net/mlx5: Configure MACsec steering for egress RoCEv2 traffic

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Add steering table in RDMA_TX domain, to forward MACsec traffic
to MACsec crypto table in NIC domain.
The tables are created in a lazy manner when the first TX SA is
being created, and destroyed upon the destruction of the last SA.

Signed-off-by: Patrisious Haddad <phaddad@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>

authored by

Patrisious Haddad and committed by

Leon Romanovsky 2 years ago 9b240d10 a019b125

+45 -1

1 changed file

expand all

drivers

net

ethernet

mellanox

mlx5

core

lib

macsec_fs.c

+45 -1

drivers/net/ethernet/mellanox/mlx5/core/lib/macsec_fs.c

··· 95 95 struct ida tx_halloc; 96 96 97 97 struct mlx5_macsec_tables tables; 98 + 99 + struct mlx5_flow_table *ft_rdma_tx; 98 100 }; 99 101 100 102 struct mlx5_macsec_rx_rule { ··· 174 172 { 175 173 struct mlx5_macsec_tx *tx_fs = macsec_fs->tx_fs; 176 174 struct mlx5_macsec_tables *tx_tables; 175 + 176 + if (mlx5_is_macsec_roce_supported(macsec_fs->mdev)) 177 + mlx5_destroy_flow_table(tx_fs->ft_rdma_tx); 177 178 178 179 tx_tables = &tx_fs->tables; 179 180 ··· 303 298 fdb = mlx5_create_auto_grouped_flow_table(ns, &ft_attr); 304 299 305 300 return fdb; 301 + } 302 + 303 + enum { 304 + RDMA_TX_MACSEC_LEVEL = 0, 305 + }; 306 + 307 + static int macsec_fs_tx_roce_create(struct mlx5_macsec_fs *macsec_fs) 308 + { 309 + struct mlx5_macsec_tx *tx_fs = macsec_fs->tx_fs; 310 + struct mlx5_core_dev *mdev = macsec_fs->mdev; 311 + struct mlx5_flow_namespace *ns; 312 + struct mlx5_flow_table *ft; 313 + int err; 314 + 315 + if (!mlx5_is_macsec_roce_supported(mdev)) { 316 + mlx5_core_dbg(mdev, "Failed to init RoCE MACsec, capabilities not supported\n"); 317 + return 0; 318 + } 319 + 320 + ns = mlx5_get_flow_namespace(mdev, MLX5_FLOW_NAMESPACE_RDMA_TX_MACSEC); 321 + if (!ns) 322 + return -ENOMEM; 323 + 324 + /* Tx RoCE crypto table */ 325 + ft = macsec_fs_auto_group_table_create(ns, 0, RDMA_TX_MACSEC_LEVEL, CRYPTO_NUM_MAXSEC_FTE); 326 + if (IS_ERR(ft)) { 327 + err = PTR_ERR(ft); 328 + mlx5_core_err(mdev, "Failed to create MACsec RoCE Tx crypto table err(%d)\n", err); 329 + return err; 330 + } 331 + tx_fs->ft_rdma_tx = ft; 332 + 333 + return 0; 306 334 } 307 335 308 336 static int macsec_fs_tx_create(struct mlx5_macsec_fs *macsec_fs) ··· 480 442 } 481 443 tx_fs->check_rule = rule; 482 444 483 - goto out_flow_group; 445 + err = macsec_fs_tx_roce_create(macsec_fs); 446 + if (err) 447 + goto err; 448 + 449 + kvfree(flow_group_in); 450 + kvfree(spec); 451 + return 0; 484 452 485 453 err: 486 454 macsec_fs_tx_destroy(macsec_fs);