IPSec Full Offload ConnectX-6 DX Upstream Linux


I saw that the ipsec full offload code landed in the Upstream Kernel 6.2.
Is there any way to activate the full offload mode as well?
I can not see a way to change the mode in the upstream kernel.

Another question, does the full offload mode only work in switch legacy or switchdev mode? I have read contradicting documentations about that and from my testing legacy mode should be correct.

From my testing the full offload in the upstream kernel also does not work at the moment, offload is added from ip xfrm but there is no traffic being encrypted the ipsec counter in ethtool are not being increased.

Thanks and best

Hello @sven.auhagen,

Thank you for posting your query on our community. I would like to refer you to this documentation on Configuring IPSec Full Offload -https://docs.nvidia.com/networking/display/BlueFieldDPUOSLatest/IPsec+Functionality, not sure if you had a chance to review it. Please note that this feature is supported only on BlueField-2 based platforms.

You can configure IPSec to full offload after setting SR-IOV mode to ‘legacy’. This is also mentioned in the above provided link.
If you require further assistance on this, I would suggest you to open a support case for further investigation of the issue. The support ticket can be opened by emailing "Networking-support@nvidia.com "

Please note that an active support contract would be required for the same. If you do not have a current support contract, please reach out to our Contracts team at networking-contracts@nvidia.com

Thank you,
-Nvidia Network Support