From: Alexander Duyck <alexander.duyck@gmail.com>
To: "Nguyen, Anthony L" <anthony.l.nguyen@intel.com>
Cc: "Cao, Chinh T" <chinh.t.cao@intel.com>,
"kuba@kernel.org" <kuba@kernel.org>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"Valiquette, Real" <real.valiquette@intel.com>,
"davem@davemloft.neti" <davem@davemloft.neti>,
"Bokkena, HarikumarX" <harikumarx.bokkena@intel.com>,
"sassmann@redhat.com" <sassmann@redhat.com>
Subject: Re: [net-next v2 03/15] ice: initialize ACL table
Date: Fri, 13 Nov 2020 17:50:53 -0800 [thread overview]
Message-ID: <CAKgT0UdiZGGjSaF=8gx4ZcApYzWDe_FpQwSZmtUjC2ZBsOeXDg@mail.gmail.com> (raw)
In-Reply-To: <2c35ef3950756f0ea04fb61246b2c9b22859d3d4.camel@intel.com>
On Fri, Nov 13, 2020 at 4:16 PM Nguyen, Anthony L
<anthony.l.nguyen@intel.com> wrote:
>
> On Fri, 2020-11-13 at 14:59 -0800, Alexander Duyck wrote:
> > On Fri, Nov 13, 2020 at 1:36 PM Tony Nguyen <
> > anthony.l.nguyen@intel.com> wrote:
> > >
> > > From: Real Valiquette <real.valiquette@intel.com>
> > >
> > > ACL filtering can be utilized to expand support of ntuple rules by
> > > allowing
> > > mask values to be specified for redirect to queue or drop.
> > >
> > > Implement support for specifying the 'm' value of ethtool ntuple
> > > command
> > > for currently supported fields (src-ip, dst-ip, src-port, and dst-
> > > port).
> > >
> > > For example:
> > >
> > > ethtool -N eth0 flow-type tcp4 dst-port 8880 m 0x00ff action 10
> > > or
> > > ethtool -N eth0 flow-type tcp4 src-ip 192.168.0.55 m 0.0.0.255
> > > action -1
> > >
> > > At this time the following flow-types support mask values: tcp4,
> > > udp4,
> > > sctp4, and ip4.
> >
> > So you spend all of the patch description describing how this might
> > be
> > used in the future. However there is nothing specific to the ethtool
> > interface as far as I can tell anywhere in this patch. With this
> > patch
> > the actual command called out above cannot be performed, correct?
> >
> > > Begin implementation of ACL filters by setting up structures,
> > > AdminQ
> > > commands, and allocation of the ACL table in the hardware.
> >
> > This seems to be what this patch is actually doing. You may want to
> > rewrite this patch description to focus on this and explain that you
> > are enabling future support for ethtool ntuple masks. However save
> > this feature description for the patch that actually enables the
> > functionality.
>
> Thanks for the feedback Alex. I believe you're still reviewing the
> patches, I'l look through and make changes accordingly or get responses
> as neeeded.
>
> Thanks,
> Tony
I've pretty much finished up now. My main concern with the set is the
mask handling for the ACL functionality. I think it may be doing the
wrong thing since last I knew Flow Director required the full 4 tuple
to function for TCP/UDP, so there are probably cases that are being
sent to Flow Director when it should be handled by ACL, specifically
when one of the ports is masked out of the filtering entirely.
- Alex
next prev parent reply other threads:[~2020-11-14 1:51 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-13 21:33 [net-next v2 00/15][pull request] 100GbE Intel Wired LAN Driver Updates 2020-11-13 Tony Nguyen
2020-11-13 21:33 ` [net-next v2 01/15] ice: cleanup stack hog Tony Nguyen
2020-11-13 21:33 ` [net-next v2 02/15] ice: rename shared Flow Director functions Tony Nguyen
2020-11-13 21:33 ` [net-next v2 03/15] ice: initialize ACL table Tony Nguyen
2020-11-13 22:59 ` Alexander Duyck
2020-11-14 0:15 ` Nguyen, Anthony L
2020-11-14 1:50 ` Alexander Duyck [this message]
2020-11-21 0:39 ` Nguyen, Anthony L
2020-11-13 21:33 ` [net-next v2 04/15] ice: initialize ACL scenario Tony Nguyen
2020-11-13 21:33 ` [net-next v2 05/15] ice: create flow profile Tony Nguyen
2020-11-13 21:33 ` [net-next v2 06/15] ice: create ACL entry Tony Nguyen
2020-11-13 21:33 ` [net-next v2 07/15] ice: program " Tony Nguyen
2020-11-13 21:34 ` [net-next v2 08/15] ice: don't always return an error for Get PHY Abilities AQ command Tony Nguyen
2020-11-13 21:34 ` [net-next v2 09/15] ice: Enable Support for FW Override (E82X) Tony Nguyen
2020-11-13 21:34 ` [net-next v2 10/15] ice: Remove gate to OROM init Tony Nguyen
2020-11-13 21:34 ` [net-next v2 11/15] ice: Remove vlan_ena from vsi structure Tony Nguyen
2020-11-13 21:34 ` [net-next v2 12/15] ice: cleanup misleading comment Tony Nguyen
2020-11-13 21:34 ` [net-next v2 13/15] ice: silence static analysis warning Tony Nguyen
2020-11-13 21:34 ` [net-next v2 14/15] ice: join format strings to same line as ice_debug Tony Nguyen
2020-11-13 21:34 ` [net-next v2 15/15] ice: Add space to unknown speed Tony Nguyen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAKgT0UdiZGGjSaF=8gx4ZcApYzWDe_FpQwSZmtUjC2ZBsOeXDg@mail.gmail.com' \
--to=alexander.duyck@gmail.com \
--cc=anthony.l.nguyen@intel.com \
--cc=chinh.t.cao@intel.com \
--cc=davem@davemloft.neti \
--cc=harikumarx.bokkena@intel.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=real.valiquette@intel.com \
--cc=sassmann@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).