1. Patchew
  2. linux
  3. View series

[PATCH net-next v2] bnxt_en: Allow ntuple filters for drops

Joe Damato posted 1 patch 1 week, 2 days ago
There is a newer version of this series
drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
[PATCH net-next v2] bnxt_en: Allow ntuple filters for drops
Posted by Joe Damato 1 week, 2 days ago 
It appears that in commit 7efd79c0e689 ("bnxt_en: Add drop action
support for ntuple"), bnxt gained support for ntuple filters for packet
drops.

However, support for this does not seem to work in recent kernels or
against net-next:

  % sudo ethtool -U eth0 flow-type udp4 src-ip 1.1.1.1 action -1
    rmgr: Cannot insert RX class rule: Operation not supported
    Cannot insert classification rule

The issue is that the existing code uses ethtool_get_flow_spec_ring_vf,
which will return a non-zero value if the ring_cookie is set to
RX_CLS_FLOW_DISC, which then causes bnxt_add_ntuple_cls_rule to return
-EOPNOTSUPP because it thinks the user is trying to set an ntuple filter
for a vf.

Fix this by first checking that the ring_cookie is not RX_CLS_FLOW_DISC.

After this patch, ntuple filters for drops can be added:

  % sudo ethtool -U eth0 flow-type udp4 src-ip 1.1.1.1 action -1
  Added rule with ID 0

  % ethtool -n eth0
  44 RX rings available
  Total 1 rules

  Filter: 0
      Rule Type: UDP over IPv4
      Src IP addr: 1.1.1.1 mask: 0.0.0.0
      Dest IP addr: 0.0.0.0 mask: 255.255.255.255
      TOS: 0x0 mask: 0xff
      Src port: 0 mask: 0xffff
      Dest port: 0 mask: 0xffff
      Action: Drop

Signed-off-by: Joe Damato <joe@dama.to>
---
v2:
  - Extract the FLOW_MAC_EXT and FLOW_EXT check so it happens unconditionally. 
  - Eliminate the local variable ring, which was used in only one place and
    call ethtool_get_flow_spec_ring instead.

v1: https://lore.kernel.org/netdev/20260128222718.1679581-1-joe@dama.to/

 drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
index 6b15fedbb16f..eebe78628cbb 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
@@ -1346,18 +1346,22 @@ static int bnxt_add_ntuple_cls_rule(struct bnxt *bp,
 	struct bnxt_l2_filter *l2_fltr;
 	struct bnxt_flow_masks *fmasks;
 	struct flow_keys *fkeys;
-	u32 idx, ring;
+	u32 idx;
 	int rc;
 	u8 vf;
 
 	if (!bp->vnic_info)
 		return -EAGAIN;
 
-	vf = ethtool_get_flow_spec_ring_vf(fs->ring_cookie);
-	ring = ethtool_get_flow_spec_ring(fs->ring_cookie);
-	if ((fs->flow_type & (FLOW_MAC_EXT | FLOW_EXT)) || vf)
+	if (fs->flow_type & (FLOW_MAC_EXT | FLOW_EXT))
 		return -EOPNOTSUPP;
 
+	if (fs->ring_cookie != RX_CLS_FLOW_DISC) {
+		vf = ethtool_get_flow_spec_ring_vf(fs->ring_cookie);
+		if (vf)
+			return -EOPNOTSUPP;
+	}
+
 	if (flow_type == IP_USER_FLOW) {
 		if (!bnxt_verify_ntuple_ip4_flow(&fs->h_u.usr_ip4_spec,
 						 &fs->m_u.usr_ip4_spec))
@@ -1481,7 +1485,7 @@ static int bnxt_add_ntuple_cls_rule(struct bnxt *bp,
 	if (fs->ring_cookie == RX_CLS_FLOW_DISC)
 		new_fltr->base.flags |= BNXT_ACT_DROP;
 	else
-		new_fltr->base.rxq = ring;
+		new_fltr->base.rxq = ethtool_get_flow_spec_ring(fs->ring_cookie);
 	__set_bit(BNXT_FLTR_VALID, &new_fltr->base.state);
 	rc = bnxt_insert_ntp_filter(bp, new_fltr, idx);
 	if (!rc) {

base-commit: 239f09e258b906deced5c2a7c1ac8aed301b558b
-- 
2.47.3
Re: [PATCH net-next v2] bnxt_en: Allow ntuple filters for drops
Posted by Michael Chan 1 week, 1 day ago 
On Thu, Jan 29, 2026 at 4:23 PM Joe Damato <joe@dama.to> wrote:
>
> It appears that in commit 7efd79c0e689 ("bnxt_en: Add drop action
> support for ntuple"), bnxt gained support for ntuple filters for packet
> drops.
>
> However, support for this does not seem to work in recent kernels or
> against net-next:
>
>   % sudo ethtool -U eth0 flow-type udp4 src-ip 1.1.1.1 action -1
>     rmgr: Cannot insert RX class rule: Operation not supported
>     Cannot insert classification rule
>
> The issue is that the existing code uses ethtool_get_flow_spec_ring_vf,
> which will return a non-zero value if the ring_cookie is set to
> RX_CLS_FLOW_DISC, which then causes bnxt_add_ntuple_cls_rule to return
> -EOPNOTSUPP because it thinks the user is trying to set an ntuple filter
> for a vf.
>
> Fix this by first checking that the ring_cookie is not RX_CLS_FLOW_DISC.
>
> After this patch, ntuple filters for drops can be added:
>
>   % sudo ethtool -U eth0 flow-type udp4 src-ip 1.1.1.1 action -1
>   Added rule with ID 0
>
>   % ethtool -n eth0
>   44 RX rings available
>   Total 1 rules
>
>   Filter: 0
>       Rule Type: UDP over IPv4
>       Src IP addr: 1.1.1.1 mask: 0.0.0.0
>       Dest IP addr: 0.0.0.0 mask: 255.255.255.255
>       TOS: 0x0 mask: 0xff
>       Src port: 0 mask: 0xffff
>       Dest port: 0 mask: 0xffff
>       Action: Drop
>
> Signed-off-by: Joe Damato <joe@dama.to>
> ---
> v2:
>   - Extract the FLOW_MAC_EXT and FLOW_EXT check so it happens unconditionally.
>   - Eliminate the local variable ring, which was used in only one place and
>     call ethtool_get_flow_spec_ring instead.
>
> v1: https://lore.kernel.org/netdev/20260128222718.1679581-1-joe@dama.to/

One minor improvement is to eliminate the vf variable since it is also
used only once.  But I'm fine with this patch.  Thanks.

Reviewed-by: Michael Chan <michael.chan@broadcom.com>
Re: [PATCH net-next v2] bnxt_en: Allow ntuple filters for drops
Posted by Joe Damato 1 week ago 
On Thu, Jan 29, 2026 at 06:28:38PM -0800, Michael Chan wrote:
> On Thu, Jan 29, 2026 at 4:23 PM Joe Damato <joe@dama.to> wrote:
> >
> > It appears that in commit 7efd79c0e689 ("bnxt_en: Add drop action
> > support for ntuple"), bnxt gained support for ntuple filters for packet
> > drops.
> >
> > However, support for this does not seem to work in recent kernels or
> > against net-next:
> >
> >   % sudo ethtool -U eth0 flow-type udp4 src-ip 1.1.1.1 action -1
> >     rmgr: Cannot insert RX class rule: Operation not supported
> >     Cannot insert classification rule
> >
> > The issue is that the existing code uses ethtool_get_flow_spec_ring_vf,
> > which will return a non-zero value if the ring_cookie is set to
> > RX_CLS_FLOW_DISC, which then causes bnxt_add_ntuple_cls_rule to return
> > -EOPNOTSUPP because it thinks the user is trying to set an ntuple filter
> > for a vf.
> >
> > Fix this by first checking that the ring_cookie is not RX_CLS_FLOW_DISC.
> >
> > After this patch, ntuple filters for drops can be added:
> >
> >   % sudo ethtool -U eth0 flow-type udp4 src-ip 1.1.1.1 action -1
> >   Added rule with ID 0
> >
> >   % ethtool -n eth0
> >   44 RX rings available
> >   Total 1 rules
> >
> >   Filter: 0
> >       Rule Type: UDP over IPv4
> >       Src IP addr: 1.1.1.1 mask: 0.0.0.0
> >       Dest IP addr: 0.0.0.0 mask: 255.255.255.255
> >       TOS: 0x0 mask: 0xff
> >       Src port: 0 mask: 0xffff
> >       Dest port: 0 mask: 0xffff
> >       Action: Drop
> >
> > Signed-off-by: Joe Damato <joe@dama.to>
> > ---
> > v2:
> >   - Extract the FLOW_MAC_EXT and FLOW_EXT check so it happens unconditionally.
> >   - Eliminate the local variable ring, which was used in only one place and
> >     call ethtool_get_flow_spec_ring instead.
> >
> > v1: https://lore.kernel.org/netdev/20260128222718.1679581-1-joe@dama.to/
> 
> One minor improvement is to eliminate the vf variable since it is also
> used only once.  But I'm fine with this patch.  Thanks.
> 
> Reviewed-by: Michael Chan <michael.chan@broadcom.com>

I made the improvement you suggested in the v3 I just sent. I retained your
tag because the suggestion was cosmetic; I hope that's OK.

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.