Use the common attr and action parsing infrastructure in security filter. As a result, some checks have become more stringent. In particular, group attribute is now explicitly rejected instead of being ignored.
Signed-off-by: Anatoly Burakov <[email protected]> --- drivers/net/intel/ixgbe/ixgbe_flow.c | 61 ++++++++++------------------ 1 file changed, 22 insertions(+), 39 deletions(-) diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c index 46161e6146..38a8002611 100644 --- a/drivers/net/intel/ixgbe/ixgbe_flow.c +++ b/drivers/net/intel/ixgbe/ixgbe_flow.c @@ -556,7 +556,17 @@ ixgbe_parse_security_filter(struct rte_eth_dev *dev, const struct rte_flow_attr struct ixgbe_hw *hw = IXGBE_DEV_PRIVATE_TO_HW(dev->data->dev_private); const struct rte_flow_action_security *security; const struct rte_flow_item *item; - const struct rte_flow_action *act; + struct ci_flow_actions parsed_actions; + struct ci_flow_actions_check_param ap_param = { + .allowed_types = (const enum rte_flow_action_type[]){ + /* only security is allowed here */ + RTE_FLOW_ACTION_TYPE_SECURITY, + RTE_FLOW_ACTION_TYPE_END + }, + .max_actions = 1, + }; + const struct rte_flow_action *action; + int ret; if (hw->mac.type != ixgbe_mac_82599EB && hw->mac.type != ixgbe_mac_X540 && @@ -566,45 +576,18 @@ ixgbe_parse_security_filter(struct rte_eth_dev *dev, const struct rte_flow_attr hw->mac.type != ixgbe_mac_E610) return -ENOTSUP; - if (pattern == NULL) { - rte_flow_error_set(error, - EINVAL, RTE_FLOW_ERROR_TYPE_ITEM_NUM, - NULL, "NULL pattern."); - return -rte_errno; - } - if (actions == NULL) { - rte_flow_error_set(error, EINVAL, - RTE_FLOW_ERROR_TYPE_ACTION_NUM, - NULL, "NULL action."); - return -rte_errno; - } - if (attr == NULL) { - rte_flow_error_set(error, EINVAL, - RTE_FLOW_ERROR_TYPE_ATTR, - NULL, "NULL attribute."); - return -rte_errno; - } + /* validate attributes */ + ret = ci_flow_check_attr(attr, NULL, error); + if (ret) + return ret; - /* check if next non-void action is security */ - act = next_no_void_action(actions, NULL); - if (act->type != RTE_FLOW_ACTION_TYPE_SECURITY) { - return rte_flow_error_set(error, EINVAL, - RTE_FLOW_ERROR_TYPE_ACTION, - act, "Not supported action."); - } - security = act->conf; - if (security == NULL) { - return rte_flow_error_set(error, EINVAL, - RTE_FLOW_ERROR_TYPE_ACTION, act, - "NULL security action config."); - } - /* check if the next not void item is END */ - act = next_no_void_action(actions, act); - if (act->type != RTE_FLOW_ACTION_TYPE_END) { - return rte_flow_error_set(error, EINVAL, - RTE_FLOW_ERROR_TYPE_ACTION, - act, "Not supported action."); - } + /* parse requested actions */ + ret = ci_flow_check_actions(actions, &ap_param, &parsed_actions, error); + if (ret) + return ret; + + action = parsed_actions.actions[0]; + security = action->conf; /* get the IP pattern*/ item = next_no_void_pattern(pattern, NULL); -- 2.47.3
