git.baikalelectronics.ru Git - kernel.git/commit

author	Lior Nahmanson <liorna@nvidia.com>
	Tue, 6 Sep 2022 05:21:21 +0000 (22:21 -0700)
committer	David S. Miller <davem@davemloft.net>
	Wed, 7 Sep 2022 13:02:08 +0000 (14:02 +0100)
commit	f0b869e0fa0ebd36194a8355ec013f5a371233ff
tree	7a343398b65fcb4ae9886f8a4f1bebc4e6efffa8	tree \| snapshot
parent	c6becda1027bc06b6c90e5f76c380b14e827d158	commit \| diff

net/mlx5e: Add MACsec TX steering rules

Tx flow steering consists of two flow tables (FTs).

The first FT (crypto table) has two fixed rules:
One default miss rule so non MACsec offloaded packets bypass the MACSec
tables, another rule to make sure that MACsec key exchange (MKE) traffic
passes unencrypted as expected (matched of ethertype).
On each new MACsec offload flow, a new MACsec rule is added.
This rule is matched on metadata_reg_a (which contains the id of the
flow) and invokes the MACsec offload action on match.

The second FT (check table) has two fixed rules:
One rule for verifying that the previous offload actions were
finished successfully and packet need to be transmitted.
Another default rule for dropping packets that were failed in the
offload actions.

The MACsec FTs should be created on demand when the first MACsec rule is
added and destroyed when the last MACsec rule is deleted.

Signed-off-by: Lior Nahmanson <liorna@nvidia.com>
Reviewed-by: Raed Salem <raeds@nvidia.com>
Signed-off-by: Raed Salem <raeds@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

drivers/net/ethernet/mellanox/mlx5/core/Makefile		diff \| blob \| history
drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c		diff \| blob \| history
drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec_fs.c	[new file with mode: 0644]	blob
drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec_fs.h	[new file with mode: 0644]	blob
include/linux/mlx5/qp.h		diff \| blob \| history