From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0049.outbound.protection.outlook.com [104.47.0.49]) by dpdk.org (Postfix) with ESMTP id 838C21B3B9 for ; Fri, 2 Nov 2018 01:01:13 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Mellanox.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HDYRnGmcyYPQBnHAzPZauaHcwtstHvWEGt5zbwvDeSY=; b=egqevdtOmYCZ3Zkj7CGVR7wtysW0W1wXpRAbt8EMucNY9hT46zlVT3v+4jskJgOvOMW/EEcPSPEY/cbTJSVxONhl+bP+8WrHMD59VJqCFW5e3MattM27gFVNpvM1a4n690moetD0UAsJsoklt2t+SeiCEdcNp5m8Vb2wI5uGWRM= Received: from DB3PR0502MB3980.eurprd05.prod.outlook.com (52.134.72.27) by DB3PR0502MB4060.eurprd05.prod.outlook.com (52.134.72.153) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1273.25; Fri, 2 Nov 2018 00:01:11 +0000 Received: from DB3PR0502MB3980.eurprd05.prod.outlook.com ([fe80::f8a1:fcab:94f0:97cc]) by DB3PR0502MB3980.eurprd05.prod.outlook.com ([fe80::f8a1:fcab:94f0:97cc%4]) with mapi id 15.20.1273.030; Fri, 2 Nov 2018 00:01:10 +0000 From: Yongseok Koh To: Slava Ovsiienko CC: Shahaf Shuler , "dev@dpdk.org" Thread-Topic: [PATCH v3 12/13] net/mlx5: add e-switch VXLAN encapsulation rules Thread-Index: AQHUcd0mEX71mGH9t0+mAwX2LUbg6KU7mo4A Date: Fri, 2 Nov 2018 00:01:10 +0000 Message-ID: <20181102000102.GM6118@mtidpdk.mti.labs.mlnx> References: <1539612815-47199-1-git-send-email-viacheslavo@mellanox.com> <1541074741-41368-1-git-send-email-viacheslavo@mellanox.com> <1541074741-41368-13-git-send-email-viacheslavo@mellanox.com> In-Reply-To: <1541074741-41368-13-git-send-email-viacheslavo@mellanox.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: BYAPR07CA0065.namprd07.prod.outlook.com (2603:10b6:a03:60::42) To DB3PR0502MB3980.eurprd05.prod.outlook.com (2603:10a6:8:10::27) authentication-results: spf=none (sender IP is ) smtp.mailfrom=yskoh@mellanox.com; x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [209.116.155.178] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; DB3PR0502MB4060; 6:XGQgsV7UyXB0QDGbV9HfASZR2hBkiZEtmKV2uq2vP/7znUjx0RiV4aFjJNI6Ps2LyvLzOWkdA/A+x0STw7gjUSqZwviPvYxD5H4dA8TRUa/1dJaGUetAnOig1sSUaIFOJQwWGEFD9Ya//SCPSfcu4nZ+3Xo2u36PDH623adzg8HdnMWB16ijJ5uxOyTRTreJjgryAOULJ5fS9JNVmkdXdrI0Qd4eTqR1oeJeJZAoOATN8Bb55SWPMB9L8rADJJM/vT1KCEmnwek+k0HtZ+I6clu3EljshgL4kSni0YOtfV3UjsadY+vNXAuVE87ciq1O/VOH0dhjsWETy8kqPpXNTdt412Xo16oJfGARH8ZHAmk1NyHqMwBNP3SLL1AkDPMfPBGB88+w6gSGR0CWQDl/CLDCLmI6OemJ/SygmXCIBXGOztejh0lhlIuwshFkEyUS3HwC29fcbpNi3l53jljOOw==; 5:u/ppQVp+EJHVEkboh3FnMML+GxKjZ/oNfu5YCu1iAS3HzCryo2C0xrLyKgpOZrLAIYoUUIlkTaRwMD/phCrkhsrcKPPl9c6Q5j3uxB1Y9JF3IWP2sZWmLiqY8lpXK+0RFmXzdS0zZb5uDZjfCUvSwgFT+zqCeZgLqZB0k466Z0o=; 7:zEews9ymqHeJagu86GB/XS93wH7K5V2QMjQ+ct/qyRiIJJKQMJOaAwQzYPWNyoZliLdwwVIB4utiJDTLfNU9iCr3xYWkV2OP67ad3H657rClUsJtjhHPJHLcoLRH2WdAVPSFmx7BUkDjuaJFQWM4Xw== x-ms-office365-filtering-correlation-id: 8f48bf96-6663-4b29-cd04-08d640564b90 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:DB3PR0502MB4060; x-ms-traffictypediagnostic: DB3PR0502MB4060: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(211171220733660); x-ms-exchange-senderadcheck: 1 x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(3002001)(93006095)(93001095)(3231382)(944501410)(52105095)(6055026)(148016)(149066)(150057)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123558120)(20161123562045)(20161123560045)(201708071742011)(7699051)(76991095); SRVR:DB3PR0502MB4060; BCL:0; PCL:0; RULEID:; SRVR:DB3PR0502MB4060; x-forefront-prvs: 08444C7C87 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(346002)(396003)(136003)(39860400002)(366004)(199004)(189003)(6436002)(25786009)(86362001)(256004)(66066001)(5660300001)(446003)(11346002)(14454004)(476003)(3846002)(81166006)(6512007)(14444005)(9686003)(6246003)(5024004)(33656002)(53946003)(53936002)(54906003)(6486002)(2900100001)(229853002)(7736002)(8936002)(81156014)(8676002)(71190400001)(305945005)(71200400001)(4744004)(33896004)(99286004)(186003)(52116002)(2906002)(76176011)(4326008)(26005)(386003)(6506007)(102836004)(6116002)(97736004)(106356001)(6636002)(68736007)(105586002)(316002)(478600001)(1076002)(6862004)(486006); DIR:OUT; SFP:1101; SCL:1; SRVR:DB3PR0502MB4060; H:DB3PR0502MB3980.eurprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: mellanox.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: 3qFxi/uzGE81LaD4fM31bVVoJdX3Sk0BNjMfnLRnEuXeb/1r4cUSmiwWmMmFHtLYVDcXtY1uItZdLN+qUgWc+6lGA/kkw2vT7teDJC4DqrLn0nr+9DFgfBD/R16ij1A3nmtvBj8MMKWJqyEK/egG5p8Eg6X8ESBGOXGIYck+hbPy45b46GzyAVPyP2j/vwoTyHypTVbTwl+x2p0Cgk7Qgw4/bZ9JmdEg444tCOK/TCnLHZ2Q99TP/oF/EYv6tKfiUGwh8fRbcdLeyQHZgasRgbP4MwAzkTjM4MUfdCEONRV6K3WvD5A0H15LmvVljr+rGbKv6bR+adsPUazvQnkTTFKLAqodhSDAbV14dUZR07M= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-ID: <25FD7E2D68608A4685E997BA8AA2947F@eurprd05.prod.outlook.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: Mellanox.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8f48bf96-6663-4b29-cd04-08d640564b90 X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Nov 2018 00:01:10.4123 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: a652971c-7d2e-4d9b-a6a4-d149256f461b X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB3PR0502MB4060 Subject: Re: [dpdk-dev] [PATCH v3 12/13] net/mlx5: add e-switch VXLAN encapsulation rules X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Nov 2018 00:01:13 -0000 On Thu, Nov 01, 2018 at 05:19:34AM -0700, Slava Ovsiienko wrote: > VXLAN encap rules are applied to the VF ingress traffic and have the > VTEP as actual redirection destinations instead of outer PF. > The encapsulation rule should provide: > - redirection action VF->PF > - VF port ID > - some inner network parameters (MACs/IP) > - the tunnel outer source IP (v4/v6) > - the tunnel outer destination IP (v4/v6). Current > - VNI - Virtual Network Identifier >=20 > There is no direct way found to provide kernel with all required > encapsulatioh header parameters. The encapsulation VTEP is created > attached to the outer interface and assumed as default path for > egress encapsulated traffic. The outer tunnel IP address are > assigned to interface using Netlink, the implicit route is > created like this: >=20 > ip addr add peer dev scope link >=20 > Peer address provides implicit route, and scode link reduces > the risk of conflicts. At initialization time all local scope > link addresses are flushed from device (see next part of patchset). >=20 > The destination MAC address is provided via permenent neigh rule: >=20 > ip neigh add dev lladdr to nud permanent >=20 > At initialization time all neigh rules of this type are flushed > from device (see the next part of patchset). >=20 > Suggested-by: Adrien Mazarguil > Signed-off-by: Viacheslav Ovsiienko > --- Acked-by: Yongseok Koh Thanks > drivers/net/mlx5/mlx5_flow_tcf.c | 386 +++++++++++++++++++++++++++++++++= ++++++ > 1 file changed, 386 insertions(+) >=20 > diff --git a/drivers/net/mlx5/mlx5_flow_tcf.c b/drivers/net/mlx5/mlx5_flo= w_tcf.c > index c6e07f5..eae80ae 100644 > --- a/drivers/net/mlx5/mlx5_flow_tcf.c > +++ b/drivers/net/mlx5/mlx5_flow_tcf.c > @@ -3756,6 +3756,374 @@ struct pedit_parser { > #define MNL_REQUEST_SIZE RTE_MIN(RTE_MAX(sysconf(_SC_PAGESIZE), \ > MNL_REQUEST_SIZE_MIN), MNL_REQUEST_SIZE_MAX) > =20 > +/** > + * Emit Netlink message to add/remove local address to the outer device. > + * The address being added is visible within the link only (scope link). > + * > + * Note that an implicit route is maintained by the kernel due to the > + * presence of a peer address (IFA_ADDRESS). > + * > + * These rules are used for encapsultion only and allow to assign > + * the outer tunnel source IP address. > + * > + * @param[in] tcf > + * Libmnl socket context object. > + * @param[in] encap > + * Encapsulation properties (source address and its peer). > + * @param[in] ifindex > + * Network interface to apply rule. > + * @param[in] enable > + * Toggle between add and remove. > + * @param[out] error > + * Perform verbose error reporting if not NULL. > + * > + * @return > + * 0 on success, a negative errno value otherwise and rte_errno is set= . > + */ > +static int > +flow_tcf_rule_local(struct mlx5_flow_tcf_context *tcf, > + const struct flow_tcf_vxlan_encap *encap, > + unsigned int ifindex, > + bool enable, > + struct rte_flow_error *error) > +{ > + struct nlmsghdr *nlh; > + struct ifaddrmsg *ifa; > + alignas(struct nlmsghdr) > + uint8_t buf[mnl_nlmsg_size(sizeof(*ifa) + 128)]; > + > + nlh =3D mnl_nlmsg_put_header(buf); > + nlh->nlmsg_type =3D enable ? RTM_NEWADDR : RTM_DELADDR; > + nlh->nlmsg_flags =3D > + NLM_F_REQUEST | (enable ? NLM_F_CREATE | NLM_F_REPLACE : 0); > + nlh->nlmsg_seq =3D 0; > + ifa =3D mnl_nlmsg_put_extra_header(nlh, sizeof(*ifa)); > + ifa->ifa_flags =3D IFA_F_PERMANENT; > + ifa->ifa_scope =3D RT_SCOPE_LINK; > + ifa->ifa_index =3D ifindex; > + if (encap->mask & FLOW_TCF_ENCAP_IPV4_SRC) { > + ifa->ifa_family =3D AF_INET; > + ifa->ifa_prefixlen =3D 32; > + mnl_attr_put_u32(nlh, IFA_LOCAL, encap->ipv4.src); > + if (encap->mask & FLOW_TCF_ENCAP_IPV4_DST) > + mnl_attr_put_u32(nlh, IFA_ADDRESS, > + encap->ipv4.dst); > + } else { > + assert(encap->mask & FLOW_TCF_ENCAP_IPV6_SRC); > + ifa->ifa_family =3D AF_INET6; > + ifa->ifa_prefixlen =3D 128; > + mnl_attr_put(nlh, IFA_LOCAL, > + sizeof(encap->ipv6.src), > + &encap->ipv6.src); > + if (encap->mask & FLOW_TCF_ENCAP_IPV6_DST) > + mnl_attr_put(nlh, IFA_ADDRESS, > + sizeof(encap->ipv6.dst), > + &encap->ipv6.dst); > + } > + if (!flow_tcf_nl_ack(tcf, nlh, 0, NULL, NULL)) > + return 0; > + return rte_flow_error_set > + (error, rte_errno, RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL, > + "netlink: cannot complete IFA request (ip addr add)"); > +} > + > +/** > + * Emit Netlink message to add/remove neighbor. > + * > + * @param[in] tcf > + * Libmnl socket context object. > + * @param[in] encap > + * Encapsulation properties (destination address). > + * @param[in] ifindex > + * Network interface. > + * @param[in] enable > + * Toggle between add and remove. > + * @param[out] error > + * Perform verbose error reporting if not NULL. > + * > + * @return > + * 0 on success, a negative errno value otherwise and rte_errno is set= . > + */ > +static int > +flow_tcf_rule_neigh(struct mlx5_flow_tcf_context *tcf, > + const struct flow_tcf_vxlan_encap *encap, > + unsigned int ifindex, > + bool enable, > + struct rte_flow_error *error) > +{ > + struct nlmsghdr *nlh; > + struct ndmsg *ndm; > + alignas(struct nlmsghdr) > + uint8_t buf[mnl_nlmsg_size(sizeof(*ndm) + 128)]; > + > + nlh =3D mnl_nlmsg_put_header(buf); > + nlh->nlmsg_type =3D enable ? RTM_NEWNEIGH : RTM_DELNEIGH; > + nlh->nlmsg_flags =3D > + NLM_F_REQUEST | (enable ? NLM_F_CREATE | NLM_F_REPLACE : 0); > + nlh->nlmsg_seq =3D 0; > + ndm =3D mnl_nlmsg_put_extra_header(nlh, sizeof(*ndm)); > + ndm->ndm_ifindex =3D ifindex; > + ndm->ndm_state =3D NUD_PERMANENT; > + ndm->ndm_flags =3D 0; > + ndm->ndm_type =3D 0; > + if (encap->mask & FLOW_TCF_ENCAP_IPV4_DST) { > + ndm->ndm_family =3D AF_INET; > + mnl_attr_put_u32(nlh, NDA_DST, encap->ipv4.dst); > + } else { > + assert(encap->mask & FLOW_TCF_ENCAP_IPV6_DST); > + ndm->ndm_family =3D AF_INET6; > + mnl_attr_put(nlh, NDA_DST, sizeof(encap->ipv6.dst), > + &encap->ipv6.dst); > + } > + if (encap->mask & FLOW_TCF_ENCAP_ETH_SRC && enable) > + DRV_LOG(WARNING, > + "Outer ethernet source address cannot be " > + "forced for VXLAN encapsulation"); > + if (encap->mask & FLOW_TCF_ENCAP_ETH_DST) > + mnl_attr_put(nlh, NDA_LLADDR, sizeof(encap->eth.dst), > + &encap->eth.dst); > + if (!flow_tcf_nl_ack(tcf, nlh, 0, NULL, NULL)) > + return 0; > + return rte_flow_error_set > + (error, rte_errno, RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL, > + "netlink: cannot complete ND request (ip neigh)"); > +} > + > +/** > + * Manage the local IP addresses and their peers IP addresses on the > + * outer interface for encapsulation purposes. The kernel searches the > + * appropriate device for tunnel egress traffic using the outer source > + * IP, this IP should be assigned to the outer network device, otherwise > + * kernel rejects the rule. > + * > + * Adds or removes the addresses using the Netlink command like this: > + * ip addr add peer scope link dev > + * > + * The addresses are local to the netdev ("scope link"), this reduces > + * the risk of conflicts. Note that an implicit route is maintained by > + * the kernel due to the presence of a peer address (IFA_ADDRESS). > + * > + * @param[in] tcf > + * Libmnl socket context object. > + * @param[in] vtep > + * VTEP object, contains rule database and ifouter index. > + * @param[in] dev_flow > + * Flow object, contains the tunnel parameters (for encap only). > + * @param[in] enable > + * Toggle between add and remove. > + * @param[out] error > + * Perform verbose error reporting if not NULL. > + * > + * @return > + * 0 on success, a negative errno value otherwise and rte_errno is set= . > + */ > +static int > +flow_tcf_encap_local(struct mlx5_flow_tcf_context *tcf, > + struct tcf_vtep *vtep, > + struct mlx5_flow *dev_flow, > + bool enable, > + struct rte_flow_error *error) > +{ > + const struct flow_tcf_vxlan_encap *encap =3D dev_flow->tcf.vxlan_encap; > + struct tcf_local_rule *rule; > + bool found =3D false; > + int ret; > + > + assert(encap); > + assert(encap->hdr.type =3D=3D FLOW_TCF_TUNACT_VXLAN_ENCAP); > + if (encap->mask & FLOW_TCF_ENCAP_IPV4_SRC) { > + assert(encap->mask & FLOW_TCF_ENCAP_IPV4_DST); > + LIST_FOREACH(rule, &vtep->local, next) { > + if (rule->mask & FLOW_TCF_ENCAP_IPV4_SRC && > + encap->ipv4.src =3D=3D rule->ipv4.src && > + encap->ipv4.dst =3D=3D rule->ipv4.dst) { > + found =3D true; > + break; > + } > + } > + } else { > + assert(encap->mask & FLOW_TCF_ENCAP_IPV6_SRC); > + assert(encap->mask & FLOW_TCF_ENCAP_IPV6_DST); > + LIST_FOREACH(rule, &vtep->local, next) { > + if (rule->mask & FLOW_TCF_ENCAP_IPV6_SRC && > + !memcmp(&encap->ipv6.src, &rule->ipv6.src, > + sizeof(encap->ipv6.src)) && > + !memcmp(&encap->ipv6.dst, &rule->ipv6.dst, > + sizeof(encap->ipv6.dst))) { > + found =3D true; > + break; > + } > + } > + } > + if (found) { > + if (enable) { > + rule->refcnt++; > + return 0; > + } > + if (!rule->refcnt || !--rule->refcnt) { > + LIST_REMOVE(rule, next); > + return flow_tcf_rule_local(tcf, encap, > + vtep->ifouter, false, error); > + } > + return 0; > + } > + if (!enable) { > + DRV_LOG(WARNING, "Disabling not existing local rule"); > + rte_flow_error_set > + (error, ENOENT, RTE_FLOW_ERROR_TYPE_UNSPECIFIED, > + NULL, "Disabling not existing local rule"); > + return -ENOENT; > + } > + rule =3D rte_zmalloc(__func__, sizeof(struct tcf_local_rule), > + alignof(struct tcf_local_rule)); > + if (!rule) { > + rte_flow_error_set > + (error, ENOMEM, RTE_FLOW_ERROR_TYPE_UNSPECIFIED, > + NULL, "unable to allocate memory for local rule"); > + return -rte_errno; > + } > + *rule =3D (struct tcf_local_rule){.refcnt =3D 0, > + .mask =3D 0, > + }; > + if (encap->mask & FLOW_TCF_ENCAP_IPV4_SRC) { > + rule->mask =3D FLOW_TCF_ENCAP_IPV4_SRC > + | FLOW_TCF_ENCAP_IPV4_DST; > + rule->ipv4.src =3D encap->ipv4.src; > + rule->ipv4.dst =3D encap->ipv4.dst; > + } else { > + rule->mask =3D FLOW_TCF_ENCAP_IPV6_SRC > + | FLOW_TCF_ENCAP_IPV6_DST; > + memcpy(&rule->ipv6.src, &encap->ipv6.src, > + sizeof(rule->ipv6.src)); > + memcpy(&rule->ipv6.dst, &encap->ipv6.dst, > + sizeof(rule->ipv6.dst)); > + } > + ret =3D flow_tcf_rule_local(tcf, encap, vtep->ifouter, true, error); > + if (ret) { > + rte_free(rule); > + return ret; > + } > + rule->refcnt++; > + LIST_INSERT_HEAD(&vtep->local, rule, next); > + return 0; > +} > + > +/** > + * Manage the destination MAC/IP addresses neigh database, kernel uses > + * this one to determine the destination MAC address within encapsulatio= n > + * header. Adds or removes the entries using the Netlink command like th= is: > + * ip neigh add dev lladdr to nud permane= nt > + * > + * @param[in] tcf > + * Libmnl socket context object. > + * @param[in] vtep > + * VTEP object, contains rule database and ifouter index. > + * @param[in] dev_flow > + * Flow object, contains the tunnel parameters (for encap only). > + * @param[in] enable > + * Toggle between add and remove. > + * @param[out] error > + * Perform verbose error reporting if not NULL. > + * > + * @return > + * 0 on success, a negative errno value otherwise and rte_errno is set= . > + */ > +static int > +flow_tcf_encap_neigh(struct mlx5_flow_tcf_context *tcf, > + struct tcf_vtep *vtep, > + struct mlx5_flow *dev_flow, > + bool enable, > + struct rte_flow_error *error) > +{ > + const struct flow_tcf_vxlan_encap *encap =3D dev_flow->tcf.vxlan_encap; > + struct tcf_neigh_rule *rule; > + bool found =3D false; > + int ret; > + > + assert(encap); > + assert(encap->hdr.type =3D=3D FLOW_TCF_TUNACT_VXLAN_ENCAP); > + if (encap->mask & FLOW_TCF_ENCAP_IPV4_DST) { > + assert(encap->mask & FLOW_TCF_ENCAP_IPV4_SRC); > + LIST_FOREACH(rule, &vtep->neigh, next) { > + if (rule->mask & FLOW_TCF_ENCAP_IPV4_DST && > + encap->ipv4.dst =3D=3D rule->ipv4.dst) { > + found =3D true; > + break; > + } > + } > + } else { > + assert(encap->mask & FLOW_TCF_ENCAP_IPV6_SRC); > + assert(encap->mask & FLOW_TCF_ENCAP_IPV6_DST); > + LIST_FOREACH(rule, &vtep->neigh, next) { > + if (rule->mask & FLOW_TCF_ENCAP_IPV6_DST && > + !memcmp(&encap->ipv6.dst, &rule->ipv6.dst, > + sizeof(encap->ipv6.dst))) { > + found =3D true; > + break; > + } > + } > + } > + if (found) { > + if (memcmp(&encap->eth.dst, &rule->eth, > + sizeof(encap->eth.dst))) { > + DRV_LOG(WARNING, "Destination MAC differs" > + " in neigh rule"); > + rte_flow_error_set(error, EEXIST, > + RTE_FLOW_ERROR_TYPE_UNSPECIFIED, > + NULL, "Different MAC address" > + " neigh rule for the same" > + " destination IP"); > + return -EEXIST; > + } > + if (enable) { > + rule->refcnt++; > + return 0; > + } > + if (!rule->refcnt || !--rule->refcnt) { > + LIST_REMOVE(rule, next); > + return flow_tcf_rule_neigh(tcf, encap, > + vtep->ifouter, > + false, error); > + } > + return 0; > + } > + if (!enable) { > + DRV_LOG(WARNING, "Disabling not existing neigh rule"); > + rte_flow_error_set > + (error, ENOENT, RTE_FLOW_ERROR_TYPE_UNSPECIFIED, > + NULL, "unable to allocate memory for neigh rule"); > + return -ENOENT; > + } > + rule =3D rte_zmalloc(__func__, sizeof(struct tcf_neigh_rule), > + alignof(struct tcf_neigh_rule)); > + if (!rule) { > + rte_flow_error_set > + (error, ENOMEM, RTE_FLOW_ERROR_TYPE_UNSPECIFIED, > + NULL, "unadble to allocate memory for neigh rule"); > + return -rte_errno; > + } > + *rule =3D (struct tcf_neigh_rule){.refcnt =3D 0, > + .mask =3D 0, > + }; > + if (encap->mask & FLOW_TCF_ENCAP_IPV4_DST) { > + rule->mask =3D FLOW_TCF_ENCAP_IPV4_DST; > + rule->ipv4.dst =3D encap->ipv4.dst; > + } else { > + rule->mask =3D FLOW_TCF_ENCAP_IPV6_DST; > + memcpy(&rule->ipv6.dst, &encap->ipv6.dst, > + sizeof(rule->ipv6.dst)); > + } > + memcpy(&rule->eth, &encap->eth.dst, sizeof(rule->eth)); > + ret =3D flow_tcf_rule_neigh(tcf, encap, vtep->ifouter, true, error); > + if (ret) { > + rte_free(rule); > + return ret; > + } > + rule->refcnt++; > + LIST_INSERT_HEAD(&vtep->neigh, rule, next); > + return 0; > +} > + > /* VTEP device list is shared between PMD port instances. */ > static LIST_HEAD(, tcf_vtep) vtep_list_vxlan =3D LIST_HEAD_INITIALIZER()= ; > static pthread_mutex_t vtep_list_mutex =3D PTHREAD_MUTEX_INITIALIZER; > @@ -4032,6 +4400,7 @@ struct pedit_parser { > { > static uint16_t encap_port =3D MLX5_VXLAN_PORT_MIN - 1; > struct tcf_vtep *vtep; > + int ret; > =20 > assert(ifouter); > /* Look whether the attached VTEP for encap is created. */ > @@ -4077,6 +4446,20 @@ struct pedit_parser { > } > assert(vtep->ifouter =3D=3D ifouter); > assert(vtep->ifindex); > + /* Create local ipaddr with peer to specify the outer IPs. */ > + ret =3D flow_tcf_encap_local(tcf, vtep, dev_flow, true, error); > + if (!ret) { > + /* Create neigh rule to specify outer destination MAC. */ > + ret =3D flow_tcf_encap_neigh(tcf, vtep, dev_flow, true, error); > + if (ret) > + flow_tcf_encap_local(tcf, vtep, > + dev_flow, false, error); > + } > + if (ret) { > + if (--vtep->refcnt =3D=3D 0) > + flow_tcf_vtep_delete(tcf, vtep); > + return NULL; > + } > return vtep; > } > =20 > @@ -4146,6 +4529,9 @@ struct pedit_parser { > case FLOW_TCF_TUNACT_VXLAN_DECAP: > break; > case FLOW_TCF_TUNACT_VXLAN_ENCAP: > + /* Remove the encap ancillary rules first. */ > + flow_tcf_encap_neigh(tcf, vtep, dev_flow, false, NULL); > + flow_tcf_encap_local(tcf, vtep, dev_flow, false, NULL); > break; > default: > assert(false); > --=20 > 1.8.3.1 >=20