From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D80AE3CF670 for ; Thu, 9 Apr 2026 13:00:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.19 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775739635; cv=none; b=JOyHXL4B/FB4tRkMYvJ221OyRGZq7QcUbPBlcXyPWspPjrHZNZOGccywofmnTBAU4iK5a5nKomk5o9oSGc9t0G0iWwch2wZl5xrSzMQZkoXZ6hQ0yHBb/VAbNAq6Px4tzkaztH0v5Z3GwTfHRSDDLMGKGM7OvVQjm8UVIVpCRuA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775739635; c=relaxed/simple; bh=RMRl9YrSm+l/Tb6MM0krI2qwrH8y6HxojXkgpB/gqE8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=QLqLRGZbkA10I74VhSTZZzbHxWJkBSNMScN4q+/6em/LONxWO43L6cZ8r32PhCDpYu8mC8O5e8Z0K5VAwXHhWRgafLcnsZZ4i/PWzL89cBycPMENg5zNRn4rG2oRbKjic8Bqzhol6DI4vVfiPEyH1ALuQdFuibfP88vqKe8a0h8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=pass smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=Su3uIQPW; arc=none smtp.client-ip=192.198.163.19 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Su3uIQPW" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1775739634; x=1807275634; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=RMRl9YrSm+l/Tb6MM0krI2qwrH8y6HxojXkgpB/gqE8=; b=Su3uIQPWXVDchaSvA5CdlefJBBdjuVbNwh8EfvfKi06MOAZvHc41I4Sk xjr+xd58n8aPwEHUMmgeCCR7OMiT9444SgWQfGArGueXJ/qy0AbL3xJtp szxUfTTSdLTS+s+yCFlg5rP6hwfbn2HWwz//18KigwuoExSyk0bDscYtM vV36SVYLx9CD46EoIJoVgOXYRoSzUcTP3eT3wmsJZdLvx4OgrOOhpoZtq aZIQZeJH1g5JRaYTn3M8+ixnKN7KsbmNxXjgFypgHmuKnuI4yZPbBvN02 E3VA1bw19HX0GCGQ2jGG3iW3UXzQ16N//fXf7/xNoM7k+mkTbIUvxhFrK A==; X-CSE-ConnectionGUID: wajoi6C1TOqXDcYWxEf1/g== X-CSE-MsgGUID: LzMoOFxNQ/WOlgAnWngCSw== X-IronPort-AV: E=McAfee;i="6800,10657,11753"; a="75777542" X-IronPort-AV: E=Sophos;i="6.23,169,1770624000"; d="scan'208";a="75777542" Received: from orviesa002.jf.intel.com ([10.64.159.142]) by fmvoesa113.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Apr 2026 06:00:22 -0700 X-CSE-ConnectionGUID: OPdIi8ZhTM+KRWyRyxHrtw== X-CSE-MsgGUID: JnYADzj5TticgxMhHSKKEQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.23,169,1770624000"; d="scan'208";a="259208144" Received: from irvmail002.ir.intel.com ([10.43.11.120]) by orviesa002.jf.intel.com with ESMTP; 09 Apr 2026 06:00:19 -0700 Received: from gond.igk.intel.com (gond.igk.intel.com [10.123.220.52]) by irvmail002.ir.intel.com (Postfix) with ESMTP id AF41E2FC57; Thu, 9 Apr 2026 14:00:18 +0100 (IST) From: Marcin Szycik To: intel-wired-lan@lists.osuosl.org Cc: netdev@vger.kernel.org, sandeep.penigalapati@intel.com, ananth.s@intel.com, alexander.duyck@gmail.com, Marcin Szycik , Lukasz Czapnik , Aleksandr Loktionov Subject: [PATCH iwl-next v2 10/10] ice: use ACL for ntuple rules that conflict with FDir Date: Thu, 9 Apr 2026 14:00:03 +0200 Message-ID: <20260409120003.2719-11-marcin.szycik@linux.intel.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20260409120003.2719-1-marcin.szycik@linux.intel.com> References: <20260409120003.2719-1-marcin.szycik@linux.intel.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Lukasz Czapnik Flow Director can keep only one input set per flow type. After ACL support was added for ethtool ntuple rules, the driver still only selected ACL for rules with partial masks. That leaves a gap for rules with full masks that still require a different input set than the one already programmed for Flow Director. Such rules go through the FDir path, build a different extraction sequence and then fail because the existing FDir profile cannot be reused. Detect this case before programming the rule. Build the candidate IP flow segment, compare it with the active non-tunneled FDir profile and, when the input sets differ, offload the rule through ACL if ACL is available. Refactor the IP flow segment setup into a helper so the same logic can be used both by the extraction-sequence configuration path and by the conflict check. Signed-off-by: Lukasz Czapnik Signed-off-by: Marcin Szycik Reviewed-by: Aleksandr Loktionov --- v2: * Add this patch --- .../ethernet/intel/ice/ice_ethtool_ntuple.c | 154 ++++++++++++------ 1 file changed, 107 insertions(+), 47 deletions(-) diff --git a/drivers/net/ethernet/intel/ice/ice_ethtool_ntuple.c b/drivers/net/ethernet/intel/ice/ice_ethtool_ntuple.c index 21d4f4e3a1d0..13073387376e 100644 --- a/drivers/net/ethernet/intel/ice/ice_ethtool_ntuple.c +++ b/drivers/net/ethernet/intel/ice/ice_ethtool_ntuple.c @@ -1425,6 +1425,102 @@ ice_set_fdir_vlan_seg(struct ice_flow_seg_info *seg, return 0; } +/** + * ice_set_fdir_ip_flow_seg - set IP flow segment based on ethtool flow type + * @fsp: pointer to ethtool Rx flow specification + * @seg: flow segment for programming + * @perfect_fltr: valid on success; returns true if perfect fltr, false if not + * + * Return: 0 on success and errno in case of error. + */ +static int ice_set_fdir_ip_flow_seg(struct ethtool_rx_flow_spec *fsp, + struct ice_flow_seg_info *seg, + bool *perfect_fltr) +{ + switch (fsp->flow_type & ~FLOW_EXT) { + case TCP_V4_FLOW: + return ice_set_fdir_ip4_seg(seg, &fsp->m_u.tcp_ip4_spec, + ICE_FLOW_SEG_HDR_TCP, perfect_fltr); + case UDP_V4_FLOW: + return ice_set_fdir_ip4_seg(seg, &fsp->m_u.tcp_ip4_spec, + ICE_FLOW_SEG_HDR_UDP, perfect_fltr); + case SCTP_V4_FLOW: + return ice_set_fdir_ip4_seg(seg, &fsp->m_u.tcp_ip4_spec, + ICE_FLOW_SEG_HDR_SCTP, + perfect_fltr); + case IPV4_USER_FLOW: + return ice_set_fdir_ip4_usr_seg(seg, &fsp->m_u.usr_ip4_spec, + perfect_fltr); + case TCP_V6_FLOW: + return ice_set_fdir_ip6_seg(seg, &fsp->m_u.tcp_ip6_spec, + ICE_FLOW_SEG_HDR_TCP, perfect_fltr); + case UDP_V6_FLOW: + return ice_set_fdir_ip6_seg(seg, &fsp->m_u.tcp_ip6_spec, + ICE_FLOW_SEG_HDR_UDP, perfect_fltr); + case SCTP_V6_FLOW: + return ice_set_fdir_ip6_seg(seg, &fsp->m_u.tcp_ip6_spec, + ICE_FLOW_SEG_HDR_SCTP, + perfect_fltr); + case IPV6_USER_FLOW: + return ice_set_fdir_ip6_usr_seg(seg, &fsp->m_u.usr_ip6_spec, + perfect_fltr); + default: + return -EOPNOTSUPP; + } +} + +/** + * ice_fdir_has_input_set_conflict - Check conflict with existing FD filters + * @pf: PF structure + * @fsp: pointer to ethtool Rx flow specification + * + * Checks if adding this filter to Flow Director would cause an input set + * mismatch with existing filters for the same flow type by building + * the segment and comparing with existing profiles. + * + * Return: true if there's a conflict (use ACL), false otherwise (can use FD) + */ +static bool ice_fdir_has_input_set_conflict(struct ice_pf *pf, + struct ethtool_rx_flow_spec *fsp) +{ + struct ice_flow_seg_info *test_seg, *old_seg; + bool perfect_fltr, conflict = false; + struct ice_fd_hw_prof *hw_prof; + struct ice_hw *hw = &pf->hw; + enum ice_fltr_ptype flow; + int err; + + flow = ice_ethtool_flow_to_fltr(fsp->flow_type & ~FLOW_EXT); + if (flow >= ICE_FLTR_PTYPE_MAX || !hw->fdir_prof || + !hw->fdir_prof[flow]) { + return false; + } + + hw_prof = hw->fdir_prof[flow]; + old_seg = hw_prof->fdir_seg[ICE_FD_HW_SEG_NON_TUN]; + + if (!old_seg || hw->fdir_fltr_cnt[flow] == 0) + return false; + + test_seg = kzalloc_obj(*test_seg); + if (!test_seg) + return false; + + err = ice_set_fdir_ip_flow_seg(fsp, test_seg, &perfect_fltr); + if (err) { + kfree(test_seg); + return false; + } + + /* Compare the test segment with the existing segment */ + if (memcmp(old_seg, test_seg, sizeof(*test_seg)) != 0) + conflict = true; + + kfree(test_seg); + + return conflict; +} + /** * ice_cfg_fdir_xtrct_seq - Configure extraction sequence for the given filter * @pf: PF structure @@ -1455,57 +1551,16 @@ ice_cfg_fdir_xtrct_seq(struct ice_pf *pf, struct ethtool_rx_flow_spec *fsp, return -ENOMEM; } - switch (fsp->flow_type & ~FLOW_EXT) { - case TCP_V4_FLOW: - ret = ice_set_fdir_ip4_seg(seg, &fsp->m_u.tcp_ip4_spec, - ICE_FLOW_SEG_HDR_TCP, - &perfect_filter); - break; - case UDP_V4_FLOW: - ret = ice_set_fdir_ip4_seg(seg, &fsp->m_u.tcp_ip4_spec, - ICE_FLOW_SEG_HDR_UDP, - &perfect_filter); - break; - case SCTP_V4_FLOW: - ret = ice_set_fdir_ip4_seg(seg, &fsp->m_u.tcp_ip4_spec, - ICE_FLOW_SEG_HDR_SCTP, - &perfect_filter); - break; - case IPV4_USER_FLOW: - ret = ice_set_fdir_ip4_usr_seg(seg, &fsp->m_u.usr_ip4_spec, - &perfect_filter); - break; - case TCP_V6_FLOW: - ret = ice_set_fdir_ip6_seg(seg, &fsp->m_u.tcp_ip6_spec, - ICE_FLOW_SEG_HDR_TCP, - &perfect_filter); - break; - case UDP_V6_FLOW: - ret = ice_set_fdir_ip6_seg(seg, &fsp->m_u.tcp_ip6_spec, - ICE_FLOW_SEG_HDR_UDP, - &perfect_filter); - break; - case SCTP_V6_FLOW: - ret = ice_set_fdir_ip6_seg(seg, &fsp->m_u.tcp_ip6_spec, - ICE_FLOW_SEG_HDR_SCTP, - &perfect_filter); - break; - case IPV6_USER_FLOW: - ret = ice_set_fdir_ip6_usr_seg(seg, &fsp->m_u.usr_ip6_spec, - &perfect_filter); - break; - case ETHER_FLOW: + if ((fsp->flow_type & ~FLOW_EXT) == ETHER_FLOW) { ret = ice_set_ether_flow_seg(dev, seg, &fsp->m_u.ether_spec); if (!ret && (fsp->m_ext.vlan_etype || fsp->m_ext.vlan_tci)) { - if (!ice_fdir_vlan_valid(dev, fsp)) { + if (!ice_fdir_vlan_valid(dev, fsp)) ret = -EINVAL; - break; - } - ret = ice_set_fdir_vlan_seg(seg, &fsp->m_ext); + else + ret = ice_set_fdir_vlan_seg(seg, &fsp->m_ext); } - break; - default: - ret = -EINVAL; + } else { + ret = ice_set_fdir_ip_flow_seg(fsp, seg, &perfect_filter); } if (ret) goto err_exit; @@ -2241,6 +2296,11 @@ int ice_add_ntuple_ethtool(struct ice_vsi *vsi, struct ethtool_rxnfc *cmd) if (pf->hw.acl_tbl && ice_is_acl_filter(fsp)) return ice_acl_add_rule_ethtool(vsi, cmd); + /* Check if this would cause input set conflict with existing FD filters + */ + if (pf->hw.acl_tbl && ice_fdir_has_input_set_conflict(pf, fsp)) + return ice_acl_add_rule_ethtool(vsi, cmd); + ret = ice_cfg_fdir_xtrct_seq(pf, fsp, &userdata); if (ret) return ret; -- 2.49.0