diff mbox series

net/mlx5: fix matcher priority for esp item

Message ID 20220728141203.3191-1-bzalkilani@nvidia.com (mailing list archive)
State Accepted, archived
Delegated to: Raslan Darawsheh
Headers
Series net/mlx5: fix matcher priority for esp item |

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/iol-mellanox-Performance success Performance Testing PASS
ci/iol-aarch64-unit-testing success Testing PASS
ci/iol-intel-Performance success Performance Testing PASS
ci/iol-intel-Functional success Functional Testing PASS
ci/iol-aarch64-compile-testing success Testing PASS
ci/iol-x86_64-compile-testing success Testing PASS
ci/iol-x86_64-unit-testing success Testing PASS
ci/github-robot: build success github build: passed
ci/Intel-compilation success Compilation OK
ci/intel-Testing success Testing PASS

Commit Message

Bassam ZaidAlKilani July 28, 2022, 2:12 p.m. UTC 
  ESP is one of IPSec protocols over both IPv4 and IPv6 and is considered
a tunnel layer that cannot be followed by any other layer. Taking that
into consideration, esp is considered as a 4 layer.

Not defining ESP's priority will make it match with the same priority as
its prior IP layer, which has a layer 3 priority. This will lead to
issues in matching and will match the packet with the first matching
rule even if it doesn't have an esp layer in its pattern, disregarding
any following rules that could have an esp item and can be actually
a more accurate match since it will have a longer matching criterion.

This is fixed by defining the priority for the ESP item to have a
layer 4 priority, making the match be for the rule with the more
accurate and longer matching criteria.

Fixes: 18ca4a4ec73a ("net/mlx5: support ESP SPI match and RSS hash")
Cc: rzidane@nvidia.com
Cc: stable@dpdk.org

Signed-off-by: Bassam ZaidAlKilani <bzalkilani@nvidia.com>
---
 drivers/net/mlx5/mlx5_flow_dv.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Slava Ovsiienko Aug. 17, 2022, 7:21 a.m. UTC | #1 
> -----Original Message-----
> From: Bassam Zaid AlKilani <bzalkilani@nvidia.com>
> Sent: Thursday, July 28, 2022 17:12
> To: dev@dpdk.org
> Cc: Raslan Darawsheh <rasland@nvidia.com>; rzidane@nvidia.com;
> stable@dpdk.org; Matan Azrad <matan@nvidia.com>; Slava Ovsiienko
> <viacheslavo@nvidia.com>
> Subject: [PATCH] net/mlx5: fix matcher priority for esp item
> 
> ESP is one of IPSec protocols over both IPv4 and IPv6 and is considered a
> tunnel layer that cannot be followed by any other layer. Taking that into
> consideration, esp is considered as a 4 layer.
> 
> Not defining ESP's priority will make it match with the same priority as its
> prior IP layer, which has a layer 3 priority. This will lead to issues in
> matching and will match the packet with the first matching rule even if it
> doesn't have an esp layer in its pattern, disregarding any following rules
> that could have an esp item and can be actually a more accurate match since
> it will have a longer matching criterion.
> 
> This is fixed by defining the priority for the ESP item to have a layer 4
> priority, making the match be for the rule with the more accurate and longer
> matching criteria.
> 
> Fixes: 18ca4a4ec73a ("net/mlx5: support ESP SPI match and RSS hash")
> Cc: rzidane@nvidia.com
> Cc: stable@dpdk.org
> 
> Signed-off-by: Bassam ZaidAlKilani <bzalkilani@nvidia.com>

Acked-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com>
Raslan Darawsheh Aug. 17, 2022, 8:19 a.m. UTC | #2 
Hi,

> -----Original Message-----
> From: Bassam Zaid AlKilani <bzalkilani@nvidia.com>
> Sent: Thursday, July 28, 2022 5:12 PM
> To: dev@dpdk.org
> Cc: Raslan Darawsheh <rasland@nvidia.com>; rzidane@nvidia.com;
> stable@dpdk.org; Matan Azrad <matan@nvidia.com>; Slava Ovsiienko
> <viacheslavo@nvidia.com>
> Subject: [PATCH] net/mlx5: fix matcher priority for esp item
> 
> ESP is one of IPSec protocols over both IPv4 and IPv6 and is considered
> a tunnel layer that cannot be followed by any other layer. Taking that
> into consideration, esp is considered as a 4 layer.
> 
> Not defining ESP's priority will make it match with the same priority as
> its prior IP layer, which has a layer 3 priority. This will lead to
> issues in matching and will match the packet with the first matching
> rule even if it doesn't have an esp layer in its pattern, disregarding
> any following rules that could have an esp item and can be actually
> a more accurate match since it will have a longer matching criterion.
> 
> This is fixed by defining the priority for the ESP item to have a
> layer 4 priority, making the match be for the rule with the more
> accurate and longer matching criteria.
> 
> Fixes: 18ca4a4ec73a ("net/mlx5: support ESP SPI match and RSS hash")
> Cc: rzidane@nvidia.com
> Cc: stable@dpdk.org
> 
> Signed-off-by: Bassam ZaidAlKilani <bzalkilani@nvidia.com>[Raslan Darawsheh] 
Acked-by: Raslan Darawsheh <rasland@nvidia.com>

Patch applied to next-net-mlx,

Kindest regards,
Raslan Darawsheh
diff mbox series

Patch

diff --git a/drivers/net/mlx5/mlx5_flow_dv.c b/drivers/net/mlx5/mlx5_flow_dv.c
index bee9363515..47135a0208 100644
--- a/drivers/net/mlx5/mlx5_flow_dv.c
+++ b/drivers/net/mlx5/mlx5_flow_dv.c
@@ -13756,6 +13756,7 @@  flow_dv_translate(struct rte_eth_dev *dev,
 		case RTE_FLOW_ITEM_TYPE_ESP:
 			flow_dv_translate_item_esp(match_mask, match_value,
 						   items, tunnel);
+			matcher.priority = MLX5_PRIORITY_MAP_L4;
 			last_item = MLX5_FLOW_ITEM_ESP;
 			break;
 		case RTE_FLOW_ITEM_TYPE_PORT_ID: