From patchwork Thu Nov 23 16:13:09 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: =?utf-8?q?N=C3=A9lio_Laranjeiro?=
 <nelio.laranjeiro@6wind.com>
X-Patchwork-Id: 31601
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@dpdk.org
Delivered-To: patchwork@dpdk.org
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 301B27CFC;
	Thu, 23 Nov 2017 17:13:39 +0100 (CET)
Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com
	[74.125.82.67]) by dpdk.org (Postfix) with ESMTP id C6B962E83
	for <dev@dpdk.org>; Thu, 23 Nov 2017 17:13:32 +0100 (CET)
Received: by mail-wm0-f67.google.com with SMTP id u83so17913454wmb.5
	for <dev@dpdk.org>; Thu, 23 Nov 2017 08:13:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=6wind-com.20150623.gappssmtp.com; s=20150623;
	h=from:to:cc:subject:date:message-id:in-reply-to:references
	:in-reply-to:references;
	bh=OLvHKiVGR4/BiztMthSfCGEZ7Pwypgb851Hw/ANLKhI=;
	b=vF2oOcuF8vUqq7qyFiQvXlrWqoneetLEu4Anu5Pf5MxrpT+sM3equNYsfTOOZhgFwf
	yA48h6jigl0zjaMEf203SI0bGjQaLH6RFBSmEq/15srfFaxlaT/4uuai5FVfgoX5GOrm
	HF+WboObmJyAE4mF+JwTeoegjlqnD5x0rfxBoUSBL6klmKasL3TdcTtIBT24E758hgl6
	6/3szqwWjkM/lgZ9c40Q76HvxldyyE6urPI0evCLGokdKXjNsmvBPla4X+M1zld1iETh
	l1R2vgbMDBSJBq/bMuNRAiyv8hxxbY2+EElG0hXrnAAADPVG9wItHKRFmMb/Ubewdm8P
	cgxA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references:in-reply-to:references;
	bh=OLvHKiVGR4/BiztMthSfCGEZ7Pwypgb851Hw/ANLKhI=;
	b=CaIhBLz9G4FczYIeDCWVA8FlxqMoasxxpB8xw7u0zmvZ/bu7HV9rzU7NNvWNqdiVNp
	v1kGRP1VSiykR5MXhHoY7H5fwK1Di2KwQN3wguWuTqqchym8cDyjRap51ys5LJ4bFmrl
	o38juBb7nOo1vsru4PPugLxBs034Ukw/K0xv0uqsLh+CUZpGebZkrkLdqnT7Fqw7ojyM
	CXaK5jWDjraRphCQPyUBtagdoD6kTVinC070YWTTpwyg+2uEa/yWTDFtYS7dSeXBkPB8
	7928XcysjjzYsPBldl43J+nsaQIBl0tvNEmyEm1bBYgLseQnwAiWMVhZbcZpjnmhdTes
	SVIQ==
X-Gm-Message-State: AJaThX5qcsfhSghxEaWPrca9E1/24sMlJpdREPc0xO8HDtu31Dpdq8Si
	Ec87PDE8BmwRRbb6NbTaB+ubnqCORg==
X-Google-Smtp-Source: 
 AGs4zMYtE6vlbtgiGYVN48OPeWuNhYBxVxIntIby8hAP+zpXZ+VZGySTANSEQsn86r2U8i68dxsJQQ==
X-Received: by 10.80.202.72 with SMTP id e8mr27569965edi.60.1511453612319;
	Thu, 23 Nov 2017 08:13:32 -0800 (PST)
Received: from laranjeiro-vm.dev.6wind.com.
	(host.78.145.23.62.rev.coltfrance.com. [62.23.145.78])
	by smtp.gmail.com with ESMTPSA id
	u10sm14663036edm.56.2017.11.23.08.13.31
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 23 Nov 2017 08:13:31 -0800 (PST)
From: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
To: dev@dpdk.org
Cc: Yongseok Koh <yskoh@mellanox.com>,
	Adrien Mazarguil <adrien.mazarguil@6wind.com>,
	Aviad Yehezkel <aviadye@mellanox.com>
Date: Thu, 23 Nov 2017 17:13:09 +0100
Message-Id: 
 <927279b6644f8355a3d891e4f73e21772df5f64e.1511453340.git.nelio.laranjeiro@6wind.com>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <cover.1511453340.git.nelio.laranjeiro@6wind.com>
References: <cover.1511453340.git.nelio.laranjeiro@6wind.com>
In-Reply-To: <cover.1511453340.git.nelio.laranjeiro@6wind.com>
References: <cover.1511453340.git.nelio.laranjeiro@6wind.com>
Subject: [dpdk-dev] [PATCH v1 7/7] net/mlx5: add device parameter to enabled
	IPsec
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
	<mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
	<mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

This feature still relies on some symbols from Verbs and thus the support
is only compile if the symbols are available.
Only ConnectX-4 Lx INNOVA are security capable.

Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
---
 doc/guides/nics/mlx5.rst |  9 +++++++++
 drivers/net/mlx5/mlx5.c  | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+)

diff --git a/doc/guides/nics/mlx5.rst b/doc/guides/nics/mlx5.rst
index f9558da89..643c1dd5d 100644
--- a/doc/guides/nics/mlx5.rst
+++ b/doc/guides/nics/mlx5.rst
@@ -295,6 +295,15 @@ Run-time configuration
 
   Enabled by default.
 
+- ``ipsec_en`` parameter [int]
+
+  A nonzero value enables the IPsec feature on the port.
+  Enabling this feature enables, ``txq_inline`` with a size equal to
+  RTE_CACHE_LINE_SIZE and disables ``rx_vec_en``, ``tx_vec_en`` and
+  ``txq_mpw_en``.
+
+  Enabled by default on ConnectX-4 Lx INOVA.
+
 Prerequisites
 -------------
 
diff --git a/drivers/net/mlx5/mlx5.c b/drivers/net/mlx5/mlx5.c
index e74026caf..0a7e9ac34 100644
--- a/drivers/net/mlx5/mlx5.c
+++ b/drivers/net/mlx5/mlx5.c
@@ -95,6 +95,9 @@
 /* Device parameter to enable hardware Rx vector. */
 #define MLX5_RX_VEC_EN "rx_vec_en"
 
+/* Device parameter to enable hardware IPsec offload. */
+#define MLX5_IPSEC_EN "ipsec_en"
+
 /* Default PMD specific parameter value. */
 #define MLX5_ARG_UNSET (-1)
 
@@ -128,6 +131,7 @@ struct mlx5_args {
 	int tso;
 	int tx_vec_en;
 	int rx_vec_en;
+	int ipsec_en;
 };
 /**
  * Retrieve integer value from environment variable.
@@ -438,6 +442,8 @@ mlx5_args_check(const char *key, const char *val, void *opaque)
 		args->tx_vec_en = !!tmp;
 	} else if (strcmp(MLX5_RX_VEC_EN, key) == 0) {
 		args->rx_vec_en = !!tmp;
+	} else if (strcmp(MLX5_IPSEC_EN, key) == 0) {
+		args->ipsec_en = !!tmp;
 	} else {
 		WARN("%s: unknown parameter", key);
 		return -EINVAL;
@@ -469,6 +475,7 @@ mlx5_args(struct mlx5_args *args, struct rte_devargs *devargs)
 		MLX5_TSO,
 		MLX5_TX_VEC_EN,
 		MLX5_RX_VEC_EN,
+		MLX5_IPSEC_EN,
 		NULL,
 	};
 	struct rte_kvargs *kvlist;
@@ -528,6 +535,8 @@ mlx5_args_assign(struct priv *priv, struct mlx5_args *args)
 		priv->tx_vec_en = args->tx_vec_en;
 	if (args->rx_vec_en != MLX5_ARG_UNSET)
 		priv->rx_vec_en = args->rx_vec_en;
+	if (args->ipsec_en != MLX5_ARG_UNSET)
+		priv->ipsec_en = args->ipsec_en;
 }
 
 /**
@@ -556,6 +565,7 @@ mlx5_pci_probe(struct rte_pci_driver *pci_drv, struct rte_pci_device *pci_dev)
 	unsigned int mps;
 	unsigned int cqe_comp;
 	unsigned int tunnel_en = 0;
+	unsigned int ipsec_en = 0;
 	int idx;
 	int i;
 	struct mlx5dv_context attrs_out;
@@ -645,6 +655,13 @@ mlx5_pci_probe(struct rte_pci_driver *pci_drv, struct rte_pci_device *pci_dev)
 	ibv_dev = list[i];
 
 	DEBUG("device opened");
+#ifdef HAVE_IBV_IPSEC_SUPPORT
+	attrs_out.comp_mask |= MLX5DV_CONTEXT_MASK_XFRM_FLAGS;
+	mlx5dv_query_device(attr_ctx, &attrs_out);
+	if ((attrs_out.xfrm_flags & MLX5_IPSEC_FLAGS) == MLX5_IPSEC_FLAGS)
+		ipsec_en = 1;
+#endif
+	DEBUG("Tx/Rx IPsec offload is %ssupported", ipsec_en ? "" : "not ");
 	/*
 	 * Multi-packet send is supported by ConnectX-4 Lx PF as well
 	 * as all ConnectX-5 devices.
@@ -693,6 +710,7 @@ mlx5_pci_probe(struct rte_pci_driver *pci_drv, struct rte_pci_device *pci_dev)
 			.tso = MLX5_ARG_UNSET,
 			.tx_vec_en = MLX5_ARG_UNSET,
 			.rx_vec_en = MLX5_ARG_UNSET,
+			.ipsec_en = MLX5_ARG_UNSET,
 		};
 
 		mlx5_dev[idx].ports |= test;
@@ -787,6 +805,7 @@ mlx5_pci_probe(struct rte_pci_driver *pci_drv, struct rte_pci_device *pci_dev)
 		priv->mps = mps; /* Enable MPW by default if supported. */
 		priv->cqe_comp = cqe_comp;
 		priv->tunnel_en = tunnel_en;
+		priv->ipsec_en = ipsec_en;
 		/* Enable vector by default if supported. */
 		priv->tx_vec_en = 1;
 		priv->rx_vec_en = 1;
@@ -797,6 +816,19 @@ mlx5_pci_probe(struct rte_pci_driver *pci_drv, struct rte_pci_device *pci_dev)
 			goto port_error;
 		}
 		mlx5_args_assign(priv, &args);
+		if (priv->ipsec_en) {
+#ifndef HAVE_IBV_IPSEC_SUPPORT
+			priv->ipsec_en = 0;
+			WARN("IPsec Offload not supported.");
+#else /* HAVE_IBV_IPSEC_SUPPORT */
+			priv->txq_inline = RTE_CACHE_LINE_SIZE;
+			priv->txqs_inline = 0;
+			priv->mps = MLX5_MPW_DISABLED;
+			priv->tx_vec_en = 0;
+			priv->rx_vec_en = 0;
+			WARN("IPsec offload enabled");
+#endif /* HAVE_IBV_IPSEC_SUPPORT */
+		}
 		if (ibv_query_device_ex(ctx, NULL, &device_attr_ex)) {
 			ERROR("ibv_query_device_ex() failed");
 			goto port_error;