Tunnel w/o tunnel id pattern could match any non-tunneled packet,
thus this patch only allow tunnel pattern with outer spec.
Signed-off-by: Xueming Li <xuemi...@mellanox.com>
---
drivers/net/mlx5/mlx5_flow.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/drivers/net/mlx5/mlx5_flow.c b/drivers/net/mlx5/mlx5_flow.c
index cddf562..bda1a58 100644
--- a/drivers/net/mlx5/mlx5_flow.c
+++ b/drivers/net/mlx5/mlx5_flow.c
@@ -1747,7 +1747,11 @@ struct ibv_spec_header {
* before will also match this rule.
* To avoid such situation, VNI 0 is currently refused.
*/
- if (!vxlan.val.tunnel_id)
+ /*
+ * Tunnel w/o tunnel id pattern could match any non-tunneled packet,
+ * thus only allow tunnel pattern with outer spec.
+ */
+ if (parser->out_layer == HASH_RXQ_ETH && !vxlan.val.tunnel_id)
return EINVAL;
mlx5_flow_create_copy(parser, &vxlan, size);
return 0;
@@ -1809,10 +1813,15 @@ struct ibv_spec_header {
* before will also match this rule.
* To avoid such situation, VNI 0 is currently refused.
*/
- if (!vxlan.val.tunnel_id) {
+ /*
+ * Tunnel w/o tunnel id pattern could match any non-tunneled packet,
+ * thus only allow tunnel pattern with outer spec.
+ */
+ if (parser->out_layer == HASH_RXQ_ETH && !vxlan.val.tunnel_id) {
r = EINVAL;
return r;
}
+
mlx5_flow_create_copy(parser, &vxlan, size);
return 0;
}
--
1.8.3.1
