From 2e873cf407e8a7f0a2c4478eaa2c1d24c0d2fc74 Mon Sep 17 00:00:00 2001
From: Wei Zhao <wei.zhao1@intel.com>
Date: Wed, 29 Apr 2020 16:42:27 +0800
Subject: [PATCH] net/ice/base: fix switch rule for IPsec

When we download a switch rule for ipv6 with esp payload
"eth / ipv6 / esp spi is 1 / end actions queue index 2 / end"

if we don't add bm bit set check for tun_type, then a packet of
ipv4 with esp payload

"sendp([Ether(dst="00:00:00:00:01:00")/IP(proto=50)/ESP(spi=1)/
("X"*480)], iface="ens5f0", count=10)"

Will also go to queue index 2. And also, we need to do tun_type
check, or the second rule of following can not be download because
of rejection from switch rule download function ice_aq_sw_rules().

"eth / ipv4 / esp spi is 1 / end actions queue index 5 / end"

"eth / ipv6 / esp spi is 1 / end actions queue index 2 / end"

Fixes: 4f11962fce84 ("net/ice/base: support AH ESP and NAT-T on switch")
Fixes: 99d8ba79efbe ("net/ice/base: force switch to use different recipe")

Signed-off-by: Wei Zhao <wei.zhao1@intel.com>
Tested-by: Qi Fu <qi.fu@intel.com>
Acked-by: Qi Zhang <qi.z.zhang@intel.com>
---
 drivers/net/ice/base/ice_switch.c | 13 +++++++++----
 drivers/net/ice/base/ice_switch.h |  2 ++
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/drivers/net/ice/base/ice_switch.c b/drivers/net/ice/base/ice_switch.c
index 957142a105..f3d52d2dc4 100644
--- a/drivers/net/ice/base/ice_switch.c
+++ b/drivers/net/ice/base/ice_switch.c
@@ -5285,10 +5285,7 @@ static u16 ice_find_recp(struct ice_hw *hw, struct ice_prot_lkup_ext *lkup_exts,
 			/* If for "i"th recipe the found was never set to false
 			 * then it means we found our match
 			 */
-			if (ice_is_prof_rule(tun_type) &&
-			    tun_type == recp[i].tun_type && found)
-				return i; /* Return the recipe ID */
-			else if (!ice_is_prof_rule(tun_type) && found)
+			if (tun_type == recp[i].tun_type && found)
 				return i; /* Return the recipe ID */
 		}
 	}
@@ -6005,9 +6002,11 @@ ice_get_compat_fv_bitmap(struct ice_hw *hw, struct ice_adv_rule_info *rinfo,
 		prof_type = ICE_PROF_TUN_PPPOE;
 		break;
 	case ICE_SW_TUN_PROFID_IPV6_ESP:
+	case ICE_SW_TUN_IPV6_ESP:
 		ice_set_bit(ICE_PROFID_IPV6_ESP, bm);
 		return;
 	case ICE_SW_TUN_PROFID_IPV6_AH:
+	case ICE_SW_TUN_IPV6_AH:
 		ice_set_bit(ICE_PROFID_IPV6_AH, bm);
 		return;
 	case ICE_SW_TUN_PROFID_MAC_IPV6_L2TPV3:
@@ -6036,6 +6035,12 @@ ice_get_compat_fv_bitmap(struct ice_hw *hw, struct ice_adv_rule_info *rinfo,
 	case ICE_SW_TUN_IPV4_L2TPV3:
 		ice_set_bit(ICE_PROFID_MAC_IPV4_L2TPV3, bm);
 		return;
+	case ICE_SW_TUN_IPV4_ESP:
+		ice_set_bit(ICE_PROFID_IPV4_ESP, bm);
+		return;
+	case ICE_SW_TUN_IPV4_AH:
+		ice_set_bit(ICE_PROFID_IPV4_AH, bm);
+		return;
 	case ICE_SW_TUN_AND_NON_TUN:
 	default:
 		prof_type = ICE_PROF_ALL;
diff --git a/drivers/net/ice/base/ice_switch.h b/drivers/net/ice/base/ice_switch.h
index 09dc1f2364..6bb742d2fd 100644
--- a/drivers/net/ice/base/ice_switch.h
+++ b/drivers/net/ice/base/ice_switch.h
@@ -16,7 +16,9 @@
 #define ICE_FLTR_TX_RX (ICE_FLTR_RX | ICE_FLTR_TX)
 
 /* Switch Profile IDs for Profile related switch rules */
+#define ICE_PROFID_IPV4_ESP		71
 #define ICE_PROFID_IPV6_ESP		72
+#define ICE_PROFID_IPV4_AH		73
 #define ICE_PROFID_IPV6_AH		74
 #define ICE_PROFID_IPV4_NAT_T		75
 #define ICE_PROFID_IPV6_NAT_T		76
-- 
2.20.1