[dpdk-dev] [RFC] lib/security: add SA config option for inner pkt csum

[Archana Muniganti <marchana@marvell.com>]

Add inner packet IPv4 hdr and L4 checksum enable options
in conf. These will be used in case of protocol offload.
Per SA, application could specify whether the
checksum(compute/verify) can be offloaded to security device.

Signed-off-by: Archana Muniganti <marchana@marvell.com>
---
 lib/cryptodev/rte_crypto.h    |  9 +++++++++
 lib/cryptodev/rte_cryptodev.h |  2 ++
 lib/security/rte_security.h   | 17 +++++++++++++++++
 3 files changed, 28 insertions(+)

diff --git a/lib/cryptodev/rte_crypto.h b/lib/cryptodev/rte_crypto.h
index fd5ef3a876..3510ed109f 100644
--- a/lib/cryptodev/rte_crypto.h
+++ b/lib/cryptodev/rte_crypto.h
@@ -52,6 +52,15 @@ enum rte_crypto_op_status {
 	/**< Operation failed due to invalid arguments in request */
 	RTE_CRYPTO_OP_STATUS_ERROR,
 	/**< Error handling operation */
+	RTE_CRYPTO_OP_STATUS_WAR = 128,
+	/**<
+	 * Operation completed successfully with warnings.
+	 * Note: All the warnings starts from here.
+	 */
+	RTE_CRYPTO_OP_STATUS_WAR_L3_CSUM_BAD,
+	/**< Operation completed successfully with invalid L3 checksum */
+	RTE_CRYPTO_OP_STATUS_WAR_L4_CSUM_BAD,
+	/**< Operation completed successfully with invalid L4 checksum */
 };
 
 /**
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index 11f4e6fdbf..6a6a2d0537 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -479,6 +479,8 @@ rte_cryptodev_asym_get_xform_enum(enum rte_crypto_asym_xform_type *xform_enum,
 /**< Support operations on multiple data-units message */
 #define RTE_CRYPTODEV_FF_CIPHER_WRAPPED_KEY		(1ULL << 26)
 /**< Support wrapped key in cipher xform  */
+#define RTE_CRYPTODEV_FF_SECURITY_INNER_CSUM		(1ULL << 27)
+/**< Support inner checksum computation/verification */
 
 /**
  * Get the name of a crypto device feature flag
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 88d31de0a6..2fdefab878 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -181,6 +181,23 @@ struct rte_security_ipsec_sa_options {
 	 * * 0: Disable per session security statistics collection for this SA.
 	 */
 	uint32_t stats : 1;
+
+	/** Compute/verify inner packet IPv4 header checksum
+	 *
+	 * * 1: In tunnel mode, compute inner packet IPv4 header checksum
+	 *      before tunnel encapsulation, or verify after tunnel
+	 *      decapsulation.
+	 * * 0: Inner packet IP header checksum is not computed/verified.
+	 */
+	uint32_t ip_csum_enable : 1;
+
+	/** Compute/verify inner packet L4 checksum
+	 *
+	 * * 1: In tunnel mode, compute inner packet L4 checksum before
+	 *      tunnel encapsulation, or verify after tunnel decapsulation.
+	 * * 0: Inner packet L4 checksum is not computed/verified.
+	 */
+	uint32_t l4_csum_enable : 1;
 };
 
 /** IPSec security association direction */
-- 
2.22.0