From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id E3CE648A44 for ; Fri, 31 Oct 2025 15:38:47 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id DC75440691; Fri, 31 Oct 2025 15:38:47 +0100 (CET) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mails.dpdk.org (Postfix) with ESMTP id EBE9D40150 for ; Fri, 31 Oct 2025 15:38:45 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1761921525; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jRF1S+oCPFz09xOCiT6j/MwnIILg4H7feeDkUOyBekM=; b=gCekaD+021taMckoMJr9k49JRhO18XvdvZ7WoId5BPrGflI637S29JE5iFk4Y8c9lXmIwp VGPOvJBtWkKOD/NM09OKgh1YoCn7LLmwWjgkpZdi3WCGqVlc8dCL9LTapXbhvB4vVMzryo ZhnV9qkC0nfKymFvznQWxy+Rz5FGRXo= Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-439-6ecMyKjRNSazp9EQgc2-CQ-1; Fri, 31 Oct 2025 10:38:42 -0400 X-MC-Unique: 6ecMyKjRNSazp9EQgc2-CQ-1 X-Mimecast-MFC-AGG-ID: 6ecMyKjRNSazp9EQgc2-CQ_1761921520 Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id A64121954AF9; Fri, 31 Oct 2025 14:38:35 +0000 (UTC) Received: from rh.redhat.com (unknown [10.44.32.50]) by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id D9AFF180029B; Fri, 31 Oct 2025 14:38:33 +0000 (UTC) From: Kevin Traynor To: Viacheslav Ovsiienko Cc: Matan Azrad , dpdk stable Subject: patch 'net/mlx5: fix ESP header match after UDP for group 0' has been queued to stable release 24.11.4 Date: Fri, 31 Oct 2025 14:33:27 +0000 Message-ID: <20251031143421.324432-85-ktraynor@redhat.com> In-Reply-To: <20251031143421.324432-1-ktraynor@redhat.com> References: <20251031143421.324432-1-ktraynor@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: uQrWOqzRIDcuMurMBbe-koOuw0UFlKe_yX9RLI5ynFk_1761921520 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit content-type: text/plain; charset="US-ASCII"; x-default=true X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, FYI, your patch has been queued to stable release 24.11.4 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 11/05/25. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/kevintraynor/dpdk-stable This queued commit can be viewed at: https://github.com/kevintraynor/dpdk-stable/commit/3e535a9e970c16871fec2a1ed175444fe7f99b29 Thanks. Kevin --- >From 3e535a9e970c16871fec2a1ed175444fe7f99b29 Mon Sep 17 00:00:00 2001 From: Viacheslav Ovsiienko Date: Tue, 9 Sep 2025 09:28:53 +0300 Subject: [PATCH] net/mlx5: fix ESP header match after UDP for group 0 [ upstream commit ed8eb60c9b2c243b4098f59dc6d9a87ee0bbd4c8 ] The ESP item translation routine always forced the match on IP next protocol to be 50 (ESP). This prevented on matching ESP packets over UDP. The patch checks if UDP header is expected, and also forces match on UDP destination port 4500 if it is not set by the caller yet. Fixes: 18ca4a4ec73a ("net/mlx5: support ESP SPI match and RSS hash") Signed-off-by: Viacheslav Ovsiienko Acked-by: Matan Azrad --- drivers/net/mlx5/linux/mlx5_flow_os.c | 6 ----- drivers/net/mlx5/mlx5_flow.h | 3 +++ drivers/net/mlx5/mlx5_flow_dv.c | 34 ++++++++++++++++----------- 3 files changed, 23 insertions(+), 20 deletions(-) diff --git a/drivers/net/mlx5/linux/mlx5_flow_os.c b/drivers/net/mlx5/linux/mlx5_flow_os.c index 777125e9a8..f5eee46e44 100644 --- a/drivers/net/mlx5/linux/mlx5_flow_os.c +++ b/drivers/net/mlx5/linux/mlx5_flow_os.c @@ -26,6 +26,4 @@ mlx5_flow_os_validate_item_esp(const struct rte_eth_dev *dev, const uint64_t l3m = tunnel ? MLX5_FLOW_LAYER_INNER_L3 : MLX5_FLOW_LAYER_OUTER_L3; - const uint64_t l4m = tunnel ? MLX5_FLOW_LAYER_INNER_L4 : - MLX5_FLOW_LAYER_OUTER_L4; static const struct rte_flow_item_esp mlx5_flow_item_esp_mask = { .hdr = { @@ -42,8 +40,4 @@ mlx5_flow_os_validate_item_esp(const struct rte_eth_dev *dev, item, "L3 is mandatory to filter on L4"); } - if (item_flags & l4m) - return rte_flow_error_set(error, EINVAL, - RTE_FLOW_ERROR_TYPE_ITEM, item, - "multiple L4 layers not supported"); if (target_protocol != 0xff && target_protocol != IPPROTO_ESP) return rte_flow_error_set(error, EINVAL, diff --git a/drivers/net/mlx5/mlx5_flow.h b/drivers/net/mlx5/mlx5_flow.h index ce33a4e425..1e60bc76dd 100644 --- a/drivers/net/mlx5/mlx5_flow.h +++ b/drivers/net/mlx5/mlx5_flow.h @@ -474,4 +474,7 @@ enum mlx5_feature_name { #define MLX5_UDP_PORT_GENEVE 6081 +/* UDP port numbers for ESP. */ +#define MLX5_UDP_PORT_ESP 4500 + /* Lowest priority indicator. */ #define MLX5_FLOW_LOWEST_PRIO_INDICATOR ((uint32_t)-1) diff --git a/drivers/net/mlx5/mlx5_flow_dv.c b/drivers/net/mlx5/mlx5_flow_dv.c index c1ff6a2dae..1faae8ab32 100644 --- a/drivers/net/mlx5/mlx5_flow_dv.c +++ b/drivers/net/mlx5/mlx5_flow_dv.c @@ -9712,5 +9712,5 @@ flow_dv_translate_item_tcp(void *key, const struct rte_flow_item *item, static void flow_dv_translate_item_esp(void *key, const struct rte_flow_item *item, - int inner, uint32_t key_type) + int inner, uint32_t key_type, uint64_t item_flags) { const struct rte_flow_item_esp *esp_m; @@ -9718,21 +9718,27 @@ flow_dv_translate_item_esp(void *key, const struct rte_flow_item *item, void *headers_v; char *spi_v; + bool over_udp = item_flags & (inner ? MLX5_FLOW_LAYER_INNER_L4_UDP : + MLX5_FLOW_LAYER_OUTER_L4_UDP); headers_v = inner ? MLX5_ADDR_OF(fte_match_param, key, inner_headers) : - MLX5_ADDR_OF(fte_match_param, key, outer_headers); - if (key_type & MLX5_SET_MATCHER_M) - MLX5_SET(fte_match_set_lyr_2_4, headers_v, - ip_protocol, 0xff); - else - MLX5_SET(fte_match_set_lyr_2_4, headers_v, - ip_protocol, IPPROTO_ESP); + MLX5_ADDR_OF(fte_match_param, key, outer_headers); + if (key_type & MLX5_SET_MATCHER_M) { + MLX5_SET(fte_match_set_lyr_2_4, headers_v, ip_protocol, 0xff); + if (over_udp && !MLX5_GET16(fte_match_set_lyr_2_4, headers_v, udp_dport)) + MLX5_SET(fte_match_set_lyr_2_4, headers_v, udp_dport, 0xFFFF); + } else { + if (!over_udp) + MLX5_SET(fte_match_set_lyr_2_4, headers_v, ip_protocol, IPPROTO_ESP); + else + if (!MLX5_GET16(fte_match_set_lyr_2_4, headers_v, udp_dport)) + MLX5_SET(fte_match_set_lyr_2_4, headers_v, udp_dport, + MLX5_UDP_PORT_ESP); + } if (MLX5_ITEM_VALID(item, key_type)) return; - MLX5_ITEM_UPDATE(item, key_type, esp_v, esp_m, - &rte_flow_item_esp_mask); + MLX5_ITEM_UPDATE(item, key_type, esp_v, esp_m, &rte_flow_item_esp_mask); headers_v = MLX5_ADDR_OF(fte_match_param, key, misc_parameters); - spi_v = inner ? MLX5_ADDR_OF(fte_match_set_misc, headers_v, - inner_esp_spi) : MLX5_ADDR_OF(fte_match_set_misc - , headers_v, outer_esp_spi); + spi_v = inner ? MLX5_ADDR_OF(fte_match_set_misc, headers_v, inner_esp_spi) : + MLX5_ADDR_OF(fte_match_set_misc, headers_v, outer_esp_spi); *(uint32_t *)spi_v = esp_m->hdr.spi & esp_v->hdr.spi; } @@ -14211,5 +14217,5 @@ flow_dv_translate_items(struct rte_eth_dev *dev, switch (item_type) { case RTE_FLOW_ITEM_TYPE_ESP: - flow_dv_translate_item_esp(key, items, tunnel, key_type); + flow_dv_translate_item_esp(key, items, tunnel, key_type, wks->item_flags); wks->priority = MLX5_PRIORITY_MAP_L4; last_item = MLX5_FLOW_ITEM_ESP; -- 2.51.0 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2025-10-31 13:53:54.826828910 +0000 +++ 0085-net-mlx5-fix-ESP-header-match-after-UDP-for-group-0.patch 2025-10-31 13:53:52.218523936 +0000 @@ -1 +1 @@ -From ed8eb60c9b2c243b4098f59dc6d9a87ee0bbd4c8 Mon Sep 17 00:00:00 2001 +From 3e535a9e970c16871fec2a1ed175444fe7f99b29 Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit ed8eb60c9b2c243b4098f59dc6d9a87ee0bbd4c8 ] + @@ -15 +16,0 @@ -Cc: stable@dpdk.org @@ -46 +47 @@ -index 367dacc277..ff61706054 100644 +index ce33a4e425..1e60bc76dd 100644 @@ -49 +50 @@ -@@ -490,4 +490,7 @@ struct mlx5_mirror { +@@ -474,4 +474,7 @@ enum mlx5_feature_name { @@ -58 +59 @@ -index 18d0d29377..bcce1597e2 100644 +index c1ff6a2dae..1faae8ab32 100644 @@ -61 +62 @@ -@@ -9714,5 +9714,5 @@ flow_dv_translate_item_tcp(void *key, const struct rte_flow_item *item, +@@ -9712,5 +9712,5 @@ flow_dv_translate_item_tcp(void *key, const struct rte_flow_item *item, @@ -68 +69 @@ -@@ -9720,21 +9720,27 @@ flow_dv_translate_item_esp(void *key, const struct rte_flow_item *item, +@@ -9718,21 +9718,27 @@ flow_dv_translate_item_esp(void *key, const struct rte_flow_item *item, @@ -108 +109 @@ -@@ -14225,5 +14231,5 @@ flow_dv_translate_items(struct rte_eth_dev *dev, +@@ -14211,5 +14217,5 @@ flow_dv_translate_items(struct rte_eth_dev *dev,