[PATCH 5.10 136/221] nfp: flower: fix unsupported pre_tunnel flows

From: Greg Kroah-Hartman
Date: Mon Mar 29 2021 - 04:38:38 EST

Next message: Greg Kroah-Hartman: "[PATCH 5.10 135/221] selftests/net: fix warnings on reuseaddr_ports_exhausted"
Previous message: Greg Kroah-Hartman: "[PATCH 5.10 107/221] igc: Fix Supported Pause Frame Link Setting"
In reply to: Greg Kroah-Hartman: "[PATCH 5.10 107/221] igc: Fix Supported Pause Frame Link Setting"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.10 135/221] selftests/net: fix warnings on reuseaddr_ports_exhausted"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Louis Peens <louis.peens@xxxxxxxxxxxx>

[ Upstream commit 982e5ee23d764fe6158f67a7813d416335e978b0 ]

There are some pre_tunnel flows combinations which are incorrectly being
offloaded without proper support, fix these.

- Matching on MPLS is not supported for pre_tun.
- Match on IPv4/IPv6 layer must be present.
- Destination MAC address must match pre_tun.dev MAC

Fixes: 120ffd84a9ec ("nfp: flower: verify pre-tunnel rules")
Signed-off-by: Louis Peens <louis.peens@xxxxxxxxxxxx>
Signed-off-by: Simon Horman <simon.horman@xxxxxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
.../ethernet/netronome/nfp/flower/offload.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)

diff --git a/drivers/net/ethernet/netronome/nfp/flower/offload.c b/drivers/net/ethernet/netronome/nfp/flower/offload.c
index 1c59aff2163c..d72225d64a75 100644
--- a/drivers/net/ethernet/netronome/nfp/flower/offload.c
+++ b/drivers/net/ethernet/netronome/nfp/flower/offload.c
@@ -1142,6 +1142,12 @@ nfp_flower_validate_pre_tun_rule(struct nfp_app *app,
return -EOPNOTSUPP;
}

+ if (!(key_layer & NFP_FLOWER_LAYER_IPV4) &&
+ !(key_layer & NFP_FLOWER_LAYER_IPV6)) {
+ NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: match on ipv4/ipv6 eth_type must be present");
+ return -EOPNOTSUPP;
+ }
+
/* Skip fields known to exist. */
mask += sizeof(struct nfp_flower_meta_tci);
ext += sizeof(struct nfp_flower_meta_tci);
@@ -1152,6 +1158,13 @@ nfp_flower_validate_pre_tun_rule(struct nfp_app *app,
mask += sizeof(struct nfp_flower_in_port);
ext += sizeof(struct nfp_flower_in_port);

+ /* Ensure destination MAC address matches pre_tun_dev. */
+ mac = (struct nfp_flower_mac_mpls *)ext;
+ if (memcmp(&mac->mac_dst[0], flow->pre_tun_rule.dev->dev_addr, 6)) {
+ NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: dest MAC must match output dev MAC");
+ return -EOPNOTSUPP;
+ }
+
/* Ensure destination MAC address is fully matched. */
mac = (struct nfp_flower_mac_mpls *)mask;
if (!is_broadcast_ether_addr(&mac->mac_dst[0])) {
@@ -1159,6 +1172,11 @@ nfp_flower_validate_pre_tun_rule(struct nfp_app *app,
return -EOPNOTSUPP;
}

+ if (mac->mpls_lse) {
+ NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: MPLS not supported");
+ return -EOPNOTSUPP;
+ }
+
mask += sizeof(struct nfp_flower_mac_mpls);
ext += sizeof(struct nfp_flower_mac_mpls);
if (key_layer & NFP_FLOWER_LAYER_IPV4 ||
--
2.30.1

Next message: Greg Kroah-Hartman: "[PATCH 5.10 135/221] selftests/net: fix warnings on reuseaddr_ports_exhausted"
Previous message: Greg Kroah-Hartman: "[PATCH 5.10 107/221] igc: Fix Supported Pause Frame Link Setting"
In reply to: Greg Kroah-Hartman: "[PATCH 5.10 107/221] igc: Fix Supported Pause Frame Link Setting"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.10 135/221] selftests/net: fix warnings on reuseaddr_ports_exhausted"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]