git.baikalelectronics.ru Git - kernel.git/commit

author	Jianbo Liu <jianbol@nvidia.com>
	Wed, 6 Apr 2022 03:25:33 +0000 (03:25 +0000)
committer	Saeed Mahameed <saeedm@nvidia.com>
	Tue, 23 Aug 2022 05:44:25 +0000 (22:44 -0700)
commit	a32af4459839bc9510ae9ed9cd5975e1552395d7
tree	e7d5c3557cbb0ae0598e1c70a4380691bfd68942	tree \| snapshot
parent	e3ba14fc650937e54077dcfda286b00aa325adf6	commit \| diff

net/mlx5: E-Switch, Add default drop rule for unmatched packets

The ft_offloads table serves to steer packets, which are from the
eswitch, to the representor associated with the packets' source vport.

Previously, if a packet's source vport or metadata was not associated
with any representor, it was forwarded to the uplink representor. The
representor got packets it shouldn't have as they weren't coming from
the uplink vport.

One such effect of this breakage can be observed if the uplink
representor is attached to a bridge, where such illegal packets will
be broadcast to the remaining ports, flooding the switch with illegal
packets. In the case where IB loopback (e.g, SNAP) is enabled, all
transmitted packets would be looped back, and received by the uplink
representor, and result in an infinite feedback loop.

Therefore, block this hole by adding a default drop rule to the
ft_offloads table, so that all unmatched packets with no associated
representor are dropped.

Signed-off-by: Jianbo Liu <jianbol@nvidia.com>
Reviewed-by: Gavi Teitz <gavi@nvidia.com>
Reviewed-by: Mark Bloch <mbloch@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>

drivers/net/ethernet/mellanox/mlx5/core/eswitch.h		diff \| blob \| history
drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c		diff \| blob \| history