[PATCH v2 041/148] net/ice/base: add direction metadata

Wed, 12 Jun 2024 08:11:42 -0700 

From: Ian Stokes <ian.sto...@intel.com>

Currently it is possible to create a filter which breaks TX traffic, e.g.:

tc filter add dev $PF1 ingress protocol ip prio 1 flower ip_proto udp dst_port
$PORT action mirred egress redirect dev $VF1_PR

This adds a rule which might match both TX and RX traffic, and in TX path the PF
will actually receive the traffic, which breaks communication.

To fix this, always add a direction flag. Currently it is possible to create a
filter which breaks TX traffic, e.g.:

tc filter add dev $PF1 ingress protocol ip prio 1 flower ip_proto udp dst_port
$PORT action mirred egress redirect dev $VF1_PR

This adds a rule which might match both TX and RX traffic, and in TX path the PF
will actually receive the traffic, which breaks communication.

To fix this, always add a direction flag.

Signed-off-by: Marcin Szycik <marcin.szy...@intel.com>
Signed-off-by: Ian Stokes <ian.sto...@intel.com>
---
 drivers/net/ice/base/ice_protocol_type.h |  1 +
 drivers/net/ice/base/ice_switch.c        | 11 +++++++++++
 2 files changed, 12 insertions(+)

diff --git a/drivers/net/ice/base/ice_protocol_type.h 
b/drivers/net/ice/base/ice_protocol_type.h
index d2d3f75fc2..9f17b5d0f5 100644
--- a/drivers/net/ice/base/ice_protocol_type.h
+++ b/drivers/net/ice/base/ice_protocol_type.h
@@ -225,6 +225,7 @@ enum ice_prot_id {
 #define ICE_TUN_FLAG_MDID 20
 #define ICE_TUN_FLAG_MDID_OFF(word)   (ICE_MDID_SIZE * (ICE_TUN_FLAG_MDID + 
(word)))
 #define ICE_TUN_FLAG_MASK 0xFF
+#define ICE_FROM_NETWORK_FLAG_MASK 0x8
 #define ICE_DIR_FLAG_MASK 0x10
 #define ICE_TUN_FLAG_IN_VLAN_MASK 0x80 /* VLAN inside tunneled header */
 #define ICE_TUN_FLAG_VLAN_MASK 0x01
diff --git a/drivers/net/ice/base/ice_switch.c 
b/drivers/net/ice/base/ice_switch.c
index cf1ab35f26..ba8d2eb4b1 100644
--- a/drivers/net/ice/base/ice_switch.c
+++ b/drivers/net/ice/base/ice_switch.c
@@ -7872,6 +7872,17 @@ ice_add_special_words(struct ice_adv_rule_info *rinfo,
        u16 mask;
        u16 off;
 
+       /* Always add direction flag */
+       if (lkup_exts->n_val_words < ICE_MAX_CHAIN_WORDS) {
+               u8 word = lkup_exts->n_val_words++;
+
+               lkup_exts->fv_words[word].prot_id = ICE_META_DATA_ID_HW;
+               lkup_exts->fv_words[word].off = ICE_TUN_FLAG_MDID_OFF(0);
+               lkup_exts->field_mask[word] = ICE_FROM_NETWORK_FLAG_MASK;
+       } else {
+               return ICE_ERR_MAX_LIMIT;
+       }
+
        /* If this is a tunneled packet, then add recipe index to match the
         * tunnel bit in the packet metadata flags. If this is a tun_and_non_tun
         * packet, then add recipe index to match the direction bit in the flag.
-- 
2.43.0

Reply via email to