* [PATCH net-next] mlxsw: spectrum_flower: validate control flags
@ 2024-04-17 13:51 Asbjørn Sloth Tønnesen
2024-04-17 15:57 ` Petr Machata
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Asbjørn Sloth Tønnesen @ 2024-04-17 13:51 UTC (permalink / raw)
To: netdev
Cc: Asbjørn Sloth Tønnesen, linux-kernel, David S. Miller,
Eric Dumazet, Jakub Kicinski, Paolo Abeni, Ido Schimmel,
Petr Machata
This driver currently doesn't support any control flags.
Use flow_rule_has_control_flags() to check for control flags,
such as can be set through `tc flower ... ip_flags frag`.
In case any control flags are masked, flow_rule_has_control_flags()
sets a NL extended error message, and we return -EOPNOTSUPP.
Only compile-tested.
Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.net>
---
drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c
index 9fd1ca079258..f07955b5439f 100644
--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c
@@ -595,6 +595,10 @@ static int mlxsw_sp_flower_parse(struct mlxsw_sp *mlxsw_sp,
flow_rule_match_control(rule, &match);
addr_type = match.key->addr_type;
+
+ if (flow_rule_has_control_flags(match.mask->flags,
+ f->common.extack))
+ return -EOPNOTSUPP;
}
if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_BASIC)) {
--
2.43.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH net-next] mlxsw: spectrum_flower: validate control flags
2024-04-17 13:51 [PATCH net-next] mlxsw: spectrum_flower: validate control flags Asbjørn Sloth Tønnesen
@ 2024-04-17 15:57 ` Petr Machata
2024-04-18 12:58 ` Petr Machata
2024-04-17 17:05 ` Ido Schimmel
2024-04-19 0:10 ` patchwork-bot+netdevbpf
2 siblings, 1 reply; 5+ messages in thread
From: Petr Machata @ 2024-04-17 15:57 UTC (permalink / raw)
To: Asbjørn Sloth Tønnesen
Cc: netdev, linux-kernel, David S. Miller, Eric Dumazet,
Jakub Kicinski, Paolo Abeni, Ido Schimmel, Petr Machata
Asbjørn Sloth Tønnesen <ast@fiberby.net> writes:
> This driver currently doesn't support any control flags.
>
> Use flow_rule_has_control_flags() to check for control flags,
> such as can be set through `tc flower ... ip_flags frag`.
>
> In case any control flags are masked, flow_rule_has_control_flags()
> sets a NL extended error message, and we return -EOPNOTSUPP.
>
> Only compile-tested.
>
> Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.net>
Thanks, I'll take this through our regression.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH net-next] mlxsw: spectrum_flower: validate control flags
2024-04-17 13:51 [PATCH net-next] mlxsw: spectrum_flower: validate control flags Asbjørn Sloth Tønnesen
2024-04-17 15:57 ` Petr Machata
@ 2024-04-17 17:05 ` Ido Schimmel
2024-04-19 0:10 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 5+ messages in thread
From: Ido Schimmel @ 2024-04-17 17:05 UTC (permalink / raw)
To: Asbjørn Sloth Tønnesen
Cc: netdev, linux-kernel, David S. Miller, Eric Dumazet,
Jakub Kicinski, Paolo Abeni, Petr Machata
On Wed, Apr 17, 2024 at 01:51:20PM +0000, Asbjørn Sloth Tønnesen wrote:
> This driver currently doesn't support any control flags.
>
> Use flow_rule_has_control_flags() to check for control flags,
> such as can be set through `tc flower ... ip_flags frag`.
>
> In case any control flags are masked, flow_rule_has_control_flags()
> sets a NL extended error message, and we return -EOPNOTSUPP.
>
> Only compile-tested.
>
> Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.net>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Tested-by: Ido Schimmel <idosch@nvidia.com>
Without patch:
+ tc qdisc add dev swp1 clsact
+ tc filter add dev swp1 ingress pref 1 proto ip flower skip_sw ip_flags frag action drop
+ tc filter add dev swp1 ingress pref 1 proto ip flower skip_sw ip_flags nofrag action drop
+ tc filter add dev swp1 ingress pref 1 proto ip flower skip_sw ip_flags firstfrag action drop
+ tc filter add dev swp1 ingress pref 1 proto ip flower skip_sw ip_flags nofirstfrag action drop
With patch:
+ tc qdisc add dev swp1 clsact
+ tc filter add dev swp1 ingress pref 1 proto ip flower skip_sw ip_flags frag action drop
Error: mlxsw_spectrum: Unsupported match on control.flags 0x1.
We have an error talking to the kernel
+ tc filter add dev swp1 ingress pref 1 proto ip flower skip_sw ip_flags nofrag action drop
Error: mlxsw_spectrum: Unsupported match on control.flags 0x1.
We have an error talking to the kernel
+ tc filter add dev swp1 ingress pref 1 proto ip flower skip_sw ip_flags firstfrag action drop
Error: mlxsw_spectrum: Unsupported match on control.flags 0x2.
We have an error talking to the kernel
+ tc filter add dev swp1 ingress pref 1 proto ip flower skip_sw ip_flags nofirstfrag action drop
Error: mlxsw_spectrum: Unsupported match on control.flags 0x2.
We have an error talking to the kernel
Thanks!
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH net-next] mlxsw: spectrum_flower: validate control flags
2024-04-17 15:57 ` Petr Machata
@ 2024-04-18 12:58 ` Petr Machata
0 siblings, 0 replies; 5+ messages in thread
From: Petr Machata @ 2024-04-18 12:58 UTC (permalink / raw)
To: Petr Machata
Cc: Asbjørn Sloth Tønnesen, netdev, linux-kernel,
David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
Ido Schimmel
Petr Machata <petrm@nvidia.com> writes:
> Asbjørn Sloth Tønnesen <ast@fiberby.net> writes:
>
>> This driver currently doesn't support any control flags.
>>
>> Use flow_rule_has_control_flags() to check for control flags,
>> such as can be set through `tc flower ... ip_flags frag`.
>>
>> In case any control flags are masked, flow_rule_has_control_flags()
>> sets a NL extended error message, and we return -EOPNOTSUPP.
>>
>> Only compile-tested.
>>
>> Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.net>
>
> Thanks, I'll take this through our regression.
Nothing bombed.
Tested-by: Petr Machata <petrm@nvidia.com>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH net-next] mlxsw: spectrum_flower: validate control flags
2024-04-17 13:51 [PATCH net-next] mlxsw: spectrum_flower: validate control flags Asbjørn Sloth Tønnesen
2024-04-17 15:57 ` Petr Machata
2024-04-17 17:05 ` Ido Schimmel
@ 2024-04-19 0:10 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 5+ messages in thread
From: patchwork-bot+netdevbpf @ 2024-04-19 0:10 UTC (permalink / raw)
To: =?utf-8?b?QXNiasO4cm4gU2xvdGggVMO4bm5lc2VuIDxhc3RAZmliZXJieS5uZXQ+?=
Cc: netdev, linux-kernel, davem, edumazet, kuba, pabeni, idosch, petrm
Hello:
This patch was applied to netdev/net-next.git (main)
by Jakub Kicinski <kuba@kernel.org>:
On Wed, 17 Apr 2024 13:51:20 +0000 you wrote:
> This driver currently doesn't support any control flags.
>
> Use flow_rule_has_control_flags() to check for control flags,
> such as can be set through `tc flower ... ip_flags frag`.
>
> In case any control flags are masked, flow_rule_has_control_flags()
> sets a NL extended error message, and we return -EOPNOTSUPP.
>
> [...]
Here is the summary with links:
- [net-next] mlxsw: spectrum_flower: validate control flags
https://git.kernel.org/netdev/net-next/c/4713744d9f6e
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-04-19 0:10 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-04-17 13:51 [PATCH net-next] mlxsw: spectrum_flower: validate control flags Asbjørn Sloth Tønnesen
2024-04-17 15:57 ` Petr Machata
2024-04-18 12:58 ` Petr Machata
2024-04-17 17:05 ` Ido Schimmel
2024-04-19 0:10 ` patchwork-bot+netdevbpf
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.