Commit 61cef645 authored by Joe Damato's avatar Joe Damato Committed by Jakub Kicinski
Browse files

bnxt_en: Allow ntuple filters for drops 



It appears that in commit 7efd79c0 ("bnxt_en: Add drop action
support for ntuple"), bnxt gained support for ntuple filters for packet
drops.

However, support for this does not seem to work in recent kernels or
against net-next:

  % sudo ethtool -U eth0 flow-type udp4 src-ip 1.1.1.1 action -1
    rmgr: Cannot insert RX class rule: Operation not supported
    Cannot insert classification rule

The issue is that the existing code uses ethtool_get_flow_spec_ring_vf,
which will return a non-zero value if the ring_cookie is set to
RX_CLS_FLOW_DISC, which then causes bnxt_add_ntuple_cls_rule to return
-EOPNOTSUPP because it thinks the user is trying to set an ntuple filter
for a vf.

Fix this by first checking that the ring_cookie is not RX_CLS_FLOW_DISC.

After this patch, ntuple filters for drops can be added:

  % sudo ethtool -U eth0 flow-type udp4 src-ip 1.1.1.1 action -1
  Added rule with ID 0

  % ethtool -n eth0
  44 RX rings available
  Total 1 rules

  Filter: 0
      Rule Type: UDP over IPv4
      Src IP addr: 1.1.1.1 mask: 0.0.0.0
      Dest IP addr: 0.0.0.0 mask: 255.255.255.255
      TOS: 0x0 mask: 0xff
      Src port: 0 mask: 0xffff
      Dest port: 0 mask: 0xffff
      Action: Drop

Reviewed-by: default avatarMichael Chan <michael.chan@broadcom.com>
Signed-off-by: default avatarJoe Damato <joe@dama.to>
Link: https://patch.msgid.link/20260131003042.2570434-1-joe@dama.to


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent 71a58ec6

drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c

+7 −6
Original line number Diff line number Diff line
@@ -1346,16 +1346,17 @@ static int bnxt_add_ntuple_cls_rule(struct bnxt *bp, 
	struct bnxt_l2_filter *l2_fltr;

	struct bnxt_flow_masks *fmasks;

	struct flow_keys *fkeys;

	u32 idx, ring;

	u32 idx;

	int rc;

	u8 vf;



	if (!bp->vnic_info)

		return -EAGAIN;



	vf = ethtool_get_flow_spec_ring_vf(fs->ring_cookie);

	ring = ethtool_get_flow_spec_ring(fs->ring_cookie);

	if ((fs->flow_type & (FLOW_MAC_EXT | FLOW_EXT)) || vf)

	if (fs->flow_type & (FLOW_MAC_EXT | FLOW_EXT))

		return -EOPNOTSUPP;



	if (fs->ring_cookie != RX_CLS_FLOW_DISC &&

	    ethtool_get_flow_spec_ring_vf(fs->ring_cookie))

		return -EOPNOTSUPP;



	if (flow_type == IP_USER_FLOW) {
@@ -1481,7 +1482,7 @@ static int bnxt_add_ntuple_cls_rule(struct bnxt *bp, 
	if (fs->ring_cookie == RX_CLS_FLOW_DISC)

		new_fltr->base.flags |= BNXT_ACT_DROP;

	else

		new_fltr->base.rxq = ring;

		new_fltr->base.rxq = ethtool_get_flow_spec_ring(fs->ring_cookie);

	__set_bit(BNXT_FLTR_VALID, &new_fltr->base.state);

	rc = bnxt_insert_ntp_filter(bp, new_fltr, idx);

	if (!rc) {