git.droids-corp.org - dpdk.git/commit

author	Wei Zhao <wei.zhao1@intel.com>
	Wed, 29 Apr 2020 08:42:27 +0000 (16:42 +0800)
committer	Ferruh Yigit <ferruh.yigit@intel.com>
	Mon, 11 May 2020 20:27:39 +0000 (22:27 +0200)
commit	2e873cf407e8a7f0a2c4478eaa2c1d24c0d2fc74
tree	d080110c900c66bdc402f54ddc53f68702cfece2	tree \| snapshot
parent	5330b042977c61b1600700013c6ef2509d496b16	commit \| diff

net/ice/base: fix switch rule for IPsec

When we download a switch rule for ipv6 with esp payload
"eth / ipv6 / esp spi is 1 / end actions queue index 2 / end"

if we don't add bm bit set check for tun_type, then a packet of
ipv4 with esp payload

"sendp([Ether(dst="00:00:00:00:01:00")/IP(proto=50)/ESP(spi=1)/
("X"*480)], iface="ens5f0", count=10)"

Will also go to queue index 2. And also, we need to do tun_type
check, or the second rule of following can not be download because
of rejection from switch rule download function ice_aq_sw_rules().

"eth / ipv4 / esp spi is 1 / end actions queue index 5 / end"

"eth / ipv6 / esp spi is 1 / end actions queue index 2 / end"

Fixes: 4f11962fce84 ("net/ice/base: support AH ESP and NAT-T on switch")
Fixes: 99d8ba79efbe ("net/ice/base: force switch to use different recipe")

Signed-off-by: Wei Zhao <wei.zhao1@intel.com>
Tested-by: Qi Fu <qi.fu@intel.com>
Acked-by: Qi Zhang <qi.z.zhang@intel.com>

drivers/net/ice/base/ice_switch.c		diff \| blob \| history
drivers/net/ice/base/ice_switch.h		diff \| blob \| history