Commit 2d9dac55 authored by Leon Romanovsky's avatar Leon Romanovsky Committed by David S. Miller
Browse files

net/mlx5e: Present succeeded IPsec SA bytes and packet 



IPsec SA statistics presents successfully decrypted and encrypted
packet and bytes, and not total handled by this SA. So update the
calculation logic to take into account failures.

Fixes: 6fb7f940 ("net/mlx5e: Connect mlx5 IPsec statistics with XFRM core")
Signed-off-by: default avatarLeon Romanovsky <leonro@nvidia.com>
Signed-off-by: default avatarTariq Toukan <tariqt@nvidia.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 1da839ea

drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c

+23 −13
Original line number Diff line number Diff line
@@ -989,6 +989,10 @@ static void mlx5e_xfrm_update_stats(struct xfrm_state *x) 
	struct mlx5e_ipsec_sa_entry *sa_entry = to_ipsec_sa_entry(x);

	struct mlx5e_ipsec_rule *ipsec_rule = &sa_entry->ipsec_rule;

	struct net *net = dev_net(x->xso.dev);

	u64 trailer_packets = 0, trailer_bytes = 0;

	u64 replay_packets = 0, replay_bytes = 0;

	u64 auth_packets = 0, auth_bytes = 0;

	u64 success_packets, success_bytes;

	u64 packets, bytes, lastuse;



	lockdep_assert(lockdep_is_held(&x->lock) ||
@@ -999,26 +1003,32 @@ static void mlx5e_xfrm_update_stats(struct xfrm_state *x) 
		return;



	if (sa_entry->attrs.dir == XFRM_DEV_OFFLOAD_IN) {

		mlx5_fc_query_cached(ipsec_rule->auth.fc, &bytes, &packets, &lastuse);

		x->stats.integrity_failed += packets;

		XFRM_ADD_STATS(net, LINUX_MIB_XFRMINSTATEPROTOERROR, packets);

		mlx5_fc_query_cached(ipsec_rule->auth.fc, &auth_bytes,

				     &auth_packets, &lastuse);

		x->stats.integrity_failed += auth_packets;

		XFRM_ADD_STATS(net, LINUX_MIB_XFRMINSTATEPROTOERROR, auth_packets);



		mlx5_fc_query_cached(ipsec_rule->trailer.fc, &bytes, &packets, &lastuse);

		XFRM_ADD_STATS(net, LINUX_MIB_XFRMINHDRERROR, packets);

		mlx5_fc_query_cached(ipsec_rule->trailer.fc, &trailer_bytes,

				     &trailer_packets, &lastuse);

		XFRM_ADD_STATS(net, LINUX_MIB_XFRMINHDRERROR, trailer_packets);

	}



	if (x->xso.type != XFRM_DEV_OFFLOAD_PACKET)

		return;



	mlx5_fc_query_cached(ipsec_rule->fc, &bytes, &packets, &lastuse);

	x->curlft.packets += packets;

	x->curlft.bytes += bytes;



	if (sa_entry->attrs.dir == XFRM_DEV_OFFLOAD_IN) {

		mlx5_fc_query_cached(ipsec_rule->replay.fc, &bytes, &packets, &lastuse);

		x->stats.replay += packets;

		XFRM_ADD_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR, packets);

		mlx5_fc_query_cached(ipsec_rule->replay.fc, &replay_bytes,

				     &replay_packets, &lastuse);

		x->stats.replay += replay_packets;

		XFRM_ADD_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR, replay_packets);

	}



	mlx5_fc_query_cached(ipsec_rule->fc, &bytes, &packets, &lastuse);

	success_packets = packets - auth_packets - trailer_packets - replay_packets;

	x->curlft.packets += success_packets;



	success_bytes = bytes - auth_bytes - trailer_bytes - replay_bytes;

	x->curlft.bytes += success_bytes;

}



static int mlx5e_xfrm_validate_policy(struct mlx5_core_dev *mdev,