You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
64 lines
2.4 KiB
64 lines
2.4 KiB
From e8913d1bb5b7a35a1ddc3d58fb18ec240b2d2110 Mon Sep 17 00:00:00 2001
|
|
From: Alaa Hleihel <ahleihel@redhat.com>
|
|
Date: Sun, 10 May 2020 14:51:37 -0400
|
|
Subject: [PATCH 017/312] [netdrv] net/mlx5e: Allow dropping specific tunnel
|
|
packets
|
|
|
|
Message-id: <20200510145245.10054-15-ahleihel@redhat.com>
|
|
Patchwork-id: 306555
|
|
Patchwork-instance: patchwork
|
|
O-Subject: [RHEL8.3 BZ 1789378 v2 14/82] net/mlx5e: Allow dropping specific tunnel packets
|
|
Bugzilla: 1789378
|
|
RH-Acked-by: Kamal Heib <kheib@redhat.com>
|
|
RH-Acked-by: Jarod Wilson <jarod@redhat.com>
|
|
RH-Acked-by: Tony Camuso <tcamuso@redhat.com>
|
|
RH-Acked-by: Jonathan Toppins <jtoppins@redhat.com>
|
|
|
|
Bugzilla: http://bugzilla.redhat.com/1789378
|
|
Upstream: v5.4-rc1
|
|
|
|
commit 6830b468259b45e3b73070474b8cec9388aa8c11
|
|
Author: Tonghao Zhang <xiangxia.m.yue@gmail.com>
|
|
Date: Thu Aug 1 16:40:59 2019 +0800
|
|
|
|
net/mlx5e: Allow dropping specific tunnel packets
|
|
|
|
In some case, we don't want to allow specific tunnel packets
|
|
to host that can avoid to take up high CPU (e.g network attacks).
|
|
But other tunnel packets which not matched in hardware will be
|
|
sent to host too.
|
|
|
|
$ tc filter add dev vxlan_sys_4789 \
|
|
protocol ip chain 0 parent ffff: prio 1 handle 1 \
|
|
flower dst_ip 1.1.1.100 ip_proto tcp dst_port 80 \
|
|
enc_dst_ip 2.2.2.100 enc_key_id 100 enc_dst_port 4789 \
|
|
action tunnel_key unset pipe action drop
|
|
|
|
Signed-off-by: Tonghao Zhang <xiangxia.m.yue@gmail.com>
|
|
Reviewed-by: Roi Dayan <roid@mellanox.com>
|
|
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
|
|
|
|
Signed-off-by: Alaa Hleihel <ahleihel@redhat.com>
|
|
Signed-off-by: Frantisek Hrbata <fhrbata@redhat.com>
|
|
---
|
|
drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
|
|
index 1f76974dc946..d7d2151d1ef3 100644
|
|
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
|
|
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
|
|
@@ -2715,7 +2715,8 @@ static bool actions_match_supported(struct mlx5e_priv *priv,
|
|
|
|
if (flow_flag_test(flow, EGRESS) &&
|
|
!((actions & MLX5_FLOW_CONTEXT_ACTION_DECAP) ||
|
|
- (actions & MLX5_FLOW_CONTEXT_ACTION_VLAN_POP)))
|
|
+ (actions & MLX5_FLOW_CONTEXT_ACTION_VLAN_POP) ||
|
|
+ (actions & MLX5_FLOW_CONTEXT_ACTION_DROP)))
|
|
return false;
|
|
|
|
if (actions & MLX5_FLOW_CONTEXT_ACTION_MOD_HDR)
|
|
--
|
|
2.13.6
|
|
|