From: Leon Romanovsky <leon@kernel.org>
To: Jason Gunthorpe <jgg@nvidia.com>, Jakub Kicinski <kuba@kernel.org>
Cc: Patrisious Haddad <phaddad@nvidia.com>,
"David S . Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
linux-rdma@vger.kernel.org, Maor Gottlieb <maorg@nvidia.com>,
Mark Zhang <markzhang@nvidia.com>,
netdev@vger.kernel.org, Paolo Abeni <pabeni@redhat.com>,
Raed Salem <raeds@nvidia.com>, Saeed Mahameed <saeedm@nvidia.com>
Subject: [PATCH mlx5-next 09/14] net/mlx5: Configure MACsec steering for egress RoCEv2 traffic
Date: Mon, 7 Aug 2023 13:44:18 +0300 [thread overview]
Message-ID: <4e114bd19fe2cd8732c0efffa2f0f90d1dc5ec44.1691403485.git.leon@kernel.org> (raw)
In-Reply-To: <cover.1691403485.git.leon@kernel.org>
From: Patrisious Haddad <phaddad@nvidia.com>
Add steering table in RDMA_TX domain, to forward MACsec traffic
to MACsec crypto table in NIC domain.
The tables are created in a lazy manner when the first TX SA is
being created, and destroyed upon the destruction of the last SA.
Signed-off-by: Patrisious Haddad <phaddad@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
---
.../mellanox/mlx5/core/lib/macsec_fs.c | 46 ++++++++++++++++++-
1 file changed, 45 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/lib/macsec_fs.c b/drivers/net/ethernet/mellanox/mlx5/core/lib/macsec_fs.c
index d39ca7c66542..15e7ea3ed79f 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/lib/macsec_fs.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/lib/macsec_fs.c
@@ -95,6 +95,8 @@ struct mlx5_macsec_tx {
struct ida tx_halloc;
struct mlx5_macsec_tables tables;
+
+ struct mlx5_flow_table *ft_rdma_tx;
};
struct mlx5_macsec_rx_rule {
@@ -173,6 +175,9 @@ static void macsec_fs_tx_destroy(struct mlx5_macsec_fs *macsec_fs)
struct mlx5_macsec_tx *tx_fs = macsec_fs->tx_fs;
struct mlx5_macsec_tables *tx_tables;
+ if (mlx5_is_macsec_roce_supported(macsec_fs->mdev))
+ mlx5_destroy_flow_table(tx_fs->ft_rdma_tx);
+
tx_tables = &tx_fs->tables;
/* Tx check table */
@@ -301,6 +306,39 @@ static struct mlx5_flow_table
return fdb;
}
+enum {
+ RDMA_TX_MACSEC_LEVEL = 0,
+};
+
+static int macsec_fs_tx_roce_create(struct mlx5_macsec_fs *macsec_fs)
+{
+ struct mlx5_macsec_tx *tx_fs = macsec_fs->tx_fs;
+ struct mlx5_core_dev *mdev = macsec_fs->mdev;
+ struct mlx5_flow_namespace *ns;
+ struct mlx5_flow_table *ft;
+ int err;
+
+ if (!mlx5_is_macsec_roce_supported(mdev)) {
+ mlx5_core_dbg(mdev, "Failed to init RoCE MACsec, capabilities not supported\n");
+ return 0;
+ }
+
+ ns = mlx5_get_flow_namespace(mdev, MLX5_FLOW_NAMESPACE_RDMA_TX_MACSEC);
+ if (!ns)
+ return -ENOMEM;
+
+ /* Tx RoCE crypto table */
+ ft = macsec_fs_auto_group_table_create(ns, 0, RDMA_TX_MACSEC_LEVEL, CRYPTO_NUM_MAXSEC_FTE);
+ if (IS_ERR(ft)) {
+ err = PTR_ERR(ft);
+ mlx5_core_err(mdev, "Failed to create MACsec RoCE Tx crypto table err(%d)\n", err);
+ return err;
+ }
+ tx_fs->ft_rdma_tx = ft;
+
+ return 0;
+}
+
static int macsec_fs_tx_create(struct mlx5_macsec_fs *macsec_fs)
{
int inlen = MLX5_ST_SZ_BYTES(create_flow_group_in);
@@ -443,7 +481,13 @@ static int macsec_fs_tx_create(struct mlx5_macsec_fs *macsec_fs)
}
tx_fs->check_rule = rule;
- goto out_flow_group;
+ err = macsec_fs_tx_roce_create(macsec_fs);
+ if (err)
+ goto err;
+
+ kvfree(flow_group_in);
+ kvfree(spec);
+ return 0;
err:
macsec_fs_tx_destroy(macsec_fs);
--
2.41.0
next prev parent reply other threads:[~2023-08-07 10:46 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-07 10:44 [PATCH mlx5-next 00/14] mlx5 MACsec RoCEv2 support Leon Romanovsky
2023-08-07 10:44 ` [PATCH mlx5-next 01/14] macsec: add functions to get MACsec real netdevice and check offload Leon Romanovsky
2023-08-07 10:44 ` [PATCH mlx5-next 02/14] net/mlx5e: Move MACsec flow steering operations to be used as core library Leon Romanovsky
2023-08-07 10:44 ` [PATCH mlx5-next 03/14] net/mlx5: Remove dependency of macsec flow steering on ethernet Leon Romanovsky
2023-08-07 10:44 ` [PATCH mlx5-next 04/14] net/mlx5e: Rename MACsec flow steering functions/parameters to suit core naming style Leon Romanovsky
2023-08-07 10:44 ` [PATCH mlx5-next 05/14] net/mlx5e: Move MACsec flow steering and statistics database from ethernet to core Leon Romanovsky
2023-08-07 10:44 ` [PATCH mlx5-next 06/14] net/mlx5: Remove netdevice from MACsec steering Leon Romanovsky
2023-08-07 10:44 ` [PATCH mlx5-next 07/14] net/mlx5: Maintain fs_id xarray per MACsec device inside macsec steering Leon Romanovsky
2023-08-07 10:44 ` [PATCH mlx5-next 08/14] net/mlx5: Add MACsec priorities in RDMA namespaces Leon Romanovsky
2023-08-07 10:44 ` Leon Romanovsky [this message]
2023-08-08 15:18 ` [PATCH mlx5-next 09/14] net/mlx5: Configure MACsec steering for egress RoCEv2 traffic Simon Horman
2023-08-08 17:41 ` Leon Romanovsky
2023-08-07 10:44 ` [PATCH mlx5-next 10/14] net/mlx5: Configure MACsec steering for ingress " Leon Romanovsky
2023-08-07 10:44 ` [PATCH mlx5-next 11/14] net/mlx5: Add RoCE MACsec steering infrastructure in core Leon Romanovsky
2023-08-07 10:44 ` [PATCH mlx5-next 12/14] RDMA/mlx5: Implement MACsec gid addition and deletion Leon Romanovsky
2023-08-07 10:44 ` [PATCH mlx5-next 13/14] IB/core: Reorder GID delete code for RoCE Leon Romanovsky
2023-08-07 10:44 ` [PATCH mlx5-next 14/14] RDMA/mlx5: Handles RoCE MACsec steering rules addition and deletion Leon Romanovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4e114bd19fe2cd8732c0efffa2f0f90d1dc5ec44.1691403485.git.leon@kernel.org \
--to=leon@kernel.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=jgg@nvidia.com \
--cc=kuba@kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=maorg@nvidia.com \
--cc=markzhang@nvidia.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=phaddad@nvidia.com \
--cc=raeds@nvidia.com \
--cc=saeedm@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.