git: 45f786241c92 - stable/15 - mlx5 ipsec: Add VLAN tag to IPSec rules to prevent duplicates

Fri, 17 Oct 2025 22:13:04 -0700 

The branch stable/15 has been updated by kib:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=45f786241c9211f8162cb48997c8166051585c36

commit 45f786241c9211f8162cb48997c8166051585c36
Author:     Ariel Ehrenberg <[email protected]>
AuthorDate: 2025-09-17 13:17:46 +0000
Commit:     Konstantin Belousov <[email protected]>
CommitDate: 2025-10-01 03:00:08 +0000

    mlx5 ipsec: Add VLAN tag to IPSec rules to prevent duplicates
    
    (cherry picked from commit 84d688af4e625e159af65cd2432af88609d4962a)
---
 sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c 
b/sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
index fb9ca94278db..d1f454a5ec41 100644
--- a/sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
+++ b/sys/dev/mlx5/mlx5_accel/mlx5_ipsec_fs.c
@@ -1134,6 +1134,11 @@ static int tx_add_kspi_rule(struct mlx5e_ipsec_sa_entry 
*sa_entry,
        setup_fte_no_frags(spec);
        setup_fte_reg_a_with_tag(spec, sa_entry->kspi);
 
+       if (sa_entry->vid != VLAN_NONE)
+               setup_fte_vid(spec, sa_entry->vid);
+       else
+               setup_fte_no_vid(spec);
+
        rule = mlx5_add_flow_rules(tx->ft.sa_kspi, spec, flow_act, dest, 
num_dest);
        if (IS_ERR(rule)) {
                err = PTR_ERR(rule);
@@ -1169,6 +1174,10 @@ static int tx_add_reqid_ip_rules(struct 
mlx5e_ipsec_sa_entry *sa_entry,
        flow_act->flags |= FLOW_ACT_IGNORE_FLOW_LEVEL;
 
        if(attrs->reqid) {
+               if (sa_entry->vid != VLAN_NONE)
+                       setup_fte_vid(spec, sa_entry->vid);
+               else
+                       setup_fte_no_vid(spec);
                setup_fte_no_frags(spec);
                setup_fte_reg_c0(spec, attrs->reqid);
                rule = mlx5_add_flow_rules(tx->ft.sa, spec, flow_act, dest, 
num_dest);
@@ -1181,6 +1190,11 @@ static int tx_add_reqid_ip_rules(struct 
mlx5e_ipsec_sa_entry *sa_entry,
                memset(spec, 0, sizeof(*spec));
        }
 
+       if (sa_entry->vid != VLAN_NONE)
+               setup_fte_vid(spec, sa_entry->vid);
+       else
+               setup_fte_no_vid(spec);
+
        if (attrs->family == AF_INET)
                setup_fte_addr4(spec, &attrs->saddr.a4, &attrs->daddr.a4);
        else
@@ -1322,6 +1336,11 @@ static int tx_add_policy(struct mlx5e_ipsec_pol_entry 
*pol_entry)
                 goto err_mod_header;
         }
 
+        if (attrs->vid != VLAN_NONE)
+                setup_fte_vid(spec, attrs->vid);
+        else
+                setup_fte_no_vid(spec);
+
         flow_act.flags |= FLOW_ACT_NO_APPEND;
         dest[dstn].ft = tx->ft.sa;
         dest[dstn].type = MLX5_FLOW_DESTINATION_TYPE_FLOW_TABLE;

Reply via email to