Tunnel w/o tunnel id pattern could match any non-tunneled packet,
thus this patch only allow tunnel pattern with outer spec.
Signed-off-by: Xueming Li <xuemi...@mellanox.com>
---
drivers/net/mlx5/mlx5_flow.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/drivers/net/mlx5/mlx5_flow.c b/drivers/net/mlx5/mlx5_flow.c
index fe10904..eb4b447 100644
--- a/drivers/net/mlx5/mlx5_flow.c
+++ b/drivers/net/mlx5/mlx5_flow.c
@@ -1748,7 +1748,11 @@ struct ibv_spec_header {
* before will also match this rule.
* To avoid such situation, VNI 0 is currently refused.
*/
- if (!vxlan.val.tunnel_id)
+ /*
+ * Tunnel w/o tunnel id pattern could match any non-tunneled packet,
+ * thus only allow tunnel pattern with outer spec.
+ */
+ if (parser->out_layer == HASH_RXQ_ETH && !vxlan.val.tunnel_id)
return EINVAL;
mlx5_flow_create_copy(parser, &vxlan, size);
return 0;
@@ -1810,7 +1814,11 @@ struct ibv_spec_header {
* before will also match this rule.
* To avoid such situation, VNI 0 is currently refused.
*/
- if (!vxlan.val.tunnel_id)
+ /*
+ * Tunnel w/o tunnel id pattern could match any non-tunneled packet,
+ * thus only allow tunnel pattern with outer spec.
+ */
+ if (parser->out_layer == HASH_RXQ_ETH && !vxlan.val.tunnel_id)
return EINVAL;
mlx5_flow_create_copy(parser, &vxlan, size);
return 0;
--
1.8.3.1
