[dpdk-dev] [PATCH v1 7/7] net/mlx5: add device parameter to enabled IPsec

DPDK patches and discussions
 help / color / mirror / Atom feed

From: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
To: dev@dpdk.org
Cc: Yongseok Koh <yskoh@mellanox.com>,
	Adrien Mazarguil <adrien.mazarguil@6wind.com>,
	Aviad Yehezkel <aviadye@mellanox.com>
Subject: [dpdk-dev] [PATCH v1 7/7] net/mlx5: add device parameter to enabled IPsec
Date: Thu, 23 Nov 2017 17:13:09 +0100	[thread overview]
Message-ID: <927279b6644f8355a3d891e4f73e21772df5f64e.1511453340.git.nelio.laranjeiro@6wind.com> (raw)
In-Reply-To: <cover.1511453340.git.nelio.laranjeiro@6wind.com>
In-Reply-To: <cover.1511453340.git.nelio.laranjeiro@6wind.com>

This feature still relies on some symbols from Verbs and thus the support
is only compile if the symbols are available.
Only ConnectX-4 Lx INNOVA are security capable.

Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
---
 doc/guides/nics/mlx5.rst |  9 +++++++++
 drivers/net/mlx5/mlx5.c  | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+)

diff --git a/doc/guides/nics/mlx5.rst b/doc/guides/nics/mlx5.rst
index f9558da89..643c1dd5d 100644
--- a/doc/guides/nics/mlx5.rst
+++ b/doc/guides/nics/mlx5.rst
@@ -295,6 +295,15 @@ Run-time configuration
 
   Enabled by default.
 
+- ``ipsec_en`` parameter [int]
+
+  A nonzero value enables the IPsec feature on the port.
+  Enabling this feature enables, ``txq_inline`` with a size equal to
+  RTE_CACHE_LINE_SIZE and disables ``rx_vec_en``, ``tx_vec_en`` and
+  ``txq_mpw_en``.
+
+  Enabled by default on ConnectX-4 Lx INOVA.
+
 Prerequisites
 -------------
 
diff --git a/drivers/net/mlx5/mlx5.c b/drivers/net/mlx5/mlx5.c
index e74026caf..0a7e9ac34 100644
--- a/drivers/net/mlx5/mlx5.c
+++ b/drivers/net/mlx5/mlx5.c
@@ -95,6 +95,9 @@
 /* Device parameter to enable hardware Rx vector. */
 #define MLX5_RX_VEC_EN "rx_vec_en"
 
+/* Device parameter to enable hardware IPsec offload. */
+#define MLX5_IPSEC_EN "ipsec_en"
+
 /* Default PMD specific parameter value. */
 #define MLX5_ARG_UNSET (-1)
 
@@ -128,6 +131,7 @@ struct mlx5_args {
 	int tso;
 	int tx_vec_en;
 	int rx_vec_en;
+	int ipsec_en;
 };
 /**
  * Retrieve integer value from environment variable.
@@ -438,6 +442,8 @@ mlx5_args_check(const char *key, const char *val, void *opaque)
 		args->tx_vec_en = !!tmp;
 	} else if (strcmp(MLX5_RX_VEC_EN, key) == 0) {
 		args->rx_vec_en = !!tmp;
+	} else if (strcmp(MLX5_IPSEC_EN, key) == 0) {
+		args->ipsec_en = !!tmp;
 	} else {
 		WARN("%s: unknown parameter", key);
 		return -EINVAL;
@@ -469,6 +475,7 @@ mlx5_args(struct mlx5_args *args, struct rte_devargs *devargs)
 		MLX5_TSO,
 		MLX5_TX_VEC_EN,
 		MLX5_RX_VEC_EN,
+		MLX5_IPSEC_EN,
 		NULL,
 	};
 	struct rte_kvargs *kvlist;
@@ -528,6 +535,8 @@ mlx5_args_assign(struct priv *priv, struct mlx5_args *args)
 		priv->tx_vec_en = args->tx_vec_en;
 	if (args->rx_vec_en != MLX5_ARG_UNSET)
 		priv->rx_vec_en = args->rx_vec_en;
+	if (args->ipsec_en != MLX5_ARG_UNSET)
+		priv->ipsec_en = args->ipsec_en;
 }
 
 /**
@@ -556,6 +565,7 @@ mlx5_pci_probe(struct rte_pci_driver *pci_drv, struct rte_pci_device *pci_dev)
 	unsigned int mps;
 	unsigned int cqe_comp;
 	unsigned int tunnel_en = 0;
+	unsigned int ipsec_en = 0;
 	int idx;
 	int i;
 	struct mlx5dv_context attrs_out;
@@ -645,6 +655,13 @@ mlx5_pci_probe(struct rte_pci_driver *pci_drv, struct rte_pci_device *pci_dev)
 	ibv_dev = list[i];
 
 	DEBUG("device opened");
+#ifdef HAVE_IBV_IPSEC_SUPPORT
+	attrs_out.comp_mask |= MLX5DV_CONTEXT_MASK_XFRM_FLAGS;
+	mlx5dv_query_device(attr_ctx, &attrs_out);
+	if ((attrs_out.xfrm_flags & MLX5_IPSEC_FLAGS) == MLX5_IPSEC_FLAGS)
+		ipsec_en = 1;
+#endif
+	DEBUG("Tx/Rx IPsec offload is %ssupported", ipsec_en ? "" : "not ");
 	/*
 	 * Multi-packet send is supported by ConnectX-4 Lx PF as well
 	 * as all ConnectX-5 devices.
@@ -693,6 +710,7 @@ mlx5_pci_probe(struct rte_pci_driver *pci_drv, struct rte_pci_device *pci_dev)
 			.tso = MLX5_ARG_UNSET,
 			.tx_vec_en = MLX5_ARG_UNSET,
 			.rx_vec_en = MLX5_ARG_UNSET,
+			.ipsec_en = MLX5_ARG_UNSET,
 		};
 
 		mlx5_dev[idx].ports |= test;
@@ -787,6 +805,7 @@ mlx5_pci_probe(struct rte_pci_driver *pci_drv, struct rte_pci_device *pci_dev)
 		priv->mps = mps; /* Enable MPW by default if supported. */
 		priv->cqe_comp = cqe_comp;
 		priv->tunnel_en = tunnel_en;
+		priv->ipsec_en = ipsec_en;
 		/* Enable vector by default if supported. */
 		priv->tx_vec_en = 1;
 		priv->rx_vec_en = 1;
@@ -797,6 +816,19 @@ mlx5_pci_probe(struct rte_pci_driver *pci_drv, struct rte_pci_device *pci_dev)
 			goto port_error;
 		}
 		mlx5_args_assign(priv, &args);
+		if (priv->ipsec_en) {
+#ifndef HAVE_IBV_IPSEC_SUPPORT
+			priv->ipsec_en = 0;
+			WARN("IPsec Offload not supported.");
+#else /* HAVE_IBV_IPSEC_SUPPORT */
+			priv->txq_inline = RTE_CACHE_LINE_SIZE;
+			priv->txqs_inline = 0;
+			priv->mps = MLX5_MPW_DISABLED;
+			priv->tx_vec_en = 0;
+			priv->rx_vec_en = 0;
+			WARN("IPsec offload enabled");
+#endif /* HAVE_IBV_IPSEC_SUPPORT */
+		}
 		if (ibv_query_device_ex(ctx, NULL, &device_attr_ex)) {
 			ERROR("ibv_query_device_ex() failed");
 			goto port_error;
-- 
2.11.0

     prev parent reply	other threads:[~2017-11-23 16:13 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-11-23 16:13 [dpdk-dev] [PATCH v1 0/7] net/mlx5: IPsec offload support Nelio Laranjeiro
2017-11-23 16:13 ` [dpdk-dev] [PATCH v1 1/7] net: define Mellanox ether type for embed metadata Nelio Laranjeiro
2017-11-23 16:13 ` [dpdk-dev] [PATCH v1 2/7] net/mlx5: handle the IPsec support from Verbs Nelio Laranjeiro
2017-11-23 16:13 ` [dpdk-dev] [PATCH v1 3/7] net/mlx5: add IPsec Tx/Rx offload support Nelio Laranjeiro
2017-11-23 16:13 ` [dpdk-dev] [PATCH v1 4/7] net/mlx5: add security capability function Nelio Laranjeiro
2017-11-23 16:13 ` [dpdk-dev] [PATCH v1 5/7] net/mlx5: simplify error handling in flow action parsing Nelio Laranjeiro
2017-11-23 16:13 ` [dpdk-dev] [PATCH v1 6/7] net/mlx5: support security flow action Nelio Laranjeiro
2017-11-23 16:13 ` Nelio Laranjeiro [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=927279b6644f8355a3d891e4f73e21772df5f64e.1511453340.git.nelio.laranjeiro@6wind.com \
    --to=nelio.laranjeiro@6wind.com \
    --cc=adrien.mazarguil@6wind.com \
    --cc=aviadye@mellanox.com \
    --cc=dev@dpdk.org \
    --cc=yskoh@mellanox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).