net/mlx5e: Support IPsec upper protocol selector field offload for RX

Emeel Hakim · Saeed Mahameed · commit c338325f7a18 · 2023-08-22T21:34:18.000-07:00
Support RX policy/state upper protocol selector field offload,
to enable selecting RX traffic for IPsec operation based on l4
protocol UDP with specific source/destination port.

Signed-off-by: Emeel Hakim &lt;ehakim@nvidia.com&gt;
Reviewed-by: Raed Salem &lt;raeds@nvidia.com&gt;
Reviewed-by: Simon Horman &lt;horms@kernel.org&gt;
Signed-off-by: Leon Romanovsky &lt;leonro@nvidia.com&gt;
Signed-off-by: Saeed Mahameed &lt;saeedm@nvidia.com&gt;
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c
@@ -440,9 +440,8 @@ static int mlx5e_xfrm_validate_state(struct mlx5_core_dev *mdev,
 		return -EINVAL;
 	}
 
-	if (x->sel.proto != IPPROTO_IP &&
-	    (x->sel.proto != IPPROTO_UDP || x->xso.dir != XFRM_DEV_OFFLOAD_OUT)) {
-		NL_SET_ERR_MSG_MOD(extack, "Device does not support upper protocol other than UDP, and only Tx direction");
+	if (x->sel.proto != IPPROTO_IP && x->sel.proto != IPPROTO_UDP) {
+		NL_SET_ERR_MSG_MOD(extack, "Device does not support upper protocol other than UDP");
 		return -EINVAL;
 	}
 
@@ -983,9 +982,8 @@ static int mlx5e_xfrm_validate_policy(struct mlx5_core_dev *mdev,
 		return -EINVAL;
 	}
 
-	if (sel->proto != IPPROTO_IP &&
-	    (sel->proto != IPPROTO_UDP || x->xdo.dir != XFRM_DEV_OFFLOAD_OUT)) {
-		NL_SET_ERR_MSG_MOD(extack, "Device does not support upper protocol other than UDP, and only Tx direction");
+	if (x->selector.proto != IPPROTO_IP && x->selector.proto != IPPROTO_UDP) {
+		NL_SET_ERR_MSG_MOD(extack, "Device does not support upper protocol other than UDP");
 		return -EINVAL;
 	}
 
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c
@@ -1243,6 +1243,7 @@ static int rx_add_rule(struct mlx5e_ipsec_sa_entry *sa_entry)
 	setup_fte_spi(spec, attrs->spi);
 	setup_fte_esp(spec);
 	setup_fte_no_frags(spec);
+	setup_fte_upper_proto_match(spec, &attrs->upspec);
 
 	if (rx != ipsec->rx_esw)
 		err = setup_modify_header(ipsec, attrs->type,
@@ -1519,6 +1520,7 @@ static int rx_add_policy(struct mlx5e_ipsec_pol_entry *pol_entry)
 		setup_fte_addr6(spec, attrs->saddr.a6, attrs->daddr.a6);
 
 	setup_fte_no_frags(spec);
+	setup_fte_upper_proto_match(spec, &attrs->upspec);
 
 	switch (attrs->action) {
 	case XFRM_POLICY_ALLOW:

Original file line number	Diff line number	Diff line change
`@@ -440,9 +440,8 @@ static int mlx5e_xfrm_validate_state(struct mlx5_core_dev *mdev,`
`440`	`440`	`return -EINVAL;`
`441`	`441`	`}`
`442`	`442`
`443`		`- if (x->sel.proto != IPPROTO_IP &&`
`444`		`- (x->sel.proto != IPPROTO_UDP \|\| x->xso.dir != XFRM_DEV_OFFLOAD_OUT)) {`
`445`		`- NL_SET_ERR_MSG_MOD(extack, "Device does not support upper protocol other than UDP, and only Tx direction");`
	`443`	`+ if (x->sel.proto != IPPROTO_IP && x->sel.proto != IPPROTO_UDP) {`
	`444`	`+ NL_SET_ERR_MSG_MOD(extack, "Device does not support upper protocol other than UDP");`
`446`	`445`	`return -EINVAL;`
`447`	`446`	`}`
`448`	`447`
`@@ -983,9 +982,8 @@ static int mlx5e_xfrm_validate_policy(struct mlx5_core_dev *mdev,`
`983`	`982`	`return -EINVAL;`
`984`	`983`	`}`
`985`	`984`
`986`		`- if (sel->proto != IPPROTO_IP &&`
`987`		`- (sel->proto != IPPROTO_UDP \|\| x->xdo.dir != XFRM_DEV_OFFLOAD_OUT)) {`
`988`		`- NL_SET_ERR_MSG_MOD(extack, "Device does not support upper protocol other than UDP, and only Tx direction");`
	`985`	`+ if (x->selector.proto != IPPROTO_IP && x->selector.proto != IPPROTO_UDP) {`
	`986`	`+ NL_SET_ERR_MSG_MOD(extack, "Device does not support upper protocol other than UDP");`
`989`	`987`	`return -EINVAL;`
`990`	`988`	`}`
`991`	`989`