[v3,4/4] security: add IPsec option for IP reassembly
Checks
Commit Message
A new option is added in IPsec to enable and attempt reassembly
of inbound packets.
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
devtools/libabigail.abignore | 14 ++++++++++++++
lib/security/rte_security.h | 12 +++++++++++-
2 files changed, 25 insertions(+), 1 deletion(-)
Comments
On 1/30/2022 5:59 PM, Akhil Goyal wrote:
> A new option is added in IPsec to enable and attempt reassembly
> of inbound packets.
>
> Signed-off-by: Akhil Goyal <gakhil@marvell.com>
> ---
> devtools/libabigail.abignore | 14 ++++++++++++++
> lib/security/rte_security.h | 12 +++++++++++-
+Radu for review
> 2 files changed, 25 insertions(+), 1 deletion(-)
>
> diff --git a/devtools/libabigail.abignore b/devtools/libabigail.abignore
> index 90f449c43a..c6e304282f 100644
> --- a/devtools/libabigail.abignore
> +++ b/devtools/libabigail.abignore
> @@ -16,3 +16,17 @@
> [suppress_type]
> name = rte_eth_dev_info
> has_data_member_inserted_between = {offset_of(reserved_64s), end}
> +
> +; Ignore fields inserted in place of reserved_opts of rte_security_ipsec_sa_options
> +[suppress_type]
> + name = rte_ipsec_sa_prm
> + name = rte_security_ipsec_sa_options
> + has_data_member_inserted_between = {offset_of(reserved_opts), end}
> +
> +[suppress_type]
> + name = rte_security_capability
> + has_data_member_inserted_between = {offset_of(reserved_opts), (offset_of(reserved_opts) + 18)}
> +
> +[suppress_type]
> + name = rte_security_session_conf
> + has_data_member_inserted_between = {offset_of(reserved_opts), (offset_of(reserved_opts) + 18)}
> diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
> index 1228b6c8b1..168b837a82 100644
> --- a/lib/security/rte_security.h
> +++ b/lib/security/rte_security.h
> @@ -264,6 +264,16 @@ struct rte_security_ipsec_sa_options {
> */
> uint32_t l4_csum_enable : 1;
>
> + /** Enable reassembly on incoming packets.
> + *
> + * * 1: Enable driver to try reassembly of encrypted IP packets for
> + * this SA, if supported by the driver. This feature will work
> + * only if rx_offload RTE_ETH_RX_OFFLOAD_IP_REASSEMBLY is set in
> + * inline Ethernet device.
> + * * 0: Disable reassembly of packets (default).
> + */
> + uint32_t reass_en : 1;
> +
> /** Reserved bit fields for future extension
> *
> * User should ensure reserved_opts is cleared as it may change in
> @@ -271,7 +281,7 @@ struct rte_security_ipsec_sa_options {
> *
> * Note: Reduce number of bits in reserved_opts for every new option.
> */
> - uint32_t reserved_opts : 18;
> + uint32_t reserved_opts : 17;
> };
>
> /** IPSec security association direction */
> On 1/30/2022 5:59 PM, Akhil Goyal wrote:
> > A new option is added in IPsec to enable and attempt reassembly
> > of inbound packets.
> >
> > Signed-off-by: Akhil Goyal <gakhil@marvell.com>
> > ---
> > devtools/libabigail.abignore | 14 ++++++++++++++
> > lib/security/rte_security.h | 12 +++++++++++-
>
>
> +Radu for review
>
> > 2 files changed, 25 insertions(+), 1 deletion(-)
> >
> > diff --git a/devtools/libabigail.abignore b/devtools/libabigail.abignore
> > index 90f449c43a..c6e304282f 100644
> > --- a/devtools/libabigail.abignore
> > +++ b/devtools/libabigail.abignore
> > @@ -16,3 +16,17 @@
> > [suppress_type]
> > name = rte_eth_dev_info
> > has_data_member_inserted_between = {offset_of(reserved_64s), end}
> > +
> > +; Ignore fields inserted in place of reserved_opts of
> rte_security_ipsec_sa_options
> > +[suppress_type]
> > + name = rte_ipsec_sa_prm
> > + name = rte_security_ipsec_sa_options
> > + has_data_member_inserted_between = {offset_of(reserved_opts), end}
> > +
> > +[suppress_type]
> > + name = rte_security_capability
> > + has_data_member_inserted_between = {offset_of(reserved_opts),
> (offset_of(reserved_opts) + 18)}
> > +
> > +[suppress_type]
> > + name = rte_security_session_conf
> > + has_data_member_inserted_between = {offset_of(reserved_opts),
> (offset_of(reserved_opts) + 18)}
Could not find any better way to suppress the ABI warning.
Any better idea?
> > diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
> > index 1228b6c8b1..168b837a82 100644
> > --- a/lib/security/rte_security.h
> > +++ b/lib/security/rte_security.h
> > @@ -264,6 +264,16 @@ struct rte_security_ipsec_sa_options {
> > */
> > uint32_t l4_csum_enable : 1;
> >
> > + /** Enable reassembly on incoming packets.
> > + *
> > + * * 1: Enable driver to try reassembly of encrypted IP packets for
> > + * this SA, if supported by the driver. This feature will work
> > + * only if rx_offload RTE_ETH_RX_OFFLOAD_IP_REASSEMBLY is set in
> > + * inline Ethernet device.
> > + * * 0: Disable reassembly of packets (default).
> > + */
> > + uint32_t reass_en : 1;
> > +
> > /** Reserved bit fields for future extension
> > *
> > * User should ensure reserved_opts is cleared as it may change in
> > @@ -271,7 +281,7 @@ struct rte_security_ipsec_sa_options {
> > *
> > * Note: Reduce number of bits in reserved_opts for every new option.
> > */
> > - uint32_t reserved_opts : 18;
> > + uint32_t reserved_opts : 17;
> > };
> >
> > /** IPSec security association direction */
On 2/2/2022 9:15 AM, Akhil Goyal wrote:
>> On 1/30/2022 5:59 PM, Akhil Goyal wrote:
>>> A new option is added in IPsec to enable and attempt reassembly
>>> of inbound packets.
>>>
>>> Signed-off-by: Akhil Goyal <gakhil@marvell.com>
>>> ---
>>> devtools/libabigail.abignore | 14 ++++++++++++++
>>> lib/security/rte_security.h | 12 +++++++++++-
>>
>>
>> +Radu for review
>>
>>> 2 files changed, 25 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/devtools/libabigail.abignore b/devtools/libabigail.abignore
>>> index 90f449c43a..c6e304282f 100644
>>> --- a/devtools/libabigail.abignore
>>> +++ b/devtools/libabigail.abignore
>>> @@ -16,3 +16,17 @@
>>> [suppress_type]
>>> name = rte_eth_dev_info
>>> has_data_member_inserted_between = {offset_of(reserved_64s), end}
>>> +
>>> +; Ignore fields inserted in place of reserved_opts of
>> rte_security_ipsec_sa_options
>>> +[suppress_type]
>>> + name = rte_ipsec_sa_prm
>>> + name = rte_security_ipsec_sa_options
>>> + has_data_member_inserted_between = {offset_of(reserved_opts), end}
>>> +
>>> +[suppress_type]
>>> + name = rte_security_capability
>>> + has_data_member_inserted_between = {offset_of(reserved_opts),
>> (offset_of(reserved_opts) + 18)}
>>> +
>>> +[suppress_type]
>>> + name = rte_security_session_conf
>>> + has_data_member_inserted_between = {offset_of(reserved_opts),
>> (offset_of(reserved_opts) + 18)}
>
> Could not find any better way to suppress the ABI warning.
> Any better idea?
>
+David for it, who knows abigail better.
>>> diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
>>> index 1228b6c8b1..168b837a82 100644
>>> --- a/lib/security/rte_security.h
>>> +++ b/lib/security/rte_security.h
>>> @@ -264,6 +264,16 @@ struct rte_security_ipsec_sa_options {
>>> */
>>> uint32_t l4_csum_enable : 1;
>>>
>>> + /** Enable reassembly on incoming packets.
>>> + *
>>> + * * 1: Enable driver to try reassembly of encrypted IP packets for
>>> + * this SA, if supported by the driver. This feature will work
>>> + * only if rx_offload RTE_ETH_RX_OFFLOAD_IP_REASSEMBLY is set in
>>> + * inline Ethernet device.
>>> + * * 0: Disable reassembly of packets (default).
>>> + */
>>> + uint32_t reass_en : 1;
>>> +
>>> /** Reserved bit fields for future extension
>>> *
>>> * User should ensure reserved_opts is cleared as it may change in
>>> @@ -271,7 +281,7 @@ struct rte_security_ipsec_sa_options {
>>> *
>>> * Note: Reduce number of bits in reserved_opts for every new option.
>>> */
>>> - uint32_t reserved_opts : 18;
>>> + uint32_t reserved_opts : 17;
>>> };
>>>
>>> /** IPSec security association direction */
>
@@ -16,3 +16,17 @@
[suppress_type]
name = rte_eth_dev_info
has_data_member_inserted_between = {offset_of(reserved_64s), end}
+
+; Ignore fields inserted in place of reserved_opts of rte_security_ipsec_sa_options
+[suppress_type]
+ name = rte_ipsec_sa_prm
+ name = rte_security_ipsec_sa_options
+ has_data_member_inserted_between = {offset_of(reserved_opts), end}
+
+[suppress_type]
+ name = rte_security_capability
+ has_data_member_inserted_between = {offset_of(reserved_opts), (offset_of(reserved_opts) + 18)}
+
+[suppress_type]
+ name = rte_security_session_conf
+ has_data_member_inserted_between = {offset_of(reserved_opts), (offset_of(reserved_opts) + 18)}
@@ -264,6 +264,16 @@ struct rte_security_ipsec_sa_options {
*/
uint32_t l4_csum_enable : 1;
+ /** Enable reassembly on incoming packets.
+ *
+ * * 1: Enable driver to try reassembly of encrypted IP packets for
+ * this SA, if supported by the driver. This feature will work
+ * only if rx_offload RTE_ETH_RX_OFFLOAD_IP_REASSEMBLY is set in
+ * inline Ethernet device.
+ * * 0: Disable reassembly of packets (default).
+ */
+ uint32_t reass_en : 1;
+
/** Reserved bit fields for future extension
*
* User should ensure reserved_opts is cleared as it may change in
@@ -271,7 +281,7 @@ struct rte_security_ipsec_sa_options {
*
* Note: Reduce number of bits in reserved_opts for every new option.
*/
- uint32_t reserved_opts : 18;
+ uint32_t reserved_opts : 17;
};
/** IPSec security association direction */