[Intel-wired-lan] [PATCH iwl-next] ice: flower: validate control flags
Asbjørn Sloth Tønnesen
ast at fiberby.net
Fri May 3 18:08:04 UTC 2024
Hi Sujai,
On 5/3/24 5:57 AM, Buvaneswaran, Sujai wrote:
>> -----Original Message-----
>> From: Intel-wired-lan <intel-wired-lan-bounces at osuosl.org> On Behalf Of
>> Asbjørn Sloth Tønnesen
>> Sent: Tuesday, April 16, 2024 8:14 PM
>> To: intel-wired-lan at lists.osuosl.org
>> Cc: netdev at vger.kernel.org; linux-kernel at vger.kernel.org; Eric Dumazet
>> <edumazet at google.com>; Nguyen, Anthony L
>> <anthony.l.nguyen at intel.com>; Asbjørn Sloth Tønnesen <ast at fiberby.net>;
>> Jakub Kicinski <kuba at kernel.org>; Paolo Abeni <pabeni at redhat.com>;
>> David S. Miller <davem at davemloft.net>
>> Subject: [Intel-wired-lan] [PATCH iwl-next] ice: flower: validate control flags
>>
>> This driver currently doesn't support any control flags.
>>
>> Use flow_rule_has_control_flags() to check for control flags, such as can be
>> set through `tc flower ... ip_flags frag`.
>>
>> In case any control flags are masked, flow_rule_has_control_flags() sets a NL
>> extended error message, and we return -EOPNOTSUPP.
>>
>> Only compile-tested.
>>
>> Signed-off-by: Asbjørn Sloth Tønnesen <ast at fiberby.net>
>> ---
>> drivers/net/ethernet/intel/ice/ice_tc_lib.c | 4 ++++
>> 1 file changed, 4 insertions(+)
>>
>
> Hi,
>
> I have tested this patch in upstream kernel - 6.9.0-rc5+ and observing no effect while adding tc flow rule with control flags.
> 'Not supported' error is not shown while adding the below tc rule.
>
> [root at cbl-mariner ~]# tc qdisc add dev ens5f0np0 ingress
> [root at cbl-mariner ~]#
> [root at cbl-mariner ~]# tc filter add dev ens5f0np0 ingress protocol ip flower ip_flags frag/firstfrag action drop
Thank you for testing!
I think the issue you are observing, is because you are missing "skip_sw":
tc filter add dev ens5f0np0 ingress protocol ip flower skip_sw \
ip_flags frag/firstfrag action drop
Without skip_sw, then the hardware offload is opportunistic,
and therefore the error in hardware offloading doesn't bubble
through to user space.
Without skip_sw, you should still be able to observe a change in
`tc filter show dev ens5f0np0 ingress`. Without the patch you
should see "in_hw", and with it you should see "not_in_hw".
With skip_sw, then the error in hardware offloading causes
the tc command to fail, with the -EOPNOTSUPP error and
associated extended Netlink error message.
Also see Ido's testing for mlxsw in this other thread:
https://lore.kernel.org/netdev/ZiABPNMbOOYGiHCq@shredder/#t
--
Best regards
Asbjørn Sloth Tønnesen
Network Engineer
Fiberby - AS42541
More information about the Intel-wired-lan
mailing list