From: Shiri Kuzin <shirik@nvidia.com>
To: dev@dpdk.org
Cc: matan@nvidia.com, viacheslavo@nvidia.com, shahafs@nvidia.com,
rasland@nvidia.com, stable@dpdk.org
Subject: [dpdk-dev] [PATCH] net/mlx5: fix refuse empty VLAN validation
Date: Tue, 19 Jan 2021 19:07:00 +0200 [thread overview]
Message-ID: <20210119170700.25918-1-shirik@nvidia.com> (raw)
In verbs, an empty VLAN is equivalent to a packet without VLAN layer,
hence, the VLAN item should not be empty and this case is rejected.
However, the case for ether type of VLAN without following VLAN item
was not validated, allowing the creation of a flow with empty
VLAN item.
To fix this issue a validation was added requiring ether type of VLAN
will be followed with VLAN item.
Fixes: 0b1edd21cd78 ("net/mlx5: refuse empty VLAN flow specification")
Cc: stable@dpdk.org
Signed-off-by: Shiri Kuzin <shirik@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>
---
drivers/net/mlx5/mlx5_flow_verbs.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/net/mlx5/mlx5_flow_verbs.c b/drivers/net/mlx5/mlx5_flow_verbs.c
index 2d4381946d..827d2ecf9d 100644
--- a/drivers/net/mlx5/mlx5_flow_verbs.c
+++ b/drivers/net/mlx5/mlx5_flow_verbs.c
@@ -1253,6 +1253,7 @@ flow_verbs_validate(struct rte_eth_dev *dev,
uint64_t last_item = 0;
uint8_t next_protocol = 0xff;
uint16_t ether_type = 0;
+ bool is_empty_vlan = false;
if (items == NULL)
return -1;
@@ -1280,6 +1281,8 @@ flow_verbs_validate(struct rte_eth_dev *dev,
ether_type &=
((const struct rte_flow_item_eth *)
items->mask)->type;
+ if (ether_type == RTE_BE16(RTE_ETHER_TYPE_VLAN))
+ is_empty_vlan = true;
ether_type = rte_be_to_cpu_16(ether_type);
} else {
ether_type = 0;
@@ -1305,6 +1308,7 @@ flow_verbs_validate(struct rte_eth_dev *dev,
} else {
ether_type = 0;
}
+ is_empty_vlan = false;
break;
case RTE_FLOW_ITEM_TYPE_IPV4:
ret = mlx5_flow_validate_item_ipv4
@@ -1416,6 +1420,10 @@ flow_verbs_validate(struct rte_eth_dev *dev,
}
item_flags |= last_item;
}
+ if (is_empty_vlan)
+ return rte_flow_error_set(error, ENOTSUP,
+ RTE_FLOW_ERROR_TYPE_ITEM, NULL,
+ "VLAN matching without vid specification is not supported");
for (; actions->type != RTE_FLOW_ACTION_TYPE_END; actions++) {
switch (actions->type) {
case RTE_FLOW_ACTION_TYPE_VOID:
--
2.21.0
next reply other threads:[~2021-01-19 17:07 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-19 17:07 Shiri Kuzin [this message]
2021-01-24 10:44 ` Raslan Darawsheh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210119170700.25918-1-shirik@nvidia.com \
--to=shirik@nvidia.com \
--cc=dev@dpdk.org \
--cc=matan@nvidia.com \
--cc=rasland@nvidia.com \
--cc=shahafs@nvidia.com \
--cc=stable@dpdk.org \
--cc=viacheslavo@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).