[PATCH v1 16/25] net/iavf: use common action checks for IPsec

[Anatoly Burakov]

Use the common flow action checking parsing infrastructure for checking
flow actions for IPsec filter.

Signed-off-by: Anatoly Burakov <anatoly.bura...@intel.com>
---
 drivers/net/intel/iavf/iavf_ipsec_crypto.c | 34 +++++++++-------------
 1 file changed, 14 insertions(+), 20 deletions(-)

diff --git a/drivers/net/intel/iavf/iavf_ipsec_crypto.c 
b/drivers/net/intel/iavf/iavf_ipsec_crypto.c
index 5c47b3ac4b..8a14216716 100644
--- a/drivers/net/intel/iavf/iavf_ipsec_crypto.c
+++ b/drivers/net/intel/iavf/iavf_ipsec_crypto.c
@@ -1677,26 +1677,12 @@ parse_udp_item(const struct rte_flow_item_udp *item, 
struct rte_udp_hdr *udp)
        udp->src_port = item->hdr.src_port;
 }
 
-static int
-has_security_action(const struct rte_flow_action actions[],
-       const void **session)
-{
-       /* only {SECURITY; END} supported */
-       if (actions[0].type == RTE_FLOW_ACTION_TYPE_SECURITY &&
-               actions[1].type == RTE_FLOW_ACTION_TYPE_END) {
-               *session = actions[0].conf;
-               return true;
-       }
-       return false;
-}
-
 static struct iavf_ipsec_flow_item *
 iavf_ipsec_flow_item_parse(struct rte_eth_dev *ethdev,
                const struct rte_flow_item pattern[],
-               const struct rte_flow_action actions[],
+               const struct rte_security_session *session,
                uint32_t type)
 {
-       const void *session;
        struct iavf_ipsec_flow_item
                *ipsec_flow = rte_malloc("security-flow-rule",
                sizeof(struct iavf_ipsec_flow_item), 0);
@@ -1763,9 +1749,6 @@ iavf_ipsec_flow_item_parse(struct rte_eth_dev *ethdev,
                goto flow_cleanup;
        }
 
-       if (!has_security_action(actions, &session))
-               goto flow_cleanup;
-
        if (!iavf_ipsec_crypto_action_valid(ethdev, session,
                        ipsec_flow->spi))
                goto flow_cleanup;
@@ -1888,6 +1871,14 @@ iavf_ipsec_flow_parse(struct iavf_adapter *ad,
                      void **meta,
                      struct rte_flow_error *error)
 {
+       struct ci_flow_actions parsed_actions = {0};
+       struct ci_flow_actions_check_param param = {
+               .allowed_types = (enum rte_flow_action_type[]){
+                       RTE_FLOW_ACTION_TYPE_SECURITY,
+                       RTE_FLOW_ACTION_TYPE_END,
+               },
+               .max_actions = 1,
+       };
        struct iavf_pattern_match_item *item = NULL;
        int ret = -1;
 
@@ -1895,12 +1886,15 @@ iavf_ipsec_flow_parse(struct iavf_adapter *ad,
        if (ret)
                return ret;
 
+       if (ci_flow_check_actions(actions, &param, &parsed_actions, error) < 0)
+               return ret;
+
        item = iavf_search_pattern_match_item(pattern, array, array_len, error);
        if (item && item->meta) {
+               const struct rte_security_session *session = 
parsed_actions.actions[0]->conf;
                uint32_t type = (uint64_t)(item->meta);
                struct iavf_ipsec_flow_item *fi =
-                               iavf_ipsec_flow_item_parse(ad->vf.eth_dev,
-                                               pattern, actions, type);
+                               iavf_ipsec_flow_item_parse(ad->vf.eth_dev, 
pattern, session, type);
                if (fi && meta) {
                        *meta = fi;
                        ret = 0;
-- 
2.47.3