From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30084.outbound.protection.outlook.com [40.107.3.84]) by dpdk.org (Postfix) with ESMTP id C3A3A1B1DD for ; Thu, 1 Nov 2018 13:19:35 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Mellanox.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SeN7I0DsEgkI13su8OfMdj8JqUr046kimLyVoDetMno=; b=UGvshRPlhZ05f9sSZ6iT2h0Bpn7uZELPkfykbSZAyjnYEdp18WPyK7hOm4rFsTDQS6wdbjxF6JpxIfxP0aAzLH9i9v1RuKVbGypoPmI59FyFGm9KmhsF3tX8DnuFkuDGLCLs1jOd0tPuWSsyK7UkJTW47gG6Rh0ajsF+fVJDU7Y= Received: from AM4PR05MB3265.eurprd05.prod.outlook.com (10.171.186.150) by AM4PR05MB1457.eurprd05.prod.outlook.com (10.164.79.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1273.20; Thu, 1 Nov 2018 12:19:34 +0000 Received: from AM4PR05MB3265.eurprd05.prod.outlook.com ([fe80::544b:a68d:e6a5:ba6e]) by AM4PR05MB3265.eurprd05.prod.outlook.com ([fe80::544b:a68d:e6a5:ba6e%2]) with mapi id 15.20.1273.030; Thu, 1 Nov 2018 12:19:34 +0000 From: Slava Ovsiienko To: Shahaf Shuler CC: "dev@dpdk.org" , Yongseok Koh , Slava Ovsiienko Thread-Topic: [PATCH v3 12/13] net/mlx5: add e-switch VXLAN encapsulation rules Thread-Index: AQHUcd0mrZZu4L44ykqiEclpCggDHQ== Date: Thu, 1 Nov 2018 12:19:34 +0000 Message-ID: <1541074741-41368-13-git-send-email-viacheslavo@mellanox.com> References: <1539612815-47199-1-git-send-email-viacheslavo@mellanox.com> <1541074741-41368-1-git-send-email-viacheslavo@mellanox.com> In-Reply-To: <1541074741-41368-1-git-send-email-viacheslavo@mellanox.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: LO2P265CA0079.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:8::19) To AM4PR05MB3265.eurprd05.prod.outlook.com (2603:10a6:205:4::22) authentication-results: spf=none (sender IP is ) smtp.mailfrom=viacheslavo@mellanox.com; x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [37.142.13.130] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; AM4PR05MB1457; 6:otIYb9ZwGxc4aQwTe+nYuYu+Ov+qRwnsICZrXfIzLnSUbwOTW0lqrSAo3NigZk7IbXkjlacMo+/9aeP7N4K6C+N2Abmt1PPvYkt4O1YeFr9LeBzW7xrVf95+CMcF7oxMA6Jrvte7vzCsGCq8h5Cn1sVlQGzsgvx6s/h3q3MDzEP5U3aWLShxJMV+zaYbrrRvBLfBTKteeFVxLwneG20YBM5i8bQY6DD2B6IOl21zSE1iLZl6UraqE3wrTi9FaUb1PqgTv0RFZqmMn6hbllW3GStTuokC+O/3CzaFsEEAVF/zZaQYyK7fV5gRPDqnktujBMLv3luqc761he7ytKQ/ewDH2mcSCNxgbwjdEAoZnDBc+NjtKLWlvUS5dS2Nr2ql8n3def/a5o4rDUeA93jS0HJKfC5ydhwUCXtRIpGUJUXoS952BHk86AAUdU9v08BFSvcp7q6Gc4LvWL91MQY6aQ==; 5:Eio2dVQe0BOUhNkQ5wbvzfBw22WLTKoD6kR6RAyJC1DoimV6Z+37PxmaU7c7PCY1/aZdET7zR+rd44+a+mMqhiHc6GNJeeVu11MO8FKyNXdSzHQWtsLumBT3FfDn0cQfy5ez41Ac3S2hb0Fz6WVEM2Js9bp22LZMI97fe2R65zU=; 7:SDQju1/fMdw1RL93h0v7pssVHfFZBCAPgtkGMnUnwP06sW3odY+oBoTTc2qRNOICIpLBx/E6WJTblW3swUAclqVjBS0qZo/RR70MWyCpgpIhRjATz8ebqY4LchzNfQGnWbnHhNpKs/tphMPvbjKlsA== x-ms-office365-filtering-correlation-id: 0f56e435-f928-43da-b71f-08d63ff44885 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:AM4PR05MB1457; x-ms-traffictypediagnostic: AM4PR05MB1457: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(211171220733660); x-ms-exchange-senderadcheck: 1 x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3231382)(944501410)(52105095)(93006095)(93001095)(10201501046)(3002001)(6055026)(148016)(149066)(150057)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123562045)(20161123564045)(20161123560045)(201708071742011)(7699051)(76991095); SRVR:AM4PR05MB1457; BCL:0; PCL:0; RULEID:; SRVR:AM4PR05MB1457; x-forefront-prvs: 0843C17679 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(396003)(39860400002)(346002)(136003)(366004)(199004)(189003)(11346002)(446003)(106356001)(476003)(105586002)(4326008)(97736004)(2616005)(478600001)(6636002)(5250100002)(99286004)(486006)(66066001)(6862004)(2900100001)(25786009)(37006003)(54906003)(5660300001)(316002)(8936002)(8676002)(81156014)(81166006)(4744004)(68736007)(7736002)(305945005)(3846002)(6116002)(76176011)(2906002)(102836004)(26005)(186003)(386003)(6506007)(107886003)(14454004)(6486002)(52116002)(6512007)(53936002)(6436002)(36756003)(86362001)(71190400001)(71200400001)(14444005)(5024004)(256004); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR05MB1457; H:AM4PR05MB3265.eurprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: mellanox.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: 9rpoNj16KPzO5DqVRUT6HIFqxn9mJvNY8rMIHNpm3R6GMUs2kxjFcczLfsjBDfK1PhMIrIhLxI077xGHvlzIl/UXwr9Z88WOhQmk4EI8O/G4zIwFKWrA3z77cL5vBmC9DqjjzUrnlkM7Zoznqs6Y//ZvmL8rEWCfR4vcjknpSv1L8yY2TSbcFUBEynvcddmcK9V1HjgfvH57OARZ81RT1pIGLsdPH24UporczskJVAi26atSUOo/eMyhWabD98ndZ8ZBJHad21q1zZPJP0kJJU+NDp9LYKsJNvwZSFqxfkpz7XjwOWeYoUSuYGu94JXkO7nUwTo2rUEV6ycoUxHayZURp+GSq1KlmdqpezVN5+g= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: Mellanox.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0f56e435-f928-43da-b71f-08d63ff44885 X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Nov 2018 12:19:34.4702 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: a652971c-7d2e-4d9b-a6a4-d149256f461b X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR05MB1457 Subject: [dpdk-dev] [PATCH v3 12/13] net/mlx5: add e-switch VXLAN encapsulation rules X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Nov 2018 12:19:36 -0000 VXLAN encap rules are applied to the VF ingress traffic and have the VTEP as actual redirection destinations instead of outer PF. The encapsulation rule should provide: - redirection action VF->PF - VF port ID - some inner network parameters (MACs/IP) - the tunnel outer source IP (v4/v6) - the tunnel outer destination IP (v4/v6). Current - VNI - Virtual Network Identifier There is no direct way found to provide kernel with all required encapsulatioh header parameters. The encapsulation VTEP is created attached to the outer interface and assumed as default path for egress encapsulated traffic. The outer tunnel IP address are assigned to interface using Netlink, the implicit route is created like this: ip addr add peer dev scope link Peer address provides implicit route, and scode link reduces the risk of conflicts. At initialization time all local scope link addresses are flushed from device (see next part of patchset). The destination MAC address is provided via permenent neigh rule: ip neigh add dev lladdr to nud permanent At initialization time all neigh rules of this type are flushed from device (see the next part of patchset). Suggested-by: Adrien Mazarguil Signed-off-by: Viacheslav Ovsiienko --- drivers/net/mlx5/mlx5_flow_tcf.c | 386 +++++++++++++++++++++++++++++++++++= ++++ 1 file changed, 386 insertions(+) diff --git a/drivers/net/mlx5/mlx5_flow_tcf.c b/drivers/net/mlx5/mlx5_flow_= tcf.c index c6e07f5..eae80ae 100644 --- a/drivers/net/mlx5/mlx5_flow_tcf.c +++ b/drivers/net/mlx5/mlx5_flow_tcf.c @@ -3756,6 +3756,374 @@ struct pedit_parser { #define MNL_REQUEST_SIZE RTE_MIN(RTE_MAX(sysconf(_SC_PAGESIZE), \ MNL_REQUEST_SIZE_MIN), MNL_REQUEST_SIZE_MAX) =20 +/** + * Emit Netlink message to add/remove local address to the outer device. + * The address being added is visible within the link only (scope link). + * + * Note that an implicit route is maintained by the kernel due to the + * presence of a peer address (IFA_ADDRESS). + * + * These rules are used for encapsultion only and allow to assign + * the outer tunnel source IP address. + * + * @param[in] tcf + * Libmnl socket context object. + * @param[in] encap + * Encapsulation properties (source address and its peer). + * @param[in] ifindex + * Network interface to apply rule. + * @param[in] enable + * Toggle between add and remove. + * @param[out] error + * Perform verbose error reporting if not NULL. + * + * @return + * 0 on success, a negative errno value otherwise and rte_errno is set. + */ +static int +flow_tcf_rule_local(struct mlx5_flow_tcf_context *tcf, + const struct flow_tcf_vxlan_encap *encap, + unsigned int ifindex, + bool enable, + struct rte_flow_error *error) +{ + struct nlmsghdr *nlh; + struct ifaddrmsg *ifa; + alignas(struct nlmsghdr) + uint8_t buf[mnl_nlmsg_size(sizeof(*ifa) + 128)]; + + nlh =3D mnl_nlmsg_put_header(buf); + nlh->nlmsg_type =3D enable ? RTM_NEWADDR : RTM_DELADDR; + nlh->nlmsg_flags =3D + NLM_F_REQUEST | (enable ? NLM_F_CREATE | NLM_F_REPLACE : 0); + nlh->nlmsg_seq =3D 0; + ifa =3D mnl_nlmsg_put_extra_header(nlh, sizeof(*ifa)); + ifa->ifa_flags =3D IFA_F_PERMANENT; + ifa->ifa_scope =3D RT_SCOPE_LINK; + ifa->ifa_index =3D ifindex; + if (encap->mask & FLOW_TCF_ENCAP_IPV4_SRC) { + ifa->ifa_family =3D AF_INET; + ifa->ifa_prefixlen =3D 32; + mnl_attr_put_u32(nlh, IFA_LOCAL, encap->ipv4.src); + if (encap->mask & FLOW_TCF_ENCAP_IPV4_DST) + mnl_attr_put_u32(nlh, IFA_ADDRESS, + encap->ipv4.dst); + } else { + assert(encap->mask & FLOW_TCF_ENCAP_IPV6_SRC); + ifa->ifa_family =3D AF_INET6; + ifa->ifa_prefixlen =3D 128; + mnl_attr_put(nlh, IFA_LOCAL, + sizeof(encap->ipv6.src), + &encap->ipv6.src); + if (encap->mask & FLOW_TCF_ENCAP_IPV6_DST) + mnl_attr_put(nlh, IFA_ADDRESS, + sizeof(encap->ipv6.dst), + &encap->ipv6.dst); + } + if (!flow_tcf_nl_ack(tcf, nlh, 0, NULL, NULL)) + return 0; + return rte_flow_error_set + (error, rte_errno, RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL, + "netlink: cannot complete IFA request (ip addr add)"); +} + +/** + * Emit Netlink message to add/remove neighbor. + * + * @param[in] tcf + * Libmnl socket context object. + * @param[in] encap + * Encapsulation properties (destination address). + * @param[in] ifindex + * Network interface. + * @param[in] enable + * Toggle between add and remove. + * @param[out] error + * Perform verbose error reporting if not NULL. + * + * @return + * 0 on success, a negative errno value otherwise and rte_errno is set. + */ +static int +flow_tcf_rule_neigh(struct mlx5_flow_tcf_context *tcf, + const struct flow_tcf_vxlan_encap *encap, + unsigned int ifindex, + bool enable, + struct rte_flow_error *error) +{ + struct nlmsghdr *nlh; + struct ndmsg *ndm; + alignas(struct nlmsghdr) + uint8_t buf[mnl_nlmsg_size(sizeof(*ndm) + 128)]; + + nlh =3D mnl_nlmsg_put_header(buf); + nlh->nlmsg_type =3D enable ? RTM_NEWNEIGH : RTM_DELNEIGH; + nlh->nlmsg_flags =3D + NLM_F_REQUEST | (enable ? NLM_F_CREATE | NLM_F_REPLACE : 0); + nlh->nlmsg_seq =3D 0; + ndm =3D mnl_nlmsg_put_extra_header(nlh, sizeof(*ndm)); + ndm->ndm_ifindex =3D ifindex; + ndm->ndm_state =3D NUD_PERMANENT; + ndm->ndm_flags =3D 0; + ndm->ndm_type =3D 0; + if (encap->mask & FLOW_TCF_ENCAP_IPV4_DST) { + ndm->ndm_family =3D AF_INET; + mnl_attr_put_u32(nlh, NDA_DST, encap->ipv4.dst); + } else { + assert(encap->mask & FLOW_TCF_ENCAP_IPV6_DST); + ndm->ndm_family =3D AF_INET6; + mnl_attr_put(nlh, NDA_DST, sizeof(encap->ipv6.dst), + &encap->ipv6.dst); + } + if (encap->mask & FLOW_TCF_ENCAP_ETH_SRC && enable) + DRV_LOG(WARNING, + "Outer ethernet source address cannot be " + "forced for VXLAN encapsulation"); + if (encap->mask & FLOW_TCF_ENCAP_ETH_DST) + mnl_attr_put(nlh, NDA_LLADDR, sizeof(encap->eth.dst), + &encap->eth.dst); + if (!flow_tcf_nl_ack(tcf, nlh, 0, NULL, NULL)) + return 0; + return rte_flow_error_set + (error, rte_errno, RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL, + "netlink: cannot complete ND request (ip neigh)"); +} + +/** + * Manage the local IP addresses and their peers IP addresses on the + * outer interface for encapsulation purposes. The kernel searches the + * appropriate device for tunnel egress traffic using the outer source + * IP, this IP should be assigned to the outer network device, otherwise + * kernel rejects the rule. + * + * Adds or removes the addresses using the Netlink command like this: + * ip addr add peer scope link dev + * + * The addresses are local to the netdev ("scope link"), this reduces + * the risk of conflicts. Note that an implicit route is maintained by + * the kernel due to the presence of a peer address (IFA_ADDRESS). + * + * @param[in] tcf + * Libmnl socket context object. + * @param[in] vtep + * VTEP object, contains rule database and ifouter index. + * @param[in] dev_flow + * Flow object, contains the tunnel parameters (for encap only). + * @param[in] enable + * Toggle between add and remove. + * @param[out] error + * Perform verbose error reporting if not NULL. + * + * @return + * 0 on success, a negative errno value otherwise and rte_errno is set. + */ +static int +flow_tcf_encap_local(struct mlx5_flow_tcf_context *tcf, + struct tcf_vtep *vtep, + struct mlx5_flow *dev_flow, + bool enable, + struct rte_flow_error *error) +{ + const struct flow_tcf_vxlan_encap *encap =3D dev_flow->tcf.vxlan_encap; + struct tcf_local_rule *rule; + bool found =3D false; + int ret; + + assert(encap); + assert(encap->hdr.type =3D=3D FLOW_TCF_TUNACT_VXLAN_ENCAP); + if (encap->mask & FLOW_TCF_ENCAP_IPV4_SRC) { + assert(encap->mask & FLOW_TCF_ENCAP_IPV4_DST); + LIST_FOREACH(rule, &vtep->local, next) { + if (rule->mask & FLOW_TCF_ENCAP_IPV4_SRC && + encap->ipv4.src =3D=3D rule->ipv4.src && + encap->ipv4.dst =3D=3D rule->ipv4.dst) { + found =3D true; + break; + } + } + } else { + assert(encap->mask & FLOW_TCF_ENCAP_IPV6_SRC); + assert(encap->mask & FLOW_TCF_ENCAP_IPV6_DST); + LIST_FOREACH(rule, &vtep->local, next) { + if (rule->mask & FLOW_TCF_ENCAP_IPV6_SRC && + !memcmp(&encap->ipv6.src, &rule->ipv6.src, + sizeof(encap->ipv6.src)) && + !memcmp(&encap->ipv6.dst, &rule->ipv6.dst, + sizeof(encap->ipv6.dst))) { + found =3D true; + break; + } + } + } + if (found) { + if (enable) { + rule->refcnt++; + return 0; + } + if (!rule->refcnt || !--rule->refcnt) { + LIST_REMOVE(rule, next); + return flow_tcf_rule_local(tcf, encap, + vtep->ifouter, false, error); + } + return 0; + } + if (!enable) { + DRV_LOG(WARNING, "Disabling not existing local rule"); + rte_flow_error_set + (error, ENOENT, RTE_FLOW_ERROR_TYPE_UNSPECIFIED, + NULL, "Disabling not existing local rule"); + return -ENOENT; + } + rule =3D rte_zmalloc(__func__, sizeof(struct tcf_local_rule), + alignof(struct tcf_local_rule)); + if (!rule) { + rte_flow_error_set + (error, ENOMEM, RTE_FLOW_ERROR_TYPE_UNSPECIFIED, + NULL, "unable to allocate memory for local rule"); + return -rte_errno; + } + *rule =3D (struct tcf_local_rule){.refcnt =3D 0, + .mask =3D 0, + }; + if (encap->mask & FLOW_TCF_ENCAP_IPV4_SRC) { + rule->mask =3D FLOW_TCF_ENCAP_IPV4_SRC + | FLOW_TCF_ENCAP_IPV4_DST; + rule->ipv4.src =3D encap->ipv4.src; + rule->ipv4.dst =3D encap->ipv4.dst; + } else { + rule->mask =3D FLOW_TCF_ENCAP_IPV6_SRC + | FLOW_TCF_ENCAP_IPV6_DST; + memcpy(&rule->ipv6.src, &encap->ipv6.src, + sizeof(rule->ipv6.src)); + memcpy(&rule->ipv6.dst, &encap->ipv6.dst, + sizeof(rule->ipv6.dst)); + } + ret =3D flow_tcf_rule_local(tcf, encap, vtep->ifouter, true, error); + if (ret) { + rte_free(rule); + return ret; + } + rule->refcnt++; + LIST_INSERT_HEAD(&vtep->local, rule, next); + return 0; +} + +/** + * Manage the destination MAC/IP addresses neigh database, kernel uses + * this one to determine the destination MAC address within encapsulation + * header. Adds or removes the entries using the Netlink command like this= : + * ip neigh add dev lladdr to nud permanent + * + * @param[in] tcf + * Libmnl socket context object. + * @param[in] vtep + * VTEP object, contains rule database and ifouter index. + * @param[in] dev_flow + * Flow object, contains the tunnel parameters (for encap only). + * @param[in] enable + * Toggle between add and remove. + * @param[out] error + * Perform verbose error reporting if not NULL. + * + * @return + * 0 on success, a negative errno value otherwise and rte_errno is set. + */ +static int +flow_tcf_encap_neigh(struct mlx5_flow_tcf_context *tcf, + struct tcf_vtep *vtep, + struct mlx5_flow *dev_flow, + bool enable, + struct rte_flow_error *error) +{ + const struct flow_tcf_vxlan_encap *encap =3D dev_flow->tcf.vxlan_encap; + struct tcf_neigh_rule *rule; + bool found =3D false; + int ret; + + assert(encap); + assert(encap->hdr.type =3D=3D FLOW_TCF_TUNACT_VXLAN_ENCAP); + if (encap->mask & FLOW_TCF_ENCAP_IPV4_DST) { + assert(encap->mask & FLOW_TCF_ENCAP_IPV4_SRC); + LIST_FOREACH(rule, &vtep->neigh, next) { + if (rule->mask & FLOW_TCF_ENCAP_IPV4_DST && + encap->ipv4.dst =3D=3D rule->ipv4.dst) { + found =3D true; + break; + } + } + } else { + assert(encap->mask & FLOW_TCF_ENCAP_IPV6_SRC); + assert(encap->mask & FLOW_TCF_ENCAP_IPV6_DST); + LIST_FOREACH(rule, &vtep->neigh, next) { + if (rule->mask & FLOW_TCF_ENCAP_IPV6_DST && + !memcmp(&encap->ipv6.dst, &rule->ipv6.dst, + sizeof(encap->ipv6.dst))) { + found =3D true; + break; + } + } + } + if (found) { + if (memcmp(&encap->eth.dst, &rule->eth, + sizeof(encap->eth.dst))) { + DRV_LOG(WARNING, "Destination MAC differs" + " in neigh rule"); + rte_flow_error_set(error, EEXIST, + RTE_FLOW_ERROR_TYPE_UNSPECIFIED, + NULL, "Different MAC address" + " neigh rule for the same" + " destination IP"); + return -EEXIST; + } + if (enable) { + rule->refcnt++; + return 0; + } + if (!rule->refcnt || !--rule->refcnt) { + LIST_REMOVE(rule, next); + return flow_tcf_rule_neigh(tcf, encap, + vtep->ifouter, + false, error); + } + return 0; + } + if (!enable) { + DRV_LOG(WARNING, "Disabling not existing neigh rule"); + rte_flow_error_set + (error, ENOENT, RTE_FLOW_ERROR_TYPE_UNSPECIFIED, + NULL, "unable to allocate memory for neigh rule"); + return -ENOENT; + } + rule =3D rte_zmalloc(__func__, sizeof(struct tcf_neigh_rule), + alignof(struct tcf_neigh_rule)); + if (!rule) { + rte_flow_error_set + (error, ENOMEM, RTE_FLOW_ERROR_TYPE_UNSPECIFIED, + NULL, "unadble to allocate memory for neigh rule"); + return -rte_errno; + } + *rule =3D (struct tcf_neigh_rule){.refcnt =3D 0, + .mask =3D 0, + }; + if (encap->mask & FLOW_TCF_ENCAP_IPV4_DST) { + rule->mask =3D FLOW_TCF_ENCAP_IPV4_DST; + rule->ipv4.dst =3D encap->ipv4.dst; + } else { + rule->mask =3D FLOW_TCF_ENCAP_IPV6_DST; + memcpy(&rule->ipv6.dst, &encap->ipv6.dst, + sizeof(rule->ipv6.dst)); + } + memcpy(&rule->eth, &encap->eth.dst, sizeof(rule->eth)); + ret =3D flow_tcf_rule_neigh(tcf, encap, vtep->ifouter, true, error); + if (ret) { + rte_free(rule); + return ret; + } + rule->refcnt++; + LIST_INSERT_HEAD(&vtep->neigh, rule, next); + return 0; +} + /* VTEP device list is shared between PMD port instances. */ static LIST_HEAD(, tcf_vtep) vtep_list_vxlan =3D LIST_HEAD_INITIALIZER(); static pthread_mutex_t vtep_list_mutex =3D PTHREAD_MUTEX_INITIALIZER; @@ -4032,6 +4400,7 @@ struct pedit_parser { { static uint16_t encap_port =3D MLX5_VXLAN_PORT_MIN - 1; struct tcf_vtep *vtep; + int ret; =20 assert(ifouter); /* Look whether the attached VTEP for encap is created. */ @@ -4077,6 +4446,20 @@ struct pedit_parser { } assert(vtep->ifouter =3D=3D ifouter); assert(vtep->ifindex); + /* Create local ipaddr with peer to specify the outer IPs. */ + ret =3D flow_tcf_encap_local(tcf, vtep, dev_flow, true, error); + if (!ret) { + /* Create neigh rule to specify outer destination MAC. */ + ret =3D flow_tcf_encap_neigh(tcf, vtep, dev_flow, true, error); + if (ret) + flow_tcf_encap_local(tcf, vtep, + dev_flow, false, error); + } + if (ret) { + if (--vtep->refcnt =3D=3D 0) + flow_tcf_vtep_delete(tcf, vtep); + return NULL; + } return vtep; } =20 @@ -4146,6 +4529,9 @@ struct pedit_parser { case FLOW_TCF_TUNACT_VXLAN_DECAP: break; case FLOW_TCF_TUNACT_VXLAN_ENCAP: + /* Remove the encap ancillary rules first. */ + flow_tcf_encap_neigh(tcf, vtep, dev_flow, false, NULL); + flow_tcf_encap_local(tcf, vtep, dev_flow, false, NULL); break; default: assert(false); --=20 1.8.3.1