lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CACKFLinQD_fuJZDkzqHo=qFMQZrhXujjNOxuhBzHGQ8KwRJ8Uw@mail.gmail.com>
Date: Thu, 29 Jan 2026 18:28:38 -0800
From: Michael Chan <michael.chan@...adcom.com>
To: Joe Damato <joe@...a.to>
Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org, 
	Pavan Chebbi <pavan.chebbi@...adcom.com>, Andrew Lunn <andrew+netdev@...n.ch>, 
	"David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, 
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, shruti.parab@...adcom.com
Subject: Re: [PATCH net-next v2] bnxt_en: Allow ntuple filters for drops

On Thu, Jan 29, 2026 at 4:23 PM Joe Damato <joe@...a.to> wrote:
>
> It appears that in commit 7efd79c0e689 ("bnxt_en: Add drop action
> support for ntuple"), bnxt gained support for ntuple filters for packet
> drops.
>
> However, support for this does not seem to work in recent kernels or
> against net-next:
>
>   % sudo ethtool -U eth0 flow-type udp4 src-ip 1.1.1.1 action -1
>     rmgr: Cannot insert RX class rule: Operation not supported
>     Cannot insert classification rule
>
> The issue is that the existing code uses ethtool_get_flow_spec_ring_vf,
> which will return a non-zero value if the ring_cookie is set to
> RX_CLS_FLOW_DISC, which then causes bnxt_add_ntuple_cls_rule to return
> -EOPNOTSUPP because it thinks the user is trying to set an ntuple filter
> for a vf.
>
> Fix this by first checking that the ring_cookie is not RX_CLS_FLOW_DISC.
>
> After this patch, ntuple filters for drops can be added:
>
>   % sudo ethtool -U eth0 flow-type udp4 src-ip 1.1.1.1 action -1
>   Added rule with ID 0
>
>   % ethtool -n eth0
>   44 RX rings available
>   Total 1 rules
>
>   Filter: 0
>       Rule Type: UDP over IPv4
>       Src IP addr: 1.1.1.1 mask: 0.0.0.0
>       Dest IP addr: 0.0.0.0 mask: 255.255.255.255
>       TOS: 0x0 mask: 0xff
>       Src port: 0 mask: 0xffff
>       Dest port: 0 mask: 0xffff
>       Action: Drop
>
> Signed-off-by: Joe Damato <joe@...a.to>
> ---
> v2:
>   - Extract the FLOW_MAC_EXT and FLOW_EXT check so it happens unconditionally.
>   - Eliminate the local variable ring, which was used in only one place and
>     call ethtool_get_flow_spec_ring instead.
>
> v1: https://lore.kernel.org/netdev/20260128222718.1679581-1-joe@dama.to/

One minor improvement is to eliminate the vf variable since it is also
used only once.  But I'm fine with this patch.  Thanks.

Reviewed-by: Michael Chan <michael.chan@...adcom.com>

Download attachment "smime.p7s" of type "application/pkcs7-signature" (5469 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ