net/mlx5e: Add MACsec TX steering rules

Tx flow steering consists of two flow tables (FTs). The first FT (crypto table) has two fixed rules: One default miss rule so non MACsec offloaded packets bypass the MACSec tables, another rule to make sure that MACsec key exchange (MKE) traffic passes unencrypted as expected (matched of ethertype). On each new MACsec offload flow, a new MACsec rule is added. This rule is matched on metadata_reg_a (which contains the id of the flow) and invokes the MACsec offload action on match. The second FT (check table) has two fixed rules: One rule for verifying that the previous offload actions were finished successfully and packet need to be transmitted. Another default rule for dropping packets that were failed in the offload actions. The MACsec FTs should be created on demand when the first MACsec rule is added and destroyed when the last MACsec rule is deleted. Signed-off-by: Lior Nahmanson <liorna@nvidia.com> Reviewed-by: Raed Salem <raeds@nvidia.com> Signed-off-by: Raed Salem <raeds@nvidia.com> Signed-off-by: Saeed Mahameed <saeedm@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Lior Nahmanson <liorna@nvidia.com> 2022-09-06 08:21:21 +0300
committer: David S. Miller <davem@davemloft.net> 2022-09-07 16:02:08 +0300
commit: e467b283ffd50cf15b84c73eef68787e257eaed5 (patch)
tree: 7a343398b65fcb4ae9886f8a4f1bebc4e6efffa8 /drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec_fs.h
parent: ee534d7f81ba9cec028580f91429b3dc29b90c7f (diff)
download: linux-e467b283ffd50cf15b84c73eef68787e257eaed5.tar.xz
1 files changed, 41 insertions, 0 deletions
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec_fs.h b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec_fs.h
new file mode 100644
index 000000000000..b31137ecc986
--- /dev/null
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec_fs.h
@@ -0,0 +1,41 @@
+/* SPDX-License-Identifier: GPL-2.0 OR Linux-OpenIB */
+/* Copyright (c) 2022, NVIDIA CORPORATION & AFFILIATES. All rights reserved. */
+
+#ifndef __MLX5_MACSEC_STEERING_H__
+#define __MLX5_MACSEC_STEERING_H__
+
+#ifdef CONFIG_MLX5_EN_MACSEC
+
+#include "en_accel/macsec.h"
+
+#define MLX5_MACSEC_NUM_OF_SUPPORTED_INTERFACES 16
+
+struct mlx5e_macsec_fs;
+struct mlx5e_macsec_tx_rule;
+
+struct mlx5_macsec_rule_attrs {
+	u32 macsec_obj_id;
+	int action;
+};
+
+enum mlx5_macsec_action {
+	MLX5_ACCEL_MACSEC_ACTION_ENCRYPT,
+};
+
+void mlx5e_macsec_fs_cleanup(struct mlx5e_macsec_fs *macsec_fs);
+
+struct mlx5e_macsec_fs *
+mlx5e_macsec_fs_init(struct mlx5_core_dev *mdev, struct net_device *netdev);
+
+struct mlx5e_macsec_tx_rule *
+mlx5e_macsec_fs_add_rule(struct mlx5e_macsec_fs *macsec_fs,
+			 const struct macsec_context *ctx,
+			 struct mlx5_macsec_rule_attrs *attrs);
+
+void mlx5e_macsec_fs_del_rule(struct mlx5e_macsec_fs *macsec_fs,
+			      struct mlx5e_macsec_tx_rule *macsec_rule,
+			      int action);
+
+#endif
+
+#endif /* __MLX5_MACSEC_STEERING_H__ */
author	Lior Nahmanson <liorna@nvidia.com>	2022-09-06 08:21:21 +0300
committer	David S. Miller <davem@davemloft.net>	2022-09-07 16:02:08 +0300
commit	e467b283ffd50cf15b84c73eef68787e257eaed5 (patch)
tree	7a343398b65fcb4ae9886f8a4f1bebc4e6efffa8 /drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec_fs.h
parent	ee534d7f81ba9cec028580f91429b3dc29b90c7f (diff)
download	linux-e467b283ffd50cf15b84c73eef68787e257eaed5.tar.xz