[dpdk-dev] [PATCH v1 7/7] net/mlx5: add device parameter to enabled IPsec

Thu, 23 Nov 2017 08:15:06 -0800 

This feature still relies on some symbols from Verbs and thus the support
is only compile if the symbols are available.
Only ConnectX-4 Lx INNOVA are security capable.

Signed-off-by: Aviad Yehezkel <avia...@mellanox.com>
Signed-off-by: Nelio Laranjeiro <nelio.laranje...@6wind.com>
---
 doc/guides/nics/mlx5.rst |  9 +++++++++
 drivers/net/mlx5/mlx5.c  | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+)

diff --git a/doc/guides/nics/mlx5.rst b/doc/guides/nics/mlx5.rst
index f9558da89..643c1dd5d 100644
--- a/doc/guides/nics/mlx5.rst
+++ b/doc/guides/nics/mlx5.rst
@@ -295,6 +295,15 @@ Run-time configuration
 
   Enabled by default.
 
+- ``ipsec_en`` parameter [int]
+
+  A nonzero value enables the IPsec feature on the port.
+  Enabling this feature enables, ``txq_inline`` with a size equal to
+  RTE_CACHE_LINE_SIZE and disables ``rx_vec_en``, ``tx_vec_en`` and
+  ``txq_mpw_en``.
+
+  Enabled by default on ConnectX-4 Lx INOVA.
+
 Prerequisites
 -------------
 
diff --git a/drivers/net/mlx5/mlx5.c b/drivers/net/mlx5/mlx5.c
index e74026caf..0a7e9ac34 100644
--- a/drivers/net/mlx5/mlx5.c
+++ b/drivers/net/mlx5/mlx5.c
@@ -95,6 +95,9 @@
 /* Device parameter to enable hardware Rx vector. */
 #define MLX5_RX_VEC_EN "rx_vec_en"
 
+/* Device parameter to enable hardware IPsec offload. */
+#define MLX5_IPSEC_EN "ipsec_en"
+
 /* Default PMD specific parameter value. */
 #define MLX5_ARG_UNSET (-1)
 
@@ -128,6 +131,7 @@ struct mlx5_args {
        int tso;
        int tx_vec_en;
        int rx_vec_en;
+       int ipsec_en;
 };
 /**
  * Retrieve integer value from environment variable.
@@ -438,6 +442,8 @@ mlx5_args_check(const char *key, const char *val, void 
*opaque)
                args->tx_vec_en = !!tmp;
        } else if (strcmp(MLX5_RX_VEC_EN, key) == 0) {
                args->rx_vec_en = !!tmp;
+       } else if (strcmp(MLX5_IPSEC_EN, key) == 0) {
+               args->ipsec_en = !!tmp;
        } else {
                WARN("%s: unknown parameter", key);
                return -EINVAL;
@@ -469,6 +475,7 @@ mlx5_args(struct mlx5_args *args, struct rte_devargs 
*devargs)
                MLX5_TSO,
                MLX5_TX_VEC_EN,
                MLX5_RX_VEC_EN,
+               MLX5_IPSEC_EN,
                NULL,
        };
        struct rte_kvargs *kvlist;
@@ -528,6 +535,8 @@ mlx5_args_assign(struct priv *priv, struct mlx5_args *args)
                priv->tx_vec_en = args->tx_vec_en;
        if (args->rx_vec_en != MLX5_ARG_UNSET)
                priv->rx_vec_en = args->rx_vec_en;
+       if (args->ipsec_en != MLX5_ARG_UNSET)
+               priv->ipsec_en = args->ipsec_en;
 }
 
 /**
@@ -556,6 +565,7 @@ mlx5_pci_probe(struct rte_pci_driver *pci_drv, struct 
rte_pci_device *pci_dev)
        unsigned int mps;
        unsigned int cqe_comp;
        unsigned int tunnel_en = 0;
+       unsigned int ipsec_en = 0;
        int idx;
        int i;
        struct mlx5dv_context attrs_out;
@@ -645,6 +655,13 @@ mlx5_pci_probe(struct rte_pci_driver *pci_drv, struct 
rte_pci_device *pci_dev)
        ibv_dev = list[i];
 
        DEBUG("device opened");
+#ifdef HAVE_IBV_IPSEC_SUPPORT
+       attrs_out.comp_mask |= MLX5DV_CONTEXT_MASK_XFRM_FLAGS;
+       mlx5dv_query_device(attr_ctx, &attrs_out);
+       if ((attrs_out.xfrm_flags & MLX5_IPSEC_FLAGS) == MLX5_IPSEC_FLAGS)
+               ipsec_en = 1;
+#endif
+       DEBUG("Tx/Rx IPsec offload is %ssupported", ipsec_en ? "" : "not ");
        /*
         * Multi-packet send is supported by ConnectX-4 Lx PF as well
         * as all ConnectX-5 devices.
@@ -693,6 +710,7 @@ mlx5_pci_probe(struct rte_pci_driver *pci_drv, struct 
rte_pci_device *pci_dev)
                        .tso = MLX5_ARG_UNSET,
                        .tx_vec_en = MLX5_ARG_UNSET,
                        .rx_vec_en = MLX5_ARG_UNSET,
+                       .ipsec_en = MLX5_ARG_UNSET,
                };
 
                mlx5_dev[idx].ports |= test;
@@ -787,6 +805,7 @@ mlx5_pci_probe(struct rte_pci_driver *pci_drv, struct 
rte_pci_device *pci_dev)
                priv->mps = mps; /* Enable MPW by default if supported. */
                priv->cqe_comp = cqe_comp;
                priv->tunnel_en = tunnel_en;
+               priv->ipsec_en = ipsec_en;
                /* Enable vector by default if supported. */
                priv->tx_vec_en = 1;
                priv->rx_vec_en = 1;
@@ -797,6 +816,19 @@ mlx5_pci_probe(struct rte_pci_driver *pci_drv, struct 
rte_pci_device *pci_dev)
                        goto port_error;
                }
                mlx5_args_assign(priv, &args);
+               if (priv->ipsec_en) {
+#ifndef HAVE_IBV_IPSEC_SUPPORT
+                       priv->ipsec_en = 0;
+                       WARN("IPsec Offload not supported.");
+#else /* HAVE_IBV_IPSEC_SUPPORT */
+                       priv->txq_inline = RTE_CACHE_LINE_SIZE;
+                       priv->txqs_inline = 0;
+                       priv->mps = MLX5_MPW_DISABLED;
+                       priv->tx_vec_en = 0;
+                       priv->rx_vec_en = 0;
+                       WARN("IPsec offload enabled");
+#endif /* HAVE_IBV_IPSEC_SUPPORT */
+               }
                if (ibv_query_device_ex(ctx, NULL, &device_attr_ex)) {
                        ERROR("ibv_query_device_ex() failed");
                        goto port_error;
-- 
2.11.0

Reply via email to