Re: [dpdk-dev] [PATCH v2 11/11] net/mlx5: enforce limitation on IPv6 next proto

Sun, 04 Oct 2020 06:55:53 -0700 

Hi

> -----Original Message-----
> From: Dekel Peled <dek...@nvidia.com>
> Sent: Friday, October 2, 2020 12:15 AM
> Subject: [PATCH v2 11/11] net/mlx5: enforce limitation on IPv6 next proto
> 
> Due to PRM requirement, the IPv6 header item 'proto' field, indicating
> the next header protocol, should not be set as extension header.
> This patch adds the relevant validation, and documents the limitation.
> 
> Signed-off-by: Dekel Peled <dek...@nvidia.com>
> ---
>  doc/guides/nics/mlx5.rst     |  7 +++++++
>  drivers/net/mlx5/mlx5_flow.c | 14 ++++++++++++--
>  2 files changed, 19 insertions(+), 2 deletions(-)
> 
> diff --git a/doc/guides/nics/mlx5.rst b/doc/guides/nics/mlx5.rst
> index 211c0c5..e6ca5e1 100644
> --- a/doc/guides/nics/mlx5.rst
> +++ b/doc/guides/nics/mlx5.rst
> @@ -311,6 +311,13 @@ Limitations
>      for some NICs (such as ConnectX-6 Dx and BlueField 2).
>      The capability bit ``scatter_fcs_w_decap_disable`` shows NIC support.
> 
> +- IPv6 header item 'proto' field, indicating the next header protocol, should
> +  not be set as extension header.
> +  In case the next header is an extension header, it should not be specified 
> in
> +  IPv6 header item 'proto' field.
> +  The last extension header item 'next header' field can specify the 
> following
> +  header protocol type.
> +
>  Statistics
>  ----------
> 
> diff --git a/drivers/net/mlx5/mlx5_flow.c b/drivers/net/mlx5/mlx5_flow.c
> index 906741f..7a438cf 100644
> --- a/drivers/net/mlx5/mlx5_flow.c
> +++ b/drivers/net/mlx5/mlx5_flow.c
> @@ -1645,9 +1645,9 @@ struct mlx5_flow_tunnel_info {
>                                         RTE_FLOW_ERROR_TYPE_ITEM,
> item,
>                                         "IPv6 cannot follow L2/VLAN layer "
>                                         "which ether type is not IPv6");
> +     if (mask && spec)
> +             next_proto = mask->hdr.proto & spec->hdr.proto;
>       if (item_flags & MLX5_FLOW_LAYER_IPV6_ENCAP) {
> -             if (mask && spec)
> -                     next_proto = mask->hdr.proto & spec->hdr.proto;
>               if (next_proto == IPPROTO_IPIP || next_proto ==
> IPPROTO_IPV6)
>                       return rte_flow_error_set(error, EINVAL,
> 
> RTE_FLOW_ERROR_TYPE_ITEM,
> @@ -1655,6 +1655,16 @@ struct mlx5_flow_tunnel_info {
>                                                 "multiple tunnel "
>                                                 "not supported");
>       }
> +     if (next_proto == IPPROTO_HOPOPTS  ||
> +         next_proto == IPPROTO_ROUTING  ||
> +         next_proto == IPPROTO_FRAGMENT ||
> +         next_proto == IPPROTO_ESP      ||
> +         next_proto == IPPROTO_AH       ||
> +         next_proto == IPPROTO_DSTOPTS)
> +             return rte_flow_error_set(error, EINVAL,
> +                                       RTE_FLOW_ERROR_TYPE_ITEM,
> item,
> +                                       "IPv6 proto (next header) should "
> +                                       "not be set as extension header");
>       if (item_flags & MLX5_FLOW_LAYER_IPIP)
>               return rte_flow_error_set(error, EINVAL,
>                                         RTE_FLOW_ERROR_TYPE_ITEM,
> item,
> --
> 1.8.3.1


Acked-by: Ori Kam <or...@nvidia.com>
Thanks,
Ori

Reply via email to