[dpdk-dev] [PATCH v2] ipsec: support multi-segment packets

Akhil Goyal akhil.goyal at nxp.com
Thu Jun 20 14:46:18 CEST 2019

Previous message: [dpdk-dev] [PATCH v9] app/pdump: exit with primary process
Next message: [dpdk-dev] [PATCH v2] ipsec: support multi-segment packets
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Konstantin,

> 
> Add support for packets that consist of multiple segments.
> Take into account that trailer bytes (padding, ESP tail, ICV)
> can spawn across multiple segments.
> 
> Signed-off-by: Konstantin Ananyev <konstantin.ananyev at intel.com>
> ---

Which all action types does this patch work well with?
Will it work for lookaside none and inline crypto case both?
For the other 2, ipsec lib is not used.

Also how can the SG support be tested?

> 
> v1 -> v2:
>  merge with latest mainline
>  fix build problem for RTE_BUILD_SHARED_LIB=y
>  update programmer's guide
> 
>  doc/guides/prog_guide/ipsec_lib.rst |   1 -
>  lib/librte_ipsec/Makefile           |   3 +-
>  lib/librte_ipsec/esp_inb.c          | 148 +++++++++++++++++++++-------
>  lib/librte_ipsec/misc.h             |  61 ++++++++++++
>  4 files changed, 175 insertions(+), 38 deletions(-)
> 
> diff --git a/doc/guides/prog_guide/ipsec_lib.rst
> b/doc/guides/prog_guide/ipsec_lib.rst
> index 6fc08886f..63b75b652 100644
> --- a/doc/guides/prog_guide/ipsec_lib.rst
> +++ b/doc/guides/prog_guide/ipsec_lib.rst
> @@ -162,7 +162,6 @@ Limitations
>  The following features are not properly supported in the current version:
> 
>  *  ESP transport mode for IPv6 packets with extension headers.
> -*  Multi-segment packets.
>  *  Updates of the fields in inner IP header for tunnel mode
>     (as described in RFC 4301, section 5.1.2).
>  *  Hard/soft limit for SA lifetime (time interval/byte count).
> diff --git a/lib/librte_ipsec/Makefile b/lib/librte_ipsec/Makefile
> index e80926baa..22f29d98a 100644
> --- a/lib/librte_ipsec/Makefile
> +++ b/lib/librte_ipsec/Makefile
> @@ -9,7 +9,8 @@ LIB = librte_ipsec.a
>  CFLAGS += -O3
>  CFLAGS += $(WERROR_FLAGS) -I$(SRCDIR)
>  CFLAGS += -DALLOW_EXPERIMENTAL_API
> -LDLIBS += -lrte_eal -lrte_mbuf -lrte_net -lrte_cryptodev -lrte_security
> +LDLIBS += -lrte_eal -lrte_mempool -lrte_mbuf -lrte_net
> +LDLIBS += -lrte_cryptodev -lrte_security
> 

I believe this build dependency should also be updated in meson.build file as well.

>  EXPORT_MAP := rte_ipsec_version.map
> 
> diff --git a/lib/librte_ipsec/esp_inb.c b/lib/librte_ipsec/esp_inb.c
> index 3e12ca103..819d2bf25 100644
> --- a/lib/librte_ipsec/esp_inb.c
> +++ b/lib/librte_ipsec/esp_inb.c
> @@ -104,6 +104,34 @@ inb_cop_prepare(struct rte_crypto_op *cop,
>  	}
>  }
>

Previous message: [dpdk-dev] [PATCH v9] app/pdump: exit with primary process
Next message: [dpdk-dev] [PATCH v2] ipsec: support multi-segment packets
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list