Re: [Intel-wired-lan] [PATCH iwl-next] ice: flower: validate control flags

From: Asbjørn Sloth Tønnesen
Date: Fri May 03 2024 - 14:08:36 EST

Next message: Joseph Salisbury: "[ANNOUNCE] 5.15.158-rt76"
Previous message: SeongJae Park: "Re: [PATCH 00/10] mm/damon: misc fixes and improvements"
In reply to: Buvaneswaran, Sujai: "RE: [Intel-wired-lan] [PATCH iwl-next] ice: flower: validate control flags"
Next in thread: Buvaneswaran, Sujai: "RE: [Intel-wired-lan] [PATCH iwl-next] ice: flower: validate control flags"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Sujai,

On 5/3/24 5:57 AM, Buvaneswaran, Sujai wrote:

-----Original Message-----
From: Intel-wired-lan <intel-wired-lan-bounces@xxxxxxxxxx> On Behalf Of
Asbjørn Sloth Tønnesen
Sent: Tuesday, April 16, 2024 8:14 PM
To: intel-wired-lan@xxxxxxxxxxxxxxxx
Cc: netdev@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; Eric Dumazet
<edumazet@xxxxxxxxxx>; Nguyen, Anthony L
<anthony.l.nguyen@xxxxxxxxx>; Asbjørn Sloth Tønnesen <ast@xxxxxxxxxxx>;
Jakub Kicinski <kuba@xxxxxxxxxx>; Paolo Abeni <pabeni@xxxxxxxxxx>;
David S. Miller <davem@xxxxxxxxxxxxx>
Subject: [Intel-wired-lan] [PATCH iwl-next] ice: flower: validate control flags

This driver currently doesn't support any control flags.

Use flow_rule_has_control_flags() to check for control flags, such as can be
set through `tc flower ... ip_flags frag`.

In case any control flags are masked, flow_rule_has_control_flags() sets a NL
extended error message, and we return -EOPNOTSUPP.

Only compile-tested.

Signed-off-by: Asbjørn Sloth Tønnesen <ast@xxxxxxxxxxx>
---
drivers/net/ethernet/intel/ice/ice_tc_lib.c | 4 ++++
1 file changed, 4 insertions(+)

Hi,

I have tested this patch in upstream kernel - 6.9.0-rc5+ and observing no effect while adding tc flow rule with control flags.
'Not supported' error is not shown while adding the below tc rule.

[root@cbl-mariner ~]# tc qdisc add dev ens5f0np0 ingress
[root@cbl-mariner ~]#
[root@cbl-mariner ~]# tc filter add dev ens5f0np0 ingress protocol ip flower ip_flags frag/firstfrag action drop

Thank you for testing!

I think the issue you are observing, is because you are missing "skip_sw":
tc filter add dev ens5f0np0 ingress protocol ip flower skip_sw \
ip_flags frag/firstfrag action drop

Without skip_sw, then the hardware offload is opportunistic,
and therefore the error in hardware offloading doesn't bubble
through to user space.

Without skip_sw, you should still be able to observe a change in
`tc filter show dev ens5f0np0 ingress`. Without the patch you
should see "in_hw", and with it you should see "not_in_hw".

With skip_sw, then the error in hardware offloading causes
the tc command to fail, with the -EOPNOTSUPP error and
associated extended Netlink error message.

Also see Ido's testing for mlxsw in this other thread:
https://lore.kernel.org/netdev/ZiABPNMbOOYGiHCq@shredder/#t

--
Best regards
Asbjørn Sloth Tønnesen
Network Engineer
Fiberby - AS42541

Next message: Joseph Salisbury: "[ANNOUNCE] 5.15.158-rt76"
Previous message: SeongJae Park: "Re: [PATCH 00/10] mm/damon: misc fixes and improvements"
In reply to: Buvaneswaran, Sujai: "RE: [Intel-wired-lan] [PATCH iwl-next] ice: flower: validate control flags"
Next in thread: Buvaneswaran, Sujai: "RE: [Intel-wired-lan] [PATCH iwl-next] ice: flower: validate control flags"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]