From: Vladimir Oltean <olteanv@gmail.com>
To: davem@davemloft.net, netdev@vger.kernel.org
Cc: idosch@idosch.org, allan.nielsen@microchip.com,
horatiu.vultur@microchip.com, alexandre.belloni@bootlin.com,
antoine.tenart@bootlin.com, andrew@lunn.ch, f.fainelli@gmail.com,
vivien.didelot@gmail.com, joergen.andreasen@microchip.com,
claudiu.manoil@nxp.com, UNGLinuxDriver@microchip.com,
alexandru.marginean@nxp.com, xiaoliang.yang_1@nxp.com,
yangbo.lu@nxp.com, po.liu@nxp.com, jiri@mellanox.com,
kuba@kernel.org
Subject: [PATCH net-next 2/3] net: mscc: ocelot: refine the ocelot_ace_is_problematic_mac_etype function
Date: Mon, 20 Apr 2020 19:27:42 +0300 [thread overview]
Message-ID: <20200420162743.15847-3-olteanv@gmail.com> (raw)
In-Reply-To: <20200420162743.15847-1-olteanv@gmail.com>
From: Vladimir Oltean <vladimir.oltean@nxp.com>
The commit mentioned below was a bit too harsh, and while it restricted
the invalid key combinations which are known to not work, such as:
tc filter add dev swp0 ingress proto ip \
flower src_ip 192.0.2.1 action drop
tc filter add dev swp0 ingress proto all \
flower src_mac 00:11:22:33:44:55 action drop
it also restricted some which still should work, such as:
tc filter add dev swp0 ingress proto ip \
flower src_ip 192.0.2.1 action drop
tc filter add dev swp0 ingress proto 0x22f0 \
flower src_mac 00:11:22:33:44:55 action drop
What actually does not match "sanely" is a MAC_ETYPE rule on frames
having an EtherType of ARP, IPv4, IPv6, in addition to SNAP and OAM
frames (which the ocelot tc-flower implementation does not parse yet, so
the function might need to be revisited again in the future).
So just make the function recognize the problematic MAC_ETYPE rules by
EtherType - thus the VCAP IS2 can be forced to match even on those
packets.
This patch makes it possible for IP rules to live on a port together
with MAC_ETYPE rules that are non-all, non-arp, non-ip and non-ipv6.
Fixes: d4d0cb741d7b ("net: mscc: ocelot: deal with problematic MAC_ETYPE VCAP IS2 rules")
Reported-by: Allan W. Nielsen <allan.nielsen@microchip.com>
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
---
drivers/net/ethernet/mscc/ocelot_ace.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ethernet/mscc/ocelot_ace.c b/drivers/net/ethernet/mscc/ocelot_ace.c
index 8a2f7d13ef6d..dfd82a3baab2 100644
--- a/drivers/net/ethernet/mscc/ocelot_ace.c
+++ b/drivers/net/ethernet/mscc/ocelot_ace.c
@@ -739,14 +739,24 @@ static void ocelot_match_all_as_mac_etype(struct ocelot *ocelot, int port,
static bool ocelot_ace_is_problematic_mac_etype(struct ocelot_ace_rule *ace)
{
+ u16 proto, mask;
+
if (ace->type != OCELOT_ACE_TYPE_ETYPE)
return false;
- if (ether_addr_to_u64(ace->frame.etype.dmac.value) &
- ether_addr_to_u64(ace->frame.etype.dmac.mask))
+
+ proto = ntohs(*(u16 *)ace->frame.etype.etype.value);
+ mask = ntohs(*(u16 *)ace->frame.etype.etype.mask);
+
+ /* ETH_P_ALL match, so all protocols below are included */
+ if (mask == 0)
return true;
- if (ether_addr_to_u64(ace->frame.etype.smac.value) &
- ether_addr_to_u64(ace->frame.etype.smac.mask))
+ if (proto == ETH_P_ARP)
return true;
+ if (proto == ETH_P_IP)
+ return true;
+ if (proto == ETH_P_IPV6)
+ return true;
+
return false;
}
--
2.17.1
next prev parent reply other threads:[~2020-04-20 16:27 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-20 16:27 [PATCH net-next 0/3] Ocelot MAC_ETYPE tc-flower key improvements Vladimir Oltean
2020-04-20 16:27 ` [PATCH net-next 1/3] net: mscc: ocelot: support matching on EtherType Vladimir Oltean
2020-04-22 22:35 ` kbuild test robot
2020-04-22 22:35 ` kbuild test robot
2020-04-22 22:50 ` Vladimir Oltean
2020-04-23 0:43 ` Marcelo Ricardo Leitner
2020-04-23 0:43 ` Marcelo Ricardo Leitner
2020-04-20 16:27 ` Vladimir Oltean [this message]
2020-04-23 2:23 ` [PATCH net-next 2/3] net: mscc: ocelot: refine the ocelot_ace_is_problematic_mac_etype function kbuild test robot
2020-04-23 2:23 ` kbuild test robot
2020-04-20 16:27 ` [PATCH net-next 3/3] net: mscc: ocelot: lift protocol restriction for flow_match_eth_addrs keys Vladimir Oltean
2020-04-22 18:41 ` [PATCH net-next 0/3] Ocelot MAC_ETYPE tc-flower key improvements David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200420162743.15847-3-olteanv@gmail.com \
--to=olteanv@gmail.com \
--cc=UNGLinuxDriver@microchip.com \
--cc=alexandre.belloni@bootlin.com \
--cc=alexandru.marginean@nxp.com \
--cc=allan.nielsen@microchip.com \
--cc=andrew@lunn.ch \
--cc=antoine.tenart@bootlin.com \
--cc=claudiu.manoil@nxp.com \
--cc=davem@davemloft.net \
--cc=f.fainelli@gmail.com \
--cc=horatiu.vultur@microchip.com \
--cc=idosch@idosch.org \
--cc=jiri@mellanox.com \
--cc=joergen.andreasen@microchip.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=po.liu@nxp.com \
--cc=vivien.didelot@gmail.com \
--cc=xiaoliang.yang_1@nxp.com \
--cc=yangbo.lu@nxp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.