@ -452,7 +469,7 @@ esp_outb_trs_prepare(const struct rte_ipsec_session > *ss, struct rte_mbuf *mb[], >=20 > /* try to update the packet itself */ > rc =3D outb_trs_pkt_prepare(sa, sqc, iv, mb[i], &icv, > - sa->sqh_len); > + sa->sqh_len, 0); > /* success, setup crypto op */ > if (rc >=3D 0) { > outb_pkt_xprepare(sa, sqc, &icv); > @@ -549,7 +566,7 @@ cpu_outb_pkt_prepare(const struct > rte_ipsec_session *ss, > gen_iv(ivbuf[k], sqc); >=20 > /* try to update the packet itself */ > - rc =3D prepare(sa, sqc, ivbuf[k], mb[i], &icv, sa->sqh_len); > + rc =3D prepare(sa, sqc, ivbuf[k], mb[i], &icv, sa->sqh_len, 0); >=20 > /* success, proceed with preparations */ > if (rc >=3D 0) { > @@ -668,6 +685,20 @@ inline_outb_mbuf_prepare(const struct > rte_ipsec_session *ss, > ss->sa->statistics.bytes +=3D bytes; > } >=20 > + > +static inline int > +esn_outb_nb_segments(struct rte_mbuf *m) > +{ > + if (m->ol_flags & (PKT_TX_TCP_SEG | PKT_TX_UDP_SEG)) { > + uint16_t pkt_l3len =3D m->pkt_len - m->l2_len; > + uint16_t segments =3D > + (m->tso_segsz > 0 && pkt_l3len > m->tso_segsz) ? > + (pkt_l3len + m->tso_segsz - 1) / m->tso_segsz : 1; > + return segments; Directly return, no need for defining segments. > + } > + return 1; /* no TSO */ > +} > + > /* > * process group of ESP outbound tunnel packets destined for > * INLINE_CRYPTO type of device. > @@ -677,29 +708,51 @@ inline_outb_tun_pkt_process(const struct > rte_ipsec_session *ss, > struct rte_mbuf *mb[], uint16_t num) > { > int32_t rc; > - uint32_t i, k, n; > + uint32_t i, k, nb_segs_t, n_sqn; _t is normally used for typedefs. Can we rename it? > uint64_t sqn; > rte_be64_t sqc; > struct rte_ipsec_sa *sa; > union sym_op_data icv; > uint64_t iv[IPSEC_MAX_IV_QWORD]; > uint32_t dr[num]; > + uint16_t nb_segs[num]; >=20 > sa =3D ss->sa; > + nb_segs_t =3D 0; > + /* Calculate number of segments */ > + for (i =3D 0; i !=3D num; i++) { > + nb_segs[i] =3D esn_outb_nb_segments(mb[i]); > + nb_segs_t +=3D nb_segs[i]; > + } >=20 > - n =3D num; > - sqn =3D esn_outb_update_sqn(sa, &n); > - if (n !=3D num) > + n_sqn =3D nb_segs_t; > + sqn =3D esn_outb_update_sqn(sa, &n_sqn); > + if (n_sqn !=3D nb_segs_t) { > rte_errno =3D EOVERFLOW; If it is an error condition, shouldn't we return. Also, I do not see rte_errno being checked anywhere in the app/test or ipse= c-secgw. > + /* if there are segmented packets find out how many can be > + * sent until overflow occurs > + */ > + if (nb_segs_t > num) { /* there is at least 1 */ > + uint32_t seg_cnt =3D 0; > + for (i =3D 0; i < num && seg_cnt < n_sqn; i++) > + seg_cnt +=3D nb_segs[i]; > + num =3D i - 1; > + } else { > + num =3D n_sqn; /* no segmented packets */ > + } > + } >=20