1. Patchew
  2. linux
  3. View series

[PATCH net-next] bnxt_en: Allow ntuple filters for drops

Joe Damato posted 1 patch 1 week, 2 days ago
There is a newer version of this series
drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
[PATCH net-next] bnxt_en: Allow ntuple filters for drops
Posted by Joe Damato 1 week, 2 days ago 
It appears that in commit 7efd79c0e689 ("bnxt_en: Add drop action
support for ntuple"), bnxt gained support for ntuple filters for packet
drops.

However, support for this does not seem to work in recent kernels or
against net-next:

  % sudo ethtool -U eth0 flow-type udp4 src-ip 1.1.1.1 action -1
    rmgr: Cannot insert RX class rule: Operation not supported
    Cannot insert classification rule

The issue is that the existing code uses ethtool_get_flow_spec_ring_vf,
which will return a non-zero value if the ring_cookie is set to
RX_CLS_FLOW_DISC, which then causes bnxt_add_ntuple_cls_rule to return
-EOPNOTSUPP because it thinks the user is trying to set an ntuple filter
for a vf.

Fix this by first checking that the ring_cookie is not RX_CLS_FLOW_DISC.

After this patch, ntuple filters for drops can be added:

  % sudo ethtool -U eth0 flow-type udp4 src-ip 1.1.1.1 action -1
  Added rule with ID 0

  % ethtool -n eth0
  44 RX rings available
  Total 1 rules

  Filter: 0
  	Rule Type: UDP over IPv4
  	Src IP addr: 1.1.1.1 mask: 0.0.0.0
  	Dest IP addr: 0.0.0.0 mask: 255.255.255.255
  	TOS: 0x0 mask: 0xff
  	Src port: 0 mask: 0xffff
  	Dest port: 0 mask: 0xffff
  	Action: Drop

Signed-off-by: Joe Damato <joe@dama.to>
---
 drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
index 6b15fedbb16f..fd32231bf8e0 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
@@ -1353,10 +1353,12 @@ static int bnxt_add_ntuple_cls_rule(struct bnxt *bp,
 	if (!bp->vnic_info)
 		return -EAGAIN;
 
-	vf = ethtool_get_flow_spec_ring_vf(fs->ring_cookie);
-	ring = ethtool_get_flow_spec_ring(fs->ring_cookie);
-	if ((fs->flow_type & (FLOW_MAC_EXT | FLOW_EXT)) || vf)
-		return -EOPNOTSUPP;
+	if (fs->ring_cookie != RX_CLS_FLOW_DISC) {
+		vf = ethtool_get_flow_spec_ring_vf(fs->ring_cookie);
+		ring = ethtool_get_flow_spec_ring(fs->ring_cookie);
+		if ((fs->flow_type & (FLOW_MAC_EXT | FLOW_EXT)) || vf)
+			return -EOPNOTSUPP;
+	}
 
 	if (flow_type == IP_USER_FLOW) {
 		if (!bnxt_verify_ntuple_ip4_flow(&fs->h_u.usr_ip4_spec,

base-commit: 239f09e258b906deced5c2a7c1ac8aed301b558b
-- 
2.47.3
Re: [PATCH net-next] bnxt_en: Allow ntuple filters for drops
Posted by Michael Chan 1 week, 2 days ago 
On Wed, Jan 28, 2026 at 2:27 PM Joe Damato <joe@dama.to> wrote:
>
> It appears that in commit 7efd79c0e689 ("bnxt_en: Add drop action
> support for ntuple"), bnxt gained support for ntuple filters for packet
> drops.
>
> However, support for this does not seem to work in recent kernels or
> against net-next:
>
>   % sudo ethtool -U eth0 flow-type udp4 src-ip 1.1.1.1 action -1
>     rmgr: Cannot insert RX class rule: Operation not supported
>     Cannot insert classification rule
>
> The issue is that the existing code uses ethtool_get_flow_spec_ring_vf,
> which will return a non-zero value if the ring_cookie is set to
> RX_CLS_FLOW_DISC, which then causes bnxt_add_ntuple_cls_rule to return
> -EOPNOTSUPP because it thinks the user is trying to set an ntuple filter
> for a vf.
>
> Fix this by first checking that the ring_cookie is not RX_CLS_FLOW_DISC.

Please add the Fixes tag.  It looks like the drop action never worked
properly because of the vf check.

> ---
>  drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 10 ++++++----
>  1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
> index 6b15fedbb16f..fd32231bf8e0 100644
> --- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
> +++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
> @@ -1353,10 +1353,12 @@ static int bnxt_add_ntuple_cls_rule(struct bnxt *bp,
>         if (!bp->vnic_info)
>                 return -EAGAIN;
>
> -       vf = ethtool_get_flow_spec_ring_vf(fs->ring_cookie);
> -       ring = ethtool_get_flow_spec_ring(fs->ring_cookie);
> -       if ((fs->flow_type & (FLOW_MAC_EXT | FLOW_EXT)) || vf)
> -               return -EOPNOTSUPP;
> +       if (fs->ring_cookie != RX_CLS_FLOW_DISC) {
> +               vf = ethtool_get_flow_spec_ring_vf(fs->ring_cookie);
> +               ring = ethtool_get_flow_spec_ring(fs->ring_cookie);
> +               if ((fs->flow_type & (FLOW_MAC_EXT | FLOW_EXT)) || vf)

I think the FLOW_MAC_EXT and FLOW_EXT checks should be done unconditionally.

Alternatively, we can also change ethtool_get_flow_spec_ring_vf() to
check that the cookie is not RX_CLS_FLOW_DISC or RX_CLS_FLOW_WAKE.

Thanks.

> +                       return -EOPNOTSUPP;
> +       }
Re: [PATCH net-next] bnxt_en: Allow ntuple filters for drops
Posted by Joe Damato 1 week, 2 days ago 
On Wed, Jan 28, 2026 at 03:09:21PM -0800, Michael Chan wrote:
> On Wed, Jan 28, 2026 at 2:27 PM Joe Damato <joe@dama.to> wrote:
> >
> > It appears that in commit 7efd79c0e689 ("bnxt_en: Add drop action
> > support for ntuple"), bnxt gained support for ntuple filters for packet
> > drops.
> >
> > However, support for this does not seem to work in recent kernels or
> > against net-next:
> >
> >   % sudo ethtool -U eth0 flow-type udp4 src-ip 1.1.1.1 action -1
> >     rmgr: Cannot insert RX class rule: Operation not supported
> >     Cannot insert classification rule
> >
> > The issue is that the existing code uses ethtool_get_flow_spec_ring_vf,
> > which will return a non-zero value if the ring_cookie is set to
> > RX_CLS_FLOW_DISC, which then causes bnxt_add_ntuple_cls_rule to return
> > -EOPNOTSUPP because it thinks the user is trying to set an ntuple filter
> > for a vf.
> >
> > Fix this by first checking that the ring_cookie is not RX_CLS_FLOW_DISC.
> 
> Please add the Fixes tag.  It looks like the drop action never worked
> properly because of the vf check.

I haven't been able to verify, but based on reading the code it looks like
this path may not have worked since the code was introduced.

In that case, a fixes tag isn't needed because this is essentially new
functionality.

> > ---
> >  drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 10 ++++++----
> >  1 file changed, 6 insertions(+), 4 deletions(-)
> >
> > diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
> > index 6b15fedbb16f..fd32231bf8e0 100644
> > --- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
> > +++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
> > @@ -1353,10 +1353,12 @@ static int bnxt_add_ntuple_cls_rule(struct bnxt *bp,
> >         if (!bp->vnic_info)
> >                 return -EAGAIN;
> >
> > -       vf = ethtool_get_flow_spec_ring_vf(fs->ring_cookie);
> > -       ring = ethtool_get_flow_spec_ring(fs->ring_cookie);
> > -       if ((fs->flow_type & (FLOW_MAC_EXT | FLOW_EXT)) || vf)
> > -               return -EOPNOTSUPP;
> > +       if (fs->ring_cookie != RX_CLS_FLOW_DISC) {
> > +               vf = ethtool_get_flow_spec_ring_vf(fs->ring_cookie);
> > +               ring = ethtool_get_flow_spec_ring(fs->ring_cookie);
> > +               if ((fs->flow_type & (FLOW_MAC_EXT | FLOW_EXT)) || vf)
> 
> I think the FLOW_MAC_EXT and FLOW_EXT checks should be done unconditionally.

OK, I'll change the patch so that -EOPNOTSUPP is returned unconditionally if
(FLOW_MAC_EXT | FLOW_EXT) are set and then do the RX_CLS_FLOW_DISC flow check
before calling ethtool_get_flow_spec_ring_vf.

> Alternatively, we can also change ethtool_get_flow_spec_ring_vf() to
> check that the cookie is not RX_CLS_FLOW_DISC or RX_CLS_FLOW_WAKE.

That's up to the maintainers.

The existing drivers I checked which use ethtool_get_flow_spec_ring_vf all
explicitly check RX_CLS_FLOW_DISC, so it seems to be an established pattern.

I think we should fix this in the broadcom driver first and if there is a
desire from the maintainers to handle this in ethtool_get_flow_spec_ring_vf,
that can be done as a separate series which updates all of the drivers to
remove the redundant check.
Re: [PATCH net-next] bnxt_en: Allow ntuple filters for drops
Posted by Michael Chan 1 week, 2 days ago 
On Wed, Jan 28, 2026 at 5:01 PM Joe Damato <joe@dama.to> wrote:
>
> On Wed, Jan 28, 2026 at 03:09:21PM -0800, Michael Chan wrote:
> > Alternatively, we can also change ethtool_get_flow_spec_ring_vf() to
> > check that the cookie is not RX_CLS_FLOW_DISC or RX_CLS_FLOW_WAKE.
>
> That's up to the maintainers.
>
> The existing drivers I checked which use ethtool_get_flow_spec_ring_vf all
> explicitly check RX_CLS_FLOW_DISC, so it seems to be an established pattern.
>
> I think we should fix this in the broadcom driver first and if there is a
> desire from the maintainers to handle this in ethtool_get_flow_spec_ring_vf,
> that can be done as a separate series which updates all of the drivers to
> remove the redundant check.

Sounds good.  Thanks.

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.