d/numam-dpdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

net/mlx5: enforce limitation on IPv6 next protocol

Browse Source 
Due to PRM requirement, the IPv6 header item 'proto' field, indicating
the next header protocol, should not be set as extension header.
This patch adds the relevant validation, and documents the limitation.

Signed-off-by: Dekel Peled <dekelp@nvidia.com>
Acked-by: Ori Kam <orika@nvidia.com>
This commit is contained in:
Dekel Peled 2020-10-15 17:05:57 +03:00 committed by Ferruh Yigit
parent 0e5a0d8f75
commit 491757372f
2 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
doc/guides/nics/mlx5.rst
View File

@ -311,6 +311,13 @@ Limitations
- The E-Switch Sample flow must have the eswitch_manager VPORT destination (PF or ECPF) and no additional actions. - The E-Switch Sample flow must have the eswitch_manager VPORT destination (PF or ECPF) and no additional actions.
- For ConnectX-5, the ``RTE_FLOW_ACTION_TYPE_SAMPLE`` is typically used as first action in the E-Switch egress flow if with header modify or encapsulation actions. - For ConnectX-5, the ``RTE_FLOW_ACTION_TYPE_SAMPLE`` is typically used as first action in the E-Switch egress flow if with header modify or encapsulation actions.
- IPv6 header item 'proto' field, indicating the next header protocol, should
not be set as extension header.
In case the next header is an extension header, it should not be specified in
IPv6 header item 'proto' field.
The last extension header item 'next header' field can specify the following
header protocol type.
Statistics Statistics
---------- ----------

14
drivers/net/mlx5/mlx5_flow.c
View File

@ -1977,9 +1977,9 @@ mlx5_flow_validate_item_ipv6(const struct rte_flow_item *item,
RTE_FLOW_ERROR_TYPE_ITEM, item, RTE_FLOW_ERROR_TYPE_ITEM, item,
"IPv6 cannot follow L2/VLAN layer " "IPv6 cannot follow L2/VLAN layer "
"which ether type is not IPv6"); "which ether type is not IPv6");
if (mask && mask->hdr.proto == UINT8_MAX && spec)
next_proto = spec->hdr.proto;
if (item_flags & MLX5_FLOW_LAYER_IPV6_ENCAP) { if (item_flags & MLX5_FLOW_LAYER_IPV6_ENCAP) {
if (mask && spec)
next_proto = mask->hdr.proto & spec->hdr.proto;
if (next_proto == IPPROTO_IPIP || next_proto == IPPROTO_IPV6) if (next_proto == IPPROTO_IPIP || next_proto == IPPROTO_IPV6)
return rte_flow_error_set(error, EINVAL, return rte_flow_error_set(error, EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM, RTE_FLOW_ERROR_TYPE_ITEM,
@ -1987,6 +1987,16 @@ mlx5_flow_validate_item_ipv6(const struct rte_flow_item *item,
"multiple tunnel " "multiple tunnel "
"not supported"); "not supported");
} }
if (next_proto == IPPROTO_HOPOPTS ||
next_proto == IPPROTO_ROUTING ||
next_proto == IPPROTO_FRAGMENT ||
next_proto == IPPROTO_ESP ||
next_proto == IPPROTO_AH ||
next_proto == IPPROTO_DSTOPTS)
return rte_flow_error_set(error, EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM, item,
"IPv6 proto (next header) should "
"not be set as extension header");
if (item_flags & MLX5_FLOW_LAYER_IPIP) if (item_flags & MLX5_FLOW_LAYER_IPIP)
return rte_flow_error_set(error, EINVAL, return rte_flow_error_set(error, EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM, item, RTE_FLOW_ERROR_TYPE_ITEM, item,