Hi,
> -----Original Message-----
> From: dev <dev-boun...@dpdk.org> On Behalf Of Raslan Darawsheh
> Sent: Monday, March 23, 2020 4:22 PM
> To: Matan Azrad <ma...@mellanox.com>; Slava Ovsiienko
> <viachesl...@mellanox.com>
> Cc: dev@dpdk.org; sta...@dpdk.org
> Subject: [dpdk-dev] [PATCH] net/mlx5: fix validation of VXLAN/VXLAN-GPE
> specs
>
> Trying to create zero spec for vni wasn't allowed, to
> avoid matching all packets from previous layer (udp).
> This behavior is incorrect, since VXLAN is being identified
> through the outer UDP destination port.
>
> Currently, if the user didn't specify outer UDP destination
> port the PMD will automatically match only on outer
> UDP port of 4798, and if the user want to match on some none
> standard port he need to specify it explicitly in the rule.
>
> This removes the limitation of vni spec to be able to match any
> vni.
>
> Fixes: 23c1d42c ("net/mlx5: split flow validation to dedicated function")
> Cc: sta...@dpdk.org
>
> Signed-off-by: Raslan Darawsheh <rasl...@mellanox.com>
> ---
> drivers/net/mlx5/mlx5_flow.c | 31 -------------------------------
> 1 file changed, 31 deletions(-)
>
> diff --git a/drivers/net/mlx5/mlx5_flow.c b/drivers/net/mlx5/mlx5_flow.c
> index 41072da..2ef6558 100644
> --- a/drivers/net/mlx5/mlx5_flow.c
> +++ b/drivers/net/mlx5/mlx5_flow.c
> @@ -1836,7 +1836,6 @@ mlx5_flow_validate_item_vxlan(const struct
> rte_flow_item *item,
> uint32_t vlan_id;
> uint8_t vni[4];
> } id = { .vlan_id = 0, };
> - uint32_t vlan_id = 0;
>
>
> if (item_flags & MLX5_FLOW_LAYER_TUNNEL)
> @@ -1863,23 +1862,8 @@ mlx5_flow_validate_item_vxlan(const struct
> rte_flow_item *item,
> return ret;
> if (spec) {
> memcpy(&id.vni[1], spec->vni, 3);
> - vlan_id = id.vlan_id;
> memcpy(&id.vni[1], mask->vni, 3);
> - vlan_id &= id.vlan_id;
> }
> - /*
> - * Tunnel id 0 is equivalent as not adding a VXLAN layer, if
> - * only this layer is defined in the Verbs specification it is
> - * interpreted as wildcard and all packets will match this
> - * rule, if it follows a full stack layer (ex: eth / ipv4 /
> - * udp), all packets matching the layers before will also
> - * match this rule. To avoid such situation, VNI 0 is
> - * currently refused.
> - */
> - if (!vlan_id)
> - return rte_flow_error_set(error, ENOTSUP,
> - RTE_FLOW_ERROR_TYPE_ITEM,
> item,
> - "VXLAN vni cannot be 0");
> if (!(item_flags & MLX5_FLOW_LAYER_OUTER))
> return rte_flow_error_set(error, ENOTSUP,
> RTE_FLOW_ERROR_TYPE_ITEM,
> item,
> @@ -1918,7 +1902,6 @@ mlx5_flow_validate_item_vxlan_gpe(const struct
> rte_flow_item *item,
> uint32_t vlan_id;
> uint8_t vni[4];
> } id = { .vlan_id = 0, };
> - uint32_t vlan_id = 0;
>
> if (!priv->config.l3_vxlan_en)
> return rte_flow_error_set(error, ENOTSUP,
> @@ -1956,22 +1939,8 @@ mlx5_flow_validate_item_vxlan_gpe(const struct
> rte_flow_item *item,
> "VxLAN-GPE protocol"
> " not supported");
> memcpy(&id.vni[1], spec->vni, 3);
> - vlan_id = id.vlan_id;
> memcpy(&id.vni[1], mask->vni, 3);
> - vlan_id &= id.vlan_id;
> }
> - /*
> - * Tunnel id 0 is equivalent as not adding a VXLAN layer, if only this
> - * layer is defined in the Verbs specification it is interpreted as
> - * wildcard and all packets will match this rule, if it follows a full
> - * stack layer (ex: eth / ipv4 / udp), all packets matching the layers
> - * before will also match this rule. To avoid such situation, VNI 0
> - * is currently refused.
> - */
> - if (!vlan_id)
> - return rte_flow_error_set(error, ENOTSUP,
> - RTE_FLOW_ERROR_TYPE_ITEM,
> item,
> - "VXLAN-GPE vni cannot be 0");
> if (!(item_flags & MLX5_FLOW_LAYER_OUTER))
> return rte_flow_error_set(error, ENOTSUP,
> RTE_FLOW_ERROR_TYPE_ITEM,
> item,
> --
> 2.7.4
Patch applied to next-net-mlx,
Kindest regards,
Raslan Darawsheh
