IPsec payload MSS (Maximum Segment Size), and ESN (Extended Sequence Number).
* security: The IPsec SA config options ``struct rte_security_ipsec_sa_options``
- will be updated with new fields to support new features like IPsec inner
- checksum, TSO in case of protocol offload.
+ will be updated with new fields to support new features like TSO in case of
+ protocol offload.
* ipsec: The structure ``rte_ipsec_sa_prm`` will be extended with a new field
``hdr_l3_len`` to configure tunnel L3 header length.
``rte_security_ipsec_xform`` to allow applications to configure SA soft
and hard expiry limits. Limits can be either in number of packets or bytes.
+* security: The new options ``ip_csum_enable`` and ``l4_csum_enable`` were added
+ in structure ``rte_security_ipsec_sa_options`` to indicate whether inner
+ packet IPv4 header checksum and L4 checksum need to be offloaded to
+ security device.
+
* bbdev: Added capability related to more comprehensive CRC options,
shifting values of the ``enum rte_bbdev_op_ldpcdec_flag_bitmasks``.
/**< Support operations on multiple data-units message */
#define RTE_CRYPTODEV_FF_CIPHER_WRAPPED_KEY (1ULL << 26)
/**< Support wrapped key in cipher xform */
+#define RTE_CRYPTODEV_FF_SECURITY_INNER_CSUM (1ULL << 27)
+/**< Support inner checksum computation/verification */
/**
* Get the name of a crypto device feature flag
* * 0: Do not match UDP ports
*/
uint32_t udp_ports_verify : 1;
+
+ /** Compute/verify inner packet IPv4 header checksum in tunnel mode
+ *
+ * * 1: For outbound, compute inner packet IPv4 header checksum
+ * before tunnel encapsulation and for inbound, verify after
+ * tunnel decapsulation.
+ * * 0: Inner packet IP header checksum is not computed/verified.
+ *
+ * The checksum verification status would be set in mbuf using
+ * PKT_RX_IP_CKSUM_xxx flags.
+ *
+ * Inner IP checksum computation can also be enabled(per operation)
+ * by setting the flag PKT_TX_IP_CKSUM in mbuf.
+ */
+ uint32_t ip_csum_enable : 1;
+
+ /** Compute/verify inner packet L4 checksum in tunnel mode
+ *
+ * * 1: For outbound, compute inner packet L4 checksum before
+ * tunnel encapsulation and for inbound, verify after
+ * tunnel decapsulation.
+ * * 0: Inner packet L4 checksum is not computed/verified.
+ *
+ * The checksum verification status would be set in mbuf using
+ * PKT_RX_L4_CKSUM_xxx flags.
+ *
+ * Inner L4 checksum computation can also be enabled(per operation)
+ * by setting the flags PKT_TX_TCP_CKSUM or PKT_TX_SCTP_CKSUM or
+ * PKT_TX_UDP_CKSUM or PKT_TX_L4_MASK in mbuf.
+ */
+ uint32_t l4_csum_enable : 1;
};
/** IPSec security association direction */
git.droids-corp.org / dpdk.git / commitdiff