[PATCH v2] examples/ipsec-secgw: fix Tx checksum offload flag

Radu Nicolau radu.nicolau at intel.com
Wed Jun 29 18:46:07 CEST 2022 

For the inline crypto path set the Tx checksum offload flag
only if the device supports it.

Fixes: d24471e5786b ("examples/ipsec-secgw: disable Tx checksum for inline")
Cc: ndabilpuram at marvell.com

Signed-off-by: Radu Nicolau <radu.nicolau at intel.com>
Acked-by: Fan Zhang <roy.fan.zhang at intel.com>
Acked-by: Akhil Goyal <gakhil at marvell.com>
---
v2: when supported the checksum offload flag needs to also be set for ports that don't have SAs programmed

 examples/ipsec-secgw/sa.c | 44 ++++++++++++++++++++++-----------------
 1 file changed, 25 insertions(+), 19 deletions(-)

diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 5d9cec97db..b364ac5881 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -1828,37 +1828,43 @@ sa_check_offloads(uint16_t port_id, uint64_t *rx_offloads,
 	for (idx_sa = 0; idx_sa < nb_sa_out; idx_sa++) {
 		rule = &sa_out[idx_sa];
 		rule_type = ipsec_get_action_type(rule);
-		switch (rule_type) {
-		case RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL:
-			/* Checksum offload is not needed for inline protocol as
-			 * all processing for Outbound IPSec packets will be
-			 * implicitly taken care and for non-IPSec packets,
-			 * there is no need of IPv4 Checksum offload.
-			 */
-			if (rule->portid == port_id) {
+		if (rule->portid == port_id) {
+			switch (rule_type) {
+			case RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL:
+				/* Checksum offload is not needed for inline
+				 * protocol as all processing for Outbound IPSec
+				 * packets will be implicitly taken care and for
+				 * non-IPSec packets, there is no need of
+				 * IPv4 Checksum offload.
+				 */
 				*tx_offloads |= RTE_ETH_TX_OFFLOAD_SECURITY;
 				if (rule->mss)
 					*tx_offloads |= (RTE_ETH_TX_OFFLOAD_TCP_TSO |
 							 RTE_ETH_TX_OFFLOAD_IPV4_CKSUM);
-			}
-			break;
-		case RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO:
-			if (rule->portid == port_id) {
+				break;
+			case RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO:
 				*tx_offloads |= RTE_ETH_TX_OFFLOAD_SECURITY;
 				if (rule->mss)
 					*tx_offloads |=
 						RTE_ETH_TX_OFFLOAD_TCP_TSO;
-				*tx_offloads |= RTE_ETH_TX_OFFLOAD_IPV4_CKSUM;
+				if (dev_info.tx_offload_capa &
+						RTE_ETH_TX_OFFLOAD_IPV4_CKSUM)
+					*tx_offloads |=
+						RTE_ETH_TX_OFFLOAD_IPV4_CKSUM;
+				break;
+			default:
+				/* Enable IPv4 checksum offload even if
+				 * one of lookaside SA's are present.
+				 */
+				if (dev_info.tx_offload_capa &
+				    RTE_ETH_TX_OFFLOAD_IPV4_CKSUM)
+					*tx_offloads |= RTE_ETH_TX_OFFLOAD_IPV4_CKSUM;
+				break;
 			}
-			break;
-		default:
-			/* Enable IPv4 checksum offload even if one of lookaside
-			 * SA's are present.
-			 */
+		} else {
 			if (dev_info.tx_offload_capa &
 			    RTE_ETH_TX_OFFLOAD_IPV4_CKSUM)
 				*tx_offloads |= RTE_ETH_TX_OFFLOAD_IPV4_CKSUM;
-			break;
 		}
 	}
 	return 0;
-- 
2.25.1

More information about the dev mailing list