net/mlx5: fix matcher priority with ICMP or ICMPv6
Checks
Commit Message
On TCP/IP-based layered network, ICMP is considered and implemented
as part of layer 3 IP protocol. Actually, it is a user of the IP
protocol and must be encapsulated within IP packets. There is no
layer 4 protocol over ICMP.
The rule with layer 4 should be matched prior to the rule only with
layer 3 pattern when:
1. Both rules are created in the same table
2. Both rules could be hit
3. The rules has the same priority
The steering result of the packet is indeterministic if there are
rules with patterns IP and IP+ICMP in the same table with the same
priority. Like TCP / UDP, a packet should hit the rule with a longer
matching criterion.
By treating the priority of ICMP/ICMPv6 as a layer 4 priority in the
PMD internally, the IP+ICMP will be hit in prior to IP only.
Fixes: d53aa89aea91 ("net/mlx5: support matching on ICMP/ICMP6")
Cc: jackmin@nvidia.com
Signed-off-by: Bing Zhao <bingz@nvidia.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com>
---
drivers/net/mlx5/mlx5_flow_dv.c | 2 ++
1 file changed, 2 insertions(+)
Comments
Hi,
> -----Original Message-----
> From: Bing Zhao <bingz@nvidia.com>
> Sent: Monday, February 28, 2022 1:42 PM
> To: Slava Ovsiienko <viacheslavo@nvidia.com>; Matan Azrad
> <matan@nvidia.com>
> Cc: dev@dpdk.org; Raslan Darawsheh <rasland@nvidia.com>; Jack Min
> <jackmin@nvidia.com>
> Subject: [PATCH] net/mlx5: fix matcher priority with ICMP or ICMPv6
>
> On TCP/IP-based layered network, ICMP is considered and implemented
> as part of layer 3 IP protocol. Actually, it is a user of the IP
> protocol and must be encapsulated within IP packets. There is no
> layer 4 protocol over ICMP.
>
> The rule with layer 4 should be matched prior to the rule only with
> layer 3 pattern when:
> 1. Both rules are created in the same table
> 2. Both rules could be hit
> 3. The rules has the same priority
>
> The steering result of the packet is indeterministic if there are
> rules with patterns IP and IP+ICMP in the same table with the same
> priority. Like TCP / UDP, a packet should hit the rule with a longer
> matching criterion.
>
> By treating the priority of ICMP/ICMPv6 as a layer 4 priority in the
> PMD internally, the IP+ICMP will be hit in prior to IP only.
>
> Fixes: d53aa89aea91 ("net/mlx5: support matching on ICMP/ICMP6")
>
> Signed-off-by: Bing Zhao <bingz@nvidia.com>
> Acked-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com>
Patch applied to next-net-mlx,
Kindest regards,
Raslan Darawsheh
> -----Original Message-----
> From: Raslan Darawsheh
> Sent: Wednesday, March 2, 2022 6:32 PM
> To: Bing Zhao <bingz@nvidia.com>; Slava Ovsiienko
> <viacheslavo@nvidia.com>; Matan Azrad <matan@nvidia.com>
> Cc: dev@dpdk.org; Jack Min <jackmin@nvidia.com>
> Subject: RE: [PATCH] net/mlx5: fix matcher priority with ICMP or ICMPv6
>
> Hi,
>
> > -----Original Message-----
> > From: Bing Zhao <bingz@nvidia.com>
> > Sent: Monday, February 28, 2022 1:42 PM
> > To: Slava Ovsiienko <viacheslavo@nvidia.com>; Matan Azrad
> > <matan@nvidia.com>
> > Cc: dev@dpdk.org; Raslan Darawsheh <rasland@nvidia.com>; Jack Min
> > <jackmin@nvidia.com>
> > Subject: [PATCH] net/mlx5: fix matcher priority with ICMP or ICMPv6
> >
> > On TCP/IP-based layered network, ICMP is considered and implemented as
> > part of layer 3 IP protocol. Actually, it is a user of the IP protocol
> > and must be encapsulated within IP packets. There is no layer 4
> > protocol over ICMP.
> >
> > The rule with layer 4 should be matched prior to the rule only with
> > layer 3 pattern when:
> > 1. Both rules are created in the same table
> > 2. Both rules could be hit
> > 3. The rules has the same priority
> >
> > The steering result of the packet is indeterministic if there are
> > rules with patterns IP and IP+ICMP in the same table with the same
> > priority. Like TCP / UDP, a packet should hit the rule with a longer
> > matching criterion.
> >
> > By treating the priority of ICMP/ICMPv6 as a layer 4 priority in the
> > PMD internally, the IP+ICMP will be hit in prior to IP only.
> >
> > Fixes: d53aa89aea91 ("net/mlx5: support matching on ICMP/ICMP6")
Added missing Cc: stable@dpdk.org
> >
> > Signed-off-by: Bing Zhao <bingz@nvidia.com>
> > Acked-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com>
>
> Patch applied to next-net-mlx,
>
> Kindest regards,
> Raslan Darawsheh
@@ -13653,11 +13653,13 @@ flow_dv_translate(struct rte_eth_dev *dev,
case RTE_FLOW_ITEM_TYPE_ICMP:
flow_dv_translate_item_icmp(match_mask, match_value,
items, tunnel);
+ matcher.priority = MLX5_PRIORITY_MAP_L4;
last_item = MLX5_FLOW_LAYER_ICMP;
break;
case RTE_FLOW_ITEM_TYPE_ICMP6:
flow_dv_translate_item_icmp6(match_mask, match_value,
items, tunnel);
+ matcher.priority = MLX5_PRIORITY_MAP_L4;
last_item = MLX5_FLOW_LAYER_ICMP6;
break;
case RTE_FLOW_ITEM_TYPE_TAG: