@@ -295,6 +295,15 @@ Run-time configuration
Enabled by default.
+- ``ipsec_en`` parameter [int]
+
+ A nonzero value enables the IPsec feature on the port.
+ Enabling this feature enables, ``txq_inline`` with a size equal to
+ RTE_CACHE_LINE_SIZE and disables ``rx_vec_en``, ``tx_vec_en`` and
+ ``txq_mpw_en``.
+
+ Enabled by default on ConnectX-4 Lx INOVA.
+
Prerequisites
-------------
@@ -95,6 +95,9 @@
/* Device parameter to enable hardware Rx vector. */
#define MLX5_RX_VEC_EN "rx_vec_en"
+/* Device parameter to enable hardware IPsec offload. */
+#define MLX5_IPSEC_EN "ipsec_en"
+
/* Default PMD specific parameter value. */
#define MLX5_ARG_UNSET (-1)
@@ -128,6 +131,7 @@ struct mlx5_args {
int tso;
int tx_vec_en;
int rx_vec_en;
+ int ipsec_en;
};
/**
* Retrieve integer value from environment variable.
@@ -438,6 +442,8 @@ mlx5_args_check(const char *key, const char *val, void *opaque)
args->tx_vec_en = !!tmp;
} else if (strcmp(MLX5_RX_VEC_EN, key) == 0) {
args->rx_vec_en = !!tmp;
+ } else if (strcmp(MLX5_IPSEC_EN, key) == 0) {
+ args->ipsec_en = !!tmp;
} else {
WARN("%s: unknown parameter", key);
return -EINVAL;
@@ -469,6 +475,7 @@ mlx5_args(struct mlx5_args *args, struct rte_devargs *devargs)
MLX5_TSO,
MLX5_TX_VEC_EN,
MLX5_RX_VEC_EN,
+ MLX5_IPSEC_EN,
NULL,
};
struct rte_kvargs *kvlist;
@@ -528,6 +535,8 @@ mlx5_args_assign(struct priv *priv, struct mlx5_args *args)
priv->tx_vec_en = args->tx_vec_en;
if (args->rx_vec_en != MLX5_ARG_UNSET)
priv->rx_vec_en = args->rx_vec_en;
+ if (args->ipsec_en != MLX5_ARG_UNSET)
+ priv->ipsec_en = args->ipsec_en;
}
/**
@@ -556,6 +565,7 @@ mlx5_pci_probe(struct rte_pci_driver *pci_drv, struct rte_pci_device *pci_dev)
unsigned int mps;
unsigned int cqe_comp;
unsigned int tunnel_en = 0;
+ unsigned int ipsec_en = 0;
int idx;
int i;
struct mlx5dv_context attrs_out;
@@ -645,6 +655,13 @@ mlx5_pci_probe(struct rte_pci_driver *pci_drv, struct rte_pci_device *pci_dev)
ibv_dev = list[i];
DEBUG("device opened");
+#ifdef HAVE_IBV_IPSEC_SUPPORT
+ attrs_out.comp_mask |= MLX5DV_CONTEXT_MASK_XFRM_FLAGS;
+ mlx5dv_query_device(attr_ctx, &attrs_out);
+ if ((attrs_out.xfrm_flags & MLX5_IPSEC_FLAGS) == MLX5_IPSEC_FLAGS)
+ ipsec_en = 1;
+#endif
+ DEBUG("Tx/Rx IPsec offload is %ssupported", ipsec_en ? "" : "not ");
/*
* Multi-packet send is supported by ConnectX-4 Lx PF as well
* as all ConnectX-5 devices.
@@ -693,6 +710,7 @@ mlx5_pci_probe(struct rte_pci_driver *pci_drv, struct rte_pci_device *pci_dev)
.tso = MLX5_ARG_UNSET,
.tx_vec_en = MLX5_ARG_UNSET,
.rx_vec_en = MLX5_ARG_UNSET,
+ .ipsec_en = MLX5_ARG_UNSET,
};
mlx5_dev[idx].ports |= test;
@@ -787,6 +805,7 @@ mlx5_pci_probe(struct rte_pci_driver *pci_drv, struct rte_pci_device *pci_dev)
priv->mps = mps; /* Enable MPW by default if supported. */
priv->cqe_comp = cqe_comp;
priv->tunnel_en = tunnel_en;
+ priv->ipsec_en = ipsec_en;
/* Enable vector by default if supported. */
priv->tx_vec_en = 1;
priv->rx_vec_en = 1;
@@ -797,6 +816,19 @@ mlx5_pci_probe(struct rte_pci_driver *pci_drv, struct rte_pci_device *pci_dev)
goto port_error;
}
mlx5_args_assign(priv, &args);
+ if (priv->ipsec_en) {
+#ifndef HAVE_IBV_IPSEC_SUPPORT
+ priv->ipsec_en = 0;
+ WARN("IPsec Offload not supported.");
+#else /* HAVE_IBV_IPSEC_SUPPORT */
+ priv->txq_inline = RTE_CACHE_LINE_SIZE;
+ priv->txqs_inline = 0;
+ priv->mps = MLX5_MPW_DISABLED;
+ priv->tx_vec_en = 0;
+ priv->rx_vec_en = 0;
+ WARN("IPsec offload enabled");
+#endif /* HAVE_IBV_IPSEC_SUPPORT */
+ }
if (ibv_query_device_ex(ctx, NULL, &device_attr_ex)) {
ERROR("ibv_query_device_ex() failed");
goto port_error;