[dpdk-dev,2/5] net/mlx5: fix flows when VXLAN tunnel is 0
Checks
Commit Message
Fix a strange behavior from the NIC, when the flow starts with a VXLAN
layer with a VNI equals to zero all the traffic will match within this
rule.
Fixes: 2e709b6aa0f5 ("net/mlx5: support VXLAN flow item")
Cc: stable@dpdk.org
Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
---
doc/guides/nics/mlx5.rst | 2 ++
drivers/net/mlx5/mlx5_flow.c | 12 +++++++++++-
2 files changed, 13 insertions(+), 1 deletion(-)
Comments
> On Oct 31, 2017, at 8:51 AM, Nelio Laranjeiro <nelio.laranjeiro@6wind.com> wrote:
>
> Fix a strange behavior from the NIC, when the flow starts with a VXLAN
> layer with a VNI equals to zero all the traffic will match within this
> rule.
>
> Fixes: 2e709b6aa0f5 ("net/mlx5: support VXLAN flow item")
> Cc: stable@dpdk.org
>
> Signed-off-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com>
> ---
Acked-by: Yongseok Koh <yskoh@mellanox.com>
Thanks
@@ -129,6 +129,8 @@ Limitations
is set to multi-packet send or Enhanced multi-packet send. Otherwise it must have
less than 50 segments.
- Count action for RTE flow is only supported in Mellanox OFED 4.2.
+- Flows with a VXLAN Network Identifier equal (or ends to be equal)
+ to 0 are not supported.
Configuration
-------------
@@ -1158,7 +1158,7 @@ priv_flow_convert(struct priv *priv,
cur_item->mask),
parser);
if (ret) {
- rte_flow_error_set(error, ENOTSUP,
+ rte_flow_error_set(error, ret,
RTE_FLOW_ERROR_TYPE_ITEM,
items, "item not supported");
goto exit_free;
@@ -1605,6 +1605,16 @@ mlx5_flow_create_vxlan(const struct rte_flow_item *item,
/* Remove unwanted bits from values. */
vxlan.val.tunnel_id &= vxlan.mask.tunnel_id;
}
+ /*
+ * Tunnel id 0 is equivalent as not adding a VXLAN layer, if only this
+ * layer is defined in the Verbs specification it is interpreted as
+ * wildcard and all packets will match this rule, if it follows a full
+ * stack layer (ex: eth / ipv4 / udp), all packets matching the layers
+ * before will also match this rule.
+ * To avoid such situation, VNI 0 is currently refused.
+ */
+ if (!vxlan.val.tunnel_id)
+ return EINVAL;
mlx5_flow_create_copy(parser, &vxlan, size);
return 0;
}