Merge branch 'net-mlx5e-move-ipsec-policy-check-after-decryption' (79936fcb) · Commits · git / linux-net

drivers/net/ethernet/mellanox/mlx5/core/en/fs.h

+2 −2

Original line number	Diff line number	Diff line
		@@ -84,9 +84,9 @@ enum {
		MLX5E_ARFS_FT_LEVEL = MLX5E_INNER_TTC_FT_LEVEL + 1,
		#endif
		#ifdef CONFIG_MLX5_EN_IPSEC
		MLX5E_ACCEL_FS_POL_FT_LEVEL = MLX5E_INNER_TTC_FT_LEVEL + 1,
		MLX5E_ACCEL_FS_ESP_FT_LEVEL,
		MLX5E_ACCEL_FS_ESP_FT_LEVEL = MLX5E_INNER_TTC_FT_LEVEL + 1,
		MLX5E_ACCEL_FS_ESP_FT_ERR_LEVEL,
		MLX5E_ACCEL_FS_POL_FT_LEVEL,
		MLX5E_ACCEL_FS_ESP_FT_ROCE_LEVEL,
		#endif
		};

+5 −0

Original line number	Diff line number	Diff line
		@@ -128,6 +128,7 @@ struct mlx5e_ipsec_hw_stats {
		u64 ipsec_rx_bytes;
		u64 ipsec_rx_drop_pkts;
		u64 ipsec_rx_drop_bytes;
		u64 ipsec_rx_drop_mismatch_sa_sel;
		u64 ipsec_tx_pkts;
		u64 ipsec_tx_bytes;
		u64 ipsec_tx_drop_pkts;
		@@ -184,6 +185,7 @@ struct mlx5e_ipsec_ft {
		struct mutex mutex; /* Protect changes to this struct */
		struct mlx5_flow_table *pol;
		struct mlx5_flow_table *sa;
		struct mlx5_flow_table *sa_sel;
		struct mlx5_flow_table *status;
		u32 refcnt;
		};
		@@ -195,6 +197,8 @@ struct mlx5e_ipsec_drop {

		struct mlx5e_ipsec_rule {
		struct mlx5_flow_handle *rule;
		struct mlx5_flow_handle *status_pass;
		struct mlx5_flow_handle *sa_sel;
		struct mlx5_modify_hdr *modify_hdr;
		struct mlx5_pkt_reformat *pkt_reformat;
		struct mlx5_fc *fc;
		@@ -206,6 +210,7 @@ struct mlx5e_ipsec_rule {
		struct mlx5e_ipsec_miss {
		struct mlx5_flow_group *group;
		struct mlx5_flow_handle *rule;
		struct mlx5_fc *fc;
		};

		struct mlx5e_ipsec_tx_create_attr {

+529 −91

File changed.

Preview size limit exceeded, changes collapsed.

+1 −0

Original line number	Diff line number	Diff line
		@@ -42,6 +42,7 @@ static const struct counter_desc mlx5e_ipsec_hw_stats_desc[] = {
		{ MLX5E_DECLARE_STAT(struct mlx5e_ipsec_hw_stats, ipsec_rx_bytes) },
		{ MLX5E_DECLARE_STAT(struct mlx5e_ipsec_hw_stats, ipsec_rx_drop_pkts) },
		{ MLX5E_DECLARE_STAT(struct mlx5e_ipsec_hw_stats, ipsec_rx_drop_bytes) },
		{ MLX5E_DECLARE_STAT(struct mlx5e_ipsec_hw_stats, ipsec_rx_drop_mismatch_sa_sel) },
		{ MLX5E_DECLARE_STAT(struct mlx5e_ipsec_hw_stats, ipsec_tx_pkts) },
		{ MLX5E_DECLARE_STAT(struct mlx5e_ipsec_hw_stats, ipsec_tx_bytes) },
		{ MLX5E_DECLARE_STAT(struct mlx5e_ipsec_hw_stats, ipsec_tx_drop_pkts) },

+14 −1

Original line number	Diff line number	Diff line
		@@ -10,9 +10,9 @@
		#endif

		enum {
		MLX5_ESW_IPSEC_RX_POL_FT_LEVEL,
		MLX5_ESW_IPSEC_RX_ESP_FT_LEVEL,
		MLX5_ESW_IPSEC_RX_ESP_FT_CHK_LEVEL,
		MLX5_ESW_IPSEC_RX_POL_FT_LEVEL,
		};

		enum {
		@@ -85,6 +85,19 @@ int mlx5_esw_ipsec_rx_setup_modify_header(struct mlx5e_ipsec_sa_entry *sa_entry,
		return err;
		}

		void mlx5_esw_ipsec_rx_rule_add_match_obj(struct mlx5e_ipsec_sa_entry *sa_entry,
		struct mlx5_flow_spec *spec)
		{
		MLX5_SET(fte_match_param, spec->match_criteria,
		misc_parameters_2.metadata_reg_c_1,
		ESW_IPSEC_RX_MAPPED_ID_MATCH_MASK);
		MLX5_SET(fte_match_param, spec->match_value,
		misc_parameters_2.metadata_reg_c_1,
		sa_entry->rx_mapped_id << ESW_ZONE_ID_BITS);

		spec->match_criteria_enable \|= MLX5_MATCH_MISC_PARAMETERS_2;
		}

		void mlx5_esw_ipsec_rx_id_mapping_remove(struct mlx5e_ipsec_sa_entry *sa_entry)
		{
		struct mlx5e_ipsec *ipsec = sa_entry->ipsec;