From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 04258A04DD;
	Thu, 22 Oct 2020 10:26:55 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id E44CAA92B;
	Thu, 22 Oct 2020 10:26:53 +0200 (CEST)
Received: from mellanox.co.il (mail-il-dmz.mellanox.com [193.47.165.129])
 by dpdk.org (Postfix) with ESMTP id 225ABA902
 for <dev@dpdk.org>; Thu, 22 Oct 2020 10:26:52 +0200 (CEST)
Received: from Internal Mail-Server by MTLPINE1 (envelope-from
 elibr@nvidia.com) with SMTP; 22 Oct 2020 11:26:49 +0300
Received: from nvidia.com (dev-r-vrt-214.mtr.labs.mlnx [10.212.214.1])
 by labmailer.mlnx (8.13.8/8.13.8) with ESMTP id 09M8Qn6m028014;
 Thu, 22 Oct 2020 11:26:49 +0300
From: Eli Britstein <elibr@nvidia.com>
To: dev@dpdk.org
Cc: Dekel Peled <dekelp@nvidia.com>, Ori Kam <orika@nvidia.com>,
 Matan Azrad <matan@nvidia.com>, Raslan Darawsheh <rasland@nvidia.com>,
 Slava Ovsiienko <viacheslavo@nvidia.com>,
 Shahaf Shuler <shahafs@nvidia.com>, Asaf Penso <asafp@nvidia.com>,
 Eli Britstein <elibr@nvidia.com>
Date: Thu, 22 Oct 2020 08:26:29 +0000
Message-Id: <20201022082629.9160-1-elibr@nvidia.com>
X-Mailer: git-send-email 2.28.0.546.g385c171
In-Reply-To: <MW2PR12MB249297E6E9826D4198E74198DF1C0@MW2PR12MB2492.namprd12.prod.outlook.com>
References: <MW2PR12MB249297E6E9826D4198E74198DF1C0@MW2PR12MB2492.namprd12.prod.outlook.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: [dpdk-dev] [PATCH V3 1/1] net/mlx5: fix IPv6 next proto validation
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Previous patch added validation of the IPv6 next proto field, in order
to overcome a known limitation.
One of the values checked is IPPROTO_HOPOPTS, which is defined as 0.
If proto field is not specified for matching, or mask=0, as in the
following, a wrong validation takes place.
flow create 0 ingress pattern eth / ipv6 has_frag_ext is 0 / end actions
drop / end
Fix the validation only on proto asked by the user.

Fixes: 92be60e1b541 ("net/mlx5: enforce limitation on IPv6 next proto")

Signed-off-by: Eli Britstein <elibr@nvidia.com>
Acked-by: Dekel Peled <dekelp@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>
---
 drivers/net/mlx5/mlx5_flow.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/mlx5/mlx5_flow.c b/drivers/net/mlx5/mlx5_flow.c
index 22fb4ee60a..d7243a878b 100644
--- a/drivers/net/mlx5/mlx5_flow.c
+++ b/drivers/net/mlx5/mlx5_flow.c
@@ -1979,8 +1979,8 @@ mlx5_flow_validate_item_ipv6(const struct rte_flow_item *item,
 					  RTE_FLOW_ERROR_TYPE_ITEM, item,
 					  "IPv6 cannot follow L2/VLAN layer "
 					  "which ether type is not IPv6");
-	if (mask && spec)
-		next_proto = mask->hdr.proto & spec->hdr.proto;
+	if (mask && mask->hdr.proto == UINT8_MAX && spec)
+		next_proto = spec->hdr.proto;
 	if (item_flags & MLX5_FLOW_LAYER_IPV6_ENCAP) {
 		if (next_proto == IPPROTO_IPIP || next_proto == IPPROTO_IPV6)
 			return rte_flow_error_set(error, EINVAL,
-- 
2.28.0.546.g385c171