From 92a67a70fd8aa54213abe21424d0259d65cae2cd Mon Sep 17 00:00:00 2001 From: =?utf8?q?N=C3=A9lio=20Laranjeiro?= Date: Tue, 31 Oct 2017 16:51:11 +0100 Subject: [PATCH] net/mlx5: fix flows when VXLAN tunnel is 0 Fix a strange behavior from the NIC, when the flow starts with a VXLAN layer with a VNI equals to zero all the traffic will match within this rule. Fixes: 2e709b6aa0f5 ("net/mlx5: support VXLAN flow item") Cc: stable@dpdk.org Signed-off-by: Nelio Laranjeiro Acked-by: Yongseok Koh --- doc/guides/nics/mlx5.rst | 2 ++ drivers/net/mlx5/mlx5_flow.c | 12 +++++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/doc/guides/nics/mlx5.rst b/doc/guides/nics/mlx5.rst index cdb880a4c6..19da9f1edf 100644 --- a/doc/guides/nics/mlx5.rst +++ b/doc/guides/nics/mlx5.rst @@ -129,6 +129,8 @@ Limitations is set to multi-packet send or Enhanced multi-packet send. Otherwise it must have less than 50 segments. - Count action for RTE flow is only supported in Mellanox OFED 4.2. +- Flows with a VXLAN Network Identifier equal (or ends to be equal) + to 0 are not supported. Configuration ------------- diff --git a/drivers/net/mlx5/mlx5_flow.c b/drivers/net/mlx5/mlx5_flow.c index f4bdf2c328..c281e40976 100644 --- a/drivers/net/mlx5/mlx5_flow.c +++ b/drivers/net/mlx5/mlx5_flow.c @@ -1155,7 +1155,7 @@ priv_flow_convert(struct priv *priv, cur_item->mask), parser); if (ret) { - rte_flow_error_set(error, ENOTSUP, + rte_flow_error_set(error, ret, RTE_FLOW_ERROR_TYPE_ITEM, items, "item not supported"); goto exit_free; @@ -1602,6 +1602,16 @@ mlx5_flow_create_vxlan(const struct rte_flow_item *item, /* Remove unwanted bits from values. */ vxlan.val.tunnel_id &= vxlan.mask.tunnel_id; } + /* + * Tunnel id 0 is equivalent as not adding a VXLAN layer, if only this + * layer is defined in the Verbs specification it is interpreted as + * wildcard and all packets will match this rule, if it follows a full + * stack layer (ex: eth / ipv4 / udp), all packets matching the layers + * before will also match this rule. + * To avoid such situation, VNI 0 is currently refused. + */ + if (!vxlan.val.tunnel_id) + return EINVAL; mlx5_flow_create_copy(parser, &vxlan, size); return 0; } -- 2.20.1