From: Dima Chumak <dchumak@nvidia.com>
To: Stephen Hemminger <stephen@networkplumber.org>,
David Ahern <dsahern@kernel.org>
Cc: Jakub Kicinski <kuba@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>, "Jiri Pirko" <jiri@nvidia.com>,
<netdev@vger.kernel.org>, Dima Chumak <dchumak@nvidia.com>
Subject: [PATCH iproute2-next 3/3] devlink: Support setting port function ipsec_packet cap
Date: Thu, 23 Mar 2023 13:13:13 +0200 [thread overview]
Message-ID: <20230323111313.211866-3-dchumak@nvidia.com> (raw)
In-Reply-To: <20230323111059.210634-1-dchumak@nvidia.com>
Support port function commands to enable / disable IPsec packet
offloads, this is used to control the port IPsec device capabilities.
When IPsec capability is disabled for a function of the port (default),
function cannot offload any IPsec operations. When enabled, IPsec
operations can be offloaded by the function of the port.
Enabling IPsec packet offloads lets the kernel to delegate
encrypt/decrypt operations, as well as encapsulation and SA/policy
states to the device hardware.
Example of a PCI VF port which supports IPsec packet offloads:
$ devlink port show pci/0000:06:00.0/1
pci/0000:06:00.0/1: type eth netdev enp6s0pf0vf0 flavour pcivf pfnum 0 vfnum 0
function:
hw_addr 00:00:00:00:00:00 roce enable ipsec_crypto disable ipsec_packet disable
$ devlink port function set pci/0000:06:00.0/1 ipsec_packet enable
$ devlink port show pci/0000:06:00.0/1
pci/0000:06:00.0/1: type eth netdev enp6s0pf0vf0 flavour pcivf pfnum 0 vfnum 0
function:
hw_addr 00:00:00:00:00:00 roce enable ipsec_crypto disable ipsec_packet enable
Signed-off-by: Dima Chumak <dchumak@nvidia.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
---
devlink/devlink.c | 20 ++++++++++++++++++--
man/man8/devlink-port.8 | 12 ++++++++++++
2 files changed, 30 insertions(+), 2 deletions(-)
diff --git a/devlink/devlink.c b/devlink/devlink.c
index 90ee4d1b7b6f..a422ffe58f3b 100644
--- a/devlink/devlink.c
+++ b/devlink/devlink.c
@@ -2270,6 +2270,18 @@ static int dl_argv_parse(struct dl *dl, uint64_t o_required,
if (ipsec_crypto)
opts->port_fn_caps.value |= DEVLINK_PORT_FN_CAP_IPSEC_CRYPTO;
o_found |= DL_OPT_PORT_FN_CAPS;
+ } else if (dl_argv_match(dl, "ipsec_packet") &&
+ (o_all & DL_OPT_PORT_FN_CAPS)) {
+ bool ipsec_packet;
+
+ dl_arg_inc(dl);
+ err = dl_argv_bool(dl, &ipsec_packet);
+ if (err)
+ return err;
+ opts->port_fn_caps.selector |= DEVLINK_PORT_FN_CAP_IPSEC_PACKET;
+ if (ipsec_packet)
+ opts->port_fn_caps.value |= DEVLINK_PORT_FN_CAP_IPSEC_PACKET;
+ o_found |= DL_OPT_PORT_FN_CAPS;
} else {
pr_err("Unknown option \"%s\"\n", dl_argv(dl));
return -EINVAL;
@@ -4548,7 +4560,7 @@ static void cmd_port_help(void)
pr_err(" devlink port unsplit DEV/PORT_INDEX\n");
pr_err(" devlink port function set DEV/PORT_INDEX [ hw_addr ADDR ] [ state { active | inactive } ]\n");
pr_err(" [ roce { enable | disable } ] [ migratable { enable | disable } ]\n");
- pr_err(" [ ipsec_crypto { enable | disable } ]\n");
+ pr_err(" [ ipsec_crypto { enable | disable } ] [ ipsec_packet { enable | disable } ]\n");
pr_err(" devlink port function rate { help | show | add | del | set }\n");
pr_err(" devlink port param set DEV/PORT_INDEX name PARAMETER value VALUE cmode { permanent | driverinit | runtime }\n");
pr_err(" devlink port param show [DEV/PORT_INDEX name PARAMETER]\n");
@@ -4678,6 +4690,10 @@ static void pr_out_port_function(struct dl *dl, struct nlattr **tb_port)
print_string(PRINT_ANY, "ipsec_crypto", " ipsec_crypto %s",
port_fn_caps->value & DEVLINK_PORT_FN_CAP_IPSEC_CRYPTO ?
"enable" : "disable");
+ if (port_fn_caps->selector & DEVLINK_PORT_FN_CAP_IPSEC_PACKET)
+ print_string(PRINT_ANY, "ipsec_packet", " ipsec_packet %s",
+ port_fn_caps->value & DEVLINK_PORT_FN_CAP_IPSEC_PACKET ?
+ "enable" : "disable");
}
if (!dl->json_output)
@@ -4874,7 +4890,7 @@ static void cmd_port_function_help(void)
{
pr_err("Usage: devlink port function set DEV/PORT_INDEX [ hw_addr ADDR ] [ state STATE ]\n");
pr_err(" [ roce { enable | disable } ] [ migratable { enable | disable } ]\n");
- pr_err(" [ ipsec_crypto { enable | disable } ]\n");
+ pr_err(" [ ipsec_crypto { enable | disable } ] [ ipsec_packet { enable | disable } ]\n");
pr_err(" devlink port function rate { help | show | add | del | set }\n");
}
diff --git a/man/man8/devlink-port.8 b/man/man8/devlink-port.8
index a51d19e6abdd..026deefc2c9b 100644
--- a/man/man8/devlink-port.8
+++ b/man/man8/devlink-port.8
@@ -80,6 +80,9 @@ devlink-port \- devlink port configuration
.RI "[ "
.BR ipsec_crypto " { " enable " | " disable " }"
.RI "]"
+.RI "[ "
+.BR ipsec_packet " { " enable " | " disable " }"
+.RI "]"
.ti -8
.BR "devlink port function rate "
@@ -229,6 +232,10 @@ Set the migratable capability of the function.
.BR ipsec_crypto " { " enable " | " disable " } "
Set the IPsec crypto offload capability of the function.
+.TP
+.BR ipsec_packet " { " enable " | " disable " } "
+Set the IPsec packet offload capability of the function.
+
.ti -8
.SS devlink port del - delete a devlink port
.PP
@@ -363,6 +370,11 @@ devlink port function set pci/0000:01:00.0/1 ipsec_crypto enable
This will enable the IPsec crypto offload functionality of the function.
.RE
.PP
+devlink port function set pci/0000:01:00.0/1 ipsec_packet enable
+.RS 4
+This will enable the IPsec packet offload functionality of the function.
+.RE
+.PP
devlink port function set pci/0000:01:00.0/1 hw_addr 00:00:00:11:22:33 state active
.RS 4
Configure hardware address and also active the function. When a function is
--
2.40.0
next prev parent reply other threads:[~2023-03-23 11:14 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-23 11:10 [PATCH net-next 0/4] devlink: Add port function attributes to enable/disable IPsec crypto and packet offloads Dima Chumak
2023-03-23 11:10 ` [PATCH net-next 1/4] devlink: Expose port function commands to control IPsec crypto offloads Dima Chumak
2023-03-23 11:10 ` [PATCH net-next 2/4] net/mlx5: Implement devlink port function cmds to control ipsec_crypto Dima Chumak
2023-03-23 21:49 ` kernel test robot
2023-03-29 8:01 ` Leon Romanovsky
2023-03-23 11:10 ` [PATCH net-next 3/4] devlink: Expose port function commands to control IPsec packet offloads Dima Chumak
2023-03-23 11:10 ` [PATCH net-next 4/4] net/mlx5: Implement devlink port function cmds to control ipsec_packet Dima Chumak
2023-03-23 11:13 ` [PATCH iproute2-next 1/3] Update kernel headers Dima Chumak
2023-03-23 11:13 ` [PATCH iproute2-next 2/3] devlink: Support setting port function ipsec_crypto cap Dima Chumak
2023-03-23 11:13 ` Dima Chumak [this message]
2023-03-23 17:05 ` [PATCH net-next 0/4] devlink: Add port function attributes to enable/disable IPsec crypto and packet offloads Jakub Kicinski
2023-03-29 7:45 ` Leon Romanovsky
2023-03-29 17:09 ` Jakub Kicinski
2023-03-29 19:11 ` Leon Romanovsky
2023-03-23 17:23 ` Jakub Kicinski
2023-03-29 7:42 ` Dima Chumak
2023-03-29 17:05 ` Jakub Kicinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230323111313.211866-3-dchumak@nvidia.com \
--to=dchumak@nvidia.com \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=edumazet@google.com \
--cc=jiri@nvidia.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=stephen@networkplumber.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).