From: Leon Romanovsky <leon@kernel.org>
To: Jason Gunthorpe <jgg@nvidia.com>, Jakub Kicinski <kuba@kernel.org>
Cc: Leon Romanovsky <leonro@nvidia.com>,
"David S . Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
linux-rdma@vger.kernel.org, Maor Gottlieb <maorg@nvidia.com>,
Mark Zhang <markzhang@nvidia.com>,
netdev@vger.kernel.org, Paolo Abeni <pabeni@redhat.com>,
Patrisious Haddad <phaddad@nvidia.com>,
Raed Salem <raeds@nvidia.com>, Saeed Mahameed <saeedm@nvidia.com>,
Simon Horman <horms@kernel.org>
Subject: [PATCH mlx5-next v1 00/14] mlx5 MACsec RoCEv2 support
Date: Wed, 9 Aug 2023 11:29:12 +0300 [thread overview]
Message-ID: <cover.1691569414.git.leon@kernel.org> (raw)
From: Leon Romanovsky <leonro@nvidia.com>
Changelog:
v1:
* Reordered patches
v0: https://lore.kernel.org/all/cover.1691403485.git.leon@kernel.org
---------------------------------------------------------------------
From Patrisious:
This series extends previously added MACsec offload support
to cover RoCE traffic either.
In order to achieve that, we need configure MACsec with offload between
the two endpoints, like below:
REMOTE_MAC=10:70:fd:43:71:c0
* ip addr add 1.1.1.1/16 dev eth2
* ip link set dev eth2 up
* ip link add link eth2 macsec0 type macsec encrypt on
* ip macsec offload macsec0 mac
* ip macsec add macsec0 tx sa 0 pn 1 on key 00 dffafc8d7b9a43d5b9a3dfbbf6a30c16
* ip macsec add macsec0 rx port 1 address $REMOTE_MAC
* ip macsec add macsec0 rx port 1 address $REMOTE_MAC sa 0 pn 1 on key 01 ead3664f508eb06c40ac7104cdae4ce5
* ip addr add 10.1.0.1/16 dev macsec0
* ip link set dev macsec0 up
And in a similar manner on the other machine, while noting the keys order
would be reversed and the MAC address of the other machine.
RDMA traffic is separated through relevant GID entries and in case of IP ambiguity
issue - meaning we have a physical GIDs and a MACsec GIDs with the same IP/GID, we
disable our physical GID in order to force the user to only use the MACsec GID.
Thanks
Patrisious Haddad (14):
macsec: add functions to get macsec real netdevice and check offload
net/mlx5e: Move MACsec flow steering operations to be used as core
library
net/mlx5: Remove dependency of macsec flow steering on ethernet
net/mlx5e: Rename MACsec flow steering functions/parameters to suit
core naming style
net/mlx5e: Move MACsec flow steering and statistics database from
ethernet to core
net/mlx5: Remove netdevice from MACsec steering
net/mlx5: Maintain fs_id xarray per MACsec device inside macsec
steering
RDMA/mlx5: Implement MACsec gid addition and deletion
net/mlx5: Add MACsec priorities in RDMA namespaces
IB/core: Reorder GID delete code for RoCE
net/mlx5: Configure MACsec steering for egress RoCEv2 traffic
net/mlx5: Configure MACsec steering for ingress RoCEv2 traffic
net/mlx5: Add RoCE MACsec steering infrastructure in core
RDMA/mlx5: Handles RoCE MACsec steering rules addition and deletion
drivers/infiniband/core/cache.c | 6 +-
drivers/infiniband/hw/mlx5/Makefile | 1 +
drivers/infiniband/hw/mlx5/macsec.c | 364 +++
drivers/infiniband/hw/mlx5/macsec.h | 29 +
drivers/infiniband/hw/mlx5/main.c | 41 +-
drivers/infiniband/hw/mlx5/mlx5_ib.h | 17 +
.../net/ethernet/mellanox/mlx5/core/Kconfig | 2 +-
.../net/ethernet/mellanox/mlx5/core/Makefile | 2 +-
drivers/net/ethernet/mellanox/mlx5/core/en.h | 2 +-
.../mellanox/mlx5/core/en_accel/en_accel.h | 4 +-
.../mellanox/mlx5/core/en_accel/macsec.c | 176 +-
.../mellanox/mlx5/core/en_accel/macsec.h | 26 +-
.../mellanox/mlx5/core/en_accel/macsec_fs.c | 1394 ----------
.../mellanox/mlx5/core/en_accel/macsec_fs.h | 47 -
.../mlx5/core/en_accel/macsec_stats.c | 22 +-
.../ethernet/mellanox/mlx5/core/en_stats.c | 2 +-
.../net/ethernet/mellanox/mlx5/core/fs_cmd.c | 1 +
.../net/ethernet/mellanox/mlx5/core/fs_core.c | 37 +-
.../mellanox/mlx5/core/lib/macsec_fs.c | 2411 +++++++++++++++++
.../mellanox/mlx5/core/lib/macsec_fs.h | 64 +
drivers/net/macsec.c | 15 +
include/linux/mlx5/device.h | 2 +
include/linux/mlx5/driver.h | 51 +
include/linux/mlx5/fs.h | 2 +
include/linux/mlx5/macsec.h | 32 +
include/net/macsec.h | 2 +
26 files changed, 3122 insertions(+), 1630 deletions(-)
create mode 100644 drivers/infiniband/hw/mlx5/macsec.c
create mode 100644 drivers/infiniband/hw/mlx5/macsec.h
delete mode 100644 drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec_fs.c
delete mode 100644 drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec_fs.h
create mode 100644 drivers/net/ethernet/mellanox/mlx5/core/lib/macsec_fs.c
create mode 100644 drivers/net/ethernet/mellanox/mlx5/core/lib/macsec_fs.h
create mode 100644 include/linux/mlx5/macsec.h
--
2.41.0
next reply other threads:[~2023-08-09 8:29 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-09 8:29 Leon Romanovsky [this message]
2023-08-09 8:29 ` [PATCH mlx5-next v1 01/14] macsec: add functions to get macsec real netdevice and check offload Leon Romanovsky
2023-08-09 8:29 ` [PATCH mlx5-next v1 02/14] net/mlx5e: Move MACsec flow steering operations to be used as core library Leon Romanovsky
2023-08-09 8:29 ` [PATCH mlx5-next v1 03/14] net/mlx5: Remove dependency of macsec flow steering on ethernet Leon Romanovsky
2023-08-09 8:29 ` [PATCH mlx5-next v1 04/14] net/mlx5e: Rename MACsec flow steering functions/parameters to suit core naming style Leon Romanovsky
2023-08-09 8:29 ` [PATCH mlx5-next v1 05/14] net/mlx5e: Move MACsec flow steering and statistics database from ethernet to core Leon Romanovsky
2023-08-09 8:29 ` [PATCH mlx5-next v1 06/14] net/mlx5: Remove netdevice from MACsec steering Leon Romanovsky
2023-08-09 8:29 ` [PATCH mlx5-next v1 07/14] net/mlx5: Maintain fs_id xarray per MACsec device inside macsec steering Leon Romanovsky
2023-08-09 8:29 ` [PATCH mlx5-next v1 08/14] RDMA/mlx5: Implement MACsec gid addition and deletion Leon Romanovsky
2023-08-09 8:29 ` [PATCH mlx5-next v1 09/14] net/mlx5: Add MACsec priorities in RDMA namespaces Leon Romanovsky
2023-08-09 8:29 ` [PATCH mlx5-next v1 10/14] IB/core: Reorder GID delete code for RoCE Leon Romanovsky
2023-08-09 8:29 ` [PATCH mlx5-next v1 11/14] net/mlx5: Configure MACsec steering for egress RoCEv2 traffic Leon Romanovsky
2023-08-09 8:29 ` [PATCH mlx5-next v1 12/14] net/mlx5: Configure MACsec steering for ingress " Leon Romanovsky
2023-08-09 8:29 ` [PATCH mlx5-next v1 13/14] net/mlx5: Add RoCE MACsec steering infrastructure in core Leon Romanovsky
2023-08-09 8:29 ` [PATCH mlx5-next v1 14/14] RDMA/mlx5: Handles RoCE MACsec steering rules addition and deletion Leon Romanovsky
2023-08-09 23:09 ` [PATCH mlx5-next v1 00/14] mlx5 MACsec RoCEv2 support Jakub Kicinski
2023-08-09 23:10 ` Jakub Kicinski
2023-08-09 23:53 ` Jason Gunthorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1691569414.git.leon@kernel.org \
--to=leon@kernel.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=jgg@nvidia.com \
--cc=kuba@kernel.org \
--cc=leonro@nvidia.com \
--cc=linux-rdma@vger.kernel.org \
--cc=maorg@nvidia.com \
--cc=markzhang@nvidia.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=phaddad@nvidia.com \
--cc=raeds@nvidia.com \
--cc=saeedm@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).