From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 46F93A0547; Wed, 27 Oct 2021 14:02:32 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 33E1B41124; Wed, 27 Oct 2021 14:02:32 +0200 (CEST) Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mails.dpdk.org (Postfix) with ESMTP id E1A1A40E0F for ; Wed, 27 Oct 2021 14:02:30 +0200 (CEST) X-IronPort-AV: E=McAfee;i="6200,9189,10149"; a="210923041" X-IronPort-AV: E=Sophos;i="5.87,186,1631602800"; d="scan'208";a="210923041" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Oct 2021 05:02:29 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.87,186,1631602800"; d="scan'208";a="597335280" Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by orsmga004.jf.intel.com with ESMTP; 27 Oct 2021 05:02:29 -0700 Received: from orsmsx609.amr.corp.intel.com (10.22.229.22) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Wed, 27 Oct 2021 05:02:29 -0700 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx609.amr.corp.intel.com (10.22.229.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12 via Frontend Transport; Wed, 27 Oct 2021 05:02:29 -0700 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.171) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.12; Wed, 27 Oct 2021 05:02:29 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UqwHzuHy7eCTIyTYX7qg39Yk4y1oIPp1ZYrqBjFU8ovfLCjTSBR8O5H4y28nvJEqYRkh7jbjw4lYhgt402e+HKu9NmX8pH7Rxu2pxCnvALRsNTyI/neDVlQ6sXzqFcsmOU406fRPy6bDDoK6eYEVSGHgwbM4W8bfSydR90+SmZfZu5zN+v9GuUVmlRqerM+rCVmzyHwn2ylCcYqs8/0n7ZbKndxhSxOTvhIwaYGCGpmpSFJkbitpMOFk2+tgGdTgYCwACpxYqIZizM5aoxt6Dv41m5M9qBacgjMqWRV1kNyLt8Gy/lX+kOjFdUyG1Pl1u2Vmv6TxnEDs1ENQQuB9/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fi4Y+b5O822vJnzRk5LmcmaGn8bA+2/ZZmL8qXb7RVc=; b=Ej7407P2NFJ1PySjWJqWRkAupft2S4r/EuCdBPBIJjiQczaBZznFPOR6TXTwuoQUMx22fB90zqatngZ0SjhRPRfXXjNAG9b4L1KAFKjQfvfzQu1NjHheGwHXAlMFydKoqXGKnpDnMm3HkK4Ut6Qjuj+GqNPnh8iElscuS7f+mWmbfNfLPVlLo1ilAWBRYscmrIIVzuYol8Z4q+fnts8Zugb5uPyxOCkOL7zNbve+M5/CcPKgkLqjwSpqKtMtFxCTy1N6Swvq78amugqQWggZap8tjKEiREjOO7z69ohdGhuoOLbSzY+JxaDTXmlxwP2v/H8sxaHvuUOWMc9V5XM/7Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fi4Y+b5O822vJnzRk5LmcmaGn8bA+2/ZZmL8qXb7RVc=; b=aUhNmlpBvG3LRMnAQHnL2BqlQ0mEG1RLAoeAt0Cdv6XWVl8L+veI/QstwBqTCSdbCdBde8Rp4zLoC1Zx0qwdrXUUNL13VEAI8aywlnXRxsK4hYIszRo+Xp2BZA7psj3Vg8CaUVr/Fdd958NzsuhRd7P/p4U29dBijGyNLFqVDMk= Received: from DM6PR11MB4491.namprd11.prod.outlook.com (2603:10b6:5:204::19) by DM5PR11MB1819.namprd11.prod.outlook.com (2603:10b6:3:10a::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.20; Wed, 27 Oct 2021 12:02:27 +0000 Received: from DM6PR11MB4491.namprd11.prod.outlook.com ([fe80::2c0c:5383:f814:3b4e]) by DM6PR11MB4491.namprd11.prod.outlook.com ([fe80::2c0c:5383:f814:3b4e%6]) with mapi id 15.20.4649.015; Wed, 27 Oct 2021 12:02:27 +0000 From: "Ananyev, Konstantin" To: "Nicolau, Radu" , Akhil Goyal CC: "dev@dpdk.org" , "anoobj@marvell.com" , "Doherty, Declan" Thread-Topic: [PATCH v3 2/2] examples/ipsec-secgw: add support for TSO Thread-Index: AQHXyyeMpLdc6wZ2BkK2WqINjaue9avmvNhg Date: Wed, 27 Oct 2021 12:02:27 +0000 Message-ID: References: <20211027112706.2242158-1-radu.nicolau@intel.com> <20211027112706.2242158-3-radu.nicolau@intel.com> In-Reply-To: <20211027112706.2242158-3-radu.nicolau@intel.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.6.200.16 authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 741ec16e-2222-4ae3-55f2-08d99941a582 x-ms-traffictypediagnostic: DM5PR11MB1819: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7219; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: I8zuD1VhuPfqvLalKcOjvN2/AmKYu6p9cbpHhtFm6JWO+APyLnTAL/l+x1+4VR3ZyBN1BGmP5NGk2x3Y5Y9gZ2Svwrs6zBqUW06+EDmmppJ8G9JxafX+L9rpizsSeFhB01WM9XgGJa5lizmieqU4wi4D6mBHiXuD22ADGI6oPNYrGYiL0gM+V1y24cCehCgrNROboMroG/i1Gx75WHW9/qOodZPYiVvY4XL1dduHs263HJkPiwV65Mb/lwgIlDlS4crthXdk/GMwKN7Wh/3CMnme7gHHjgsYqpbK9QrD2zr6jw/S/tJOdm7gbRvqnXu70V2aS2XxVK3Yf9TNgnvSzTPelUOtxmtYczM4W0G45UGdrJGCHJCHErHaD7X1OFmyhSqNEISZurOpuL73kP+0k38G86Z4cS776+zL/VluVq+3FW8wMQrhxMb/tbZ/05VcstY/iiA0R3OimRS3MbHmvXLnKTCSt0ZagwL/dxuwu7zSDt65RsuT99pDks0x0Y0ApA0Pp0bI00x3CQoYuGvD3inp/OmfgP1qC9dT9SlBrPn/SsWZXhoB9PojhkP+hQswgof+exqyX7DErRKQS3i1BsbVe4mP+ETsrTPzg0Xbf+xzElO1kHj4oHmBn5VcURRe/fW2Y7WQ+qquIQvrEVGelw5yeO9MKKcLthRoNlvdfugPzd30FlbTkjlEsbv3onaaJrj8sLRzVzsJL4Ng2PDbNw== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR11MB4491.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(4326008)(55236004)(71200400001)(8936002)(66446008)(33656002)(76116006)(2906002)(86362001)(66946007)(54906003)(55016002)(6506007)(82960400001)(26005)(110136005)(64756008)(66476007)(66556008)(107886003)(508600001)(52536014)(186003)(122000001)(7696005)(5660300002)(83380400001)(8676002)(9686003)(38100700002)(38070700005)(316002); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?hu1oBPCUUetNOIZsi0/TYib+inYMIyZ7sdVQbicfVH/bxaIVVc47KJYVlpyb?= =?us-ascii?Q?k8DeECvSWeCW4iXjyb8rRr6eqW3hg9oJMRQOA1X64xIt79cwRGKOGfiAcLbF?= =?us-ascii?Q?X7m9lgbD5rJ/2pg13MMfBND5HOHfEDtCgIkjTW27u6K/F739o5hMIdpGCLhJ?= =?us-ascii?Q?NEBzMZ98OG7TBfrguWb81SkhzrEZVFMA+z+73vFynLAdUrRB51zoqYStzUHq?= =?us-ascii?Q?BPwyg6eGyIY5Pptrx3WNxafMm8fQa1cYOTIS+FGRXfgV+k81Xg26iTBHwvU9?= =?us-ascii?Q?vCG9DkXtFF6OnHNXjQ5cmO6bwCE0IXGtK97QcQIr73g/dE8OLW2rQZIDr/UL?= =?us-ascii?Q?YX0yMojk4Hfx+Q9CLJN6WpjcUOqktYXu0wa2JScu9jr9yaGpOsWaPWa8Ym2l?= =?us-ascii?Q?CQhjdygPueb6/ytqny2eAlrbL5eKPLbNO/vtgBiXaZ1mQaVsQiJhzcdWaYRP?= =?us-ascii?Q?bHiHToa1caRAizSpEqh/pmJucxl/5qVQtlK4cSALlBXtHRUzr9GB7DVrebrf?= =?us-ascii?Q?THBFJB+7gLzVCSynW9juppSYzHZKpCg/XjXmo3C9ltXSvPd1kdW+tvCSm/Hn?= =?us-ascii?Q?U7AMp4p5qwabbaHavnUP/Qb6vkiRtDx/WEQR8aN87rM6nCI5KDZrrKZuCzMt?= =?us-ascii?Q?ZXstmn2qfOeaKWPkpK78ujoenszfMBJK9kaPgBh+Sl0GDQmHjlkHjEZYosyr?= =?us-ascii?Q?Ujpo9pWf6DPS8q+4fWdxrV8OJowdaKRSKdn77ARkWkL3uDwB8WA/WqQkwqIH?= =?us-ascii?Q?nlc+qM7TDyuXFHrXsiI9uBO550N/FN3WtHNAbYQ8drrK41xYZj3LgFg9RZc8?= =?us-ascii?Q?vAkZGCMsNbY53KaRxc6M1YqMWdH3+qATs9V+QJpc3vnHrqHKHyX3HijPnjVe?= =?us-ascii?Q?4boLrf9AdFStmatgwBADA76muENPeSHjV120xUK+EpaGNWyZdg9Yt7Y3m57a?= =?us-ascii?Q?Iyk9erjHOkeeLeS21sYfph2O7p58m60fIJxOFEorLPbUh6dPeF5dy1og68YW?= =?us-ascii?Q?g6f/aHI5yTFt0o0cBVC4M8/tsd71XtbgKyWFQt3WRoqtGHRlUdGFDJqnP+jM?= =?us-ascii?Q?lmzg8h1EqjuX1kGbQM+ef5pHNmaRFQUDT1foLjjirK4m0S8uybHlb/hcCHIt?= =?us-ascii?Q?zQriTseDhRJAhnwuWcIM96jrfdWtNw9NRAKacKET6Z4ZwUtQ+Dm6AxPRq98n?= =?us-ascii?Q?XW4imrwwNmEYel3HidnJ2RRGO/o2BcAJN5rgXCVnPTsZrpXcdITTBXgoDmi0?= =?us-ascii?Q?xMfUzhX9AKQi4d9P1fy3nOKbkcIoDpLYPb3xc5MIvhA51gN7i4fpjziah1hG?= =?us-ascii?Q?M8BFBqCWQSIJUFAwfCUmKQB284LWDArcQHxERJt0taOuXpMx7rQzUkVmxmQ4?= =?us-ascii?Q?fyHKgyb3SA7drkOJgp8rBtNXt4KihpTJYShBn1C69QJvK1S+ML3Mr2Z0qwWA?= =?us-ascii?Q?0BuBWoDyAtAGbVvcKXPFSwLrixE+k0EGqwhHNztvUsZtWTJiDj07rya5wWFK?= =?us-ascii?Q?dHAT18HYM4zKb0ivQHPNVDaCK/VYFvq75iYWYo4R7DoNIMxMJo0ix5SGZEI4?= =?us-ascii?Q?ZC1AqYiFP+mUfYimhoHN9mCYrYDwQopDrjgxIisJcSX0AU7eZgDrNaX70Jh8?= =?us-ascii?Q?bhP9J4ESO8F0A9aAXFaUE74L7GKUjBL5YYXlz+nhhZTk2suf/lqhd5jRZvNC?= =?us-ascii?Q?rUqeaQ=3D=3D?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB4491.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 741ec16e-2222-4ae3-55f2-08d99941a582 X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Oct 2021 12:02:27.7142 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: ZrCMlOSh6kux7MhU5+N/B29dwZ/rJrt4X7WLqOWEDHqdFZqBZ+yg3w+yqWp91V3yNAcXT3FiGVuCfgawU1doIbhrWo/iiK63vWQjpcXESqk= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB1819 X-OriginatorOrg: intel.com Subject: Re: [dpdk-dev] [PATCH v3 2/2] examples/ipsec-secgw: add support for TSO X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" > Add support to allow user to specific MSS for TSO offload on a per SA > basis. MSS configuration in the context of IPsec is only supported for > outbound SA's in the context of an inline IPsec Crypto offload. >=20 > Signed-off-by: Declan Doherty > Signed-off-by: Radu Nicolau > --- > doc/guides/rel_notes/release_21_11.rst | 4 ++++ > doc/guides/sample_app_ug/ipsec_secgw.rst | 11 +++++++++++ > examples/ipsec-secgw/ipsec-secgw.c | 4 ++++ > examples/ipsec-secgw/ipsec.h | 1 + > examples/ipsec-secgw/ipsec_process.c | 25 ++++++++++++++++++++++++ > examples/ipsec-secgw/sa.c | 21 ++++++++++++++++++-- > 6 files changed, 64 insertions(+), 2 deletions(-) >=20 > diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_note= s/release_21_11.rst > index b5b5abadee..8d1767b084 100644 > --- a/doc/guides/rel_notes/release_21_11.rst > +++ b/doc/guides/rel_notes/release_21_11.rst > @@ -306,6 +306,10 @@ New Features > * Pcapng format with timestamps and meta-data. > * Fixes packet capture with stripped VLAN tags. >=20 > +* **IPsec Security Gateway sample application new features.** > + > + * Added support for TSO > + >=20 > Removed Items > ------------- > diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample= _app_ug/ipsec_secgw.rst > index 782574dd39..639d309a6e 100644 > --- a/doc/guides/sample_app_ug/ipsec_secgw.rst > +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst > @@ -720,6 +720,17 @@ where each options means: >=20 > * *udp-encap* >=20 > + ```` > + > + * Maximum segment size for TSO offload, available for egress SAs only. > + > + * Optional: Yes, TSO offload not set by default > + > + * Syntax: > + > + * *mss N* N is the segment size in bytes > + > + > Example SA rules: >=20 > .. code-block:: console > diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ip= sec-secgw.c > index 4bdf99b62b..5fcf424efe 100644 > --- a/examples/ipsec-secgw/ipsec-secgw.c > +++ b/examples/ipsec-secgw/ipsec-secgw.c > @@ -398,6 +398,10 @@ prepare_one_packet(struct rte_mbuf *pkt, struct ipse= c_traffic *t) > pkt->l2_len =3D 0; > pkt->l3_len =3D sizeof(*iph4); > pkt->packet_type |=3D RTE_PTYPE_L3_IPV4; > + if (pkt->packet_type & RTE_PTYPE_L4_TCP) > + pkt->l4_len =3D sizeof(struct rte_tcp_hdr); > + else if (pkt->packet_type & RTE_PTYPE_L4_UDP) > + pkt->l4_len =3D sizeof(struct rte_udp_hdr); > } else if (eth->ether_type =3D=3D rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6)= ) { > int next_proto; > size_t l3len, ext_len; > diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h > index 8405c48171..2c3640833d 100644 > --- a/examples/ipsec-secgw/ipsec.h > +++ b/examples/ipsec-secgw/ipsec.h > @@ -137,6 +137,7 @@ struct ipsec_sa { > enum rte_security_ipsec_sa_direction direction; > uint8_t udp_encap; > uint16_t portid; > + uint16_t mss; > uint8_t fdir_qid; > uint8_t fdir_flag; >=20 > diff --git a/examples/ipsec-secgw/ipsec_process.c b/examples/ipsec-secgw/= ipsec_process.c > index 5012e1a6a4..26c6c2fe84 100644 > --- a/examples/ipsec-secgw/ipsec_process.c > +++ b/examples/ipsec-secgw/ipsec_process.c > @@ -222,6 +222,31 @@ prep_process_group(void *sa, struct rte_mbuf *mb[], = uint32_t cnt) > for (j =3D 0; j !=3D cnt; j++) { > priv =3D get_priv(mb[j]); > priv->sa =3D sa; > + /* setup TSO related fields if TSO enabled*/ > + if (priv->sa->mss) { > + mb[j]->tso_segsz =3D priv->sa->mss; > + > + if ((IS_TUNNEL(priv->sa->flags))) { > + mb[j]->outer_l3_len =3D mb[j]->l3_len; > + mb[j]->outer_l2_len =3D mb[j]->l2_len; > + mb[j]->ol_flags |=3D > + (RTE_MBUF_F_TX_OUTER_IP_CKSUM | > + RTE_MBUF_F_TX_TUNNEL_ESP); > + } > + uint32_t ptype =3D mb[j]->packet_type; > + if (ptype & RTE_PTYPE_L4_TCP) > + mb[j]->ol_flags |=3D > + (RTE_MBUF_F_TX_TCP_SEG | > + RTE_MBUF_F_TX_TCP_CKSUM); > + else > + mb[j]->ol_flags |=3D > + (RTE_MBUF_F_TX_UDP_SEG | > + RTE_MBUF_F_TX_UDP_CKSUM); Could it be that packet is neither TCP nor UDP?=20 > + if (RTE_ETH_IS_IPV4_HDR(ptype)) > + mb[j]->ol_flags |=3D RTE_MBUF_F_TX_OUTER_IPV4; > + else > + mb[j]->ol_flags |=3D RTE_MBUF_F_TX_OUTER_IPV6; > + } > } > } >=20 > diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c > index 88dd30464f..e8815dffe7 100644 > --- a/examples/ipsec-secgw/sa.c > +++ b/examples/ipsec-secgw/sa.c > @@ -677,6 +677,16 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens, > continue; > } >=20 > + if (strcmp(tokens[ti], "mss") =3D=3D 0) { > + INCREMENT_TOKEN_INDEX(ti, n_tokens, status); > + if (status->status < 0) > + return; > + rule->mss =3D atoi(tokens[ti]); > + if (status->status < 0) > + return; > + continue; > + } > + > if (strcmp(tokens[ti], "fallback") =3D=3D 0) { > struct rte_ipsec_session *fb; >=20 > @@ -970,7 +980,7 @@ sa_create(const char *name, int32_t socket_id, uint32= _t nb_sa) > } >=20 > static int > -check_eth_dev_caps(uint16_t portid, uint32_t inbound) > +check_eth_dev_caps(uint16_t portid, uint32_t inbound, uint32_t tso) > { > struct rte_eth_dev_info dev_info; > int retval; > @@ -999,6 +1009,13 @@ check_eth_dev_caps(uint16_t portid, uint32_t inboun= d) > "hardware TX IPSec offload is not supported\n"); > return -EINVAL; > } > + if (tso && (dev_info.tx_offload_capa & > + (RTE_ETH_TX_OFFLOAD_TCP_TSO | > + RTE_ETH_TX_OFFLOAD_UDP_TSO)) =3D=3D 0) { Shouldn't it be: dev_info.tx_offload_capa & (RTE_ETH_TX_OFFLOAD_TCP_TSO | RTE_ETH_TX_OFFLOAD= _UDP_TSO)) =3D=3D RTE_ETH_TX_OFFLOAD_TCP_TSO | RTE_ETH_TX_OFFLOAD_UDP_TSO) ? > + RTE_LOG(WARNING, PORT, > + "hardware TSO offload is not supported\n"); > + return -EINVAL; > + } > } > return 0; > } I think you missed changes in a_check_offloads(). That's where we specify which HW offloads should be enabled for given port. > @@ -1127,7 +1144,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ip= sec_sa entries[], >=20 > if (ips->type =3D=3D RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL || > ips->type =3D=3D RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) { > - if (check_eth_dev_caps(sa->portid, inbound)) > + if (check_eth_dev_caps(sa->portid, inbound, sa->mss)) > return -EINVAL; > } >=20 > -- > 2.25.1