Re: [PATCH net-next v2] bnxt_en: Allow ntuple filters for drops

[Michael Chan]

On Thu, Jan 29, 2026 at 4:23 PM Joe Damato <joe@xxxxxxx> wrote:
>
> It appears that in commit 7efd79c0e689 ("bnxt_en: Add drop action
> support for ntuple"), bnxt gained support for ntuple filters for packet
> drops.
>
> However, support for this does not seem to work in recent kernels or
> against net-next:
>
>   % sudo ethtool -U eth0 flow-type udp4 src-ip 1.1.1.1 action -1
>     rmgr: Cannot insert RX class rule: Operation not supported
>     Cannot insert classification rule
>
> The issue is that the existing code uses ethtool_get_flow_spec_ring_vf,
> which will return a non-zero value if the ring_cookie is set to
> RX_CLS_FLOW_DISC, which then causes bnxt_add_ntuple_cls_rule to return
> -EOPNOTSUPP because it thinks the user is trying to set an ntuple filter
> for a vf.
>
> Fix this by first checking that the ring_cookie is not RX_CLS_FLOW_DISC.
>
> After this patch, ntuple filters for drops can be added:
>
>   % sudo ethtool -U eth0 flow-type udp4 src-ip 1.1.1.1 action -1
>   Added rule with ID 0
>
>   % ethtool -n eth0
>   44 RX rings available
>   Total 1 rules
>
>   Filter: 0
>       Rule Type: UDP over IPv4
>       Src IP addr: 1.1.1.1 mask: 0.0.0.0
>       Dest IP addr: 0.0.0.0 mask: 255.255.255.255
>       TOS: 0x0 mask: 0xff
>       Src port: 0 mask: 0xffff
>       Dest port: 0 mask: 0xffff
>       Action: Drop
>
> Signed-off-by: Joe Damato <joe@xxxxxxx>
> ---
> v2:
>   - Extract the FLOW_MAC_EXT and FLOW_EXT check so it happens unconditionally.
>   - Eliminate the local variable ring, which was used in only one place and
>     call ethtool_get_flow_spec_ring instead.
>
> v1: https://lore.kernel.org/netdev/20260128222718.1679581-1-joe@xxxxxxx/

One minor improvement is to eliminate the vf variable since it is also
used only once.  But I'm fine with this patch.  Thanks.

Reviewed-by: Michael Chan <michael.chan@xxxxxxxxxxxx>

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature