Fix a strange behavior from the NIC, when the flow starts with a VXLAN
layer with a VNI equals to zero all the traffic will match within this
rule.
Fixes: 2e709b6aa0f5 ("net/mlx5: support VXLAN flow item")
Cc: sta...@dpdk.org
Signed-off-by: Nelio Laranjeiro <nelio.laranje...@6wind.com>
---
doc/guides/nics/mlx5.rst | 2 ++
drivers/net/mlx5/mlx5_flow.c | 12 +++++++++++-
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/doc/guides/nics/mlx5.rst b/doc/guides/nics/mlx5.rst
index cdb880a4c..19da9f1ed 100644
--- a/doc/guides/nics/mlx5.rst
+++ b/doc/guides/nics/mlx5.rst
@@ -129,6 +129,8 @@ Limitations
is set to multi-packet send or Enhanced multi-packet send. Otherwise it must
have
less than 50 segments.
- Count action for RTE flow is only supported in Mellanox OFED 4.2.
+- Flows with a VXLAN Network Identifier equal (or ends to be equal)
+ to 0 are not supported.
Configuration
-------------
diff --git a/drivers/net/mlx5/mlx5_flow.c b/drivers/net/mlx5/mlx5_flow.c
index 68cc8bff5..a7864871c 100644
--- a/drivers/net/mlx5/mlx5_flow.c
+++ b/drivers/net/mlx5/mlx5_flow.c
@@ -1158,7 +1158,7 @@ priv_flow_convert(struct priv *priv,
cur_item->mask),
parser);
if (ret) {
- rte_flow_error_set(error, ENOTSUP,
+ rte_flow_error_set(error, ret,
RTE_FLOW_ERROR_TYPE_ITEM,
items, "item not supported");
goto exit_free;
@@ -1605,6 +1605,16 @@ mlx5_flow_create_vxlan(const struct rte_flow_item *item,
/* Remove unwanted bits from values. */
vxlan.val.tunnel_id &= vxlan.mask.tunnel_id;
}
+ /*
+ * Tunnel id 0 is equivalent as not adding a VXLAN layer, if only this
+ * layer is defined in the Verbs specification it is interpreted as
+ * wildcard and all packets will match this rule, if it follows a full
+ * stack layer (ex: eth / ipv4 / udp), all packets matching the layers
+ * before will also match this rule.
+ * To avoid such situation, VNI 0 is currently refused.
+ */
+ if (!vxlan.val.tunnel_id)
+ return EINVAL;
mlx5_flow_create_copy(parser, &vxlan, size);
return 0;
}
--
2.11.0
