ESP is one of IPSec protocols over both IPv4 and IPv6 and is considered
a tunnel layer that cannot be followed by any other layer. Taking that
into consideration, esp is considered as a 4 layer.
Not defining ESP's priority will make it match with the same priority as
its prior IP layer, which has a layer 3 priority. This will lead to
issues in matching and will match the packet with the first matching
rule even if it doesn't have an esp layer in its pattern, disregarding
any following rules that could have an esp item and can be actually
a more accurate match since it will have a longer matching criterion.
This is fixed by defining the priority for the ESP item to have a
layer 4 priority, making the match be for the rule with the more
accurate and longer matching criteria.
Fixes: 18ca4a4ec73a ("net/mlx5: support ESP SPI match and RSS hash")
Cc: rzid...@nvidia.com
Cc: sta...@dpdk.org
Signed-off-by: Bassam ZaidAlKilani <bzalkil...@nvidia.com>
---
drivers/net/mlx5/mlx5_flow_dv.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/mlx5/mlx5_flow_dv.c b/drivers/net/mlx5/mlx5_flow_dv.c
index bee9363515..47135a0208 100644
--- a/drivers/net/mlx5/mlx5_flow_dv.c
+++ b/drivers/net/mlx5/mlx5_flow_dv.c
@@ -13756,6 +13756,7 @@ flow_dv_translate(struct rte_eth_dev *dev,
case RTE_FLOW_ITEM_TYPE_ESP:
flow_dv_translate_item_esp(match_mask, match_value,
items, tunnel);
+ matcher.priority = MLX5_PRIORITY_MAP_L4;
last_item = MLX5_FLOW_ITEM_ESP;
break;
case RTE_FLOW_ITEM_TYPE_PORT_ID:
--
2.25.1
