[v1] net/mlx5: fix IPIP multi tunnel validation
Checks
Commit Message
A flow rule must not include multiple tunnel layers.
An attempt to create such a rule, for example:
testpmd> flow create .../ vxlan / eth / ipv4 proto is 4 / end <actions>
results in an unclear error.
In the current implementation there is a check for
multiple IPIP tunnels, but not for combination of IPIP
and a different kind of tunnel, such as VXLAN. The fix
is to enhance the above check to use MLX5_FLOW_LAYER_TUNNEL
that consists of all the tunnel masks. The error message
will be "multiple tunnel not supported".
Fixes: 5e33bebdd8d3 ("net/mlx5: support IP-in-IP tunnel")
Cc: stable@dpdk.org
Signed-off-by: Lior Margalit <lmargalit@nvidia.com>
Acked-by: Ori Kam <orika@nvidia.com>
---
drivers/net/mlx5/mlx5_flow.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Comments
From: Lior Margalit
> A flow rule must not include multiple tunnel layers.
> An attempt to create such a rule, for example:
> testpmd> flow create .../ vxlan / eth / ipv4 proto is 4 / end <actions>
> results in an unclear error.
>
> In the current implementation there is a check for multiple IPIP tunnels, but
> not for combination of IPIP and a different kind of tunnel, such as VXLAN.
> The fix is to enhance the above check to use MLX5_FLOW_LAYER_TUNNEL
> that consists of all the tunnel masks. The error message will be "multiple
> tunnel not supported".
>
> Fixes: 5e33bebdd8d3 ("net/mlx5: support IP-in-IP tunnel")
> Cc: stable@dpdk.org
>
> Signed-off-by: Lior Margalit <lmargalit@nvidia.com>
> Acked-by: Ori Kam <orika@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>
Hi,
> -----Original Message-----
> From: dev <dev-bounces@dpdk.org> On Behalf Of Lior Margalit
> Sent: Wednesday, June 16, 2021 10:01 AM
> To: dev@dpdk.org; Slava Ovsiienko <viacheslavo@nvidia.com>; Matan Azrad
> <matan@nvidia.com>
> Cc: Ori Kam <orika@nvidia.com>; Lior Margalit <lmargalit@nvidia.com>;
> stable@dpdk.org
> Subject: [dpdk-dev] [PATCH v1] net/mlx5: fix IPIP multi tunnel validation
>
> A flow rule must not include multiple tunnel layers.
> An attempt to create such a rule, for example:
> testpmd> flow create .../ vxlan / eth / ipv4 proto is 4 / end <actions>
> results in an unclear error.
>
> In the current implementation there is a check for
> multiple IPIP tunnels, but not for combination of IPIP
> and a different kind of tunnel, such as VXLAN. The fix
> is to enhance the above check to use MLX5_FLOW_LAYER_TUNNEL
> that consists of all the tunnel masks. The error message
> will be "multiple tunnel not supported".
>
> Fixes: 5e33bebdd8d3 ("net/mlx5: support IP-in-IP tunnel")
> Cc: stable@dpdk.org
>
Patch applied to next-net-mlx,
Kindest regards,
Raslan Darawsheh
@@ -2124,7 +2124,7 @@ mlx5_flow_validate_item_ipv4(const struct rte_flow_item *item,
RTE_FLOW_ERROR_TYPE_ITEM, item,
"IPv4 cannot follow L2/VLAN layer "
"which ether type is not IPv4");
- if (item_flags & MLX5_FLOW_LAYER_IPIP) {
+ if (item_flags & MLX5_FLOW_LAYER_TUNNEL) {
if (mask && spec)
next_proto = mask->hdr.next_proto_id &
spec->hdr.next_proto_id;
@@ -2232,7 +2232,7 @@ mlx5_flow_validate_item_ipv6(const struct rte_flow_item *item,
"which ether type is not IPv6");
if (mask && mask->hdr.proto == UINT8_MAX && spec)
next_proto = spec->hdr.proto;
- if (item_flags & MLX5_FLOW_LAYER_IPV6_ENCAP) {
+ if (item_flags & MLX5_FLOW_LAYER_TUNNEL) {
if (next_proto == IPPROTO_IPIP || next_proto == IPPROTO_IPV6)
return rte_flow_error_set(error, EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,