net/mlx5: Add MACsec Rx tables support to fs_core

Add new namespace for MACsec RX flows.
Encrypted MACsec packets should be first decrypted and stripped
from MACsec header and then continues with the kernel's steering
pipeline.

Signed-off-by: Lior Nahmanson <liorna@nvidia.com>
Reviewed-by: Raed Salem <raeds@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.c b/drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.c
index c97aecc..32d4c96 100644 (file)
--- a/drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.c
@@ -922,6 +922,7 @@ static int mlx5_cmd_modify_header_alloc(struct mlx5_flow_root_namespace *ns,
                max_actions = MLX5_CAP_ESW_FLOWTABLE_FDB(dev, max_modify_header_actions);
                table_type = FS_FT_FDB;
                break;
+       case MLX5_FLOW_NAMESPACE_KERNEL_RX_MACSEC:
        case MLX5_FLOW_NAMESPACE_KERNEL:
        case MLX5_FLOW_NAMESPACE_BYPASS:
                max_actions = MLX5_CAP_FLOWTABLE_NIC_RX(dev, max_modify_header_actions);

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
index 6a6031d..d537492 100644 (file)
--- a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
@@ -104,6 +104,10 @@
 #define BY_PASS_MIN_LEVEL (ETHTOOL_MIN_LEVEL + MLX5_BY_PASS_NUM_PRIOS +\
                           LEFTOVERS_NUM_PRIOS)
 
+#define KERNEL_RX_MACSEC_NUM_PRIOS  1
+#define KERNEL_RX_MACSEC_NUM_LEVELS 2
+#define KERNEL_RX_MACSEC_MIN_LEVEL (BY_PASS_MIN_LEVEL + KERNEL_RX_MACSEC_NUM_PRIOS)
+
 #define ETHTOOL_PRIO_NUM_LEVELS 1
 #define ETHTOOL_NUM_PRIOS 11
 #define ETHTOOL_MIN_LEVEL (KERNEL_MIN_LEVEL + ETHTOOL_NUM_PRIOS)
@@ -126,7 +130,7 @@
 
 #define LAG_PRIO_NUM_LEVELS 1
 #define LAG_NUM_PRIOS 1
-#define LAG_MIN_LEVEL (OFFLOADS_MIN_LEVEL + 1)
+#define LAG_MIN_LEVEL (OFFLOADS_MIN_LEVEL + KERNEL_RX_MACSEC_MIN_LEVEL + 1)
 
 #define KERNEL_TX_IPSEC_NUM_PRIOS  1
 #define KERNEL_TX_IPSEC_NUM_LEVELS 1
@@ -153,12 +157,16 @@ static struct init_tree_node {
        enum mlx5_flow_table_miss_action def_miss_action;
 } root_fs = {
        .type = FS_TYPE_NAMESPACE,
-       .ar_size = 7,
+       .ar_size = 8,
          .children = (struct init_tree_node[]){
                  ADD_PRIO(0, BY_PASS_MIN_LEVEL, 0, FS_CHAINING_CAPS,
                           ADD_NS(MLX5_FLOW_TABLE_MISS_ACTION_DEF,
                                  ADD_MULTIPLE_PRIO(MLX5_BY_PASS_NUM_PRIOS,
                                                    BY_PASS_PRIO_NUM_LEVELS))),
+                 ADD_PRIO(0, KERNEL_RX_MACSEC_MIN_LEVEL, 0, FS_CHAINING_CAPS,
+                          ADD_NS(MLX5_FLOW_TABLE_MISS_ACTION_DEF,
+                                 ADD_MULTIPLE_PRIO(KERNEL_RX_MACSEC_NUM_PRIOS,
+                                                   KERNEL_RX_MACSEC_NUM_LEVELS))),
                  ADD_PRIO(0, LAG_MIN_LEVEL, 0, FS_CHAINING_CAPS,
                           ADD_NS(MLX5_FLOW_TABLE_MISS_ACTION_DEF,
                                  ADD_MULTIPLE_PRIO(LAG_NUM_PRIOS,
@@ -2278,6 +2286,7 @@ static bool is_nic_rx_ns(enum mlx5_flow_namespace_type type)
 {
        switch (type) {
        case MLX5_FLOW_NAMESPACE_BYPASS:
+       case MLX5_FLOW_NAMESPACE_KERNEL_RX_MACSEC:
        case MLX5_FLOW_NAMESPACE_LAG:
        case MLX5_FLOW_NAMESPACE_OFFLOADS:
        case MLX5_FLOW_NAMESPACE_ETHTOOL:

diff --git a/include/linux/mlx5/fs.h b/include/linux/mlx5/fs.h
index 53d1867..c7a9198 100644 (file)
--- a/include/linux/mlx5/fs.h
+++ b/include/linux/mlx5/fs.h
@@ -79,6 +79,7 @@ static inline void build_leftovers_ft_param(int *priority,
 
 enum mlx5_flow_namespace_type {
        MLX5_FLOW_NAMESPACE_BYPASS,
+       MLX5_FLOW_NAMESPACE_KERNEL_RX_MACSEC,
        MLX5_FLOW_NAMESPACE_LAG,
        MLX5_FLOW_NAMESPACE_OFFLOADS,
        MLX5_FLOW_NAMESPACE_ETHTOOL,