From: Ido Schimmel <idosch@idosch.org>
To: Cong Wang <xiyou.wangcong@gmail.com>
Cc: netdev@vger.kernel.org, Qiang Zhang <dtzq01@gmail.com>,
Yoshiki Komachi <komachi.yoshiki@gmail.com>,
Jamal Hadi Salim <jhs@mojatatu.com>,
Jiri Pirko <jiri@resnulli.us>
Subject: Re: [Patch net 1/4] flow_dissector: Fix handling of mixed port and port-range keys
Date: Wed, 19 Feb 2025 16:39:28 +0200 [thread overview]
Message-ID: <Z7XtIP8D7clSMnjg@shredder> (raw)
In-Reply-To: <20250218043210.732959-2-xiyou.wangcong@gmail.com>
On Mon, Feb 17, 2025 at 08:32:07PM -0800, Cong Wang wrote:
> This patch fixes a bug in TC flower filter where rules combining a
> specific destination port with a source port range weren't working
> correctly.
>
> The specific case was when users tried to configure rules like:
>
> tc filter add dev ens38 ingress protocol ip flower ip_proto udp \
> dst_port 5000 src_port 2000-3000 action drop
>
> The root cause was in the flow dissector code. While both
> FLOW_DISSECTOR_KEY_PORTS and FLOW_DISSECTOR_KEY_PORTS_RANGE flags
> were being set correctly in the classifier, the __skb_flow_dissect_ports()
> function was only populating one of them: whichever came first in
> the enum check. This meant that when the code needed both a specific
> port and a port range, one of them would be left as 0, causing the
> filter to not match packets as expected.
>
> Fix it by removing the either/or logic and instead checking and
> populating both key types independently when they're in use.
>
> Fixes: 8ffb055beae5 ("cls_flower: Fix the behavior using port ranges with hw-offload")
> Reported-by: Qiang Zhang <dtzq01@gmail.com>
> Closes: https://lore.kernel.org/netdev/CAPx+-5uvFxkhkz4=j_Xuwkezjn9U6kzKTD5jz4tZ9msSJ0fOJA@mail.gmail.com/
> Cc: Yoshiki Komachi <komachi.yoshiki@gmail.com>
> Cc: Jamal Hadi Salim <jhs@mojatatu.com>
> Cc: Jiri Pirko <jiri@resnulli.us>
> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
next prev parent reply other threads:[~2025-02-19 14:39 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-18 4:32 [Patch net 0/4] flow_dissector: Fix handling of mixed port and port-range keys Cong Wang
2025-02-18 4:32 ` [Patch net 1/4] " Cong Wang
2025-02-19 14:39 ` Ido Schimmel [this message]
2025-02-18 4:32 ` [Patch net 2/4] selftests/net/forwarding: Add a test case for tc-flower of mixed port and port-range Cong Wang
2025-02-19 14:40 ` Ido Schimmel
2025-02-18 4:32 ` [Patch net 3/4] flow_dissector: Fix port range key handling in BPF conversion Cong Wang
2025-02-18 4:32 ` [Patch net 4/4] selftests/bpf: Add a specific dst port matching Cong Wang
2025-02-20 3:10 ` [Patch net 0/4] flow_dissector: Fix handling of mixed port and port-range keys patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z7XtIP8D7clSMnjg@shredder \
--to=idosch@idosch.org \
--cc=dtzq01@gmail.com \
--cc=jhs@mojatatu.com \
--cc=jiri@resnulli.us \
--cc=komachi.yoshiki@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.