Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/101015/?format=api
{ "id": 101015, "url": "http://patches.dpdk.org/api/patches/101015/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/20211011112945.2876-7-radu.nicolau@intel.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20211011112945.2876-7-radu.nicolau@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20211011112945.2876-7-radu.nicolau@intel.com", "date": "2021-10-11T11:29:41", "name": "[v8,06/10] ipsec: add transmit segmentation offload support", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "4b4bd82bffce86148811b0f1fb3eb0bd2a2d0fa4", "submitter": { "id": 743, "url": "http://patches.dpdk.org/api/people/743/?format=api", "name": "Radu Nicolau", "email": "radu.nicolau@intel.com" }, "delegate": { "id": 6690, "url": "http://patches.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/20211011112945.2876-7-radu.nicolau@intel.com/mbox/", "series": [ { "id": 19516, "url": "http://patches.dpdk.org/api/series/19516/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=19516", "date": "2021-10-11T11:29:35", "name": "new features for ipsec and security libraries", "version": 8, "mbox": "http://patches.dpdk.org/series/19516/mbox/" } ], "comments": "http://patches.dpdk.org/api/patches/101015/comments/", "check": "success", "checks": "http://patches.dpdk.org/api/patches/101015/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id EF2E9A034F;\n\tMon, 11 Oct 2021 13:42:09 +0200 (CEST)", "from [217.70.189.124] (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id 234534111F;\n\tMon, 11 Oct 2021 13:42:00 +0200 (CEST)", "from mga17.intel.com (mga17.intel.com [192.55.52.151])\n by mails.dpdk.org (Postfix) with ESMTP id 85D5941103\n for <dev@dpdk.org>; Mon, 11 Oct 2021 13:41:58 +0200 (CEST)", "from orsmga007.jf.intel.com ([10.7.209.58])\n by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 11 Oct 2021 04:41:42 -0700", "from silpixa00400884.ir.intel.com ([10.243.22.82])\n by orsmga007.jf.intel.com with ESMTP; 11 Oct 2021 04:41:39 -0700" ], "X-IronPort-AV": [ "E=McAfee;i=\"6200,9189,10133\"; a=\"207660532\"", "E=Sophos;i=\"5.85,364,1624345200\"; d=\"scan'208\";a=\"207660532\"", "E=Sophos;i=\"5.85,364,1624345200\"; d=\"scan'208\";a=\"479822023\"" ], "X-ExtLoop1": "1", "From": "Radu Nicolau <radu.nicolau@intel.com>", "To": "Konstantin Ananyev <konstantin.ananyev@intel.com>,\n Bernard Iremonger <bernard.iremonger@intel.com>,\n Vladimir Medvedkin <vladimir.medvedkin@intel.com>", "Cc": "dev@dpdk.org, mdr@ashroe.eu, bruce.richardson@intel.com,\n roy.fan.zhang@intel.com, hemant.agrawal@nxp.com, gakhil@marvell.com,\n anoobj@marvell.com, declan.doherty@intel.com, abhijit.sinha@intel.com,\n daniel.m.buckley@intel.com, marchana@marvell.com, ktejasree@marvell.com,\n matan@nvidia.com, Radu Nicolau <radu.nicolau@intel.com>", "Date": "Mon, 11 Oct 2021 12:29:41 +0100", "Message-Id": "<20211011112945.2876-7-radu.nicolau@intel.com>", "X-Mailer": "git-send-email 2.25.1", "In-Reply-To": "<20211011112945.2876-1-radu.nicolau@intel.com>", "References": "<20210713133542.3550525-1-radu.nicolau@intel.com>\n <20211011112945.2876-1-radu.nicolau@intel.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Subject": "[dpdk-dev] [PATCH v8 06/10] ipsec: add transmit segmentation\n offload support", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "Add support for transmit segmentation offload to inline crypto processing\nmode. This offload is not supported by other offload modes, as at a\nminimum it requires inline crypto for IPsec to be supported on the\nnetwork interface.\n\nSigned-off-by: Declan Doherty <declan.doherty@intel.com>\nSigned-off-by: Radu Nicolau <radu.nicolau@intel.com>\nSigned-off-by: Abhijit Sinha <abhijit.sinha@intel.com>\nSigned-off-by: Daniel Martin Buckley <daniel.m.buckley@intel.com>\nAcked-by: Fan Zhang <roy.fan.zhang@intel.com>\n---\n doc/guides/prog_guide/ipsec_lib.rst | 2 +\n doc/guides/rel_notes/release_21_11.rst | 1 +\n lib/ipsec/esp_outb.c | 119 +++++++++++++++++++++----\n 3 files changed, 103 insertions(+), 19 deletions(-)", "diff": "diff --git a/doc/guides/prog_guide/ipsec_lib.rst b/doc/guides/prog_guide/ipsec_lib.rst\nindex af51ff8131..fc0af5eadb 100644\n--- a/doc/guides/prog_guide/ipsec_lib.rst\n+++ b/doc/guides/prog_guide/ipsec_lib.rst\n@@ -315,6 +315,8 @@ Supported features\n \n * NAT-T / UDP encapsulated ESP.\n \n+* TSO support (only for inline crypto mode)\n+\n * algorithms: 3DES-CBC, AES-CBC, AES-CTR, AES-GCM, AES_CCM, CHACHA20_POLY1305,\n AES_GMAC, HMAC-SHA1, NULL.\n \ndiff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst\nindex 73a566eaca..77535ace36 100644\n--- a/doc/guides/rel_notes/release_21_11.rst\n+++ b/doc/guides/rel_notes/release_21_11.rst\n@@ -138,6 +138,7 @@ New Features\n \n * Added support for AEAD algorithms AES_CCM, CHACHA20_POLY1305 and AES_GMAC.\n * Added support for NAT-T / UDP encapsulated ESP\n+ * Added support TSO offload support; only supported for inline crypto mode.\n \n \n Removed Items\ndiff --git a/lib/ipsec/esp_outb.c b/lib/ipsec/esp_outb.c\nindex 0e3314b358..df7d3e8645 100644\n--- a/lib/ipsec/esp_outb.c\n+++ b/lib/ipsec/esp_outb.c\n@@ -147,6 +147,7 @@ outb_tun_pkt_prepare(struct rte_ipsec_sa *sa, rte_be64_t sqc,\n \tstruct rte_esp_tail *espt;\n \tchar *ph, *pt;\n \tuint64_t *iv;\n+\tuint8_t tso = !!(mb->ol_flags & (PKT_TX_TCP_SEG | PKT_TX_UDP_SEG));\n \n \t/* calculate extra header space required */\n \thlen = sa->hdr_len + sa->iv_len + sizeof(*esph);\n@@ -157,11 +158,20 @@ outb_tun_pkt_prepare(struct rte_ipsec_sa *sa, rte_be64_t sqc,\n \n \t/* number of bytes to encrypt */\n \tclen = plen + sizeof(*espt);\n-\tclen = RTE_ALIGN_CEIL(clen, sa->pad_align);\n+\n+\t/* We don't need to pad/ailgn packet when using TSO offload */\n+\tif (likely(!tso))\n+\t\tclen = RTE_ALIGN_CEIL(clen, sa->pad_align);\n+\n \n \t/* pad length + esp tail */\n \tpdlen = clen - plen;\n-\ttlen = pdlen + sa->icv_len + sqh_len;\n+\n+\t/* We don't append ICV length when using TSO offload */\n+\tif (likely(!tso))\n+\t\ttlen = pdlen + sa->icv_len + sqh_len;\n+\telse\n+\t\ttlen = pdlen + sqh_len;\n \n \t/* do append and prepend */\n \tml = rte_pktmbuf_lastseg(mb);\n@@ -346,6 +356,7 @@ outb_trs_pkt_prepare(struct rte_ipsec_sa *sa, rte_be64_t sqc,\n \tchar *ph, *pt;\n \tuint64_t *iv;\n \tuint32_t l2len, l3len;\n+\tuint8_t tso = !!(mb->ol_flags & (PKT_TX_TCP_SEG | PKT_TX_UDP_SEG));\n \n \tl2len = mb->l2_len;\n \tl3len = mb->l3_len;\n@@ -358,11 +369,19 @@ outb_trs_pkt_prepare(struct rte_ipsec_sa *sa, rte_be64_t sqc,\n \n \t/* number of bytes to encrypt */\n \tclen = plen + sizeof(*espt);\n-\tclen = RTE_ALIGN_CEIL(clen, sa->pad_align);\n+\n+\t/* We don't need to pad/ailgn packet when using TSO offload */\n+\tif (likely(!tso))\n+\t\tclen = RTE_ALIGN_CEIL(clen, sa->pad_align);\n \n \t/* pad length + esp tail */\n \tpdlen = clen - plen;\n-\ttlen = pdlen + sa->icv_len + sqh_len;\n+\n+\t/* We don't append ICV length when using TSO offload */\n+\tif (likely(!tso))\n+\t\ttlen = pdlen + sa->icv_len + sqh_len;\n+\telse\n+\t\ttlen = pdlen + sqh_len;\n \n \t/* do append and insert */\n \tml = rte_pktmbuf_lastseg(mb);\n@@ -660,6 +679,29 @@ inline_outb_mbuf_prepare(const struct rte_ipsec_session *ss,\n \t}\n }\n \n+/* check if packet will exceed MSS and segmentation is required */\n+static inline int\n+esn_outb_nb_segments(struct rte_mbuf *m) {\n+\tuint16_t segments = 1;\n+\tuint16_t pkt_l3len = m->pkt_len - m->l2_len;\n+\n+\t/* Only support segmentation for UDP/TCP flows */\n+\tif (!(m->packet_type & (RTE_PTYPE_L4_UDP | RTE_PTYPE_L4_TCP)))\n+\t\treturn segments;\n+\n+\tif (m->tso_segsz > 0 && pkt_l3len > m->tso_segsz) {\n+\t\tsegments = pkt_l3len / m->tso_segsz;\n+\t\tif (segments * m->tso_segsz < pkt_l3len)\n+\t\t\tsegments++;\n+\t\tif (m->packet_type & RTE_PTYPE_L4_TCP)\n+\t\t\tm->ol_flags |= (PKT_TX_TCP_SEG | PKT_TX_TCP_CKSUM);\n+\t\telse\n+\t\t\tm->ol_flags |= (PKT_TX_UDP_SEG | PKT_TX_UDP_CKSUM);\n+\t}\n+\n+\treturn segments;\n+}\n+\n /*\n * process group of ESP outbound tunnel packets destined for\n * INLINE_CRYPTO type of device.\n@@ -669,24 +711,36 @@ inline_outb_tun_pkt_process(const struct rte_ipsec_session *ss,\n \tstruct rte_mbuf *mb[], uint16_t num)\n {\n \tint32_t rc;\n-\tuint32_t i, k, n;\n+\tuint32_t i, k, nb_sqn = 0, nb_sqn_alloc;\n \tuint64_t sqn;\n \trte_be64_t sqc;\n \tstruct rte_ipsec_sa *sa;\n \tunion sym_op_data icv;\n \tuint64_t iv[IPSEC_MAX_IV_QWORD];\n \tuint32_t dr[num];\n+\tuint16_t nb_segs[num];\n \n \tsa = ss->sa;\n \n-\tn = num;\n-\tsqn = esn_outb_update_sqn(sa, &n);\n-\tif (n != num)\n+\tfor (i = 0; i != num; i++) {\n+\t\tnb_segs[i] = esn_outb_nb_segments(mb[i]);\n+\t\tnb_sqn += nb_segs[i];\n+\t\t/* setup offload fields for TSO */\n+\t\tif (nb_segs[i] > 1) {\n+\t\t\tmb[i]->ol_flags |= (PKT_TX_OUTER_IPV4 |\n+\t\t\t\t\tPKT_TX_OUTER_IP_CKSUM |\n+\t\t\t\t\tPKT_TX_TUNNEL_ESP);\n+\t\t\tmb[i]->outer_l3_len = mb[i]->l3_len;\n+\t\t}\n+\t}\n+\n+\tnb_sqn_alloc = nb_sqn;\n+\tsqn = esn_outb_update_sqn(sa, &nb_sqn_alloc);\n+\tif (nb_sqn_alloc != nb_sqn)\n \t\trte_errno = EOVERFLOW;\n \n \tk = 0;\n-\tfor (i = 0; i != n; i++) {\n-\n+\tfor (i = 0; i != num; i++) {\n \t\tsqc = rte_cpu_to_be_64(sqn + i);\n \t\tgen_iv(iv, sqc);\n \n@@ -700,11 +754,18 @@ inline_outb_tun_pkt_process(const struct rte_ipsec_session *ss,\n \t\t\tdr[i - k] = i;\n \t\t\trte_errno = -rc;\n \t\t}\n+\n+\t\t/**\n+\t\t * If packet is using tso, increment sqn by the number of\n+\t\t * segments for\tpacket\n+\t\t */\n+\t\tif (mb[i]->ol_flags & (PKT_TX_TCP_SEG | PKT_TX_UDP_SEG))\n+\t\t\tsqn += nb_segs[i] - 1;\n \t}\n \n \t/* copy not processed mbufs beyond good ones */\n-\tif (k != n && k != 0)\n-\t\tmove_bad_mbufs(mb, dr, n, n - k);\n+\tif (k != num && k != 0)\n+\t\tmove_bad_mbufs(mb, dr, num, num - k);\n \n \tinline_outb_mbuf_prepare(ss, mb, k);\n \treturn k;\n@@ -719,23 +780,36 @@ inline_outb_trs_pkt_process(const struct rte_ipsec_session *ss,\n \tstruct rte_mbuf *mb[], uint16_t num)\n {\n \tint32_t rc;\n-\tuint32_t i, k, n;\n+\tuint32_t i, k, nb_sqn, nb_sqn_alloc;\n \tuint64_t sqn;\n \trte_be64_t sqc;\n \tstruct rte_ipsec_sa *sa;\n \tunion sym_op_data icv;\n \tuint64_t iv[IPSEC_MAX_IV_QWORD];\n \tuint32_t dr[num];\n+\tuint16_t nb_segs[num];\n \n \tsa = ss->sa;\n \n-\tn = num;\n-\tsqn = esn_outb_update_sqn(sa, &n);\n-\tif (n != num)\n+\t/* Calculate number of sequence numbers required */\n+\tfor (i = 0, nb_sqn = 0; i != num; i++) {\n+\t\tnb_segs[i] = esn_outb_nb_segments(mb[i]);\n+\t\tnb_sqn += nb_segs[i];\n+\t\t/* setup offload fields for TSO */\n+\t\tif (nb_segs[i] > 1) {\n+\t\t\tmb[i]->ol_flags |= (PKT_TX_OUTER_IPV4 |\n+\t\t\t\t\tPKT_TX_OUTER_IP_CKSUM);\n+\t\t\tmb[i]->outer_l3_len = mb[i]->l3_len;\n+\t\t}\n+\t}\n+\n+\tnb_sqn_alloc = nb_sqn;\n+\tsqn = esn_outb_update_sqn(sa, &nb_sqn_alloc);\n+\tif (nb_sqn_alloc != nb_sqn)\n \t\trte_errno = EOVERFLOW;\n \n \tk = 0;\n-\tfor (i = 0; i != n; i++) {\n+\tfor (i = 0; i != num; i++) {\n \n \t\tsqc = rte_cpu_to_be_64(sqn + i);\n \t\tgen_iv(iv, sqc);\n@@ -750,11 +824,18 @@ inline_outb_trs_pkt_process(const struct rte_ipsec_session *ss,\n \t\t\tdr[i - k] = i;\n \t\t\trte_errno = -rc;\n \t\t}\n+\n+\t\t/**\n+\t\t * If packet is using tso, increment sqn by the number of\n+\t\t * segments for\tpacket\n+\t\t */\n+\t\tif (mb[i]->ol_flags & (PKT_TX_TCP_SEG | PKT_TX_UDP_SEG))\n+\t\t\tsqn += nb_segs[i] - 1;\n \t}\n \n \t/* copy not processed mbufs beyond good ones */\n-\tif (k != n && k != 0)\n-\t\tmove_bad_mbufs(mb, dr, n, n - k);\n+\tif (k != num && k != 0)\n+\t\tmove_bad_mbufs(mb, dr, num, num - k);\n \n \tinline_outb_mbuf_prepare(ss, mb, k);\n \treturn k;\n", "prefixes": [ "v8", "06/10" ] }