From e8913d1bb5b7a35a1ddc3d58fb18ec240b2d2110 Mon Sep 17 00:00:00 2001
From: Alaa Hleihel <ahleihel@redhat.com>
Date: Sun, 10 May 2020 14:51:37 -0400
Subject: [PATCH 017/312] [netdrv] net/mlx5e: Allow dropping specific tunnel
 packets

Message-id: <20200510145245.10054-15-ahleihel@redhat.com>
Patchwork-id: 306555
Patchwork-instance: patchwork
O-Subject: [RHEL8.3 BZ 1789378 v2 14/82] net/mlx5e: Allow dropping specific tunnel packets
Bugzilla: 1789378
RH-Acked-by: Kamal Heib <kheib@redhat.com>
RH-Acked-by: Jarod Wilson <jarod@redhat.com>
RH-Acked-by: Tony Camuso <tcamuso@redhat.com>
RH-Acked-by: Jonathan Toppins <jtoppins@redhat.com>

Bugzilla: http://bugzilla.redhat.com/1789378
Upstream: v5.4-rc1

commit 6830b468259b45e3b73070474b8cec9388aa8c11
Author: Tonghao Zhang <xiangxia.m.yue@gmail.com>
Date:   Thu Aug 1 16:40:59 2019 +0800

    net/mlx5e: Allow dropping specific tunnel packets

    In some case, we don't want to allow specific tunnel packets
    to host that can avoid to take up high CPU (e.g network attacks).
    But other tunnel packets which not matched in hardware will be
    sent to host too.

        $ tc filter add dev vxlan_sys_4789 \
                protocol ip chain 0 parent ffff: prio 1 handle 1 \
                flower dst_ip 1.1.1.100 ip_proto tcp dst_port 80 \
                enc_dst_ip 2.2.2.100 enc_key_id 100 enc_dst_port 4789 \
                action tunnel_key unset pipe action drop

    Signed-off-by: Tonghao Zhang <xiangxia.m.yue@gmail.com>
    Reviewed-by: Roi Dayan <roid@mellanox.com>
    Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>

Signed-off-by: Alaa Hleihel <ahleihel@redhat.com>
Signed-off-by: Frantisek Hrbata <fhrbata@redhat.com>
---
 drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
index 1f76974dc946..d7d2151d1ef3 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
@@ -2715,7 +2715,8 @@ static bool actions_match_supported(struct mlx5e_priv *priv,
 
 	if (flow_flag_test(flow, EGRESS) &&
 	    !((actions & MLX5_FLOW_CONTEXT_ACTION_DECAP) ||
-	      (actions & MLX5_FLOW_CONTEXT_ACTION_VLAN_POP)))
+	      (actions & MLX5_FLOW_CONTEXT_ACTION_VLAN_POP) ||
+	      (actions & MLX5_FLOW_CONTEXT_ACTION_DROP)))
 		return false;
 
 	if (actions & MLX5_FLOW_CONTEXT_ACTION_MOD_HDR)
-- 
2.13.6