X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=drivers%2Fnet%2Fice%2Fice_acl_filter.c;h=33756099c639da076660ac40c31fe7503ae379f2;hb=c5b2a8494def1520ab1a0f0bbad00aa62ea4c7ea;hp=8ca88d216735f91a36a00e91d0087b0ff8d90d75;hpb=333e1bde9db6b6e111c5a4863208bb15f60f5266;p=dpdk.git

diff --git a/drivers/net/ice/ice_acl_filter.c b/drivers/net/ice/ice_acl_filter.c
index 8ca88d2167..33756099c6 100644
--- a/drivers/net/ice/ice_acl_filter.c
+++ b/drivers/net/ice/ice_acl_filter.c
@@ -11,7 +11,7 @@
 #include <stdarg.h>
 #include <rte_debug.h>
 #include <rte_ether.h>
-#include <rte_ethdev_driver.h>
+#include <ethdev_driver.h>
 #include <rte_log.h>
 #include <rte_malloc.h>
 #include <rte_eth_ctrl.h>
@@ -50,10 +50,10 @@ struct acl_rule {
 
 static struct
 ice_pattern_match_item ice_acl_pattern[] = {
-	{pattern_eth_ipv4,      ICE_ACL_INSET_ETH_IPV4,      ICE_INSET_NONE},
-	{pattern_eth_ipv4_udp,  ICE_ACL_INSET_ETH_IPV4_UDP,  ICE_INSET_NONE},
-	{pattern_eth_ipv4_tcp,  ICE_ACL_INSET_ETH_IPV4_TCP,  ICE_INSET_NONE},
-	{pattern_eth_ipv4_sctp, ICE_ACL_INSET_ETH_IPV4_SCTP, ICE_INSET_NONE},
+	{pattern_eth_ipv4,	ICE_ACL_INSET_ETH_IPV4,		ICE_INSET_NONE,	ICE_INSET_NONE},
+	{pattern_eth_ipv4_udp,	ICE_ACL_INSET_ETH_IPV4_UDP,	ICE_INSET_NONE,	ICE_INSET_NONE},
+	{pattern_eth_ipv4_tcp,	ICE_ACL_INSET_ETH_IPV4_TCP,	ICE_INSET_NONE,	ICE_INSET_NONE},
+	{pattern_eth_ipv4_sctp,	ICE_ACL_INSET_ETH_IPV4_SCTP,	ICE_INSET_NONE,	ICE_INSET_NONE},
 };
 
 static int
@@ -664,6 +664,14 @@ ice_acl_parse_pattern(__rte_unused struct ice_adapter *ad,
 			eth_mask = item->mask;
 
 			if (eth_spec && eth_mask) {
+				if (rte_is_broadcast_ether_addr(&eth_mask->src) ||
+				    rte_is_broadcast_ether_addr(&eth_mask->dst)) {
+					rte_flow_error_set(error, EINVAL,
+						RTE_FLOW_ERROR_TYPE_ITEM,
+						item, "Invalid mac addr mask");
+					return -rte_errno;
+				}
+
 				if (!rte_is_zero_ether_addr(&eth_spec->src) &&
 				    !rte_is_zero_ether_addr(&eth_mask->src)) {
 					input_set |= ICE_INSET_SMAC;
@@ -710,6 +718,15 @@ ice_acl_parse_pattern(__rte_unused struct ice_adapter *ad,
 					return -rte_errno;
 				}
 
+				if (ipv4_mask->hdr.src_addr == UINT32_MAX ||
+				    ipv4_mask->hdr.dst_addr == UINT32_MAX) {
+					rte_flow_error_set(error, EINVAL,
+						RTE_FLOW_ERROR_TYPE_ITEM,
+						item,
+						"Invalid IPv4 mask.");
+					return -rte_errno;
+				}
+
 				if (ipv4_mask->hdr.src_addr) {
 					filter->input.ip.v4.src_ip =
 						ipv4_spec->hdr.src_addr;
@@ -754,6 +771,15 @@ ice_acl_parse_pattern(__rte_unused struct ice_adapter *ad,
 					return -rte_errno;
 				}
 
+				if (tcp_mask->hdr.src_port == UINT16_MAX ||
+				    tcp_mask->hdr.dst_port == UINT16_MAX) {
+					rte_flow_error_set(error, EINVAL,
+						RTE_FLOW_ERROR_TYPE_ITEM,
+						item,
+						"Invalid TCP mask");
+					return -rte_errno;
+				}
+
 				if (l3 == RTE_FLOW_ITEM_TYPE_IPV4 &&
 				    tcp_mask->hdr.src_port) {
 					input_set |= ICE_INSET_TCP_SRC_PORT;
@@ -791,6 +817,15 @@ ice_acl_parse_pattern(__rte_unused struct ice_adapter *ad,
 					return -rte_errno;
 				}
 
+				if (udp_mask->hdr.src_port == UINT16_MAX ||
+				    udp_mask->hdr.dst_port == UINT16_MAX) {
+					rte_flow_error_set(error, EINVAL,
+						RTE_FLOW_ERROR_TYPE_ITEM,
+						item,
+						"Invalid UDP mask");
+					return -rte_errno;
+				}
+
 				if (l3 == RTE_FLOW_ITEM_TYPE_IPV4 &&
 				    udp_mask->hdr.src_port) {
 					input_set |= ICE_INSET_UDP_SRC_PORT;
@@ -818,6 +853,15 @@ ice_acl_parse_pattern(__rte_unused struct ice_adapter *ad,
 				flow_type = ICE_FLTR_PTYPE_NONF_IPV4_SCTP;
 
 			if (sctp_spec && sctp_mask) {
+				if (sctp_mask->hdr.src_port == UINT16_MAX ||
+				    sctp_mask->hdr.dst_port == UINT16_MAX) {
+					rte_flow_error_set(error, EINVAL,
+						RTE_FLOW_ERROR_TYPE_ITEM,
+						item,
+						"Invalid SCTP mask");
+					return -rte_errno;
+				}
+
 				if (l3 == RTE_FLOW_ITEM_TYPE_IPV4 &&
 				    sctp_mask->hdr.src_port) {
 					input_set |= ICE_INSET_SCTP_SRC_PORT;
@@ -860,6 +904,7 @@ ice_acl_parse(struct ice_adapter *ad,
 	       uint32_t array_len,
 	       const struct rte_flow_item pattern[],
 	       const struct rte_flow_action actions[],
+	       uint32_t priority __rte_unused,
 	       void **meta,
 	       struct rte_flow_error *error)
 {
@@ -870,7 +915,8 @@ ice_acl_parse(struct ice_adapter *ad,
 	int ret;
 
 	memset(filter, 0, sizeof(*filter));
-	item = ice_search_pattern_match_item(pattern, array, array_len, error);
+	item = ice_search_pattern_match_item(ad, pattern, array, array_len,
+					     error);
 	if (!item)
 		return -rte_errno;
 
@@ -878,7 +924,7 @@ ice_acl_parse(struct ice_adapter *ad,
 	if (ret)
 		goto error;
 	input_set = filter->input_set;
-	if (!input_set || input_set & ~item->input_set_mask) {
+	if (!input_set || input_set & ~item->input_set_mask_o) {
 		rte_flow_error_set(error, EINVAL,
 				   RTE_FLOW_ERROR_TYPE_ITEM_SPEC,
 				   pattern,