[PATCH 20.11] examples/ipsec-secgw: fix Tx checksum offload flag

[Radu Nicolau <radu.nicolau@intel.com>]

[ upstream commit 65bd9c7abc255ec2ce084d9f28e29c395e205402 ]

For the inline crypto path set the Tx checksum offload flag
only if the device supports it.

Fixes: 5f5d17a11498 ("examples/ipsec-secgw: use Tx checksum offload conditionally")
Cc: ndabilpuram@marvell.com

Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
---
 examples/ipsec-secgw/sa.c | 45 ++++++++++++++++++++++++++++++++++-----
 1 file changed, 40 insertions(+), 5 deletions(-)

diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 34f0d8a39a..eb516ed16f 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -1593,10 +1593,18 @@ sa_check_offloads(uint16_t port_id, uint64_t *rx_offloads,
 	struct ipsec_sa *rule;
 	uint32_t idx_sa;
 	enum rte_security_session_action_type rule_type;
+	struct rte_eth_dev_info dev_info;
+	int ret;
 
 	*rx_offloads = 0;
 	*tx_offloads = 0;
 
+	ret = rte_eth_dev_info_get(port_id, &dev_info);
+	if (ret != 0)
+		rte_exit(EXIT_FAILURE,
+			"Error during getting device (port %u) info: %s\n",
+			port_id, strerror(-ret));
+
 	/* Check for inbound rules that use offloads and use this port */
 	for (idx_sa = 0; idx_sa < nb_sa_in; idx_sa++) {
 		rule = &sa_in[idx_sa];
@@ -1612,11 +1620,38 @@ sa_check_offloads(uint16_t port_id, uint64_t *rx_offloads,
 	for (idx_sa = 0; idx_sa < nb_sa_out; idx_sa++) {
 		rule = &sa_out[idx_sa];
 		rule_type = ipsec_get_action_type(rule);
-		if ((rule_type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO ||
-				rule_type ==
-				RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL)
-				&& rule->portid == port_id)
-			*tx_offloads |= DEV_TX_OFFLOAD_SECURITY;
+		if (rule->portid == port_id) {
+			switch (rule_type) {
+			case RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL:
+				/* Checksum offload is not needed for inline
+				 * protocol as all processing for Outbound IPSec
+				 * packets will be implicitly taken care and for
+				 * non-IPSec packets, there is no need of
+				 * IPv4 Checksum offload.
+				 */
+				*tx_offloads |= DEV_TX_OFFLOAD_SECURITY;
+				break;
+			case RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO:
+				*tx_offloads |= DEV_TX_OFFLOAD_SECURITY;
+				if (dev_info.tx_offload_capa &
+						DEV_TX_OFFLOAD_IPV4_CKSUM)
+					*tx_offloads |=
+						DEV_TX_OFFLOAD_IPV4_CKSUM;
+				break;
+			default:
+				/* Enable IPv4 checksum offload even if
+				 * one of lookaside SA's are present.
+				 */
+				if (dev_info.tx_offload_capa &
+				    DEV_TX_OFFLOAD_IPV4_CKSUM)
+					*tx_offloads |= DEV_TX_OFFLOAD_IPV4_CKSUM;
+				break;
+			}
+		} else {
+			if (dev_info.tx_offload_capa &
+			    DEV_TX_OFFLOAD_IPV4_CKSUM)
+				*tx_offloads |= DEV_TX_OFFLOAD_IPV4_CKSUM;
+		}
 	}
 	return 0;
 }
-- 
2.25.1