JIRA: https://issues.redhat.com/browse/RHEL-22227
Upstream-status: v6.6-rc1
commit 58dbd6428a6819e55a3c52ec60126b5d00804a38
Author: Patrisious Haddad <phaddad@nvidia.com>
Date: Thu Apr 13 12:04:59 2023 +0300
RDMA/mlx5: Handles RoCE MACsec steering rules addition and deletion
Add RoCE MACsec rules when a gid is added for the MACsec netdevice and
handle their cleanup when the gid is removed or the MACsec SA is deleted.
Also support alias IP for the MACsec device, as long as we don't have
more ips than what the gid table can hold.
In addition handle the case where a gid is added but there are still no
SAs added for the MACsec device, so the rules are added later on when
the SAs are added.
Signed-off-by: Patrisious Haddad <phaddad@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Amir Tzin <atzin@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-22227
Upstream-status: v6.6-rc1
commit 758ce14aee825f8f3ca8f76c9991c108094cae8b
Author: Patrisious Haddad <phaddad@nvidia.com>
Date: Tue May 3 08:37:48 2022 +0300
RDMA/mlx5: Implement MACsec gid addition and deletion
Handle MACsec IP ambiguity issue, since mlx5 hw can't support
programming both the MACsec and the physical gid when they have the same
IP address, because it wouldn't know to whom to steer the traffic.
Hence in such case we delete the physical gid from the hw gid table,
which would then cause all traffic sent over it to fail, and we'll only
be able to send traffic over the MACsec gid.
Signed-off-by: Patrisious Haddad <phaddad@nvidia.com>
Reviewed-by: Raed Salem <raeds@nvidia.com>
Reviewed-by: Mark Zhang <markzhang@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Amir Tzin <atzin@redhat.com>
Amir Tzin