[dpdk-dev] [PATCH v2] ipsec: support multi-segment packets

Ananyev, Konstantin konstantin.ananyev at intel.com
Thu Jun 20 16:29:12 CEST 2019


Hi Akhil,

> Hi Konstantin,
> 
> >
> > Add support for packets that consist of multiple segments.
> > Take into account that trailer bytes (padding, ESP tail, ICV)
> > can spawn across multiple segments.
> >
> > Signed-off-by: Konstantin Ananyev <konstantin.ananyev at intel.com>
> > ---
> 
> Which all action types does this patch work well with?
> Will it work for lookaside none and inline crypto case both?

Yes, in theory it should work with any device that supports
in-place SGL. 
On practice, right now I am not aware about inline-crypto devices
that can support such feature.
So far, tested with lookaside-none device. 

> For the other 2, ipsec lib is not used.

In fact, ipsec lib can be used by all 4 cases I believe.
Though as I udenstand for lookaside-proto and inline-proto
nothing need to be added/changed inside the lib
(as HW supposed to deal with it transparently).

> 
> Also how can the SG support be tested?

Here is a separate patch series that adds fragmentation/reassembly
support into ipsec-secgw and updates test-scripts with new test-cases: 
http://patches.dpdk.org/cover/54491/

> 
> >
> > v1 -> v2:
> >  merge with latest mainline
> >  fix build problem for RTE_BUILD_SHARED_LIB=y
> >  update programmer's guide
> >
> >  doc/guides/prog_guide/ipsec_lib.rst |   1 -
> >  lib/librte_ipsec/Makefile           |   3 +-
> >  lib/librte_ipsec/esp_inb.c          | 148 +++++++++++++++++++++-------
> >  lib/librte_ipsec/misc.h             |  61 ++++++++++++
> >  4 files changed, 175 insertions(+), 38 deletions(-)
> >
> > diff --git a/doc/guides/prog_guide/ipsec_lib.rst
> > b/doc/guides/prog_guide/ipsec_lib.rst
> > index 6fc08886f..63b75b652 100644
> > --- a/doc/guides/prog_guide/ipsec_lib.rst
> > +++ b/doc/guides/prog_guide/ipsec_lib.rst
> > @@ -162,7 +162,6 @@ Limitations
> >  The following features are not properly supported in the current version:
> >
> >  *  ESP transport mode for IPv6 packets with extension headers.
> > -*  Multi-segment packets.
> >  *  Updates of the fields in inner IP header for tunnel mode
> >     (as described in RFC 4301, section 5.1.2).
> >  *  Hard/soft limit for SA lifetime (time interval/byte count).
> > diff --git a/lib/librte_ipsec/Makefile b/lib/librte_ipsec/Makefile
> > index e80926baa..22f29d98a 100644
> > --- a/lib/librte_ipsec/Makefile
> > +++ b/lib/librte_ipsec/Makefile
> > @@ -9,7 +9,8 @@ LIB = librte_ipsec.a
> >  CFLAGS += -O3
> >  CFLAGS += $(WERROR_FLAGS) -I$(SRCDIR)
> >  CFLAGS += -DALLOW_EXPERIMENTAL_API
> > -LDLIBS += -lrte_eal -lrte_mbuf -lrte_net -lrte_cryptodev -lrte_security
> > +LDLIBS += -lrte_eal -lrte_mempool -lrte_mbuf -lrte_net
> > +LDLIBS += -lrte_cryptodev -lrte_security
> >
> 
> I believe this build dependency should also be updated in meson.build file as well.

I found that unnecessary, meson seems to be able to figure out implicit dependencies itself.
Though if you strongly insist, I can add them.
Konstantin



More information about the dev mailing list