680d5280c2
Since flow rule validation and creation have been refactored into a common two-pass function, having separate callback functions to validate and convert individual items seems redundant. The purpose of these item validation functions is to reject partial masks as those are not supported by hardware, before handing over the item to a separate function that performs basic sanity checks. The current approach and related code have the following issues: - Lack of flow handle context in validation code requires kludges such as the special treatment reserved to spec-less Ethernet pattern items. - Lack of useful error reporting; users need as much help as possible to understand what they did wrong, particularly when they hit hardware limitations that aren't mentioned by the flow API. Preventing them from going berserk after getting a generic "item not supported" message for no apparent reason is mandatory. - Generic checks should be performed by the caller, not by item-specific validation functions. - Mask checks either missing or too lax in some cases (Ethernet, VLAN). This commit addresses all the above by combining validation and conversion callbacks as "merge" callbacks that take an additional error context parameter. Also: - Support for source MAC address matching is removed as it has no effect. - Providing an empty mask no longer bypasses the Ethernet specification check that causes a rule to become promiscuous-like. - VLAN VIDs must be matched exactly, as matching all VLAN traffic while excluding non-VLAN traffic is not supported. Signed-off-by: Adrien Mazarguil <adrien.mazarguil@6wind.com> Acked-by: Nelio Laranjeiro <nelio.laranjeiro@6wind.com> |
||
|---|---|---|
| .. | ||
| bus | ||
| crypto | ||
| event | ||
| mempool | ||
| net | ||
| Makefile | ||