* [dpdk-dev] [RFC] lib/security: add SA config option for inner pkt csum
@ 2021-06-30 11:12 Archana Muniganti
0 siblings, 0 replies; only message in thread
From: Archana Muniganti @ 2021-06-30 11:12 UTC (permalink / raw)
To: gakhil, roy.fan.zhang, hemant.agrawal, konstantin.ananyev
Cc: Archana Muniganti, anoobj, jerinj, dev
Add inner packet IPv4 hdr and L4 checksum enable options
in conf. These will be used in case of protocol offload.
Per SA, application could specify whether the
checksum(compute/verify) can be offloaded to security device.
Signed-off-by: Archana Muniganti <marchana@marvell.com>
---
lib/cryptodev/rte_crypto.h | 9 +++++++++
lib/cryptodev/rte_cryptodev.h | 2 ++
lib/security/rte_security.h | 17 +++++++++++++++++
3 files changed, 28 insertions(+)
diff --git a/lib/cryptodev/rte_crypto.h b/lib/cryptodev/rte_crypto.h
index fd5ef3a876..3510ed109f 100644
--- a/lib/cryptodev/rte_crypto.h
+++ b/lib/cryptodev/rte_crypto.h
@@ -52,6 +52,15 @@ enum rte_crypto_op_status {
/**< Operation failed due to invalid arguments in request */
RTE_CRYPTO_OP_STATUS_ERROR,
/**< Error handling operation */
+ RTE_CRYPTO_OP_STATUS_WAR = 128,
+ /**<
+ * Operation completed successfully with warnings.
+ * Note: All the warnings starts from here.
+ */
+ RTE_CRYPTO_OP_STATUS_WAR_L3_CSUM_BAD,
+ /**< Operation completed successfully with invalid L3 checksum */
+ RTE_CRYPTO_OP_STATUS_WAR_L4_CSUM_BAD,
+ /**< Operation completed successfully with invalid L4 checksum */
};
/**
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index 11f4e6fdbf..6a6a2d0537 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -479,6 +479,8 @@ rte_cryptodev_asym_get_xform_enum(enum rte_crypto_asym_xform_type *xform_enum,
/**< Support operations on multiple data-units message */
#define RTE_CRYPTODEV_FF_CIPHER_WRAPPED_KEY (1ULL << 26)
/**< Support wrapped key in cipher xform */
+#define RTE_CRYPTODEV_FF_SECURITY_INNER_CSUM (1ULL << 27)
+/**< Support inner checksum computation/verification */
/**
* Get the name of a crypto device feature flag
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 88d31de0a6..2fdefab878 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -181,6 +181,23 @@ struct rte_security_ipsec_sa_options {
* * 0: Disable per session security statistics collection for this SA.
*/
uint32_t stats : 1;
+
+ /** Compute/verify inner packet IPv4 header checksum
+ *
+ * * 1: In tunnel mode, compute inner packet IPv4 header checksum
+ * before tunnel encapsulation, or verify after tunnel
+ * decapsulation.
+ * * 0: Inner packet IP header checksum is not computed/verified.
+ */
+ uint32_t ip_csum_enable : 1;
+
+ /** Compute/verify inner packet L4 checksum
+ *
+ * * 1: In tunnel mode, compute inner packet L4 checksum before
+ * tunnel encapsulation, or verify after tunnel decapsulation.
+ * * 0: Inner packet L4 checksum is not computed/verified.
+ */
+ uint32_t l4_csum_enable : 1;
};
/** IPSec security association direction */
--
2.22.0
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-06-30 11:13 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-30 11:12 [dpdk-dev] [RFC] lib/security: add SA config option for inner pkt csum Archana Muniganti
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).