[dpdk-dev] [PATCH] net/mlx5: fix IPv6 next proto validation

[Dekel Peled]

Previous patch added validation of the IPv6 next proto field, in order
to overcome a known limitation.
One of the values checked is IPPROTO_HOPOPTS, which is currently defined
as value 0.
The same value 0 is received when next proto field is not specified for
matching, or has mask 0.

This patch updates the validation, to make sure next proto is not 0
before validating it.

Fixes: 55e4c1d1ba73 ("net/mlx5: enforce limitation on IPv6 next proto")

Signed-off-by: Dekel Peled <dekelp at nvidia.com>
Acked-by: Ori Kam <orika at nvidia.com>
---
 drivers/net/mlx5/mlx5_flow.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/drivers/net/mlx5/mlx5_flow.c b/drivers/net/mlx5/mlx5_flow.c
index c56dac8..74af207 100644
--- a/drivers/net/mlx5/mlx5_flow.c
+++ b/drivers/net/mlx5/mlx5_flow.c
@@ -1987,12 +1987,13 @@ struct mlx5_flow_tunnel_info {
 						  "multiple tunnel "
 						  "not supported");
 	}
-	if (next_proto == IPPROTO_HOPOPTS  ||
-	    next_proto == IPPROTO_ROUTING  ||
-	    next_proto == IPPROTO_FRAGMENT ||
-	    next_proto == IPPROTO_ESP	   ||
-	    next_proto == IPPROTO_AH	   ||
-	    next_proto == IPPROTO_DSTOPTS)
+	if (next_proto &&
+	    (next_proto == IPPROTO_HOPOPTS  ||
+	     next_proto == IPPROTO_ROUTING  ||
+	     next_proto == IPPROTO_FRAGMENT ||
+	     next_proto == IPPROTO_ESP      ||
+	     next_proto == IPPROTO_AH	    ||
+	     next_proto == IPPROTO_DSTOPTS))
 		return rte_flow_error_set(error, EINVAL,
 					  RTE_FLOW_ERROR_TYPE_ITEM, item,
 					  "IPv6 proto (next header) should "
-- 
1.8.3.1