[dpdk-dev] [PATCH v2 5/9] examples/ipsec-secgw: add support for TSO

Wed, 15 Sep 2021 06:53:42 -0700 

Add support to allow user to specific MSS for TSO offload on a per SA
basis. MSS configuration in the context of IPsec is only supported for
outbound SA's in the context of an inline IPsec Crypto offload.

Signed-off-by: Declan Doherty <declan.dohe...@intel.com>
Signed-off-by: Radu Nicolau <radu.nico...@intel.com>
---
 doc/guides/sample_app_ug/ipsec_secgw.rst | 10 ++++++++++
 examples/ipsec-secgw/ipsec.h             |  1 +
 examples/ipsec-secgw/sa.c                | 15 +++++++++++++++
 3 files changed, 26 insertions(+)

diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst 
b/doc/guides/sample_app_ug/ipsec_secgw.rst
index 0d55e74022..7727051394 100644
--- a/doc/guides/sample_app_ug/ipsec_secgw.rst
+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
@@ -736,6 +736,16 @@ where each options means:
 
    * *telemetry*
 
+ ``<mss>``
+
+ * Maximum segment size for TSO offload, available for egress SAs only.
+
+ * Optional: Yes, TSO offload not set by default
+
+ * Syntax:
+
+   * *mss N* N is the segment size
+
 Example SA rules:
 
 .. code-block:: console
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index a3de8952b6..c3da5fb243 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -141,6 +141,7 @@ struct ipsec_sa {
        enum rte_security_ipsec_sa_direction direction;
        uint8_t udp_encap;
        uint16_t portid;
+       uint16_t mss;
        uint8_t fdir_qid;
        uint8_t fdir_flag;
 
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index db5fd46e67..1a53430ec9 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -683,6 +683,16 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
                        continue;
                }
 
+               if (strcmp(tokens[ti], "mss") == 0) {
+                       INCREMENT_TOKEN_INDEX(ti, n_tokens, status);
+                       if (status->status < 0)
+                               return;
+                       rule->mss = atoi(tokens[ti]);
+                       if (status->status < 0)
+                               return;
+                       continue;
+               }
+
                if (strcmp(tokens[ti], "fallback") == 0) {
                        struct rte_ipsec_session *fb;
 
@@ -1320,6 +1330,11 @@ fill_ipsec_sa_prm(struct rte_ipsec_sa_prm *prm, const 
struct ipsec_sa *ss,
        prm->ipsec_xform.options.ecn = 1;
        prm->ipsec_xform.options.copy_dscp = 1;
 
+       if (ss->mss > 0) {
+               prm->ipsec_xform.options.tso = 1;
+               prm->ipsec_xform.mss = ss->mss;
+       }
+
        if (IS_IP4_TUNNEL(ss->flags)) {
                prm->ipsec_xform.tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4;
                prm->tun.hdr_l3_len = sizeof(*v4);
-- 
2.25.1

Reply via email to