From: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
To: dev@dpdk.org
Cc: Yongseok Koh <yskoh@mellanox.com>,
Adrien Mazarguil <adrien.mazarguil@6wind.com>,
Aviad Yehezkel <aviadye@mellanox.com>
Subject: [dpdk-dev] [PATCH v1 7/7] net/mlx5: add device parameter to enabled IPsec
Date: Thu, 23 Nov 2017 17:13:09 +0100 [thread overview]
Message-ID: <927279b6644f8355a3d891e4f73e21772df5f64e.1511453340.git.nelio.laranjeiro@6wind.com> (raw)
In-Reply-To: <cover.1511453340.git.nelio.laranjeiro@6wind.com>
In-Reply-To: <cover.1511453340.git.nelio.laranjeiro@6wind.com>
This feature still relies on some symbols from Verbs and thus the support
is only compile if the symbols are available.
Only ConnectX-4 Lx INNOVA are security capable.
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
---
doc/guides/nics/mlx5.rst | 9 +++++++++
drivers/net/mlx5/mlx5.c | 32 ++++++++++++++++++++++++++++++++
2 files changed, 41 insertions(+)
diff --git a/doc/guides/nics/mlx5.rst b/doc/guides/nics/mlx5.rst
index f9558da89..643c1dd5d 100644
--- a/doc/guides/nics/mlx5.rst
+++ b/doc/guides/nics/mlx5.rst
@@ -295,6 +295,15 @@ Run-time configuration
Enabled by default.
+- ``ipsec_en`` parameter [int]
+
+ A nonzero value enables the IPsec feature on the port.
+ Enabling this feature enables, ``txq_inline`` with a size equal to
+ RTE_CACHE_LINE_SIZE and disables ``rx_vec_en``, ``tx_vec_en`` and
+ ``txq_mpw_en``.
+
+ Enabled by default on ConnectX-4 Lx INOVA.
+
Prerequisites
-------------
diff --git a/drivers/net/mlx5/mlx5.c b/drivers/net/mlx5/mlx5.c
index e74026caf..0a7e9ac34 100644
--- a/drivers/net/mlx5/mlx5.c
+++ b/drivers/net/mlx5/mlx5.c
@@ -95,6 +95,9 @@
/* Device parameter to enable hardware Rx vector. */
#define MLX5_RX_VEC_EN "rx_vec_en"
+/* Device parameter to enable hardware IPsec offload. */
+#define MLX5_IPSEC_EN "ipsec_en"
+
/* Default PMD specific parameter value. */
#define MLX5_ARG_UNSET (-1)
@@ -128,6 +131,7 @@ struct mlx5_args {
int tso;
int tx_vec_en;
int rx_vec_en;
+ int ipsec_en;
};
/**
* Retrieve integer value from environment variable.
@@ -438,6 +442,8 @@ mlx5_args_check(const char *key, const char *val, void *opaque)
args->tx_vec_en = !!tmp;
} else if (strcmp(MLX5_RX_VEC_EN, key) == 0) {
args->rx_vec_en = !!tmp;
+ } else if (strcmp(MLX5_IPSEC_EN, key) == 0) {
+ args->ipsec_en = !!tmp;
} else {
WARN("%s: unknown parameter", key);
return -EINVAL;
@@ -469,6 +475,7 @@ mlx5_args(struct mlx5_args *args, struct rte_devargs *devargs)
MLX5_TSO,
MLX5_TX_VEC_EN,
MLX5_RX_VEC_EN,
+ MLX5_IPSEC_EN,
NULL,
};
struct rte_kvargs *kvlist;
@@ -528,6 +535,8 @@ mlx5_args_assign(struct priv *priv, struct mlx5_args *args)
priv->tx_vec_en = args->tx_vec_en;
if (args->rx_vec_en != MLX5_ARG_UNSET)
priv->rx_vec_en = args->rx_vec_en;
+ if (args->ipsec_en != MLX5_ARG_UNSET)
+ priv->ipsec_en = args->ipsec_en;
}
/**
@@ -556,6 +565,7 @@ mlx5_pci_probe(struct rte_pci_driver *pci_drv, struct rte_pci_device *pci_dev)
unsigned int mps;
unsigned int cqe_comp;
unsigned int tunnel_en = 0;
+ unsigned int ipsec_en = 0;
int idx;
int i;
struct mlx5dv_context attrs_out;
@@ -645,6 +655,13 @@ mlx5_pci_probe(struct rte_pci_driver *pci_drv, struct rte_pci_device *pci_dev)
ibv_dev = list[i];
DEBUG("device opened");
+#ifdef HAVE_IBV_IPSEC_SUPPORT
+ attrs_out.comp_mask |= MLX5DV_CONTEXT_MASK_XFRM_FLAGS;
+ mlx5dv_query_device(attr_ctx, &attrs_out);
+ if ((attrs_out.xfrm_flags & MLX5_IPSEC_FLAGS) == MLX5_IPSEC_FLAGS)
+ ipsec_en = 1;
+#endif
+ DEBUG("Tx/Rx IPsec offload is %ssupported", ipsec_en ? "" : "not ");
/*
* Multi-packet send is supported by ConnectX-4 Lx PF as well
* as all ConnectX-5 devices.
@@ -693,6 +710,7 @@ mlx5_pci_probe(struct rte_pci_driver *pci_drv, struct rte_pci_device *pci_dev)
.tso = MLX5_ARG_UNSET,
.tx_vec_en = MLX5_ARG_UNSET,
.rx_vec_en = MLX5_ARG_UNSET,
+ .ipsec_en = MLX5_ARG_UNSET,
};
mlx5_dev[idx].ports |= test;
@@ -787,6 +805,7 @@ mlx5_pci_probe(struct rte_pci_driver *pci_drv, struct rte_pci_device *pci_dev)
priv->mps = mps; /* Enable MPW by default if supported. */
priv->cqe_comp = cqe_comp;
priv->tunnel_en = tunnel_en;
+ priv->ipsec_en = ipsec_en;
/* Enable vector by default if supported. */
priv->tx_vec_en = 1;
priv->rx_vec_en = 1;
@@ -797,6 +816,19 @@ mlx5_pci_probe(struct rte_pci_driver *pci_drv, struct rte_pci_device *pci_dev)
goto port_error;
}
mlx5_args_assign(priv, &args);
+ if (priv->ipsec_en) {
+#ifndef HAVE_IBV_IPSEC_SUPPORT
+ priv->ipsec_en = 0;
+ WARN("IPsec Offload not supported.");
+#else /* HAVE_IBV_IPSEC_SUPPORT */
+ priv->txq_inline = RTE_CACHE_LINE_SIZE;
+ priv->txqs_inline = 0;
+ priv->mps = MLX5_MPW_DISABLED;
+ priv->tx_vec_en = 0;
+ priv->rx_vec_en = 0;
+ WARN("IPsec offload enabled");
+#endif /* HAVE_IBV_IPSEC_SUPPORT */
+ }
if (ibv_query_device_ex(ctx, NULL, &device_attr_ex)) {
ERROR("ibv_query_device_ex() failed");
goto port_error;
--
2.11.0
prev parent reply other threads:[~2017-11-23 16:13 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-23 16:13 [dpdk-dev] [PATCH v1 0/7] net/mlx5: IPsec offload support Nelio Laranjeiro
2017-11-23 16:13 ` [dpdk-dev] [PATCH v1 1/7] net: define Mellanox ether type for embed metadata Nelio Laranjeiro
2017-11-23 16:13 ` [dpdk-dev] [PATCH v1 2/7] net/mlx5: handle the IPsec support from Verbs Nelio Laranjeiro
2017-11-23 16:13 ` [dpdk-dev] [PATCH v1 3/7] net/mlx5: add IPsec Tx/Rx offload support Nelio Laranjeiro
2017-11-23 16:13 ` [dpdk-dev] [PATCH v1 4/7] net/mlx5: add security capability function Nelio Laranjeiro
2017-11-23 16:13 ` [dpdk-dev] [PATCH v1 5/7] net/mlx5: simplify error handling in flow action parsing Nelio Laranjeiro
2017-11-23 16:13 ` [dpdk-dev] [PATCH v1 6/7] net/mlx5: support security flow action Nelio Laranjeiro
2017-11-23 16:13 ` Nelio Laranjeiro [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=927279b6644f8355a3d891e4f73e21772df5f64e.1511453340.git.nelio.laranjeiro@6wind.com \
--to=nelio.laranjeiro@6wind.com \
--cc=adrien.mazarguil@6wind.com \
--cc=aviadye@mellanox.com \
--cc=dev@dpdk.org \
--cc=yskoh@mellanox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).