From: Marcin Szycik <marcin.szy...@intel.com>
Currently it is possible to create a rule which might break Tx traffic,
because by default all switch rules apply to both Rx and Tx traffic. In
order to avoid situations where Tx traffic accidentally matches Rx rule,
always add direction metadata to all switch rules.
However, because we're adding a new piece of metadata to all rules, some
rules might get too big and be rejected because they were already maxing
out rule capacity. To avoid that, we will only add direction metadata to
rules that are big enough to store it, on the assumption that if a rule
is already big enough to max out the capacity, the rule is therefore so
hyper-specific that it is highly unlikely to match both Rx and Tx
traffic, and so the direction is implied by the fact that the rule is so
specific.
Signed-off-by: Marcin Szycik <marcin.szy...@intel.com>
Signed-off-by: Anatoly Burakov <anatoly.bura...@intel.com>
---
drivers/net/intel/ice/base/ice_protocol_type.h | 1 +
drivers/net/intel/ice/base/ice_switch.c | 14 ++++++++++++++
2 files changed, 15 insertions(+)
diff --git a/drivers/net/intel/ice/base/ice_protocol_type.h
b/drivers/net/intel/ice/base/ice_protocol_type.h
index de960d7d1b..789f0d7ca5 100644
--- a/drivers/net/intel/ice/base/ice_protocol_type.h
+++ b/drivers/net/intel/ice/base/ice_protocol_type.h
@@ -226,6 +226,7 @@ enum ice_prot_id {
#define ICE_TUN_FLAG_MDID_OFF(word) \
(ICE_MDID_SIZE * (ICE_TUN_FLAG_MDID + (word)))
#define ICE_TUN_FLAG_MASK 0xFF
+#define ICE_FROM_NETWORK_FLAG_MASK 0x8
#define ICE_DIR_FLAG_MASK 0x10
#define ICE_TUN_FLAG_IN_VLAN_MASK 0x80 /* VLAN inside tunneled header */
#define ICE_TUN_FLAG_VLAN_MASK 0x01
diff --git a/drivers/net/intel/ice/base/ice_switch.c
b/drivers/net/intel/ice/base/ice_switch.c
index 777fc88d01..54cc2e1c07 100644
--- a/drivers/net/intel/ice/base/ice_switch.c
+++ b/drivers/net/intel/ice/base/ice_switch.c
@@ -7925,6 +7925,20 @@ ice_add_special_words(struct ice_adv_rule_info *rinfo,
u16 mask;
u16 off;
+ /*
+ * Failing to add direction metadata is not considered an error, because
+ * the kinds of rules which would trigger this error are already so
+ * highly specific that they're unlikely to match both Rx and Tx traffic
+ * at the same time.
+ */
+ if (lkup_exts->n_val_words < ICE_MAX_CHAIN_WORDS) {
+ u8 word = lkup_exts->n_val_words++;
+
+ lkup_exts->fv_words[word].prot_id = ICE_META_DATA_ID_HW;
+ lkup_exts->fv_words[word].off = ICE_TUN_FLAG_MDID_OFF(0);
+ lkup_exts->field_mask[word] = ICE_FROM_NETWORK_FLAG_MASK;
+ }
+
/* If this is a tunneled packet, then add recipe index to match the
* tunnel bit in the packet metadata flags. If this is a tun_and_non_tun
* packet, then add recipe index to match the direction bit in the flag.
--
2.47.3
