From: Jakub Kicinski <kuba@kernel.org>
To: Ahmed Zaki <ahmed.zaki@intel.com>
Cc: <netdev@vger.kernel.org>, <davem@davemloft.net>,
<edumazet@google.com>, <pabeni@redhat.com>, <mkubecek@suse.cz>,
"Chittim, Madhu" <madhu.chittim@intel.com>,
"Samudrala, Sridhar" <sridhar.samudrala@intel.com>
Subject: Re: [RFC] ethtool: raw packet filtering
Date: Wed, 6 Dec 2023 18:25:24 -0800 [thread overview]
Message-ID: <20231206182524.0dc8b680@kernel.org> (raw)
In-Reply-To: <bef1ce9b-25f0-4466-9669-5ea0397f2582@intel.com>
On Wed, 6 Dec 2023 15:47:18 -0700 Ahmed Zaki wrote:
> Sure. The main use case is to be able to filter on any standard or
> proprietary protocol headers, tunneled or not, using the ntuple API.
> ethtool allows this only for the basic TCP/UDP/SCTP/ah/esp and IPv4/6.
> Filtering on any other protocol or stack of protocols will require
> ethtool and core changes. Raw filtering on the first 512 bytes of the
> packet will allow anyone to do such filtering without these changes.
>
> To be clear, I am not advocating for bypassing Kernel parsing, but there
> are so many combinations of protocols and tunneling methods that it is
> very hard to add them all in ethtool.
>
> As an example, if we want to direct flows carrying GTPU traffic
> originating from <Inner IP> and tunneled on a given VxLan at a given
> <Outer IP>:
>
> <Outer IP> : <Outer UDP> : <VXLAN VID> : <ETH> : <Inner IP> : <GTPU>
>
> to a specific RSS queue.
Dunno. I think it's a longer conversation. In principle - I personally
don't mind someone extending raw matching support, others who care about
protocol ossification and sensible parsing API might. But if you want
512B you would have to redo the uAPI, and adding stuff to ethtool ioctl
has very high bar as this is a legacy interface. Moving ntuple filters
to netlink OTOH is a different can of warms - it duplicates parts of TC
and nft while having a _lot_ less capabilities. And performance
(everything under rtnl). Which begs the question whether we should
leave n-tuple filters behind completely and focus on tc / nft APIs.
So I'll be completely honest - feels like this is going to be really
high effort / benefit ratio for the maintainers. It will be challenging
to get it merged.
next prev parent reply other threads:[~2023-12-07 2:25 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-05 18:23 [RFC] ethtool: raw packet filtering Ahmed Zaki
2023-12-06 16:16 ` Jakub Kicinski
2023-12-06 22:47 ` Ahmed Zaki
2023-12-07 2:25 ` Jakub Kicinski [this message]
2023-12-11 23:34 ` Ahmed Zaki
2023-12-12 1:50 ` Jakub Kicinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231206182524.0dc8b680@kernel.org \
--to=kuba@kernel.org \
--cc=ahmed.zaki@intel.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=madhu.chittim@intel.com \
--cc=mkubecek@suse.cz \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=sridhar.samudrala@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).