From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 1B61CA0C47; Wed, 27 Oct 2021 14:45:05 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id D213A407FF; Wed, 27 Oct 2021 14:45:04 +0200 (CEST) Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by mails.dpdk.org (Postfix) with ESMTP id 03C944068C for ; Wed, 27 Oct 2021 14:45:02 +0200 (CEST) X-IronPort-AV: E=McAfee;i="6200,9189,10149"; a="230098672" X-IronPort-AV: E=Sophos;i="5.87,186,1631602800"; d="scan'208";a="230098672" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Oct 2021 05:45:02 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.87,186,1631602800"; d="scan'208";a="494826275" Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by fmsmga007.fm.intel.com with ESMTP; 27 Oct 2021 05:45:01 -0700 Received: from orsmsx607.amr.corp.intel.com (10.22.229.20) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Wed, 27 Oct 2021 05:45:00 -0700 Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX607.amr.corp.intel.com (10.22.229.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Wed, 27 Oct 2021 05:45:00 -0700 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12 via Frontend Transport; Wed, 27 Oct 2021 05:45:00 -0700 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.169) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.12; Wed, 27 Oct 2021 05:45:00 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KrRcaHCwd+sRVYNw+fErqUxS++IsJXEF8QxdfYGSsPgp1POgphlhGYmuugbAF7gLMX1SxQbFHKTl/9mjOCbastkQPovNC/v0rFd2I2jUTpeG1ryWfJ7Ax4brfHhuZ5LPkn6bU8BPJ1PIzhOLve9IJU9o1apTw9nwtDmbEgInQ1au7P0RWHj5VzSo6icMGa7U6EWvG/4JmrLUkkrABbeWCrxnQSwIIo5zTbtJczW4WVkqISFCQpYspRNiP9pyX982OG2a+9lI1EdhGk32sh4OZGBcLw1G9FnUL2YMTnlhn1FpbjCYPzZPlLLHIcoy0whaM4GKQ55v2SJLSJFH+DIVWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=g7rrtjxEVO7gzhRmRzoYQ6B2u098YHX6PInsuypHRro=; b=RSzSSVnwpZdw0jgJo40SVka2eVBvb+12HYXwzB/0Ur/gOy4pvcbis7lGH2Jae4P4+8oVbayN3o68B3HYpVqR8IQbNp/IzeGTspGa2DyEUmfDh08ZL2dovwCS9FKLD0GAjS6muD8k7RuhYz++Qr4mr2iHovtg5vE8varKE9Ra//GB9MDBgDQh8TB1WzQeUZKMgz5KO9sEZJ7bRvzy8DPQbv3B9gISHLQVrTBYe9GLTH8c2F7Zt59Z3pkYBoswgOaAG97DwUltbpxerbg6Bs9W/HDaPBlWxqldEynPscyIi2PhyjQ5qhly6ACXeRgS4Fdo6AiTAPsZzESvXkux3eAb9w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=g7rrtjxEVO7gzhRmRzoYQ6B2u098YHX6PInsuypHRro=; b=WsFkispBrE4pQ6QGcD7QTjsNi9PxQipNpLjqnL+6kqxw6rsQtgmXeJ6TPrSxe0cQ+uEMCPbA9YiohTmZNQulOvrvH+1uNceZNJOY4gJ/mjleNNmV2ZevNonl8Tl9LlDt3u1pmRIb6B/6FpIPVrJJ1qpCwBVvsY9IE3nUNHcZc/U= Authentication-Results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; Received: from CO1PR11MB4868.namprd11.prod.outlook.com (2603:10b6:303:90::19) by MWHPR11MB2048.namprd11.prod.outlook.com (2603:10b6:300:27::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.18; Wed, 27 Oct 2021 12:44:59 +0000 Received: from CO1PR11MB4868.namprd11.prod.outlook.com ([fe80::7c6e:d458:33ed:e579]) by CO1PR11MB4868.namprd11.prod.outlook.com ([fe80::7c6e:d458:33ed:e579%8]) with mapi id 15.20.4649.015; Wed, 27 Oct 2021 12:44:59 +0000 To: "Ananyev, Konstantin" , Akhil Goyal CC: "dev@dpdk.org" , "anoobj@marvell.com" , "Doherty, Declan" References: <20211027112706.2242158-1-radu.nicolau@intel.com> <20211027112706.2242158-3-radu.nicolau@intel.com> From: "Nicolau, Radu" Message-ID: Date: Wed, 27 Oct 2021 13:44:52 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0 Thunderbird/78.14.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-GB X-ClientProxiedBy: DB6PR07CA0183.eurprd07.prod.outlook.com (2603:10a6:6:42::13) To CO1PR11MB4868.namprd11.prod.outlook.com (2603:10b6:303:90::19) MIME-Version: 1.0 Received: from [192.168.1.21] (109.255.186.106) by DB6PR07CA0183.eurprd07.prod.outlook.com (2603:10a6:6:42::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4649.8 via Frontend Transport; Wed, 27 Oct 2021 12:44:58 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 9e396394-fa29-4dc5-55e2-08d999479652 X-MS-TrafficTypeDiagnostic: MWHPR11MB2048: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: QP6k10lfPLO4DlNMbl6UcPXuiZW/5TOkyjNBPW8NCWeTSF9ulM9D12r2KpwiPY3FBo/9hXCA3/1891NKTG8jsBC51WGGQUn7p4DwGljJxDA8AKn7MjD3ODlbWiTVukeRNvzu5YdWTkkSXHbGcRhBe5cdnThgS+alB57dwfqXogv6aL+KLoEK4+nlTjVq9ql1k1ihVp5c8kbEdPWf62BvbHX7f1B1RsyoYGQ1f1uh7032t7SKf8/ay3x8BYZJ6L14LFXPUt5v8Y19c9ENLj3MxRGYWzXNP0fUpbk08pAy7h33JG+m5RazHEG0Zg0UEFGt3N9JsNFUR5gN4Jon175YG+qEKI40mCsxJQ7NtPg7q4a5WmBaqDbRasmImEeYEzrkUZVK1Ojc70p18xp1v2ttIUmoQ73X188xoEtqJgTkPS+MedIB149waUU+wyx6XKs86YH0ja4rZi3EqJrRtcVo8++rsDPER0p6WAgnZSOtJupvDvOPnjX+R82TOWkVa7mWBqCim6DrNrSL1oKJre8JUuAKfoqrnkP8ji3ukAdJxxrO83XL8zDtCjawIaYI2BecOWRAT6iDNE72VBfRAmTAa2Zc7zI2BJwHQGpVi1Xsr5uLt8RXyIs+69M8a4Bv3A61TzaL3cPA80K7nardBkgb3+oW5xX8TEb2vXMesncPnr2F+sDKwHnnQt5V1T4zOqpexln3SX1XwB5xU7GmSTIrTRWueeu3Y2JjjAFNITaICEk= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR11MB4868.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(8936002)(36756003)(53546011)(2616005)(2906002)(956004)(16576012)(107886003)(186003)(66556008)(6486002)(66476007)(86362001)(4326008)(6666004)(26005)(508600001)(82960400001)(55236004)(8676002)(38100700002)(31696002)(66946007)(83380400001)(110136005)(54906003)(316002)(5660300002)(31686004)(43740500002)(45980500001); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?VnRUUFBMOGJyYXpWVDFBbTY3V01LcmdVVXMvWThoY3FMWDJNNXBVTnBnRUt3?= =?utf-8?B?aUJseVhiWGZVNXpiTmJqT1FRYlVnZmZ3R2U1MzhYS3hrUUNvalUrdWVtMFBl?= =?utf-8?B?RE52NWkwOG1NandRRGdlS28rTkNzMlNqYXBqZWxjMXl6YnM2U0JMd3VPVGZY?= =?utf-8?B?RHJvVnk2Q1hSaHlWZW9QdW5hRHZhMjR2aEloNStVTXNwOXdxY1k4K3NaOExH?= =?utf-8?B?UVFmUC9ZV2Z1K0E0cUw5WFVLcnFhdU1tbmZJUVpmcW5rcEhWUkpUQjNxMmh1?= =?utf-8?B?VkVSenExZmFMeUFXRlhSMW5wNWlCSmNsNjJpZHhlMEdINm9KM09ncjZLRnJi?= =?utf-8?B?VzVoYzFma0U4TU5WaWRRanFaT0tUZlhZY2hWUktWenFLbWxjUFI4TjE3NnZI?= =?utf-8?B?V3pnWXcyaWNOdlhSSkpCVytEbm9WamhuK1BaMVA1K0NESlhKQ3o1UTRRcTQx?= =?utf-8?B?L1pzOW90K0pZQytlK0ZpRjNOU3lsck8yL3Q0SGJvMnRPMDZKVjQrSUR6c2dk?= =?utf-8?B?RmgvWnhOUTdZRGs2WWV2Y2luL0puaWptNXhzWXNjTGpwb2c1NUZCTldNY3pV?= =?utf-8?B?eHlJSm0zcVl5OXplTXc1bFIwOHVxbTN3OVFnZEE3WGZ0UmtIQkN2Q3RKa0sz?= =?utf-8?B?ZXFTN3l6WjlaNmYyOCtHTWZBbFpPOWtVNENJQ3BuWnJIS0Y1bjdJb1RRS1ZI?= =?utf-8?B?NmgyN2hhYjMvM2hiaHlUQ0hOUDhwWWVHUStvbjl5UHQ3cG9BK1MwQldUZjNZ?= =?utf-8?B?bUozcjRlMDladEVEU2dhcUpwc2c3WVRReGQvNjdDZFpHcS9kNlQ0dWxoVnRO?= =?utf-8?B?cVdCK0VkVStmUEpHYUVFNjVoY1BROHdQNXJOWDJPdVg1WEtXMU9CVDhnQnpI?= =?utf-8?B?RUducElZangvclNXdThzY3VNbS9idlNPOHJxc0E3YllMR3VWNDUrL1BONngx?= =?utf-8?B?L2tpVjAwTWFhR0dnVVVJWmY5NnZXV1lvRDNXVGhUZmdQQ0VoMzgvYlNEWGhj?= =?utf-8?B?cnZHU1JYZURNbzc3QTJDK25PeW4wRVhhSC94cjZVQVJJcmNaQVR5YW5aN3hx?= =?utf-8?B?K3hYL2duMW5VZG9kdEN2RkxFT296STNlODgvSXNkMk4xYUUzZFZlbHNyeHQw?= =?utf-8?B?NVlpL296UXFXSVJOc0hYRGgxQUZRc1RXdS9vNWxJNW80dTBJVDZQU2VUVnZj?= =?utf-8?B?MFdEZWgxdnY3dm8zUHBFVXJjMkdOdWltUUFNUVF6TGpib3IrSFhzV09nOVNy?= =?utf-8?B?YUF5bWovNVlZSERFbUJRVFhlY2NWT0RQaGR0cFh3SmdSSEtVZ1RWMTRaWXl4?= =?utf-8?B?MnVHVVBHa1JWeHZVc1ZRYVFqbFJ5azloZmczL3h6QU41WEVjcVRlQmtnY29p?= =?utf-8?B?L2JLMkh3TWZDOWI1Rk54MENHM29pcTNFcnBDcEZYRFpJODFLWUVPeC9hVk16?= =?utf-8?B?ZWhuSFFQdGZKdTlhTlFKdFRNbFQweHM1aVFRa29od0ZNcmlhQXozMnNCUXR4?= =?utf-8?B?dEFmeWtsaE8wUTlidHJBbUdrVU55ZGRhckt0VEg4MDZoaXdIVEdXUVlvQkU2?= =?utf-8?B?QStLTXpKL3RLNjc4VkpUV0xOOVFSaHJxRm1tbFNYMEkvWUlROTgzeU8rQ3hi?= =?utf-8?B?WGliYzF4RFR3NHJSVnJuRnVKcXFPWnBlKzB1ZkdWSTZ2S2JHN0k3VmRpWDU3?= =?utf-8?B?SVlhS2ZhU3MvVm9NZ2FacVhmOUhlU1NMWFhvVVp1Q3VlYWlCVmFMVGpGRmZx?= =?utf-8?B?ZkFIcGdoTEIzdFczeUFhUjZuSThFN25BdHlQRlhKL1ZVUzcvVDQ2VktTakNz?= =?utf-8?B?ZXFGaEJVem1LWjJVTk82UDJWSHc2SjBycy9UdUdzS3E0My9ndFNnVkwzNU80?= =?utf-8?B?Ritmb2lBbGxRVkUrTTdGVjYzekhTZjNFMGtITHBXMHcwTkNBdmV6cDRpZ3p1?= =?utf-8?B?UW9jYjZOdE1ZQTJQQ2ExREYyYmp3MzdmTlV0aUJrQy9LeHNwaTIxSUQ5UCsx?= =?utf-8?B?ZzRaWWtKQTl6am5ZbHpUeTNOb2tub2tua0J4UmdrNXE3Q2xnOUFvaU01RWVM?= =?utf-8?B?NDY4cGI2eXR5bTNPWFkxS1prWDRHdFNGUDBmVDhja01odXNTL3FQWWZrMGc0?= =?utf-8?B?QjgxNmVnekVkMFhyM2lrS3NMV0J1akdNdG5meXB3WE1id0IwNFlyQnlMcEx0?= =?utf-8?Q?MMcGss6ggTeVsAL+8EHZyeU=3D?= X-MS-Exchange-CrossTenant-Network-Message-Id: 9e396394-fa29-4dc5-55e2-08d999479652 X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB4868.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Oct 2021 12:44:59.4407 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: wWRRdTZWJcgFAKA50b6gLOgSB5961OR9yIEze8rHFmdCn/diQqQD1dRndmH+hs/k+iSRmPva4bR4JSG6JD243g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB2048 X-OriginatorOrg: intel.com Subject: Re: [dpdk-dev] [PATCH v3 2/2] examples/ipsec-secgw: add support for TSO X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On 10/27/2021 1:02 PM, Ananyev, Konstantin wrote: > >> Add support to allow user to specific MSS for TSO offload on a per SA >> basis. MSS configuration in the context of IPsec is only supported for >> outbound SA's in the context of an inline IPsec Crypto offload. >> >> Signed-off-by: Declan Doherty >> Signed-off-by: Radu Nicolau >> --- >> doc/guides/rel_notes/release_21_11.rst | 4 ++++ >> doc/guides/sample_app_ug/ipsec_secgw.rst | 11 +++++++++++ >> examples/ipsec-secgw/ipsec-secgw.c | 4 ++++ >> examples/ipsec-secgw/ipsec.h | 1 + >> examples/ipsec-secgw/ipsec_process.c | 25 ++++++++++++++++++++++++ >> examples/ipsec-secgw/sa.c | 21 ++++++++++++++++++-- >> 6 files changed, 64 insertions(+), 2 deletions(-) >> >> diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst >> index b5b5abadee..8d1767b084 100644 >> --- a/doc/guides/rel_notes/release_21_11.rst >> +++ b/doc/guides/rel_notes/release_21_11.rst >> @@ -306,6 +306,10 @@ New Features >> * Pcapng format with timestamps and meta-data. >> * Fixes packet capture with stripped VLAN tags. >> >> +* **IPsec Security Gateway sample application new features.** >> + >> + * Added support for TSO >> + >> >> Removed Items >> ------------- >> diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst >> index 782574dd39..639d309a6e 100644 >> --- a/doc/guides/sample_app_ug/ipsec_secgw.rst >> +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst >> @@ -720,6 +720,17 @@ where each options means: >> >> * *udp-encap* >> >> + ```` >> + >> + * Maximum segment size for TSO offload, available for egress SAs only. >> + >> + * Optional: Yes, TSO offload not set by default >> + >> + * Syntax: >> + >> + * *mss N* N is the segment size in bytes >> + >> + >> Example SA rules: >> >> .. code-block:: console >> diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c >> index 4bdf99b62b..5fcf424efe 100644 >> --- a/examples/ipsec-secgw/ipsec-secgw.c >> +++ b/examples/ipsec-secgw/ipsec-secgw.c >> @@ -398,6 +398,10 @@ prepare_one_packet(struct rte_mbuf *pkt, struct ipsec_traffic *t) >> pkt->l2_len = 0; >> pkt->l3_len = sizeof(*iph4); >> pkt->packet_type |= RTE_PTYPE_L3_IPV4; >> + if (pkt->packet_type & RTE_PTYPE_L4_TCP) >> + pkt->l4_len = sizeof(struct rte_tcp_hdr); >> + else if (pkt->packet_type & RTE_PTYPE_L4_UDP) >> + pkt->l4_len = sizeof(struct rte_udp_hdr); >> } else if (eth->ether_type == rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6)) { >> int next_proto; >> size_t l3len, ext_len; >> diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h >> index 8405c48171..2c3640833d 100644 >> --- a/examples/ipsec-secgw/ipsec.h >> +++ b/examples/ipsec-secgw/ipsec.h >> @@ -137,6 +137,7 @@ struct ipsec_sa { >> enum rte_security_ipsec_sa_direction direction; >> uint8_t udp_encap; >> uint16_t portid; >> + uint16_t mss; >> uint8_t fdir_qid; >> uint8_t fdir_flag; >> >> diff --git a/examples/ipsec-secgw/ipsec_process.c b/examples/ipsec-secgw/ipsec_process.c >> index 5012e1a6a4..26c6c2fe84 100644 >> --- a/examples/ipsec-secgw/ipsec_process.c >> +++ b/examples/ipsec-secgw/ipsec_process.c >> @@ -222,6 +222,31 @@ prep_process_group(void *sa, struct rte_mbuf *mb[], uint32_t cnt) >> for (j = 0; j != cnt; j++) { >> priv = get_priv(mb[j]); >> priv->sa = sa; >> + /* setup TSO related fields if TSO enabled*/ >> + if (priv->sa->mss) { >> + mb[j]->tso_segsz = priv->sa->mss; >> + >> + if ((IS_TUNNEL(priv->sa->flags))) { >> + mb[j]->outer_l3_len = mb[j]->l3_len; >> + mb[j]->outer_l2_len = mb[j]->l2_len; >> + mb[j]->ol_flags |= >> + (RTE_MBUF_F_TX_OUTER_IP_CKSUM | >> + RTE_MBUF_F_TX_TUNNEL_ESP); >> + } >> + uint32_t ptype = mb[j]->packet_type; >> + if (ptype & RTE_PTYPE_L4_TCP) >> + mb[j]->ol_flags |= >> + (RTE_MBUF_F_TX_TCP_SEG | >> + RTE_MBUF_F_TX_TCP_CKSUM); >> + else >> + mb[j]->ol_flags |= >> + (RTE_MBUF_F_TX_UDP_SEG | >> + RTE_MBUF_F_TX_UDP_CKSUM); > Could it be that packet is neither TCP nor UDP? Yes, I will add a third branch for unsupported packet type. > >> + if (RTE_ETH_IS_IPV4_HDR(ptype)) >> + mb[j]->ol_flags |= RTE_MBUF_F_TX_OUTER_IPV4; >> + else >> + mb[j]->ol_flags |= RTE_MBUF_F_TX_OUTER_IPV6; >> + } >> } >> } >> >> diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c >> index 88dd30464f..e8815dffe7 100644 >> --- a/examples/ipsec-secgw/sa.c >> +++ b/examples/ipsec-secgw/sa.c >> @@ -677,6 +677,16 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens, >> continue; >> } >> >> + if (strcmp(tokens[ti], "mss") == 0) { >> + INCREMENT_TOKEN_INDEX(ti, n_tokens, status); >> + if (status->status < 0) >> + return; >> + rule->mss = atoi(tokens[ti]); >> + if (status->status < 0) >> + return; >> + continue; >> + } >> + >> if (strcmp(tokens[ti], "fallback") == 0) { >> struct rte_ipsec_session *fb; >> >> @@ -970,7 +980,7 @@ sa_create(const char *name, int32_t socket_id, uint32_t nb_sa) >> } >> >> static int >> -check_eth_dev_caps(uint16_t portid, uint32_t inbound) >> +check_eth_dev_caps(uint16_t portid, uint32_t inbound, uint32_t tso) >> { >> struct rte_eth_dev_info dev_info; >> int retval; >> @@ -999,6 +1009,13 @@ check_eth_dev_caps(uint16_t portid, uint32_t inbound) >> "hardware TX IPSec offload is not supported\n"); >> return -EINVAL; >> } >> + if (tso && (dev_info.tx_offload_capa & >> + (RTE_ETH_TX_OFFLOAD_TCP_TSO | >> + RTE_ETH_TX_OFFLOAD_UDP_TSO)) == 0) { > Shouldn't it be: > dev_info.tx_offload_capa & (RTE_ETH_TX_OFFLOAD_TCP_TSO | RTE_ETH_TX_OFFLOAD_UDP_TSO)) == > RTE_ETH_TX_OFFLOAD_TCP_TSO | RTE_ETH_TX_OFFLOAD_UDP_TSO) > ? It should be that but negated, if none of the flags are set we exit - we can't tell at this point if we need TCP or UDP. > >> + RTE_LOG(WARNING, PORT, >> + "hardware TSO offload is not supported\n"); >> + return -EINVAL; >> + } >> } >> return 0; >> } > I think you missed changes in a_check_offloads(). > That's where we specify which HW offloads should be enabled for given port. Yes. > > >> @@ -1127,7 +1144,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[], >> >> if (ips->type == RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL || >> ips->type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) { >> - if (check_eth_dev_caps(sa->portid, inbound)) >> + if (check_eth_dev_caps(sa->portid, inbound, sa->mss)) >> return -EINVAL; >> } >> >> -- >> 2.25.1