[dpdk-dev] [PATCH] net/mlx5: fix IPv6 next proto validation

Tue, 20 Oct 2020 05:11:14 -0700 

Previous patch added validation of the IPv6 next proto field, in order
to overcome a known limitation.
One of the values checked is IPPROTO_HOPOPTS, which is currently defined
as value 0.
The same value 0 is received when next proto field is not specified for
matching, or has mask 0.

This patch updates the validation, to make sure next proto is not 0
before validating it.

Fixes: 55e4c1d1ba73 ("net/mlx5: enforce limitation on IPv6 next proto")

Signed-off-by: Dekel Peled <dek...@nvidia.com>
Acked-by: Ori Kam <or...@nvidia.com>
---
 drivers/net/mlx5/mlx5_flow.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/drivers/net/mlx5/mlx5_flow.c b/drivers/net/mlx5/mlx5_flow.c
index c56dac8..74af207 100644
--- a/drivers/net/mlx5/mlx5_flow.c
+++ b/drivers/net/mlx5/mlx5_flow.c
@@ -1987,12 +1987,13 @@ struct mlx5_flow_tunnel_info {
                                                  "multiple tunnel "
                                                  "not supported");
        }
-       if (next_proto == IPPROTO_HOPOPTS  ||
-           next_proto == IPPROTO_ROUTING  ||
-           next_proto == IPPROTO_FRAGMENT ||
-           next_proto == IPPROTO_ESP      ||
-           next_proto == IPPROTO_AH       ||
-           next_proto == IPPROTO_DSTOPTS)
+       if (next_proto &&
+           (next_proto == IPPROTO_HOPOPTS  ||
+            next_proto == IPPROTO_ROUTING  ||
+            next_proto == IPPROTO_FRAGMENT ||
+            next_proto == IPPROTO_ESP      ||
+            next_proto == IPPROTO_AH       ||
+            next_proto == IPPROTO_DSTOPTS))
                return rte_flow_error_set(error, EINVAL,
                                          RTE_FLOW_ERROR_TYPE_ITEM, item,
                                          "IPv6 proto (next header) should "
-- 
1.8.3.1

Reply via email to