[dpdk-dev] [PATCH v2] ipsec: support multi-segment packets
konstantin.ananyev at intel.com
Thu Jun 20 16:29:12 CEST 2019
> Hi Konstantin,
> > Add support for packets that consist of multiple segments.
> > Take into account that trailer bytes (padding, ESP tail, ICV)
> > can spawn across multiple segments.
> > Signed-off-by: Konstantin Ananyev <konstantin.ananyev at intel.com>
> > ---
> Which all action types does this patch work well with?
> Will it work for lookaside none and inline crypto case both?
Yes, in theory it should work with any device that supports
On practice, right now I am not aware about inline-crypto devices
that can support such feature.
So far, tested with lookaside-none device.
> For the other 2, ipsec lib is not used.
In fact, ipsec lib can be used by all 4 cases I believe.
Though as I udenstand for lookaside-proto and inline-proto
nothing need to be added/changed inside the lib
(as HW supposed to deal with it transparently).
> Also how can the SG support be tested?
Here is a separate patch series that adds fragmentation/reassembly
support into ipsec-secgw and updates test-scripts with new test-cases:
> > v1 -> v2:
> > merge with latest mainline
> > fix build problem for RTE_BUILD_SHARED_LIB=y
> > update programmer's guide
> > doc/guides/prog_guide/ipsec_lib.rst | 1 -
> > lib/librte_ipsec/Makefile | 3 +-
> > lib/librte_ipsec/esp_inb.c | 148 +++++++++++++++++++++-------
> > lib/librte_ipsec/misc.h | 61 ++++++++++++
> > 4 files changed, 175 insertions(+), 38 deletions(-)
> > diff --git a/doc/guides/prog_guide/ipsec_lib.rst
> > b/doc/guides/prog_guide/ipsec_lib.rst
> > index 6fc08886f..63b75b652 100644
> > --- a/doc/guides/prog_guide/ipsec_lib.rst
> > +++ b/doc/guides/prog_guide/ipsec_lib.rst
> > @@ -162,7 +162,6 @@ Limitations
> > The following features are not properly supported in the current version:
> > * ESP transport mode for IPv6 packets with extension headers.
> > -* Multi-segment packets.
> > * Updates of the fields in inner IP header for tunnel mode
> > (as described in RFC 4301, section 5.1.2).
> > * Hard/soft limit for SA lifetime (time interval/byte count).
> > diff --git a/lib/librte_ipsec/Makefile b/lib/librte_ipsec/Makefile
> > index e80926baa..22f29d98a 100644
> > --- a/lib/librte_ipsec/Makefile
> > +++ b/lib/librte_ipsec/Makefile
> > @@ -9,7 +9,8 @@ LIB = librte_ipsec.a
> > CFLAGS += -O3
> > CFLAGS += $(WERROR_FLAGS) -I$(SRCDIR)
> > CFLAGS += -DALLOW_EXPERIMENTAL_API
> > -LDLIBS += -lrte_eal -lrte_mbuf -lrte_net -lrte_cryptodev -lrte_security
> > +LDLIBS += -lrte_eal -lrte_mempool -lrte_mbuf -lrte_net
> > +LDLIBS += -lrte_cryptodev -lrte_security
> I believe this build dependency should also be updated in meson.build file as well.
I found that unnecessary, meson seems to be able to figure out implicit dependencies itself.
Though if you strongly insist, I can add them.
More information about the dev