mirror of
https://github.com/openvswitch/ovs
synced 2025-08-31 06:15:47 +00:00
lib/tc: Avoid matching on tunnel ttl or tos if not needed
The tunnel ttl key is not masked when provided to the tc lib, hence we
wrongly attempted to match on it, when we got non zero ttl key with a zero
mask. Fix it by applying the mask. Use the same practice for the tunnel tos.
Fixes: dd83253e11
('lib/tc: Support matching on ip tunnel tos and ttl')
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Reported-by: Eli Britstein <elibr@mellanox.com>
Reviewed-by: Roi Dayan <roid@mellanox.com>
Signed-off-by: Simon Horman <simon.horman@netronome.com>
This commit is contained in:
@@ -511,10 +511,12 @@ parse_tc_flower_to_match(struct tc_flower *flower,
|
||||
match_set_tun_ipv6_dst(match, &flower->key.tunnel.ipv6.ipv6_dst);
|
||||
}
|
||||
if (flower->key.tunnel.tos) {
|
||||
match_set_tun_tos(match, flower->key.tunnel.tos);
|
||||
match_set_tun_tos_masked(match, flower->key.tunnel.tos,
|
||||
flower->mask.tunnel.tos);
|
||||
}
|
||||
if (flower->key.tunnel.ttl) {
|
||||
match_set_tun_ttl(match, flower->key.tunnel.ttl);
|
||||
match_set_tun_ttl_masked(match, flower->key.tunnel.ttl,
|
||||
flower->mask.tunnel.ttl);
|
||||
}
|
||||
if (flower->key.tunnel.tp_dst) {
|
||||
match_set_tun_tp_dst(match, flower->key.tunnel.tp_dst);
|
||||
@@ -939,6 +941,7 @@ netdev_tc_flow_put(struct netdev *netdev, struct match *match,
|
||||
const struct flow *key = &match->flow;
|
||||
struct flow *mask = &match->wc.masks;
|
||||
const struct flow_tnl *tnl = &match->flow.tunnel;
|
||||
const struct flow_tnl *tnl_mask = &mask->tunnel;
|
||||
struct tc_action *action;
|
||||
uint32_t block_id = 0;
|
||||
struct nlattr *nla;
|
||||
@@ -973,6 +976,8 @@ netdev_tc_flow_put(struct netdev *netdev, struct match *match,
|
||||
flower.key.tunnel.ttl = tnl->ip_ttl;
|
||||
flower.key.tunnel.tp_src = tnl->tp_src;
|
||||
flower.key.tunnel.tp_dst = tnl->tp_dst;
|
||||
flower.mask.tunnel.tos = tnl_mask->ip_tos;
|
||||
flower.mask.tunnel.ttl = tnl_mask->ip_ttl;
|
||||
flower.tunnel = true;
|
||||
}
|
||||
memset(&mask->tunnel, 0, sizeof mask->tunnel);
|
||||
|
16
lib/tc.c
16
lib/tc.c
@@ -415,13 +415,17 @@ nl_parse_flower_tunnel(struct nlattr **attrs, struct tc_flower *flower)
|
||||
flower->key.tunnel.tp_dst =
|
||||
nl_attr_get_be16(attrs[TCA_FLOWER_KEY_ENC_UDP_DST_PORT]);
|
||||
}
|
||||
if (attrs[TCA_FLOWER_KEY_ENC_IP_TOS]) {
|
||||
if (attrs[TCA_FLOWER_KEY_ENC_IP_TOS_MASK]) {
|
||||
flower->key.tunnel.tos =
|
||||
nl_attr_get_u8(attrs[TCA_FLOWER_KEY_ENC_IP_TOS]);
|
||||
flower->mask.tunnel.tos =
|
||||
nl_attr_get_u8(attrs[TCA_FLOWER_KEY_ENC_IP_TOS_MASK]);
|
||||
}
|
||||
if (attrs[TCA_FLOWER_KEY_ENC_IP_TTL]) {
|
||||
if (attrs[TCA_FLOWER_KEY_ENC_IP_TTL_MASK]) {
|
||||
flower->key.tunnel.ttl =
|
||||
nl_attr_get_u8(attrs[TCA_FLOWER_KEY_ENC_IP_TTL]);
|
||||
flower->mask.tunnel.ttl =
|
||||
nl_attr_get_u8(attrs[TCA_FLOWER_KEY_ENC_IP_TTL_MASK]);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1623,6 +1627,8 @@ nl_msg_put_flower_tunnel(struct ofpbuf *request, struct tc_flower *flower)
|
||||
ovs_be32 id = be64_to_be32(flower->key.tunnel.id);
|
||||
uint8_t tos = flower->key.tunnel.tos;
|
||||
uint8_t ttl = flower->key.tunnel.ttl;
|
||||
uint8_t tos_mask = flower->mask.tunnel.tos;
|
||||
uint8_t ttl_mask = flower->mask.tunnel.ttl;
|
||||
|
||||
if (ipv4_dst) {
|
||||
nl_msg_put_be32(request, TCA_FLOWER_KEY_ENC_IPV4_SRC, ipv4_src);
|
||||
@@ -1631,11 +1637,13 @@ nl_msg_put_flower_tunnel(struct ofpbuf *request, struct tc_flower *flower)
|
||||
nl_msg_put_in6_addr(request, TCA_FLOWER_KEY_ENC_IPV6_SRC, ipv6_src);
|
||||
nl_msg_put_in6_addr(request, TCA_FLOWER_KEY_ENC_IPV6_DST, ipv6_dst);
|
||||
}
|
||||
if (tos) {
|
||||
if (tos_mask) {
|
||||
nl_msg_put_u8(request, TCA_FLOWER_KEY_ENC_IP_TOS, tos);
|
||||
nl_msg_put_u8(request, TCA_FLOWER_KEY_ENC_IP_TOS_MASK, tos_mask);
|
||||
}
|
||||
if (ttl) {
|
||||
if (ttl_mask) {
|
||||
nl_msg_put_u8(request, TCA_FLOWER_KEY_ENC_IP_TTL, ttl);
|
||||
nl_msg_put_u8(request, TCA_FLOWER_KEY_ENC_IP_TTL_MASK, ttl_mask);
|
||||
}
|
||||
nl_msg_put_be16(request, TCA_FLOWER_KEY_ENC_UDP_DST_PORT, tp_dst);
|
||||
nl_msg_put_be32(request, TCA_FLOWER_KEY_ENC_KEY_ID, id);
|
||||
|
Reference in New Issue
Block a user