From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 9B482A00C2
	for <public@inbox.dpdk.org>; Thu,  8 Dec 2022 11:44:55 +0100 (CET)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 74DA640F17;
	Thu,  8 Dec 2022 11:44:55 +0100 (CET)
Received: from mga07.intel.com (mga07.intel.com [134.134.136.100])
 by mails.dpdk.org (Postfix) with ESMTP id 54BEB40E28
 for <stable@dpdk.org>; Thu,  8 Dec 2022 11:44:54 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
 d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
 t=1670496294; x=1702032294;
 h=from:to:cc:subject:date:message-id:mime-version:
 content-transfer-encoding;
 bh=W3JgxISuH2qsViLi4SZpRYDPJRVDugfqi745QUUFk+M=;
 b=d6IwGM2pG0lZbZ2DtFLVb516oNGiUwHaAjSOy5L14fUhuM0k+m8g0zLG
 gCQArV7PQeFrBS+mh5uswKU3zBWp4TmzlvHsvXZOwn30OH5CJfXHwfvGh
 hnIWPqDXiKMpDwJSIPDzzZBa1xQCQ64kwKs/SHTqkxAJG2lMRI8HMmlET
 gVXQbRUKz3GlG1toax5BiQ+SJiHnYLbZ7J8veZi61EifAI0qz5XHllKpR
 CVkPKu0U4T5i8YKYNuyhVP7hbeZ8hvvbdxHfmetf5yonSQxsYmjARuAt0
 nXw0IEB1E257nYDaVXWCz/U3OVaZ1+FzFW6fOsPJ6vPPSji8BzF7da+Ab Q==;
X-IronPort-AV: E=McAfee;i="6500,9779,10554"; a="381432381"
X-IronPort-AV: E=Sophos;i="5.96,227,1665471600"; d="scan'208";a="381432381"
Received: from fmsmga007.fm.intel.com ([10.253.24.52])
 by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 08 Dec 2022 02:44:52 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6500,9779,10554"; a="649090001"
X-IronPort-AV: E=Sophos;i="5.96,227,1665471600"; d="scan'208";a="649090001"
Received: from silpixa00400884.ir.intel.com ([10.243.22.82])
 by fmsmga007.fm.intel.com with ESMTP; 08 Dec 2022 02:44:50 -0800
From: Radu Nicolau <radu.nicolau@intel.com>
To: stable@dpdk.org
Cc: Radu Nicolau <radu.nicolau@intel.com>, Fan Zhang <roy.fan.zhang@intel.com>,
 Akhil Goyal <gakhil@marvell.com>
Subject: [PATCH 21.11] examples/ipsec-secgw: fix Tx checksum offload flag
Date: Thu,  8 Dec 2022 10:44:44 +0000
Message-Id: <20221208104444.484886-1-radu.nicolau@intel.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org

[ upstream commit 65bd9c7abc255ec2ce084d9f28e29c395e205402 ]

For the inline crypto path set the Tx checksum offload flag
only if the device supports it.

Fixes: 4edcee19fc20 ("examples/ipsec-secgw: use Tx checksum offload conditionally")

Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
---
 examples/ipsec-secgw/sa.c | 52 +++++++++++++++++++++++++++++++++------
 1 file changed, 45 insertions(+), 7 deletions(-)

diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 89131f71e5..2f8b9bce27 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -1773,10 +1773,18 @@ sa_check_offloads(uint16_t port_id, uint64_t *rx_offloads,
 	struct ipsec_sa *rule;
 	uint32_t idx_sa;
 	enum rte_security_session_action_type rule_type;
+	struct rte_eth_dev_info dev_info;
+	int ret;
 
 	*rx_offloads = 0;
 	*tx_offloads = 0;
 
+	ret = rte_eth_dev_info_get(port_id, &dev_info);
+	if (ret != 0)
+		rte_exit(EXIT_FAILURE,
+			"Error during getting device (port %u) info: %s\n",
+			port_id, strerror(-ret));
+
 	/* Check for inbound rules that use offloads and use this port */
 	for (idx_sa = 0; idx_sa < nb_sa_in; idx_sa++) {
 		rule = &sa_in[idx_sa];
@@ -1792,13 +1800,43 @@ sa_check_offloads(uint16_t port_id, uint64_t *rx_offloads,
 	for (idx_sa = 0; idx_sa < nb_sa_out; idx_sa++) {
 		rule = &sa_out[idx_sa];
 		rule_type = ipsec_get_action_type(rule);
-		if ((rule_type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO ||
-				rule_type ==
-				RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL)
-				&& rule->portid == port_id) {
-			*tx_offloads |= RTE_ETH_TX_OFFLOAD_SECURITY;
-			if (rule->mss)
-				*tx_offloads |= RTE_ETH_TX_OFFLOAD_TCP_TSO;
+		if (rule->portid == port_id) {
+			switch (rule_type) {
+			case RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL:
+				/* Checksum offload is not needed for inline
+				 * protocol as all processing for Outbound IPSec
+				 * packets will be implicitly taken care and for
+				 * non-IPSec packets, there is no need of
+				 * IPv4 Checksum offload.
+				 */
+				*tx_offloads |= RTE_ETH_TX_OFFLOAD_SECURITY;
+				if (rule->mss)
+					*tx_offloads |= (RTE_ETH_TX_OFFLOAD_TCP_TSO |
+							 RTE_ETH_TX_OFFLOAD_IPV4_CKSUM);
+				break;
+			case RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO:
+				*tx_offloads |= RTE_ETH_TX_OFFLOAD_SECURITY;
+				if (rule->mss)
+					*tx_offloads |=
+						RTE_ETH_TX_OFFLOAD_TCP_TSO;
+				if (dev_info.tx_offload_capa &
+						RTE_ETH_TX_OFFLOAD_IPV4_CKSUM)
+					*tx_offloads |=
+						RTE_ETH_TX_OFFLOAD_IPV4_CKSUM;
+				break;
+			default:
+				/* Enable IPv4 checksum offload even if
+				 * one of lookaside SA's are present.
+				 */
+				if (dev_info.tx_offload_capa &
+				    RTE_ETH_TX_OFFLOAD_IPV4_CKSUM)
+					*tx_offloads |= RTE_ETH_TX_OFFLOAD_IPV4_CKSUM;
+				break;
+			}
+		} else {
+			if (dev_info.tx_offload_capa &
+			    RTE_ETH_TX_OFFLOAD_IPV4_CKSUM)
+				*tx_offloads |= RTE_ETH_TX_OFFLOAD_IPV4_CKSUM;
 		}
 	}
 	return 0;
-- 
2.25.1