The "rte_flow_item_geneve_opt" structure describes the GENEVE TLV option
header according to RFC 8926 [1]:
struct rte_flow_item_geneve_opt {
rte_be16_t option_class;
uint8_t option_type;
uint8_t option_len;
uint32_t *data;
};
The "option_len" field is used for two different purposes:
1. item field for matching with value/mask.
2. descriptor for data array size.
Those two different purposes might limit each other. For example, when
matching on length with full mask (0x1f), the data array in the mask
structure might be taken as size 31 and read invalid memory.
This problem appears in conversion API. In current implementation, the
"rte_flow_conv" API copies the "rte_flow_item_geneve_opt" structure
without taking care about data deep-copy. The attempt to solve this
revealed the problem in determining the size of the mask data array. To
resolve this issue, two solutions are suggested.
Immediate Workaround:
The data array size in the "mask" structure is determined by
"option_len" field in the "spec" structure. This workaround can be
integrated soon to avoid deep-copy missing.
Long Run Solution:
Add a new field into "rte_flow_item_geneve_opt" structure regardless to
"option_len" field. This solution should wait to "24.11" version since
it contains API change.
When the API is changed, I'll take the opportunity to add documentation
for this item in "rte_flow.rst" file and update the data type to
"rte_be32_t".
[1] https://datatracker.ietf.org/doc/html/rfc8926
Michael Baum (2):
ethdev: fix GENEVE option item conversion
ethdev: add data size field to GENEVE option item
app/test-pmd/cmdline_flow.c | 10 +++++++
doc/guides/prog_guide/rte_flow.rst | 16 ++++++++++++
doc/guides/testpmd_app_ug/testpmd_funcs.rst | 3 ++-
lib/ethdev/rte_flow.c | 29 +++++++++++++++++----
lib/ethdev/rte_flow.h | 3 ++-
5 files changed, 54 insertions(+), 7 deletions(-)
--
2.25.1
