[dpdk-dev] [PATCH 1/3] security: add SA config option for inner pkt csum
Archana Muniganti
marchana at marvell.com
Tue Sep 28 15:26:28 CEST 2021
Add inner packet IPv4 hdr and L4 checksum enable options
in conf. These will be used in case of protocol offload.
Per SA, application could specify whether the
checksum(compute/verify) can be offloaded to security device.
Signed-off-by: Archana Muniganti <marchana at marvell.com>
---
doc/guides/rel_notes/deprecation.rst | 4 ++--
doc/guides/rel_notes/release_21_11.rst | 5 +++++
lib/cryptodev/rte_cryptodev.h | 2 ++
lib/security/rte_security.h | 18 ++++++++++++++++++
4 files changed, 27 insertions(+), 2 deletions(-)
diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst
index 80ae9a6372..ae2d6ffe33 100644
--- a/doc/guides/rel_notes/deprecation.rst
+++ b/doc/guides/rel_notes/deprecation.rst
@@ -237,8 +237,8 @@ Deprecation Notices
IPsec payload MSS (Maximum Segment Size), and ESN (Extended Sequence Number).
* security: The IPsec SA config options ``struct rte_security_ipsec_sa_options``
- will be updated with new fields to support new features like IPsec inner
- checksum, TSO in case of protocol offload.
+ will be updated with new fields to support new features like TSO in case of
+ protocol offload.
* ipsec: The structure ``rte_ipsec_sa_prm`` will be extended with a new field
``hdr_l3_len`` to configure tunnel L3 header length.
diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
index e84a8863e9..42ed9ee580 100644
--- a/doc/guides/rel_notes/release_21_11.rst
+++ b/doc/guides/rel_notes/release_21_11.rst
@@ -197,6 +197,11 @@ ABI Changes
* Added SA option to indicate whether UDP ports verification need to be
done as part of inbound IPsec processing.
+* security: add IPsec SA config option for inner packet checksum
+
+ * Added inner packet IPv4 hdr and L4 checksum enable options in conf.
+ Per SA, application could specify whether the checksum(compute/verify)
+ can be offloaded to security device.
Known Issues
------------
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index bb01f0f195..d9271a6c45 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -479,6 +479,8 @@ rte_cryptodev_asym_get_xform_enum(enum rte_crypto_asym_xform_type *xform_enum,
/**< Support operations on multiple data-units message */
#define RTE_CRYPTODEV_FF_CIPHER_WRAPPED_KEY (1ULL << 26)
/**< Support wrapped key in cipher xform */
+#define RTE_CRYPTODEV_FF_SECURITY_INNER_CSUM (1ULL << 27)
+/**< Support inner checksum computation/verification */
/**
* Get the name of a crypto device feature flag
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index ae5a2e09c3..47d0b5689c 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -230,6 +230,24 @@ struct rte_security_ipsec_sa_options {
* source and destination IP addresses.
*/
uint32_t tunnel_hdr_verify : 2;
+
+ /** Compute/verify inner packet IPv4 header checksum in tunnel mode
+ *
+ * * 1: For outbound, compute inner packet IPv4 header checksum
+ * before tunnel encapsulation and for inbound, verify after
+ * tunnel decapsulation.
+ * * 0: Inner packet IP header checksum is not computed/verified.
+ */
+ uint32_t ip_csum_enable : 1;
+
+ /** Compute/verify inner packet L4 checksum in tunnel mode
+ *
+ * * 1: For outbound, compute inner packet L4 checksum before
+ * tunnel encapsulation and for inbound, verify after
+ * tunnel decapsulation.
+ * * 0: Inner packet L4 checksum is not computed/verified.
+ */
+ uint32_t l4_csum_enable : 1;
};
/** IPSec security association direction */
--
2.22.0
More information about the dev
mailing list