From: Leon Romanovsky <leon@kernel.org>
To: Jason Gunthorpe <jgg@nvidia.com>, Jakub Kicinski <kuba@kernel.org>
Cc: Patrisious Haddad <phaddad@nvidia.com>,
"David S . Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
linux-rdma@vger.kernel.org, Maor Gottlieb <maorg@nvidia.com>,
Mark Zhang <markzhang@nvidia.com>,
netdev@vger.kernel.org, Paolo Abeni <pabeni@redhat.com>,
Raed Salem <raeds@nvidia.com>, Saeed Mahameed <saeedm@nvidia.com>
Subject: [PATCH mlx5-next 08/14] net/mlx5: Add MACsec priorities in RDMA namespaces
Date: Mon, 7 Aug 2023 13:44:17 +0300 [thread overview]
Message-ID: <263fba045dc4005d52d10b24780ed7e37f2ce79c.1691403485.git.leon@kernel.org> (raw)
In-Reply-To: <cover.1691403485.git.leon@kernel.org>
From: Patrisious Haddad <phaddad@nvidia.com>
Add MACsec flow steering priorities in RDMA namespaces. This allows
adding tables/rules to forward RoCEv2 traffic to the MACsec crypto
tables in NIC_TX domain, and accept RoCEv2 traffic from NIC_RX domain.
Signed-off-by: Patrisious Haddad <phaddad@nvidia.com>
Reviewed-by: Maor Gottlieb <maorg@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
---
.../net/ethernet/mellanox/mlx5/core/fs_core.c | 35 +++++++++++++++++--
include/linux/mlx5/fs.h | 2 ++
2 files changed, 34 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
index a3228502f866..815fe6393c4b 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
@@ -224,6 +224,7 @@ static struct init_tree_node egress_root_fs = {
enum {
RDMA_RX_IPSEC_PRIO,
+ RDMA_RX_MACSEC_PRIO,
RDMA_RX_COUNTERS_PRIO,
RDMA_RX_BYPASS_PRIO,
RDMA_RX_KERNEL_PRIO,
@@ -237,9 +238,13 @@ enum {
#define RDMA_RX_KERNEL_MIN_LEVEL (RDMA_RX_BYPASS_MIN_LEVEL + 1)
#define RDMA_RX_COUNTERS_MIN_LEVEL (RDMA_RX_KERNEL_MIN_LEVEL + 2)
+#define RDMA_RX_MACSEC_NUM_PRIOS 1
+#define RDMA_RX_MACSEC_PRIO_NUM_LEVELS 2
+#define RDMA_RX_MACSEC_MIN_LEVEL (RDMA_RX_COUNTERS_MIN_LEVEL + RDMA_RX_MACSEC_NUM_PRIOS)
+
static struct init_tree_node rdma_rx_root_fs = {
.type = FS_TYPE_NAMESPACE,
- .ar_size = 4,
+ .ar_size = 5,
.children = (struct init_tree_node[]) {
[RDMA_RX_IPSEC_PRIO] =
ADD_PRIO(0, RDMA_RX_IPSEC_MIN_LEVEL, 0,
@@ -247,6 +252,12 @@ static struct init_tree_node rdma_rx_root_fs = {
ADD_NS(MLX5_FLOW_TABLE_MISS_ACTION_DEF,
ADD_MULTIPLE_PRIO(RDMA_RX_IPSEC_NUM_PRIOS,
RDMA_RX_IPSEC_NUM_LEVELS))),
+ [RDMA_RX_MACSEC_PRIO] =
+ ADD_PRIO(0, RDMA_RX_MACSEC_MIN_LEVEL, 0,
+ FS_CHAINING_CAPS,
+ ADD_NS(MLX5_FLOW_TABLE_MISS_ACTION_DEF,
+ ADD_MULTIPLE_PRIO(RDMA_RX_MACSEC_NUM_PRIOS,
+ RDMA_RX_MACSEC_PRIO_NUM_LEVELS))),
[RDMA_RX_COUNTERS_PRIO] =
ADD_PRIO(0, RDMA_RX_COUNTERS_MIN_LEVEL, 0,
FS_CHAINING_CAPS,
@@ -270,6 +281,7 @@ static struct init_tree_node rdma_rx_root_fs = {
enum {
RDMA_TX_COUNTERS_PRIO,
RDMA_TX_IPSEC_PRIO,
+ RDMA_TX_MACSEC_PRIO,
RDMA_TX_BYPASS_PRIO,
};
@@ -280,9 +292,13 @@ enum {
#define RDMA_TX_IPSEC_PRIO_NUM_LEVELS 1
#define RDMA_TX_IPSEC_MIN_LEVEL (RDMA_TX_COUNTERS_MIN_LEVEL + RDMA_TX_IPSEC_NUM_PRIOS)
+#define RDMA_TX_MACSEC_NUM_PRIOS 1
+#define RDMA_TX_MACESC_PRIO_NUM_LEVELS 1
+#define RDMA_TX_MACSEC_MIN_LEVEL (RDMA_TX_COUNTERS_MIN_LEVEL + RDMA_TX_MACSEC_NUM_PRIOS)
+
static struct init_tree_node rdma_tx_root_fs = {
.type = FS_TYPE_NAMESPACE,
- .ar_size = 3,
+ .ar_size = 4,
.children = (struct init_tree_node[]) {
[RDMA_TX_COUNTERS_PRIO] =
ADD_PRIO(0, RDMA_TX_COUNTERS_MIN_LEVEL, 0,
@@ -296,7 +312,12 @@ static struct init_tree_node rdma_tx_root_fs = {
ADD_NS(MLX5_FLOW_TABLE_MISS_ACTION_DEF,
ADD_MULTIPLE_PRIO(RDMA_TX_IPSEC_NUM_PRIOS,
RDMA_TX_IPSEC_PRIO_NUM_LEVELS))),
-
+ [RDMA_TX_MACSEC_PRIO] =
+ ADD_PRIO(0, RDMA_TX_MACSEC_MIN_LEVEL, 0,
+ FS_CHAINING_CAPS,
+ ADD_NS(MLX5_FLOW_TABLE_MISS_ACTION_DEF,
+ ADD_MULTIPLE_PRIO(RDMA_TX_MACSEC_NUM_PRIOS,
+ RDMA_TX_MACESC_PRIO_NUM_LEVELS))),
[RDMA_TX_BYPASS_PRIO] =
ADD_PRIO(0, RDMA_TX_BYPASS_MIN_LEVEL, 0,
FS_CHAINING_CAPS_RDMA_TX,
@@ -2466,6 +2487,14 @@ struct mlx5_flow_namespace *mlx5_get_flow_namespace(struct mlx5_core_dev *dev,
root_ns = steering->rdma_tx_root_ns;
prio = RDMA_TX_IPSEC_PRIO;
break;
+ case MLX5_FLOW_NAMESPACE_RDMA_RX_MACSEC:
+ root_ns = steering->rdma_rx_root_ns;
+ prio = RDMA_RX_MACSEC_PRIO;
+ break;
+ case MLX5_FLOW_NAMESPACE_RDMA_TX_MACSEC:
+ root_ns = steering->rdma_tx_root_ns;
+ prio = RDMA_TX_MACSEC_PRIO;
+ break;
default: /* Must be NIC RX */
WARN_ON(!is_nic_rx_ns(type));
root_ns = steering->root_ns;
diff --git a/include/linux/mlx5/fs.h b/include/linux/mlx5/fs.h
index c302ec34255b..1e00c2436377 100644
--- a/include/linux/mlx5/fs.h
+++ b/include/linux/mlx5/fs.h
@@ -105,6 +105,8 @@ enum mlx5_flow_namespace_type {
MLX5_FLOW_NAMESPACE_RDMA_TX_COUNTERS,
MLX5_FLOW_NAMESPACE_RDMA_RX_IPSEC,
MLX5_FLOW_NAMESPACE_RDMA_TX_IPSEC,
+ MLX5_FLOW_NAMESPACE_RDMA_RX_MACSEC,
+ MLX5_FLOW_NAMESPACE_RDMA_TX_MACSEC,
};
enum {
--
2.41.0
next prev parent reply other threads:[~2023-08-07 10:45 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-07 10:44 [PATCH mlx5-next 00/14] mlx5 MACsec RoCEv2 support Leon Romanovsky
2023-08-07 10:44 ` [PATCH mlx5-next 01/14] macsec: add functions to get MACsec real netdevice and check offload Leon Romanovsky
2023-08-07 10:44 ` [PATCH mlx5-next 02/14] net/mlx5e: Move MACsec flow steering operations to be used as core library Leon Romanovsky
2023-08-07 10:44 ` [PATCH mlx5-next 03/14] net/mlx5: Remove dependency of macsec flow steering on ethernet Leon Romanovsky
2023-08-07 10:44 ` [PATCH mlx5-next 04/14] net/mlx5e: Rename MACsec flow steering functions/parameters to suit core naming style Leon Romanovsky
2023-08-07 10:44 ` [PATCH mlx5-next 05/14] net/mlx5e: Move MACsec flow steering and statistics database from ethernet to core Leon Romanovsky
2023-08-07 10:44 ` [PATCH mlx5-next 06/14] net/mlx5: Remove netdevice from MACsec steering Leon Romanovsky
2023-08-07 10:44 ` [PATCH mlx5-next 07/14] net/mlx5: Maintain fs_id xarray per MACsec device inside macsec steering Leon Romanovsky
2023-08-07 10:44 ` Leon Romanovsky [this message]
2023-08-07 10:44 ` [PATCH mlx5-next 09/14] net/mlx5: Configure MACsec steering for egress RoCEv2 traffic Leon Romanovsky
2023-08-08 15:18 ` Simon Horman
2023-08-08 17:41 ` Leon Romanovsky
2023-08-07 10:44 ` [PATCH mlx5-next 10/14] net/mlx5: Configure MACsec steering for ingress " Leon Romanovsky
2023-08-07 10:44 ` [PATCH mlx5-next 11/14] net/mlx5: Add RoCE MACsec steering infrastructure in core Leon Romanovsky
2023-08-07 10:44 ` [PATCH mlx5-next 12/14] RDMA/mlx5: Implement MACsec gid addition and deletion Leon Romanovsky
2023-08-07 10:44 ` [PATCH mlx5-next 13/14] IB/core: Reorder GID delete code for RoCE Leon Romanovsky
2023-08-07 10:44 ` [PATCH mlx5-next 14/14] RDMA/mlx5: Handles RoCE MACsec steering rules addition and deletion Leon Romanovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=263fba045dc4005d52d10b24780ed7e37f2ce79c.1691403485.git.leon@kernel.org \
--to=leon@kernel.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=jgg@nvidia.com \
--cc=kuba@kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=maorg@nvidia.com \
--cc=markzhang@nvidia.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=phaddad@nvidia.com \
--cc=raeds@nvidia.com \
--cc=saeedm@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.