From patchwork Tue Nov 6 08:14:18 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yongseok Koh X-Patchwork-Id: 47884 X-Patchwork-Delegate: shahafs@mellanox.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 1A85D2082; Tue, 6 Nov 2018 09:14:20 +0100 (CET) Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0070.outbound.protection.outlook.com [104.47.2.70]) by dpdk.org (Postfix) with ESMTP id 3BB5214EC for ; Tue, 6 Nov 2018 09:14:19 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Mellanox.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qgsWby2veBTASZNK6JvIqoz3UUlF2mZeT7PuGG5k3C0=; b=RmKqT7AJKA52hMIfpK2diFzPznyMANJVfXQbZuvnAYzwyVaRG+uXTYVkJ67FjG45zv+Ps3QDZcL68PvaSgFfIoilXjvRTHYCNtjd8HHLfc6Q55rPy6qaVmfuAQ13tshvCridqq5qrbSjDP9rIv7bWJW+rObkrGFylZryHbZQSPM= Received: from DB3PR0502MB3980.eurprd05.prod.outlook.com (52.134.72.27) by DB3PR0502MB4026.eurprd05.prod.outlook.com (52.134.72.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1294.26; Tue, 6 Nov 2018 08:14:18 +0000 Received: from DB3PR0502MB3980.eurprd05.prod.outlook.com ([fe80::58e7:97d8:f9c1:4323]) by DB3PR0502MB3980.eurprd05.prod.outlook.com ([fe80::58e7:97d8:f9c1:4323%3]) with mapi id 15.20.1294.032; Tue, 6 Nov 2018 08:14:18 +0000 From: Yongseok Koh To: Shahaf Shuler CC: "dev@dpdk.org" , Yongseok Koh , Ori Kam Thread-Topic: [PATCH] net/mlx5: fix L4 protocol validation Thread-Index: AQHUdai2eFYZN/Z/w0SlJ7cJGLbLtQ== Date: Tue, 6 Nov 2018 08:14:18 +0000 Message-ID: <20181106081409.26377-1-yskoh@mellanox.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: BYAPR07CA0041.namprd07.prod.outlook.com (2603:10b6:a03:60::18) To DB3PR0502MB3980.eurprd05.prod.outlook.com (2603:10a6:8:10::27) authentication-results: spf=none (sender IP is ) smtp.mailfrom=yskoh@mellanox.com; x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [209.116.155.178] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; DB3PR0502MB4026; 6:cBWqu2Nj8GcQVenTphKBxgCAmbnf9ukQcngmn57ZTMPB8pNQKqvOltXLfjmSmNV58i2gUBCO7lfH7Em/hdkosC7vJw4/uMspCpq5jB/3GdVmPWTQ6sAgD5orHLqhYCjmY5KWMSHoEfUY5SmBgo49cC7jdUJHWBQsKx2r0tVw6RYk0U2LdyOwoEQProMopdsd0pkPfsVIEh3jUJJRE2OHqyHFB9AxsoHQ5VdwbZWVjNiR7ggLGcrZ3kX5/wyTdP1yT/PqroZQHWBeC+8w34FbUbne+tIdc/XuxoeCq1VC6seB+Tu5eVUy4os4tU1iH8og55m6p17VabVdUgaIOTPqbdMBMt/Zfz8QJLtsFBjIf4EzGsb/ZJTbCHTubf6jTJXRwjfXrjeP7Kl0WbzVwvU6olI4exZEBiUkRomTWHieQTlXFdof46dIlS501Gf3n7bxbcYYDfncB8adQHHZGsyhaQ==; 5:2lrpgWeA9g39aDxP3LN0+lH3yIruCMxvh/oEYLEEkejblksAbSOgElnVcqVl4CQB48FblRCHrHtNL2k5kz6D2sB6A91CjPmM5novpuHi0a3NTX/52uqZ7lJJBTzTCP2iotg/Tukv/AneiEpgHAgeZTlnBZ08cbxfehexTzDrVTw=; 7:XC1lOaxKvQZVBn5BdJc23idrGCyLylp6P3O1gLykQ068vB6o5h3kiKTs+zQzTCZiptxeGsPOqlEAa5laSNc/9WBcbn4/+Cg0z2I5cvs7jBpZkOSXnRiehgF4U8KK0nNGoak74oQPX8LNQZ+amcXaDw== x-ms-office365-filtering-correlation-id: 9f9a820f-519f-4143-4354-08d643bfd8fb x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:DB3PR0502MB4026; x-ms-traffictypediagnostic: DB3PR0502MB4026: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:; x-ms-exchange-senderadcheck: 1 x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3231382)(944501410)(52105095)(93006095)(93001095)(3002001)(10201501046)(6055026)(148016)(149066)(150057)(6041310)(20161123558120)(20161123560045)(20161123564045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699051)(76991095); SRVR:DB3PR0502MB4026; BCL:0; PCL:0; RULEID:; SRVR:DB3PR0502MB4026; x-forefront-prvs: 0848C1A6AA x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(39860400002)(366004)(376002)(346002)(396003)(199004)(189003)(99286004)(6862004)(3846002)(102836004)(6116002)(186003)(52116002)(1076002)(6486002)(26005)(53936002)(25786009)(2900100001)(4326008)(6512007)(68736007)(107886003)(36756003)(6636002)(2616005)(105586002)(106356001)(476003)(14454004)(71190400001)(71200400001)(2906002)(66066001)(486006)(8676002)(81156014)(316002)(7736002)(386003)(6506007)(478600001)(8936002)(6436002)(1857600001)(86362001)(81166006)(305945005)(256004)(14444005)(97736004)(54906003)(37006003)(5660300001); DIR:OUT; SFP:1101; SCL:1; SRVR:DB3PR0502MB4026; H:DB3PR0502MB3980.eurprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: mellanox.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: Q02av5+I8Xb5hU7FoJH1B4D/KYGnEk5qxtKUaJmXE1IX8qR3Mg6YcAyeOfI5BHOa2k0JHjV9oq4tgcYwIoJuAXp1/78wbD2aw+lc8tm/QFxn2FhGM4oBTtyZIiocVQVc7k7H902dog1An7yzE8fsO8kZV1U/SJMtnwKG7hoa7bGAlt2utbeVblts1yyq6RoCSzAGYP2On1hmcfKBR4ggyikelBWqrcmpuNI/qQ32PTQ2Lo3dmM5rPoM/PXSFPQm0LRLkbsg542yDRcQ/3KtQSUwrmIJVhV36dGDit9WAk7xG3Rb+eOfVVqwqSmhI4OX/ZDWjG4i0kOW01lQMYY0q50VmwgRUvIHpiKamRnMFNE8= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-OriginatorOrg: Mellanox.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9f9a820f-519f-4143-4354-08d643bfd8fb X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Nov 2018 08:14:18.0788 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: a652971c-7d2e-4d9b-a6a4-d149256f461b X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB3PR0502MB4026 Subject: [dpdk-dev] [PATCH] net/mlx5: fix L4 protocol validation X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" - Currently, no device supports partial mask for protocol in IP header. - As there could be multiple IP items, next_protocol variable in flow validation has to be reset for inner layer. Otherwise, inner TCP/UDP will see protocol number of outer IP header. - Remove redundant protocol checking for MPLS, which is done in mlx5_flow_validate_item_mpls(). Fixes: 3d69434113d1 ("net/mlx5: add Direct Verbs validation function") Fixes: 23c1d42c7138 ("net/mlx5: split flow validation to dedicated function") Cc: orika@mellanox.com Signed-off-by: Yongseok Koh --- drivers/net/mlx5/mlx5_flow.c | 6 ++++++ drivers/net/mlx5/mlx5_flow_dv.c | 18 ++++++++++++++++-- drivers/net/mlx5/mlx5_flow_verbs.c | 25 ++++++++++++++++--------- 3 files changed, 38 insertions(+), 11 deletions(-) diff --git a/drivers/net/mlx5/mlx5_flow.c b/drivers/net/mlx5/mlx5_flow.c index 3c2ac4b377..8039664bc2 100644 --- a/drivers/net/mlx5/mlx5_flow.c +++ b/drivers/net/mlx5/mlx5_flow.c @@ -1178,6 +1178,12 @@ mlx5_flow_validate_item_ipv4(const struct rte_flow_item *item, "L3 cannot follow an L4 layer."); if (!mask) mask = &rte_flow_item_ipv4_mask; + else if (mask->hdr.next_proto_id != 0 && + mask->hdr.next_proto_id != 0xff) + return rte_flow_error_set(error, EINVAL, + RTE_FLOW_ERROR_TYPE_ITEM_MASK, mask, + "partial mask is not supported" + " for protocol"); ret = mlx5_flow_item_acceptable(item, (const uint8_t *)mask, (const uint8_t *)&nic_mask, sizeof(struct rte_flow_item_ipv4), diff --git a/drivers/net/mlx5/mlx5_flow_dv.c b/drivers/net/mlx5/mlx5_flow_dv.c index 7909615360..a02bf47737 100644 --- a/drivers/net/mlx5/mlx5_flow_dv.c +++ b/drivers/net/mlx5/mlx5_flow_dv.c @@ -814,10 +814,17 @@ flow_dv_validate(struct rte_eth_dev *dev, const struct rte_flow_attr *attr, MLX5_FLOW_LAYER_OUTER_L3_IPV4; if (items->mask != NULL && ((const struct rte_flow_item_ipv4 *) - items->mask)->hdr.next_proto_id) + items->mask)->hdr.next_proto_id) { next_protocol = ((const struct rte_flow_item_ipv4 *) (items->spec))->hdr.next_proto_id; + next_protocol &= + ((const struct rte_flow_item_ipv4 *) + (items->mask))->hdr.next_proto_id; + } else { + /* Reset for inner layer. */ + next_protocol = 0xff; + } break; case RTE_FLOW_ITEM_TYPE_IPV6: ret = mlx5_flow_validate_item_ipv6(items, item_flags, @@ -828,10 +835,17 @@ flow_dv_validate(struct rte_eth_dev *dev, const struct rte_flow_attr *attr, MLX5_FLOW_LAYER_OUTER_L3_IPV6; if (items->mask != NULL && ((const struct rte_flow_item_ipv6 *) - items->mask)->hdr.proto) + items->mask)->hdr.proto) { next_protocol = ((const struct rte_flow_item_ipv6 *) items->spec)->hdr.proto; + next_protocol &= + ((const struct rte_flow_item_ipv6 *) + items->mask)->hdr.proto; + } else { + /* Reset for inner layer. */ + next_protocol = 0xff; + } break; case RTE_FLOW_ITEM_TYPE_TCP: ret = mlx5_flow_validate_item_tcp diff --git a/drivers/net/mlx5/mlx5_flow_verbs.c b/drivers/net/mlx5/mlx5_flow_verbs.c index 699cc88c8c..d6d95db563 100644 --- a/drivers/net/mlx5/mlx5_flow_verbs.c +++ b/drivers/net/mlx5/mlx5_flow_verbs.c @@ -1058,10 +1058,17 @@ flow_verbs_validate(struct rte_eth_dev *dev, MLX5_FLOW_LAYER_OUTER_L3_IPV4; if (items->mask != NULL && ((const struct rte_flow_item_ipv4 *) - items->mask)->hdr.next_proto_id) + items->mask)->hdr.next_proto_id) { next_protocol = ((const struct rte_flow_item_ipv4 *) (items->spec))->hdr.next_proto_id; + next_protocol &= + ((const struct rte_flow_item_ipv4 *) + (items->mask))->hdr.next_proto_id; + } else { + /* Reset for inner layer. */ + next_protocol = 0xff; + } break; case RTE_FLOW_ITEM_TYPE_IPV6: ret = mlx5_flow_validate_item_ipv6(items, item_flags, @@ -1072,10 +1079,17 @@ flow_verbs_validate(struct rte_eth_dev *dev, MLX5_FLOW_LAYER_OUTER_L3_IPV6; if (items->mask != NULL && ((const struct rte_flow_item_ipv6 *) - items->mask)->hdr.proto) + items->mask)->hdr.proto) { next_protocol = ((const struct rte_flow_item_ipv6 *) items->spec)->hdr.proto; + next_protocol &= + ((const struct rte_flow_item_ipv6 *) + items->mask)->hdr.proto; + } else { + /* Reset for inner layer. */ + next_protocol = 0xff; + } break; case RTE_FLOW_ITEM_TYPE_UDP: ret = mlx5_flow_validate_item_udp(items, item_flags, @@ -1125,13 +1139,6 @@ flow_verbs_validate(struct rte_eth_dev *dev, error); if (ret < 0) return ret; - if (next_protocol != 0xff && - next_protocol != IPPROTO_MPLS) - return rte_flow_error_set - (error, EINVAL, - RTE_FLOW_ERROR_TYPE_ITEM, items, - "protocol filtering not compatible" - " with MPLS layer"); item_flags |= MLX5_FLOW_LAYER_MPLS; break; default: