net/ice/base: fix switch rule for IPsec

When we download a switch rule for ipv6 with esp payload
"eth / ipv6 / esp spi is 1 / end actions queue index 2 / end"

if we don't add bm bit set check for tun_type, then a packet of
ipv4 with esp payload

"sendp([Ether(dst="00:00:00:00:01:00")/IP(proto=50)/ESP(spi=1)/
("X"*480)], iface="ens5f0", count=10)"

Will also go to queue index 2. And also, we need to do tun_type
check, or the second rule of following can not be download because
of rejection from switch rule download function ice_aq_sw_rules().

"eth / ipv4 / esp spi is 1 / end actions queue index 5 / end"

"eth / ipv6 / esp spi is 1 / end actions queue index 2 / end"

Fixes: 4f11962fce84 ("net/ice/base: support AH ESP and NAT-T on switch")
Fixes: 99d8ba79efbe ("net/ice/base: force switch to use different recipe")

Signed-off-by: Wei Zhao <wei.zhao1@intel.com>
Tested-by: Qi Fu <qi.fu@intel.com>
Acked-by: Qi Zhang <qi.z.zhang@intel.com>

diff --git a/drivers/net/ice/base/ice_switch.c b/drivers/net/ice/base/ice_switch.c
index 957142a..f3d52d2 100644 (file)
--- a/drivers/net/ice/base/ice_switch.c
+++ b/drivers/net/ice/base/ice_switch.c
@@ -5285,10 +5285,7 @@ static u16 ice_find_recp(struct ice_hw *hw, struct ice_prot_lkup_ext *lkup_exts,
                        /* If for "i"th recipe the found was never set to false
                         * then it means we found our match
                         */
-                       if (ice_is_prof_rule(tun_type) &&
-                           tun_type == recp[i].tun_type && found)
-                               return i; /* Return the recipe ID */
-                       else if (!ice_is_prof_rule(tun_type) && found)
+                       if (tun_type == recp[i].tun_type && found)
                                return i; /* Return the recipe ID */
                }
        }
@@ -6005,9 +6002,11 @@ ice_get_compat_fv_bitmap(struct ice_hw *hw, struct ice_adv_rule_info *rinfo,
                prof_type = ICE_PROF_TUN_PPPOE;
                break;
        case ICE_SW_TUN_PROFID_IPV6_ESP:
+       case ICE_SW_TUN_IPV6_ESP:
                ice_set_bit(ICE_PROFID_IPV6_ESP, bm);
                return;
        case ICE_SW_TUN_PROFID_IPV6_AH:
+       case ICE_SW_TUN_IPV6_AH:
                ice_set_bit(ICE_PROFID_IPV6_AH, bm);
                return;
        case ICE_SW_TUN_PROFID_MAC_IPV6_L2TPV3:
@@ -6036,6 +6035,12 @@ ice_get_compat_fv_bitmap(struct ice_hw *hw, struct ice_adv_rule_info *rinfo,
        case ICE_SW_TUN_IPV4_L2TPV3:
                ice_set_bit(ICE_PROFID_MAC_IPV4_L2TPV3, bm);
                return;
+       case ICE_SW_TUN_IPV4_ESP:
+               ice_set_bit(ICE_PROFID_IPV4_ESP, bm);
+               return;
+       case ICE_SW_TUN_IPV4_AH:
+               ice_set_bit(ICE_PROFID_IPV4_AH, bm);
+               return;
        case ICE_SW_TUN_AND_NON_TUN:
        default:
                prof_type = ICE_PROF_ALL;

diff --git a/drivers/net/ice/base/ice_switch.h b/drivers/net/ice/base/ice_switch.h
index 09dc1f2..6bb742d 100644 (file)
--- a/drivers/net/ice/base/ice_switch.h
+++ b/drivers/net/ice/base/ice_switch.h
@@ -16,7 +16,9 @@
 #define ICE_FLTR_TX_RX (ICE_FLTR_RX | ICE_FLTR_TX)
 
 /* Switch Profile IDs for Profile related switch rules */
+#define ICE_PROFID_IPV4_ESP            71
 #define ICE_PROFID_IPV6_ESP            72
+#define ICE_PROFID_IPV4_AH             73
 #define ICE_PROFID_IPV6_AH             74
 #define ICE_PROFID_IPV4_NAT_T          75
 #define ICE_PROFID_IPV6_NAT_T          76