* [PATCH] net/mlx5: fix IPIP tunnel verification
@ 2025-03-10 11:19 Gregory Etelson
2025-03-13 7:53 ` Raslan Darawsheh
0 siblings, 1 reply; 2+ messages in thread
From: Gregory Etelson @ 2025-03-10 11:19 UTC (permalink / raw)
To: dev
Cc: getelson, ,
rasland, stable, Dariusz Sosnowski, Viacheslav Ovsiienko,
Bing Zhao, Ori Kam, Suanming Mou, Matan Azrad
Assuming a case with the following pattern:
eth / ipv4 / udp / vxlan / eth / ipv4 proto is (IPv4 | IPv6)
MLX5 PMD incorrectly recognized this as a packet encapsulated as
VXLAN and IP in IP at the same packet header level.
This caused a flow validation error.
This patch fixes the inner IP in IP detection logic.
Fixes: 2db234e769e1 ("net/mlx5: fix IP-in-IP tunnels recognition")
Cc: stable@dpdk.org
Signed-off-by: Gregory Etelson <getelson@nvidia.com>
Acked-by: Dariusz Sosnowski <dsosnowski@nvidia.com>
---
drivers/net/mlx5/mlx5_flow_dv.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/net/mlx5/mlx5_flow_dv.c b/drivers/net/mlx5/mlx5_flow_dv.c
index 61d3101ce8..2d03a3f480 100644
--- a/drivers/net/mlx5/mlx5_flow_dv.c
+++ b/drivers/net/mlx5/mlx5_flow_dv.c
@@ -7925,7 +7925,10 @@ flow_dv_validate(struct rte_eth_dev *dev, const struct rte_flow_attr *attr,
mlx5_flow_tunnel_ip_check(items, next_protocol,
item_flags,
&l3_tunnel_flag);
- if (l3_tunnel_detection == l3_tunnel_inner) {
+ /*
+ * explicitly allow inner IPIP match
+ */
+ if (l3_tunnel_detection == l3_tunnel_outer) {
item_flags |= l3_tunnel_flag;
tunnel = 1;
}
@@ -7949,7 +7952,10 @@ flow_dv_validate(struct rte_eth_dev *dev, const struct rte_flow_attr *attr,
mlx5_flow_tunnel_ip_check(items, next_protocol,
item_flags,
&l3_tunnel_flag);
- if (l3_tunnel_detection == l3_tunnel_inner) {
+ /*
+ * explicitly allow inner IPIP match
+ */
+ if (l3_tunnel_detection == l3_tunnel_outer) {
item_flags |= l3_tunnel_flag;
tunnel = 1;
}
--
2.45.2
^ permalink raw reply [flat|nested] 2+ messages in thread* Re: [PATCH] net/mlx5: fix IPIP tunnel verification
2025-03-10 11:19 [PATCH] net/mlx5: fix IPIP tunnel verification Gregory Etelson
@ 2025-03-13 7:53 ` Raslan Darawsheh
0 siblings, 0 replies; 2+ messages in thread
From: Raslan Darawsheh @ 2025-03-13 7:53 UTC (permalink / raw)
To: Gregory Etelson, dev
Cc: Maayan Kashani, stable, Dariusz Sosnowski, Slava Ovsiienko,
Bing Zhao, Ori Kam, Suanming Mou, Matan Azrad
Hi,
From: Gregory Etelson <getelson@nvidia.com>
Sent: Monday, March 10, 2025 1:19 PM
To: dev@dpdk.org
Cc: Gregory Etelson; Maayan Kashani; Raslan Darawsheh; stable@dpdk.org; Dariusz Sosnowski; Slava Ovsiienko; Bing Zhao; Ori Kam; Suanming Mou; Matan Azrad
Subject: [PATCH] net/mlx5: fix IPIP tunnel verification
Assuming a case with the following pattern:
eth / ipv4 / udp / vxlan / eth / ipv4 proto is (IPv4 | IPv6)
MLX5 PMD incorrectly recognized this as a packet encapsulated as
VXLAN and IP in IP at the same packet header level.
This caused a flow validation error.
This patch fixes the inner IP in IP detection logic.
Fixes: 2db234e769e1 ("net/mlx5: fix IP-in-IP tunnels recognition")
Cc: stable@dpdk.org
Signed-off-by: Gregory Etelson <getelson@nvidia.com>
Acked-by: Dariusz Sosnowski <dsosnowski@nvidia.com>
Patch applied to next-net-mlx,
Kindest regards,
Raslan Darawsheh
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-03-13 7:53 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-03-10 11:19 [PATCH] net/mlx5: fix IPIP tunnel verification Gregory Etelson
2025-03-13 7:53 ` Raslan Darawsheh
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).