Merge branch 'mlx5-ipsec-fixes'
Leon Romanovsky says: ==================== Fixes to mlx5 IPsec implementation This small patchset includes various fixes and one refactoring patch which I collected for the features sent in this cycle, with one exception - first patch. First patch fixes code which was introduced in previous cycle, however I was able to trigger FW error only in custom debug code, so don't see a need to send it to net-rc. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller
commit
156c93986d
@ -252,6 +252,8 @@ static void mlx5e_ipsec_init_macs(struct mlx5e_ipsec_sa_entry *sa_entry,
|
||||
struct net_device *netdev;
|
||||
struct neighbour *n;
|
||||
u8 addr[ETH_ALEN];
|
||||
const void *pkey;
|
||||
u8 *dst, *src;
|
||||
|
||||
if (attrs->mode != XFRM_MODE_TUNNEL ||
|
||||
attrs->type != XFRM_DEV_OFFLOAD_PACKET)
|
||||
@ -262,36 +264,31 @@ static void mlx5e_ipsec_init_macs(struct mlx5e_ipsec_sa_entry *sa_entry,
|
||||
mlx5_query_mac_address(mdev, addr);
|
||||
switch (attrs->dir) {
|
||||
case XFRM_DEV_OFFLOAD_IN:
|
||||
ether_addr_copy(attrs->dmac, addr);
|
||||
n = neigh_lookup(&arp_tbl, &attrs->saddr.a4, netdev);
|
||||
if (!n) {
|
||||
n = neigh_create(&arp_tbl, &attrs->saddr.a4, netdev);
|
||||
if (IS_ERR(n))
|
||||
return;
|
||||
neigh_event_send(n, NULL);
|
||||
attrs->drop = true;
|
||||
break;
|
||||
}
|
||||
neigh_ha_snapshot(addr, n, netdev);
|
||||
ether_addr_copy(attrs->smac, addr);
|
||||
src = attrs->dmac;
|
||||
dst = attrs->smac;
|
||||
pkey = &attrs->saddr.a4;
|
||||
break;
|
||||
case XFRM_DEV_OFFLOAD_OUT:
|
||||
ether_addr_copy(attrs->smac, addr);
|
||||
n = neigh_lookup(&arp_tbl, &attrs->daddr.a4, netdev);
|
||||
if (!n) {
|
||||
n = neigh_create(&arp_tbl, &attrs->daddr.a4, netdev);
|
||||
if (IS_ERR(n))
|
||||
return;
|
||||
neigh_event_send(n, NULL);
|
||||
attrs->drop = true;
|
||||
break;
|
||||
}
|
||||
neigh_ha_snapshot(addr, n, netdev);
|
||||
ether_addr_copy(attrs->dmac, addr);
|
||||
src = attrs->smac;
|
||||
dst = attrs->dmac;
|
||||
pkey = &attrs->daddr.a4;
|
||||
break;
|
||||
default:
|
||||
return;
|
||||
}
|
||||
|
||||
ether_addr_copy(src, addr);
|
||||
n = neigh_lookup(&arp_tbl, pkey, netdev);
|
||||
if (!n) {
|
||||
n = neigh_create(&arp_tbl, pkey, netdev);
|
||||
if (IS_ERR(n))
|
||||
return;
|
||||
neigh_event_send(n, NULL);
|
||||
attrs->drop = true;
|
||||
} else {
|
||||
neigh_ha_snapshot(addr, n, netdev);
|
||||
ether_addr_copy(dst, addr);
|
||||
}
|
||||
neigh_release(n);
|
||||
}
|
||||
|
||||
@ -708,11 +705,12 @@ err_hw_ctx:
|
||||
release_dwork:
|
||||
kfree(sa_entry->dwork);
|
||||
release_work:
|
||||
kfree(sa_entry->work->data);
|
||||
if (sa_entry->work)
|
||||
kfree(sa_entry->work->data);
|
||||
kfree(sa_entry->work);
|
||||
err_xfrm:
|
||||
kfree(sa_entry);
|
||||
NL_SET_ERR_MSG_MOD(extack, "Device failed to offload this policy");
|
||||
NL_SET_ERR_MSG_WEAK_MOD(extack, "Device failed to offload this state");
|
||||
return err;
|
||||
}
|
||||
|
||||
@ -752,7 +750,8 @@ static void mlx5e_xfrm_free_state(struct xfrm_state *x)
|
||||
mlx5e_accel_ipsec_fs_del_rule(sa_entry);
|
||||
mlx5_ipsec_free_sa_ctx(sa_entry);
|
||||
kfree(sa_entry->dwork);
|
||||
kfree(sa_entry->work->data);
|
||||
if (sa_entry->work)
|
||||
kfree(sa_entry->work->data);
|
||||
kfree(sa_entry->work);
|
||||
sa_entry_free:
|
||||
kfree(sa_entry);
|
||||
|
||||
@ -287,7 +287,7 @@ static inline bool addr6_all_zero(__be32 *addr6)
|
||||
{
|
||||
static const __be32 zaddr6[4] = {};
|
||||
|
||||
return !memcmp(addr6, zaddr6, sizeof(*zaddr6));
|
||||
return !memcmp(addr6, zaddr6, sizeof(zaddr6));
|
||||
}
|
||||
#else
|
||||
static inline void mlx5e_ipsec_init(struct mlx5e_priv *priv)
|
||||
|
||||
@ -1252,16 +1252,16 @@ static int tx_add_policy(struct mlx5e_ipsec_pol_entry *pol_entry)
|
||||
setup_fte_no_frags(spec);
|
||||
setup_fte_upper_proto_match(spec, &attrs->upspec);
|
||||
|
||||
if (attrs->reqid) {
|
||||
switch (attrs->action) {
|
||||
case XFRM_POLICY_ALLOW:
|
||||
flow_act.action |= MLX5_FLOW_CONTEXT_ACTION_FWD_DEST;
|
||||
if (!attrs->reqid)
|
||||
break;
|
||||
|
||||
err = setup_modify_header(mdev, attrs->reqid,
|
||||
XFRM_DEV_OFFLOAD_OUT, &flow_act);
|
||||
if (err)
|
||||
goto err_mod_header;
|
||||
}
|
||||
|
||||
switch (attrs->action) {
|
||||
case XFRM_POLICY_ALLOW:
|
||||
flow_act.action |= MLX5_FLOW_CONTEXT_ACTION_FWD_DEST;
|
||||
break;
|
||||
case XFRM_POLICY_BLOCK:
|
||||
flow_act.action |= MLX5_FLOW_CONTEXT_ACTION_DROP |
|
||||
@ -1273,7 +1273,7 @@ static int tx_add_policy(struct mlx5e_ipsec_pol_entry *pol_entry)
|
||||
default:
|
||||
WARN_ON(true);
|
||||
err = -EINVAL;
|
||||
goto err_action;
|
||||
goto err_mod_header;
|
||||
}
|
||||
|
||||
flow_act.flags |= FLOW_ACT_NO_APPEND;
|
||||
@ -1293,7 +1293,7 @@ static int tx_add_policy(struct mlx5e_ipsec_pol_entry *pol_entry)
|
||||
return 0;
|
||||
|
||||
err_action:
|
||||
if (attrs->reqid)
|
||||
if (flow_act.modify_hdr)
|
||||
mlx5_modify_header_dealloc(mdev, flow_act.modify_hdr);
|
||||
err_mod_header:
|
||||
kvfree(spec);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user