From: Archana Muniganti <marchana@marvell.com>
To: <gakhil@marvell.com>, <roy.fan.zhang@intel.com>,
<hemant.agrawal@nxp.com>, <konstantin.ananyev@intel.com>
Cc: Archana Muniganti <marchana@marvell.com>, <anoobj@marvell.com>,
<jerinj@marvell.com>, <dev@dpdk.org>
Subject: [dpdk-dev] [RFC] lib/security: add SA config option for inner pkt csum
Date: Wed, 30 Jun 2021 16:42:48 +0530 [thread overview]
Message-ID: <20210630111248.746-1-marchana@marvell.com> (raw)
Add inner packet IPv4 hdr and L4 checksum enable options
in conf. These will be used in case of protocol offload.
Per SA, application could specify whether the
checksum(compute/verify) can be offloaded to security device.
Signed-off-by: Archana Muniganti <marchana@marvell.com>
---
lib/cryptodev/rte_crypto.h | 9 +++++++++
lib/cryptodev/rte_cryptodev.h | 2 ++
lib/security/rte_security.h | 17 +++++++++++++++++
3 files changed, 28 insertions(+)
diff --git a/lib/cryptodev/rte_crypto.h b/lib/cryptodev/rte_crypto.h
index fd5ef3a876..3510ed109f 100644
--- a/lib/cryptodev/rte_crypto.h
+++ b/lib/cryptodev/rte_crypto.h
@@ -52,6 +52,15 @@ enum rte_crypto_op_status {
/**< Operation failed due to invalid arguments in request */
RTE_CRYPTO_OP_STATUS_ERROR,
/**< Error handling operation */
+ RTE_CRYPTO_OP_STATUS_WAR = 128,
+ /**<
+ * Operation completed successfully with warnings.
+ * Note: All the warnings starts from here.
+ */
+ RTE_CRYPTO_OP_STATUS_WAR_L3_CSUM_BAD,
+ /**< Operation completed successfully with invalid L3 checksum */
+ RTE_CRYPTO_OP_STATUS_WAR_L4_CSUM_BAD,
+ /**< Operation completed successfully with invalid L4 checksum */
};
/**
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index 11f4e6fdbf..6a6a2d0537 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -479,6 +479,8 @@ rte_cryptodev_asym_get_xform_enum(enum rte_crypto_asym_xform_type *xform_enum,
/**< Support operations on multiple data-units message */
#define RTE_CRYPTODEV_FF_CIPHER_WRAPPED_KEY (1ULL << 26)
/**< Support wrapped key in cipher xform */
+#define RTE_CRYPTODEV_FF_SECURITY_INNER_CSUM (1ULL << 27)
+/**< Support inner checksum computation/verification */
/**
* Get the name of a crypto device feature flag
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 88d31de0a6..2fdefab878 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -181,6 +181,23 @@ struct rte_security_ipsec_sa_options {
* * 0: Disable per session security statistics collection for this SA.
*/
uint32_t stats : 1;
+
+ /** Compute/verify inner packet IPv4 header checksum
+ *
+ * * 1: In tunnel mode, compute inner packet IPv4 header checksum
+ * before tunnel encapsulation, or verify after tunnel
+ * decapsulation.
+ * * 0: Inner packet IP header checksum is not computed/verified.
+ */
+ uint32_t ip_csum_enable : 1;
+
+ /** Compute/verify inner packet L4 checksum
+ *
+ * * 1: In tunnel mode, compute inner packet L4 checksum before
+ * tunnel encapsulation, or verify after tunnel decapsulation.
+ * * 0: Inner packet L4 checksum is not computed/verified.
+ */
+ uint32_t l4_csum_enable : 1;
};
/** IPSec security association direction */
--
2.22.0
reply other threads:[~2021-06-30 11:13 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210630111248.746-1-marchana@marvell.com \
--to=marchana@marvell.com \
--cc=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=hemant.agrawal@nxp.com \
--cc=jerinj@marvell.com \
--cc=konstantin.ananyev@intel.com \
--cc=roy.fan.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).