From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id EA4F8A0032; Fri, 1 Oct 2021 12:03:52 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id B22024119F; Fri, 1 Oct 2021 12:02:55 +0200 (CEST) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mails.dpdk.org (Postfix) with ESMTP id D6F0340040 for ; Fri, 1 Oct 2021 12:02:53 +0200 (CEST) X-IronPort-AV: E=McAfee;i="6200,9189,10123"; a="222187244" X-IronPort-AV: E=Sophos;i="5.85,337,1624345200"; d="scan'208";a="222187244" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Oct 2021 03:02:15 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.85,337,1624345200"; d="scan'208";a="708489403" Received: from silpixa00400884.ir.intel.com ([10.243.22.82]) by fmsmga006.fm.intel.com with ESMTP; 01 Oct 2021 03:02:14 -0700 From: Radu Nicolau To: Radu Nicolau , Akhil Goyal Cc: dev@dpdk.org, declan.doherty@intel.com, hemant.agrawal@oss.nxp.com Date: Fri, 1 Oct 2021 10:51:58 +0100 Message-Id: <20211001095202.3343782-5-radu.nicolau@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211001095202.3343782-1-radu.nicolau@intel.com> References: <20210903112257.303961-1-radu.nicolau@intel.com> <20211001095202.3343782-1-radu.nicolau@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-dev] [PATCH v3 4/8] examples/ipsec-secgw: add support for TSO X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add support to allow user to specific MSS for TSO offload on a per SA basis. MSS configuration in the context of IPsec is only supported for outbound SA's in the context of an inline IPsec Crypto offload. Signed-off-by: Declan Doherty Signed-off-by: Radu Nicolau --- doc/guides/sample_app_ug/ipsec_secgw.rst | 10 ++++++++++ examples/ipsec-secgw/ipsec-secgw.c | 4 ++++ examples/ipsec-secgw/ipsec.h | 1 + examples/ipsec-secgw/ipsec_process.c | 2 ++ examples/ipsec-secgw/sa.c | 12 ++++++++++++ 5 files changed, 29 insertions(+) diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst index 846cf2b81a..cf7a94f58a 100644 --- a/doc/guides/sample_app_ug/ipsec_secgw.rst +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst @@ -725,6 +725,16 @@ where each options means: * *udp-encap* + ```` + + * Maximum segment size for TSO offload, available for egress SAs only. + + * Optional: Yes, TSO offload not set by default + + * Syntax: + + * *mss N* N is the segment size + Example SA rules: .. code-block:: console diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c index 1d30f39450..3da520ec6e 100644 --- a/examples/ipsec-secgw/ipsec-secgw.c +++ b/examples/ipsec-secgw/ipsec-secgw.c @@ -399,6 +399,10 @@ prepare_one_packet(struct rte_mbuf *pkt, struct ipsec_traffic *t) pkt->l2_len = 0; pkt->l3_len = sizeof(*iph4); pkt->packet_type |= RTE_PTYPE_L3_IPV4; + if (pkt->packet_type & RTE_PTYPE_L4_TCP) + pkt->l4_len = sizeof(struct rte_tcp_hdr); + else + pkt->l4_len = sizeof(struct rte_udp_hdr); } else if (eth->ether_type == rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6)) { int next_proto; size_t l3len, ext_len; diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h index 50fb7a8b46..36b1ac9355 100644 --- a/examples/ipsec-secgw/ipsec.h +++ b/examples/ipsec-secgw/ipsec.h @@ -143,6 +143,7 @@ struct ipsec_sa { enum rte_security_ipsec_sa_direction direction; uint8_t udp_encap; uint16_t portid; + uint16_t mss; uint8_t fdir_qid; uint8_t fdir_flag; diff --git a/examples/ipsec-secgw/ipsec_process.c b/examples/ipsec-secgw/ipsec_process.c index 5012e1a6a4..fc2a3cbcd1 100644 --- a/examples/ipsec-secgw/ipsec_process.c +++ b/examples/ipsec-secgw/ipsec_process.c @@ -222,6 +222,8 @@ prep_process_group(void *sa, struct rte_mbuf *mb[], uint32_t cnt) for (j = 0; j != cnt; j++) { priv = get_priv(mb[j]); priv->sa = sa; + if (priv->sa->mss) + mb[j]->tso_segsz = priv->sa->mss; } } diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c index b32c168bcc..3851a900dc 100644 --- a/examples/ipsec-secgw/sa.c +++ b/examples/ipsec-secgw/sa.c @@ -678,6 +678,16 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens, continue; } + if (strcmp(tokens[ti], "mss") == 0) { + INCREMENT_TOKEN_INDEX(ti, n_tokens, status); + if (status->status < 0) + return; + rule->mss = atoi(tokens[ti]); + if (status->status < 0) + return; + continue; + } + if (strcmp(tokens[ti], "fallback") == 0) { struct rte_ipsec_session *fb; @@ -1326,11 +1336,13 @@ fill_ipsec_sa_prm(struct rte_ipsec_sa_prm *prm, const struct ipsec_sa *ss, if (IS_IP4_TUNNEL(ss->flags)) { prm->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4; prm->tun.hdr_len = sizeof(*v4); + prm->tun.hdr_l3_off = 0; prm->tun.next_proto = rc; prm->tun.hdr = v4; } else if (IS_IP6_TUNNEL(ss->flags)) { prm->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV6; prm->tun.hdr_len = sizeof(*v6); + prm->tun.hdr_l3_off = 0; prm->tun.next_proto = rc; prm->tun.hdr = v6; } else { -- 2.25.1