On 10/19/2017 1:16 PM, Ananyev, Konstantin wrote:
-----Original Message-----
From: Nicolau, Radu
Sent: Thursday, October 19, 2017 12:57 PM
To: Ananyev, Konstantin <konstantin.anan...@intel.com>; Akhil Goyal
<akhil.go...@nxp.com>; dev@dpdk.org
Cc: Doherty, Declan <declan.dohe...@intel.com>; De Lara Guarch, Pablo
<pablo.de.lara.gua...@intel.com>; hemant.agra...@nxp.com;
bor...@mellanox.com; avia...@mellanox.com; tho...@monjalon.net;
sandeep.ma...@nxp.com; jerin.ja...@caviumnetworks.com;
Mcnamara, John <john.mcnam...@intel.com>; shah...@mellanox.com;
olivier.m...@6wind.com
Subject: RE: [PATCH v4 10/12] net/ixgbe: enable inline ipsec
-----Original Message-----
From: Ananyev, Konstantin
Sent: Thursday, October 19, 2017 12:04 PM
To: Nicolau, Radu <radu.nico...@intel.com>; Akhil Goyal
<akhil.go...@nxp.com>; dev@dpdk.org
Cc: Doherty, Declan <declan.dohe...@intel.com>; De Lara Guarch, Pablo
<pablo.de.lara.gua...@intel.com>; hemant.agra...@nxp.com;
bor...@mellanox.com; avia...@mellanox.com; tho...@monjalon.net;
sandeep.ma...@nxp.com; jerin.ja...@caviumnetworks.com; Mcnamara,
John <john.mcnam...@intel.com>; shah...@mellanox.com;
olivier.m...@6wind.com
Subject: RE: [PATCH v4 10/12] net/ixgbe: enable inline ipsec
<snip>
+
+static int
+ixgbe_crypto_update_mb(void *device __rte_unused,
+ struct rte_security_session *session,
+ struct rte_mbuf *m, void *params __rte_unused) {
+ struct ixgbe_crypto_session *ic_session =
+ get_sec_session_private_data(session);
+ if (ic_session->op == IXGBE_OP_AUTHENTICATED_ENCRYPTION) {
+ struct ixgbe_crypto_tx_desc_md *mdata =
+ (struct ixgbe_crypto_tx_desc_md *)&m->udata64;
+ mdata->enc = 1;
+ mdata->sa_idx = ic_session->sa_index;
+ mdata->pad_len = *rte_pktmbuf_mtod_offset(m,
+ uint8_t *, rte_pktmbuf_pkt_len(m) - 18) + 18;
Could you explain what pad_len supposed to contain?
Also what is a magical constant '18'?
Could you create some macro if needed?
I added an explanation in the code, we read the payload padding size
that is stored at the len-18 bytes and add 18 bytes, 2 for ESP trailer
and 16 for ICV.
Ok, can we at least have a macros for all these constants?
Another question: you do use pkt_len() here - does it mean that multi-
segment packets are not supported by ixgbe-ipsec?
Konstantin
It does support multisegment, but the pad_len has to be set only for single
send, it will be ignored otherwise. I have updated the code to set
it for single segment packets only.
Sorry, I didn't understand that.
If that function does support multiseg packets, then it has to go to the last
segment via m->next,
If it doesn't, then it should return an error I case of m->nb_seg != 1.
Right?
No need to return an error, just don't try to read the padding and don't
set the pad_len in the metadata. My understanding of the datasheet is
that multisegment egress IPsec is supported only for TCP/UDP packets,
and the pad_len is ignored even if it's set. So I changed it to only
process the padding for m->nb_seg == 1.
Also, our test app does not support multisegment packets.
Ok, I suppose that means, multi-seg case wasn't tested :)
