From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 215DDA0547; Tue, 26 Oct 2021 19:30:55 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id A73D9410D5; Tue, 26 Oct 2021 19:30:54 +0200 (CEST) Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mails.dpdk.org (Postfix) with ESMTP id CD8F740E0F for ; Tue, 26 Oct 2021 19:30:52 +0200 (CEST) X-IronPort-AV: E=McAfee;i="6200,9189,10149"; a="210752358" X-IronPort-AV: E=Sophos;i="5.87,184,1631602800"; d="scan'208";a="210752358" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Oct 2021 10:30:39 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.87,184,1631602800"; d="scan'208";a="572582200" Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by FMSMGA003.fm.intel.com with ESMTP; 26 Oct 2021 10:30:39 -0700 Received: from fmsmsx609.amr.corp.intel.com (10.18.126.89) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Tue, 26 Oct 2021 10:30:38 -0700 Received: from fmsmsx604.amr.corp.intel.com (10.18.126.84) by fmsmsx609.amr.corp.intel.com (10.18.126.89) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Tue, 26 Oct 2021 10:30:38 -0700 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx604.amr.corp.intel.com (10.18.126.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12 via Frontend Transport; Tue, 26 Oct 2021 10:30:38 -0700 Received: from NAM04-DM6-obe.outbound.protection.outlook.com (104.47.73.42) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.12; Tue, 26 Oct 2021 10:30:38 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NbjQn9ErUuMpYdNFRwB6EgXl44wtjk09qjqIqLhPDsAymJLvJ/y2qiCEDD+5FsKDnEe0NDfXKarAFGWnFnsFeF0259gEXmQoFCU6y60FX8YgsE3SGOLfRaRRG+fQ01kkXDtbBLXIH8COzutIN91mmZXAosx8M4qjB1a+9i/pc8AaA/FMBT1Zumkj3i4WhNqXMaXEzh81dI7r+oQB951odD+tnDbcfgtSVaHXPNk3sXrlfaPPsOLIspB/I5fKOMwKMk6p8n7OM4dER4iiUOdKVtuPPR6V9SP6dntrKEeUIglJawq9wtygbLoP1531vu4Gymv0XJqoiGaKvUKTV0XXSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FiHORF6HGu5jza1hX8EVhYwE1+RPYN2qKnfFO+6Ve9I=; b=lyvQ1/qB9jiujIqrXzh0FueDtuB217hiEricXwZUBuih57mgpeCblmOdfIB2a8VNF6epklP3juB7tmE/bMoPotG+WVdcMb4L+xNVr48KgcGNKUNE29+2j5wLZB9zD22CQbMv42+1iPUHMzhBb7OWnVOsiFCliLESE/bcZKAwnMjz7M/t0QmZgojhwV7Yfcyz+uo9w7cuhDvEYwmfPGhHIh15bf+xRzbaJ42Lb3e36qwLrRUXXb+4Nke436Q7ZRWrv4QkAHTbh7f+dQ32QpHH0JvE34yhxJIPS7s1mvFJE6ASyr3YBYDOwUYGNKjPlzCgbHw3YKjSUBqt0IdAVkNFuA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FiHORF6HGu5jza1hX8EVhYwE1+RPYN2qKnfFO+6Ve9I=; b=aBNSQh6NcBEQTajgRz/7pQbS1MDnud2L8voTkEL6Bd+canM/eC1X/TzCFSze26vhIflImkZJExCJEiHGBs3IPn01vjKLoqvqWkU+IrOvtSxojjbpmHlXSt8HZUe0RKcUwxizSU2sQ1eQ2azUVm84yWFHaIyItHeHSCZIInWTUts= Received: from DM6PR11MB4491.namprd11.prod.outlook.com (2603:10b6:5:204::19) by DM5PR1101MB2090.namprd11.prod.outlook.com (2603:10b6:4:51::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.18; Tue, 26 Oct 2021 17:30:36 +0000 Received: from DM6PR11MB4491.namprd11.prod.outlook.com ([fe80::2c0c:5383:f814:3b4e]) by DM6PR11MB4491.namprd11.prod.outlook.com ([fe80::2c0c:5383:f814:3b4e%6]) with mapi id 15.20.4628.023; Tue, 26 Oct 2021 17:30:36 +0000 From: "Ananyev, Konstantin" To: "Nicolau, Radu" , "Iremonger, Bernard" , "Medvedkin, Vladimir" CC: "dev@dpdk.org" , "gakhil@marvell.com" , "anoobj@marvell.com" , "Doherty, Declan" , "Sinha, Abhijit" , "Buckley, Daniel M" , "Zhang, Roy Fan" Thread-Topic: [PATCH v2 1/2] ipsec: add TSO support Thread-Index: AQHXyoYIxNj5oChKO0G0KlAJZXNnNavliHGw Date: Tue, 26 Oct 2021 17:30:36 +0000 Message-ID: References: <20211026161104.2099054-1-radu.nicolau@intel.com> <20211026161104.2099054-2-radu.nicolau@intel.com> In-Reply-To: <20211026161104.2099054-2-radu.nicolau@intel.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.6.200.16 authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 180ceee4-83a7-401b-230b-08d998a65297 x-ms-traffictypediagnostic: DM5PR1101MB2090: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: FRJMBR2IWX6Do5ET5ryrdKMYLaMRwXSfuZuzb2oYKLVnedTGbA80VK3Cv8X5boeJuIzy/K02aQ0kZ4Hj4H9o5QcqGOHEi6KIboJKZtUDtjWhKWQ2uDIBkLBAdqMqXjRuzKcq72uUsj5F+vPVnw033zHSpVl3wcs5WDn0VB2Gl6egHAoNEc6m+A0zE7B66vZpxNiLiOozRLwxkHfYYAztfQNX+TUsHLtpxdP89/xzd25nk7/HSiMTCz5IX/VaqP/kppxvVKYMsTWrUp+kt7SJ17Crcv+WOxB9mOaqh1R/zSlIT3sDz6R52p5srfkrsVxfSlymEa7o5FhFgZkYtkSA+GsfOrSPLawfVA6a8fZXS4VbK44ZtPXHJ6x1pIpoxQhSgCKCJKI2npMe4cUAZGyEYGy8WbduprUEK8bHWfxZEuGu823EeYjCVbgLXt4sYo4JmCE/peydywyDmkD5whpgOo9Upa0O450V1hSUDF1Vs10A0S5Jjw5aX4677ucc7xXN7y45P53AU/QYcCdYX5eGsM6eiSywDSIf3F9Y7Z0QVk9Jgcoj+M/o7y+4kPy5c9ElWY4wwDpYyI4NoNiVR6C3YpSu6fMbsCoZ4lumpnRvS+SxdaNAFPTEwSmoD0f3asZ8qNXqmDigkda69lsKybURzQcwW8dileQ07msLImryJaR+kn8QspW6IlYgd5UHf/8tdGdqjso7Wna2V6HdXbmahQ== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR11MB4491.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(508600001)(26005)(54906003)(2906002)(86362001)(9686003)(5660300002)(55236004)(4326008)(316002)(76116006)(66446008)(8676002)(64756008)(66556008)(107886003)(66946007)(8936002)(6506007)(66476007)(122000001)(82960400001)(7696005)(71200400001)(38100700002)(38070700005)(186003)(110136005)(55016002)(33656002)(52536014)(6636002)(83380400001); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?sA+6PDjPIM8LTaruIydbu7PqpQSwJYUs11kfByf7ed7pND0l6qDelUPYuzFA?= =?us-ascii?Q?VC4/Gvjj7rvWftfKQQ53SMFinI0QiPwRKGQoSZwkl1DnHZVgOQjU5UHej4rR?= =?us-ascii?Q?PoAJE9+8qh1rf6GcZfyngdi6eGgzNd9vVOR0Qq0ofL3eABO8bHv5fgDsuVzA?= =?us-ascii?Q?fczEsAgBFXv8TdTea29SszzZC4ZpDR2AYBzhktZ2t2bBjyRIqLYqTaMewqmo?= =?us-ascii?Q?ozQbOQ/wc9bxJaJzlSzkvogn/2CQwR9FI+Jc0o3n5ssSLWN7hjgSko5lvss8?= =?us-ascii?Q?g4eUBjKHa3VA5Nc7GRcjV8X4HN5uaPxKHSuWbQbWkq5P4DwY5hjCk8xd+Tsg?= =?us-ascii?Q?mo4/E1A2SuuWZw/cddeS3knRtXV7sFu7F8BKGhIC2uuG8M+gfYUXFvnJNJsm?= =?us-ascii?Q?SmwqdeDSu4S8uMCDb7HgQ0WYEOzHqg2yqz2O1vEUEWp1BLikLn6MJ40K59zx?= =?us-ascii?Q?5337vDvZ1AjekCdlpKKXqK+hMgkE2+/oKUqkNcHnu/03w/Sk51ueHuMV1o7o?= =?us-ascii?Q?B7N25gbXWMZDkFX6UaMZrhFKNGUL+e6arQ4ysydcMK7FRk+GiVXw6/OxVHGl?= =?us-ascii?Q?OGJMyK/dekthQfOg3WAwwySOh0WP+ICjTaYhcO68IaVfh3lwsgZ6HJzPp+7k?= =?us-ascii?Q?j1Q4kwqO6GGWOSOFiWcRV5VineksT2si1TDaZ5IIPln/49OHJLzQN02QToR0?= =?us-ascii?Q?Z/yPfmm7yA68mbD4zNmIUNiFbPzQoClu0dSSh7w3dyKFxOvYynVgX4WQrqs6?= =?us-ascii?Q?Vl5MjcR9SJsJ507PakBvlj+vA4jLcrlXwFtPGbs5eevJWibnt/LeeO+H8gLa?= =?us-ascii?Q?pe0/p/WNgRsL3V+PRi3OILPPmk1EwB6IQliYeqx5wSlnFW5AfdLA/ToDGeCG?= =?us-ascii?Q?WSnqN8FeSQINz2adJpbzX3w8PPxd6h74uBvNTpY1cR7dc6DaH4IEOkVQF9zK?= =?us-ascii?Q?s27z/46xdxI+awE97ZZVCXLo3K8KyJXZWCq8SOFmcFHmR1QucBdif/2qTPmi?= =?us-ascii?Q?JlqZ3u6sNogluMYuG65nSH25bHr/FRiTzRlwkYT3b8mHKHmV2VKrCWigzntv?= =?us-ascii?Q?8fZxYnxFeAXGZCa5JsGh74lh6aO3Dc0vwPMZ7eG3uBZ+RP7Tcu838lTAPEm5?= =?us-ascii?Q?2HCoht7w/P31X2iUZJQAknDAvU2YOGTW1ALTUKB/G+QmbyBxtVMO5S3eH1xm?= =?us-ascii?Q?xWqYe52fmsbC3EfXEPnpt+EkI7PrUyRHvbzRnakSfM6O/ZlCEsl3KG7zzGYW?= =?us-ascii?Q?beF164TdvAVb8AWARDdILhxBzQSzN1QLuX2sdJOXoUjSFCeL/xTgFmFW8BlQ?= =?us-ascii?Q?a1q1hUNuxX/RpQ5R9J6LT4Prqk5Xlug+nOFxqBSmsXeoFoWE+f7HbF0jnHUk?= =?us-ascii?Q?+/h/sefr6PKasQXbLELZVRmeAAFmncNJoQSHD+fyrWVaBUKOdBtG/Rn7G2J7?= =?us-ascii?Q?RreKZMeGuUF18YQFGlN93KiCA4UCsWp+inaH1Ys/t2mT+p03k7eLh+I0azP0?= =?us-ascii?Q?QG460mg4or25TmFKEfn6I+iN4jJs1rCwk7c8UzymfB0Tl/8UJnlUUVQQK9y0?= =?us-ascii?Q?e+tZQHrBqk8+hTMJEB4Y8NmLFZFirMFJiOS/4dXNksuR5Q8dx4BGc+CIhSH2?= =?us-ascii?Q?T+NlMcMAg4zKDdFarSu1PaXWM3xupxECLMMyhJ0YxNTizdXwfi4uIwwX/Ee+?= =?us-ascii?Q?aH0Bzg=3D=3D?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB4491.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 180ceee4-83a7-401b-230b-08d998a65297 X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Oct 2021 17:30:36.6156 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: gQ4L/aHb5vVeFfuwDWk2Fffk00LJRRGdpzneJFhoQx3OiJ3iDmXn4/eeSpaWXZoCDvvalDMUdKlSdqZX8LZ7KFtoXeglM1K2m5RZ7zncA+g= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1101MB2090 X-OriginatorOrg: intel.com Subject: Re: [dpdk-dev] [PATCH v2 1/2] ipsec: add TSO support X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" > Add support for transmit segmentation offload to inline crypto processing > mode. This offload is not supported by other offload modes, as at a > minimum it requires inline crypto for IPsec to be supported on the > network interface. >=20 > Signed-off-by: Declan Doherty > Signed-off-by: Radu Nicolau > Signed-off-by: Abhijit Sinha > Signed-off-by: Daniel Martin Buckley > Acked-by: Fan Zhang > --- > doc/guides/prog_guide/ipsec_lib.rst | 2 + > doc/guides/rel_notes/release_21_11.rst | 1 + > lib/ipsec/esp_outb.c | 138 +++++++++++++++++++------ > 3 files changed, 109 insertions(+), 32 deletions(-) >=20 > diff --git a/doc/guides/prog_guide/ipsec_lib.rst b/doc/guides/prog_guide/= ipsec_lib.rst > index 52afdcda9f..0bdbdad1e4 100644 > --- a/doc/guides/prog_guide/ipsec_lib.rst > +++ b/doc/guides/prog_guide/ipsec_lib.rst > @@ -315,6 +315,8 @@ Supported features >=20 > * NAT-T / UDP encapsulated ESP. >=20 > +* TSO (only for inline crypto mode) > + > * algorithms: 3DES-CBC, AES-CBC, AES-CTR, AES-GCM, AES_CCM, CHACHA20_PO= LY1305, > AES_GMAC, HMAC-SHA1, NULL. >=20 > diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_note= s/release_21_11.rst > index 1ccac87b73..b5b5abadee 100644 > --- a/doc/guides/rel_notes/release_21_11.rst > +++ b/doc/guides/rel_notes/release_21_11.rst > @@ -268,6 +268,7 @@ New Features > * Added support for NAT-T / UDP encapsulated ESP. > * Added support for SA telemetry. > * Added support for setting a non default starting ESN value. > + * Added support for TSO in inline crypto mode. >=20 > * **Added multi-process support for testpmd.** >=20 > diff --git a/lib/ipsec/esp_outb.c b/lib/ipsec/esp_outb.c > index 336d24a6af..995b49ae0c 100644 > --- a/lib/ipsec/esp_outb.c > +++ b/lib/ipsec/esp_outb.c > @@ -18,7 +18,7 @@ >=20 > typedef int32_t (*esp_outb_prepare_t)(struct rte_ipsec_sa *sa, rte_be64_= t sqc, > const uint64_t ivp[IPSEC_MAX_IV_QWORD], struct rte_mbuf *mb, > - union sym_op_data *icv, uint8_t sqh_len); > + union sym_op_data *icv, uint8_t sqh_len, uint8_t tso); >=20 > /* > * helper function to fill crypto_sym op for cipher+auth algorithms. > @@ -139,7 +139,7 @@ outb_cop_prepare(struct rte_crypto_op *cop, > static inline int32_t > outb_tun_pkt_prepare(struct rte_ipsec_sa *sa, rte_be64_t sqc, > const uint64_t ivp[IPSEC_MAX_IV_QWORD], struct rte_mbuf *mb, > - union sym_op_data *icv, uint8_t sqh_len) > + union sym_op_data *icv, uint8_t sqh_len, uint8_t tso) > { > uint32_t clen, hlen, l2len, pdlen, pdofs, plen, tlen; > struct rte_mbuf *ml; > @@ -157,11 +157,19 @@ outb_tun_pkt_prepare(struct rte_ipsec_sa *sa, rte_b= e64_t sqc, >=20 > /* number of bytes to encrypt */ > clen =3D plen + sizeof(*espt); > - clen =3D RTE_ALIGN_CEIL(clen, sa->pad_align); >=20 > - /* pad length + esp tail */ > - pdlen =3D clen - plen; > - tlen =3D pdlen + sa->icv_len + sqh_len; > + if (!tso) { > + clen =3D RTE_ALIGN_CEIL(clen, sa->pad_align); > + /* pad length + esp tail */ > + pdlen =3D clen - plen; > + tlen =3D pdlen + sa->icv_len + sqh_len; > + } else { > + /* We don't need to pad/align packet or append ICV length > + * when using TSO offload > + */ > + pdlen =3D clen - plen; > + tlen =3D pdlen + sqh_len; > + } >=20 > /* do append and prepend */ > ml =3D rte_pktmbuf_lastseg(mb); > @@ -309,7 +317,7 @@ esp_outb_tun_prepare(const struct rte_ipsec_session *= ss, struct rte_mbuf *mb[], >=20 > /* try to update the packet itself */ > rc =3D outb_tun_pkt_prepare(sa, sqc, iv, mb[i], &icv, > - sa->sqh_len); > + sa->sqh_len, 0); > /* success, setup crypto op */ > if (rc >=3D 0) { > outb_pkt_xprepare(sa, sqc, &icv); > @@ -336,7 +344,7 @@ esp_outb_tun_prepare(const struct rte_ipsec_session *= ss, struct rte_mbuf *mb[], > static inline int32_t > outb_trs_pkt_prepare(struct rte_ipsec_sa *sa, rte_be64_t sqc, > const uint64_t ivp[IPSEC_MAX_IV_QWORD], struct rte_mbuf *mb, > - union sym_op_data *icv, uint8_t sqh_len) > + union sym_op_data *icv, uint8_t sqh_len, uint8_t tso) > { > uint8_t np; > uint32_t clen, hlen, pdlen, pdofs, plen, tlen, uhlen; > @@ -358,11 +366,19 @@ outb_trs_pkt_prepare(struct rte_ipsec_sa *sa, rte_b= e64_t sqc, >=20 > /* number of bytes to encrypt */ > clen =3D plen + sizeof(*espt); > - clen =3D RTE_ALIGN_CEIL(clen, sa->pad_align); >=20 > - /* pad length + esp tail */ > - pdlen =3D clen - plen; > - tlen =3D pdlen + sa->icv_len + sqh_len; > + if (!tso) { > + clen =3D RTE_ALIGN_CEIL(clen, sa->pad_align); > + /* pad length + esp tail */ > + pdlen =3D clen - plen; > + tlen =3D pdlen + sa->icv_len + sqh_len; > + } else { > + /* We don't need to pad/align packet or append ICV length > + * when using TSO offload > + */ > + pdlen =3D clen - plen; > + tlen =3D pdlen + sqh_len; > + } >=20 > /* do append and insert */ > ml =3D rte_pktmbuf_lastseg(mb); > @@ -452,7 +468,7 @@ esp_outb_trs_prepare(const struct rte_ipsec_session *= ss, struct rte_mbuf *mb[], >=20 > /* try to update the packet itself */ > rc =3D outb_trs_pkt_prepare(sa, sqc, iv, mb[i], &icv, > - sa->sqh_len); > + sa->sqh_len, 0); > /* success, setup crypto op */ > if (rc >=3D 0) { > outb_pkt_xprepare(sa, sqc, &icv); > @@ -549,7 +565,7 @@ cpu_outb_pkt_prepare(const struct rte_ipsec_session *= ss, > gen_iv(ivbuf[k], sqc); >=20 > /* try to update the packet itself */ > - rc =3D prepare(sa, sqc, ivbuf[k], mb[i], &icv, sa->sqh_len); > + rc =3D prepare(sa, sqc, ivbuf[k], mb[i], &icv, sa->sqh_len, 0); >=20 > /* success, proceed with preparations */ > if (rc >=3D 0) { > @@ -668,6 +684,20 @@ inline_outb_mbuf_prepare(const struct rte_ipsec_sess= ion *ss, > ss->sa->statistics.bytes +=3D bytes; > } >=20 > + > +static inline int > +esn_outb_nb_segments(struct rte_mbuf *m) > +{ > + if (m->ol_flags & (RTE_MBUF_F_TX_TCP_SEG | RTE_MBUF_F_TX_UDP_SEG)) { > + uint16_t pkt_l3len =3D m->pkt_len - m->l2_len; > + uint16_t segments =3D > + (m->tso_segsz > 0 && pkt_l3len > m->tso_segsz) ? > + (pkt_l3len + m->tso_segsz - 1) / m->tso_segsz : 1; > + return segments; > + } > + return 1; /* no TSO */ > +} > + > /* > * process group of ESP outbound tunnel packets destined for > * INLINE_CRYPTO type of device. > @@ -677,29 +707,51 @@ inline_outb_tun_pkt_process(const struct rte_ipsec_= session *ss, > struct rte_mbuf *mb[], uint16_t num) > { > int32_t rc; > - uint32_t i, k, n; > + uint32_t i, k, nb_segs_total, n_sqn; > uint64_t sqn; > rte_be64_t sqc; > struct rte_ipsec_sa *sa; > union sym_op_data icv; > uint64_t iv[IPSEC_MAX_IV_QWORD]; > uint32_t dr[num]; > + uint16_t nb_segs[num]; >=20 > sa =3D ss->sa; > + nb_segs_total =3D 0; > + /* Calculate number of segments */ > + for (i =3D 0; i !=3D num; i++) { > + nb_segs[i] =3D esn_outb_nb_segments(mb[i]); > + nb_segs_total +=3D nb_segs[i]; > + } >=20 > - n =3D num; > - sqn =3D esn_outb_update_sqn(sa, &n); > - if (n !=3D num) > + n_sqn =3D nb_segs_total; > + sqn =3D esn_outb_update_sqn(sa, &n_sqn); > + if (n_sqn !=3D nb_segs_total) { > rte_errno =3D EOVERFLOW; > + /* if there are segmented packets find out how many can be > + * sent until overflow occurs > + */ > + if (nb_segs_total > num) { /* there is at least 1 */ > + uint32_t seg_cnt =3D 0; > + for (i =3D 0; i < num && seg_cnt < n_sqn; i++) > + seg_cnt +=3D nb_segs[i]; > + num =3D i - 1; > + } else { > + num =3D n_sqn; /* no segmented packets */ > + } LGTM, just one suggestion can we put the code above to determine number of valid packets by number of valid segments in a separate function and call it here and for trs case. To avoid unnecessary code duplication. With that in place: Acked-by: Konstantin Ananyev > + } >=20 > k =3D 0; > - for (i =3D 0; i !=3D n; i++) { > + for (i =3D 0; i !=3D num; i++) { >=20 > - sqc =3D rte_cpu_to_be_64(sqn + i); > + sqc =3D rte_cpu_to_be_64(sqn); > gen_iv(iv, sqc); > + sqn +=3D nb_segs[i]; >=20 > /* try to update the packet itself */ > - rc =3D outb_tun_pkt_prepare(sa, sqc, iv, mb[i], &icv, 0); > + rc =3D outb_tun_pkt_prepare(sa, sqc, iv, mb[i], &icv, 0, > + (mb[i]->ol_flags & > + (RTE_MBUF_F_TX_TCP_SEG | RTE_MBUF_F_TX_UDP_SEG)) !=3D 0); >=20 > k +=3D (rc >=3D 0); >=20 > @@ -711,8 +763,8 @@ inline_outb_tun_pkt_process(const struct rte_ipsec_se= ssion *ss, > } >=20 > /* copy not processed mbufs beyond good ones */ > - if (k !=3D n && k !=3D 0) > - move_bad_mbufs(mb, dr, n, n - k); > + if (k !=3D num && k !=3D 0) > + move_bad_mbufs(mb, dr, num, num - k); >=20 > inline_outb_mbuf_prepare(ss, mb, k); > return k; > @@ -727,29 +779,51 @@ inline_outb_trs_pkt_process(const struct rte_ipsec_= session *ss, > struct rte_mbuf *mb[], uint16_t num) > { > int32_t rc; > - uint32_t i, k, n; > + uint32_t i, k, nb_segs_total, n_sqn; > uint64_t sqn; > rte_be64_t sqc; > struct rte_ipsec_sa *sa; > union sym_op_data icv; > uint64_t iv[IPSEC_MAX_IV_QWORD]; > uint32_t dr[num]; > + uint16_t nb_segs[num]; >=20 > sa =3D ss->sa; > + nb_segs_total =3D 0; > + /* Calculate number of segments */ > + for (i =3D 0; i !=3D num; i++) { > + nb_segs[i] =3D esn_outb_nb_segments(mb[i]); > + nb_segs_total +=3D nb_segs[i]; > + } >=20 > - n =3D num; > - sqn =3D esn_outb_update_sqn(sa, &n); > - if (n !=3D num) > + n_sqn =3D nb_segs_total; > + sqn =3D esn_outb_update_sqn(sa, &n_sqn); > + if (n_sqn !=3D nb_segs_total) { > rte_errno =3D EOVERFLOW; > + /* if there are segmented packets find out how many can be > + * sent until overflow occurs > + */ > + if (nb_segs_total > num) { /* there is at least 1 */ > + uint32_t seg_cnt =3D 0; > + for (i =3D 0; i < num && seg_cnt < n_sqn; i++) > + seg_cnt +=3D nb_segs[i]; > + num =3D i - 1; > + } else { > + num =3D n_sqn; /* no segmented packets */ > + } > + } >=20 > k =3D 0; > - for (i =3D 0; i !=3D n; i++) { > + for (i =3D 0; i !=3D num; i++) { >=20 > - sqc =3D rte_cpu_to_be_64(sqn + i); > + sqc =3D rte_cpu_to_be_64(sqn); > gen_iv(iv, sqc); > + sqn +=3D nb_segs[i]; >=20 > /* try to update the packet itself */ > - rc =3D outb_trs_pkt_prepare(sa, sqc, iv, mb[i], &icv, 0); > + rc =3D outb_trs_pkt_prepare(sa, sqc, iv, mb[i], &icv, 0, > + (mb[i]->ol_flags & > + (RTE_MBUF_F_TX_TCP_SEG | RTE_MBUF_F_TX_UDP_SEG)) !=3D 0); >=20 > k +=3D (rc >=3D 0); >=20 > @@ -761,8 +835,8 @@ inline_outb_trs_pkt_process(const struct rte_ipsec_se= ssion *ss, > } >=20 > /* copy not processed mbufs beyond good ones */ > - if (k !=3D n && k !=3D 0) > - move_bad_mbufs(mb, dr, n, n - k); > + if (k !=3D num && k !=3D 0) > + move_bad_mbufs(mb, dr, num, num - k); >=20 > inline_outb_mbuf_prepare(ss, mb, k); > return k; > -- > 2.25.1