git.baikalelectronics.ru Git - kernel.git/commit

author	Andy Gospodarek <gospo@broadcom.com>
	Wed, 11 Apr 2018 15:50:14 +0000 (11:50 -0400)
committer	David S. Miller <davem@davemloft.net>
	Wed, 11 Apr 2018 18:41:59 +0000 (14:41 -0400)
commit	1c3b97cebb6bd2e32283f6728307234e70232b61
tree	150b1d3d1c814b3052ca5eba03646a83b838230b	tree \| snapshot
parent	93fea2a876f594a47becac2e5b6c68a8c0856ab1	commit \| diff

bnxt_en: do not allow wildcard matches for L2 flows

Before this patch the following commands would succeed as far as the
user was concerned:

$ tc qdisc add dev p1p1 ingress
$ tc filter add dev p1p1 parent ffff: protocol all \
flower skip_sw action drop
$ tc filter add dev p1p1 parent ffff: protocol ipv4 \
flower skip_sw src_mac 00:02:00:00:00:01/44 action drop

The current flow offload infrastructure used does not support wildcard
matching for ethernet headers, so do not allow the second or third
commands to succeed. If a user wants to drop traffic on that interface
the protocol and MAC addresses need to be specified explicitly:

$ tc qdisc add dev p1p1 ingress
$ tc filter add dev p1p1 parent ffff: protocol arp \
flower skip_sw action drop
$ tc filter add dev p1p1 parent ffff: protocol ipv4 \
flower skip_sw action drop
...
$ tc filter add dev p1p1 parent ffff: protocol ipv4 \
flower skip_sw src_mac 00:02:00:00:00:01 action drop
$ tc filter add dev p1p1 parent ffff: protocol ipv4 \
flower skip_sw src_mac 00:02:00:00:00:02 action drop
...

There are also checks for VLAN parameters in this patch as other callers
may wildcard those parameters even if tc does not. Using different
flow infrastructure could allow this to work in the future for L2 flows,
but for now it does not.

Fixes: e34283d1e029 ("bnxt_en: bnxt: add TC flower filter offload support")
Signed-off-by: Andy Gospodarek <gospo@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>