10
10
#include "lib/ipsec_fs_roce.h"
11
11
#include "lib/fs_chains.h"
12
12
#include "esw/ipsec_fs.h"
13
+ #include "en_rep.h"
13
14
14
15
#define NUM_IPSEC_FTE BIT(15)
15
16
#define MLX5_REFORMAT_TYPE_ADD_ESP_TRANSPORT_SIZE 16
@@ -23,6 +24,7 @@ struct mlx5e_ipsec_fc {
23
24
struct mlx5e_ipsec_tx {
24
25
struct mlx5e_ipsec_ft ft ;
25
26
struct mlx5e_ipsec_miss pol ;
27
+ struct mlx5e_ipsec_miss sa ;
26
28
struct mlx5e_ipsec_rule status ;
27
29
struct mlx5_flow_namespace * ns ;
28
30
struct mlx5e_ipsec_fc * fc ;
@@ -550,7 +552,7 @@ static int ipsec_counter_rule_tx(struct mlx5_core_dev *mdev, struct mlx5e_ipsec_
550
552
}
551
553
552
554
/* IPsec TX flow steering */
553
- static void tx_destroy (struct mlx5_core_dev * mdev , struct mlx5e_ipsec_tx * tx ,
555
+ static void tx_destroy (struct mlx5e_ipsec * ipsec , struct mlx5e_ipsec_tx * tx ,
554
556
struct mlx5_ipsec_fs * roce )
555
557
{
556
558
mlx5_ipsec_fs_roce_tx_destroy (roce );
@@ -562,9 +564,13 @@ static void tx_destroy(struct mlx5_core_dev *mdev, struct mlx5e_ipsec_tx *tx,
562
564
mlx5_destroy_flow_table (tx -> ft .pol );
563
565
}
564
566
567
+ if (tx == ipsec -> tx_esw ) {
568
+ mlx5_del_flow_rules (tx -> sa .rule );
569
+ mlx5_destroy_flow_group (tx -> sa .group );
570
+ }
565
571
mlx5_destroy_flow_table (tx -> ft .sa );
566
572
if (tx -> allow_tunnel_mode )
567
- mlx5_eswitch_unblock_encap (mdev );
573
+ mlx5_eswitch_unblock_encap (ipsec -> mdev );
568
574
mlx5_del_flow_rules (tx -> status .rule );
569
575
mlx5_destroy_flow_table (tx -> ft .status );
570
576
}
@@ -573,6 +579,11 @@ static void ipsec_tx_create_attr_set(struct mlx5e_ipsec *ipsec,
573
579
struct mlx5e_ipsec_tx * tx ,
574
580
struct mlx5e_ipsec_tx_create_attr * attr )
575
581
{
582
+ if (tx == ipsec -> tx_esw ) {
583
+ mlx5_esw_ipsec_tx_create_attr_set (ipsec , attr );
584
+ return ;
585
+ }
586
+
576
587
attr -> prio = 0 ;
577
588
attr -> pol_level = 0 ;
578
589
attr -> sa_level = 1 ;
@@ -611,6 +622,15 @@ static int tx_create(struct mlx5e_ipsec *ipsec, struct mlx5e_ipsec_tx *tx,
611
622
}
612
623
tx -> ft .sa = ft ;
613
624
625
+ if (tx == ipsec -> tx_esw ) {
626
+ dest .type = MLX5_FLOW_DESTINATION_TYPE_VPORT ;
627
+ dest .vport .num = MLX5_VPORT_UPLINK ;
628
+ err = ipsec_miss_create (mdev , tx -> ft .sa , & tx -> sa , & dest );
629
+ if (err )
630
+ goto err_sa_miss ;
631
+ memset (& dest , 0 , sizeof (dest ));
632
+ }
633
+
614
634
if (mlx5_ipsec_device_caps (mdev ) & MLX5_IPSEC_CAP_PRIO ) {
615
635
tx -> chains = ipsec_chains_create (
616
636
mdev , tx -> ft .sa , attr .chains_ns , attr .prio , attr .pol_level ,
@@ -652,6 +672,11 @@ static int tx_create(struct mlx5e_ipsec *ipsec, struct mlx5e_ipsec_tx *tx,
652
672
mlx5_destroy_flow_table (tx -> ft .pol );
653
673
}
654
674
err_pol_ft :
675
+ if (tx == ipsec -> tx_esw ) {
676
+ mlx5_del_flow_rules (tx -> sa .rule );
677
+ mlx5_destroy_flow_group (tx -> sa .group );
678
+ }
679
+ err_sa_miss :
655
680
mlx5_destroy_flow_table (tx -> ft .sa );
656
681
err_sa_ft :
657
682
if (tx -> allow_tunnel_mode )
@@ -662,6 +687,25 @@ static int tx_create(struct mlx5e_ipsec *ipsec, struct mlx5e_ipsec_tx *tx,
662
687
return err ;
663
688
}
664
689
690
+ static void ipsec_esw_tx_ft_policy_set (struct mlx5_core_dev * mdev ,
691
+ struct mlx5_flow_table * ft )
692
+ {
693
+ #ifdef CONFIG_MLX5_ESWITCH
694
+ struct mlx5_eswitch * esw = mdev -> priv .eswitch ;
695
+ struct mlx5e_rep_priv * uplink_rpriv ;
696
+ struct mlx5e_priv * priv ;
697
+
698
+ esw -> offloads .ft_ipsec_tx_pol = ft ;
699
+ uplink_rpriv = mlx5_eswitch_get_uplink_priv (esw , REP_ETH );
700
+ priv = netdev_priv (uplink_rpriv -> netdev );
701
+ if (!priv -> channels .num )
702
+ return ;
703
+
704
+ mlx5e_rep_deactivate_channels (priv );
705
+ mlx5e_rep_activate_channels (priv );
706
+ #endif
707
+ }
708
+
665
709
static int tx_get (struct mlx5_core_dev * mdev , struct mlx5e_ipsec * ipsec ,
666
710
struct mlx5e_ipsec_tx * tx )
667
711
{
@@ -674,6 +718,9 @@ static int tx_get(struct mlx5_core_dev *mdev, struct mlx5e_ipsec *ipsec,
674
718
if (err )
675
719
return err ;
676
720
721
+ if (tx == ipsec -> tx_esw )
722
+ ipsec_esw_tx_ft_policy_set (mdev , tx -> ft .pol );
723
+
677
724
skip :
678
725
tx -> ft .refcnt ++ ;
679
726
return 0 ;
@@ -684,7 +731,10 @@ static void tx_put(struct mlx5e_ipsec *ipsec, struct mlx5e_ipsec_tx *tx)
684
731
if (-- tx -> ft .refcnt )
685
732
return ;
686
733
687
- tx_destroy (ipsec -> mdev , tx , ipsec -> roce );
734
+ if (tx == ipsec -> tx_esw )
735
+ ipsec_esw_tx_ft_policy_set (ipsec -> mdev , NULL );
736
+
737
+ tx_destroy (ipsec , tx , ipsec -> roce );
688
738
}
689
739
690
740
static struct mlx5_flow_table * tx_ft_get_policy (struct mlx5_core_dev * mdev ,
@@ -842,15 +892,15 @@ static void setup_fte_reg_a(struct mlx5_flow_spec *spec)
842
892
misc_parameters_2 .metadata_reg_a , MLX5_ETH_WQE_FT_META_IPSEC );
843
893
}
844
894
845
- static void setup_fte_reg_c0 (struct mlx5_flow_spec * spec , u32 reqid )
895
+ static void setup_fte_reg_c4 (struct mlx5_flow_spec * spec , u32 reqid )
846
896
{
847
897
/* Pass policy check before choosing this SA */
848
898
spec -> match_criteria_enable |= MLX5_MATCH_MISC_PARAMETERS_2 ;
849
899
850
- MLX5_SET (fte_match_param , spec -> match_criteria ,
851
- misc_parameters_2 .metadata_reg_c_0 , reqid );
900
+ MLX5_SET_TO_ONES (fte_match_param , spec -> match_criteria ,
901
+ misc_parameters_2 .metadata_reg_c_4 );
852
902
MLX5_SET (fte_match_param , spec -> match_value ,
853
- misc_parameters_2 .metadata_reg_c_0 , reqid );
903
+ misc_parameters_2 .metadata_reg_c_4 , reqid );
854
904
}
855
905
856
906
static void setup_fte_upper_proto_match (struct mlx5_flow_spec * spec , struct upspec * upspec )
@@ -902,7 +952,7 @@ static int setup_modify_header(struct mlx5e_ipsec *ipsec, int type, u32 val, u8
902
952
break ;
903
953
case XFRM_DEV_OFFLOAD_OUT :
904
954
MLX5_SET (set_action_in , action , field ,
905
- MLX5_ACTION_IN_FIELD_METADATA_REG_C_0 );
955
+ MLX5_ACTION_IN_FIELD_METADATA_REG_C_4 );
906
956
break ;
907
957
default :
908
958
return - EINVAL ;
@@ -1268,7 +1318,7 @@ static int tx_add_rule(struct mlx5e_ipsec_sa_entry *sa_entry)
1268
1318
break ;
1269
1319
case XFRM_DEV_OFFLOAD_PACKET :
1270
1320
if (attrs -> reqid )
1271
- setup_fte_reg_c0 (spec , attrs -> reqid );
1321
+ setup_fte_reg_c4 (spec , attrs -> reqid );
1272
1322
err = setup_pkt_reformat (ipsec , attrs , & flow_act );
1273
1323
if (err )
1274
1324
goto err_pkt_reformat ;
@@ -1379,6 +1429,8 @@ static int tx_add_policy(struct mlx5e_ipsec_pol_entry *pol_entry)
1379
1429
}
1380
1430
1381
1431
flow_act .flags |= FLOW_ACT_NO_APPEND ;
1432
+ if (tx == ipsec -> tx_esw && tx -> chains )
1433
+ flow_act .flags |= FLOW_ACT_IGNORE_FLOW_LEVEL ;
1382
1434
dest [dstn ].ft = tx -> ft .sa ;
1383
1435
dest [dstn ].type = MLX5_FLOW_DESTINATION_TYPE_FLOW_TABLE ;
1384
1436
dstn ++ ;
0 commit comments