[dpdk-dev] [PATCH v2 11/11] net/mlx5: enforce limitation on IPv6 next proto

Ori Kam orika at nvidia.com
Sun Oct 4 15:55:11 CEST 2020

Previous message: [dpdk-dev] [PATCH v2 11/11] net/mlx5: enforce limitation on IPv6 next proto
Next message: [dpdk-dev] [PATCH v3 00/11] support match on L3 fragmented packets
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi

> -----Original Message-----
> From: Dekel Peled <dekelp at nvidia.com>
> Sent: Friday, October 2, 2020 12:15 AM
> Subject: [PATCH v2 11/11] net/mlx5: enforce limitation on IPv6 next proto
> 
> Due to PRM requirement, the IPv6 header item 'proto' field, indicating
> the next header protocol, should not be set as extension header.
> This patch adds the relevant validation, and documents the limitation.
> 
> Signed-off-by: Dekel Peled <dekelp at nvidia.com>
> ---
>  doc/guides/nics/mlx5.rst     |  7 +++++++
>  drivers/net/mlx5/mlx5_flow.c | 14 ++++++++++++--
>  2 files changed, 19 insertions(+), 2 deletions(-)
> 
> diff --git a/doc/guides/nics/mlx5.rst b/doc/guides/nics/mlx5.rst
> index 211c0c5..e6ca5e1 100644
> --- a/doc/guides/nics/mlx5.rst
> +++ b/doc/guides/nics/mlx5.rst
> @@ -311,6 +311,13 @@ Limitations
>      for some NICs (such as ConnectX-6 Dx and BlueField 2).
>      The capability bit ``scatter_fcs_w_decap_disable`` shows NIC support.
> 
> +- IPv6 header item 'proto' field, indicating the next header protocol, should
> +  not be set as extension header.
> +  In case the next header is an extension header, it should not be specified in
> +  IPv6 header item 'proto' field.
> +  The last extension header item 'next header' field can specify the following
> +  header protocol type.
> +
>  Statistics
>  ----------
> 
> diff --git a/drivers/net/mlx5/mlx5_flow.c b/drivers/net/mlx5/mlx5_flow.c
> index 906741f..7a438cf 100644
> --- a/drivers/net/mlx5/mlx5_flow.c
> +++ b/drivers/net/mlx5/mlx5_flow.c
> @@ -1645,9 +1645,9 @@ struct mlx5_flow_tunnel_info {
>  					  RTE_FLOW_ERROR_TYPE_ITEM,
> item,
>  					  "IPv6 cannot follow L2/VLAN layer "
>  					  "which ether type is not IPv6");
> +	if (mask && spec)
> +		next_proto = mask->hdr.proto & spec->hdr.proto;
>  	if (item_flags & MLX5_FLOW_LAYER_IPV6_ENCAP) {
> -		if (mask && spec)
> -			next_proto = mask->hdr.proto & spec->hdr.proto;
>  		if (next_proto == IPPROTO_IPIP || next_proto ==
> IPPROTO_IPV6)
>  			return rte_flow_error_set(error, EINVAL,
> 
> RTE_FLOW_ERROR_TYPE_ITEM,
> @@ -1655,6 +1655,16 @@ struct mlx5_flow_tunnel_info {
>  						  "multiple tunnel "
>  						  "not supported");
>  	}
> +	if (next_proto == IPPROTO_HOPOPTS  ||
> +	    next_proto == IPPROTO_ROUTING  ||
> +	    next_proto == IPPROTO_FRAGMENT ||
> +	    next_proto == IPPROTO_ESP	   ||
> +	    next_proto == IPPROTO_AH	   ||
> +	    next_proto == IPPROTO_DSTOPTS)
> +		return rte_flow_error_set(error, EINVAL,
> +					  RTE_FLOW_ERROR_TYPE_ITEM,
> item,
> +					  "IPv6 proto (next header) should "
> +					  "not be set as extension header");
>  	if (item_flags & MLX5_FLOW_LAYER_IPIP)
>  		return rte_flow_error_set(error, EINVAL,
>  					  RTE_FLOW_ERROR_TYPE_ITEM,
> item,
> --
> 1.8.3.1


Acked-by: Ori Kam <orika at nvidia.com>
Thanks,
Ori

Previous message: [dpdk-dev] [PATCH v2 11/11] net/mlx5: enforce limitation on IPv6 next proto
Next message: [dpdk-dev] [PATCH v3 00/11] support match on L3 fragmented packets
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list