mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-29 22:02:02 +00:00
Code Issues Releases Wiki Activity
linux-stable/include
History
Yoshiki Komachi 8ffb055bea cls_flower: Fix the behavior using port ranges with hw-offload 
The recent commit 5c72299fba ("net: sched: cls_flower: Classify
packets using port ranges") had added filtering based on port ranges
to tc flower. However the commit missed necessary changes in hw-offload
code, so the feature gave rise to generating incorrect offloaded flow
keys in NIC.

One more detailed example is below:

$ tc qdisc add dev eth0 ingress
$ tc filter add dev eth0 ingress protocol ip flower ip_proto tcp \
  dst_port 100-200 action drop

With the setup above, an exact match filter with dst_port == 0 will be
installed in NIC by hw-offload. IOW, the NIC will have a rule which is
equivalent to the following one.

$ tc qdisc add dev eth0 ingress
$ tc filter add dev eth0 ingress protocol ip flower ip_proto tcp \
  dst_port 0 action drop

The behavior was caused by the flow dissector which extracts packet
data into the flow key in the tc flower. More specifically, regardless
of exact match or specified port ranges, fl_init_dissector() set the
FLOW_DISSECTOR_KEY_PORTS flag in struct flow_dissector to extract port
numbers from skb in skb_flow_dissect() called by fl_classify(). Note
that device drivers received the same struct flow_dissector object as
used in skb_flow_dissect(). Thus, offloaded drivers could not identify
which of these is used because the FLOW_DISSECTOR_KEY_PORTS flag was
set to struct flow_dissector in either case.

This patch adds the new FLOW_DISSECTOR_KEY_PORTS_RANGE flag and the new
tp_range field in struct fl_flow_key to recognize which filters are applied
to offloaded drivers. At this point, when filters based on port ranges
passed to drivers, drivers return the EOPNOTSUPP error because they do
not support the feature (the newly created FLOW_DISSECTOR_KEY_PORTS_RANGE
flag).

Fixes: 5c72299fba ("net: sched: cls_flower: Classify packets using port ranges")
Signed-off-by: Yoshiki Komachi <komachi.yoshiki@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-12-03 11:55:46 -08:00
..
acpi Merge branches 'acpi-utils', 'acpi-platform', 'acpi-video' and 'acpi-doc' 2019-11-26 10:30:49 +01:00
asm-generic Merge branch 'akpm' (patches from Andrew) 2019-12-01 20:36:41 -08:00
clocksource
crypto
drm mm + drm coherent memory support for vmwgfx 2019-11-30 09:38:11 -08:00
dt-bindings This merge window we have one small clk provider API in the core framework and 2019-12-01 16:06:02 -08:00
keys powerpc updates for 5.5 2019-11-30 14:35:43 -08:00
kunit
kvm
linux Fixed updating of ethertype in function skb_mpls_pop 2019-12-02 13:03:50 -08:00
math-emu
media drm main pull for 5.5-rc1 2019-11-27 17:45:48 -08:00
misc
net cls_flower: Fix the behavior using port ranges with hw-offload 2019-12-03 11:55:46 -08:00
pcmcia
ras
rdma hmm related patches for 5.5 2019-11-30 10:33:14 -08:00
scsi
soc net: mscc: ocelot: use skb queue instead of skbs list 2019-11-27 10:53:37 -08:00
sound
target
trace Merge branch 'akpm' (patches from Andrew) 2019-12-01 20:36:41 -08:00
uapi Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid 2019-12-01 18:20:54 -08:00
vdso
video
xen dma-mapping updates for 5.5-rc1 2019-11-28 11:16:43 -08:00
Kbuild ARM: 2019-11-25 18:02:36 -08:00