net/mlx5e: Support IPsec upper protocol selector field offload for RX

Support RX policy/state upper protocol selector field offload,
to enable selecting RX traffic for IPsec operation based on l4
protocol UDP with specific source/destination port.

Signed-off-by: Emeel Hakim <ehakim@nvidia.com>
Reviewed-by: Raed Salem <raeds@nvidia.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
index a577f0edabe86b4a3d5d9635f5bdff0f6875e937..2bbe232c2ffa78b852756c024515fc8341fbecad 100644 (file)
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
@@ -440,9 +440,8 @@ static int mlx5e_xfrm_validate_state(struct mlx5_core_dev *mdev,
                return -EINVAL;
        }
 
-       if (x->sel.proto != IPPROTO_IP &&
-           (x->sel.proto != IPPROTO_UDP || x->xso.dir != XFRM_DEV_OFFLOAD_OUT)) {
-               NL_SET_ERR_MSG_MOD(extack, "Device does not support upper protocol other than UDP, and only Tx direction");
+       if (x->sel.proto != IPPROTO_IP && x->sel.proto != IPPROTO_UDP) {
+               NL_SET_ERR_MSG_MOD(extack, "Device does not support upper protocol other than UDP");
                return -EINVAL;
        }
 
@@ -983,9 +982,8 @@ static int mlx5e_xfrm_validate_policy(struct mlx5_core_dev *mdev,
                return -EINVAL;
        }
 
-       if (sel->proto != IPPROTO_IP &&
-           (sel->proto != IPPROTO_UDP || x->xdo.dir != XFRM_DEV_OFFLOAD_OUT)) {
-               NL_SET_ERR_MSG_MOD(extack, "Device does not support upper protocol other than UDP, and only Tx direction");
+       if (x->selector.proto != IPPROTO_IP && x->selector.proto != IPPROTO_UDP) {
+               NL_SET_ERR_MSG_MOD(extack, "Device does not support upper protocol other than UDP");
                return -EINVAL;
        }
 

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c
index 3781c72d97f1a4463d42288c7c2ec9e2b919985c..f5e29b7f5ba0e97fbfe1757d9af937898e345347 100644 (file)
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c
@@ -1243,6 +1243,7 @@ static int rx_add_rule(struct mlx5e_ipsec_sa_entry *sa_entry)
        setup_fte_spi(spec, attrs->spi);
        setup_fte_esp(spec);
        setup_fte_no_frags(spec);
+       setup_fte_upper_proto_match(spec, &attrs->upspec);
 
        if (rx != ipsec->rx_esw)
                err = setup_modify_header(ipsec, attrs->type,
@@ -1519,6 +1520,7 @@ static int rx_add_policy(struct mlx5e_ipsec_pol_entry *pol_entry)
                setup_fte_addr6(spec, attrs->saddr.a6, attrs->daddr.a6);
 
        setup_fte_no_frags(spec);
+       setup_fte_upper_proto_match(spec, &attrs->upspec);
 
        switch (attrs->action) {
        case XFRM_POLICY_ALLOW: