From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Felix Fietkau <nbd@nbd.name>
Cc: netfilter-devel@vger.kernel.org, netdev@vger.kernel.org,
Jo-Philipp Wich <jo@mein.io>
Subject: Re: [RFC] netfilter: nf_tables: ignore errors on flowtable device hw offload setup
Date: Fri, 20 May 2022 23:47:59 +0200 [thread overview]
Message-ID: <YogMj4PC/+DXYjQX@salvia> (raw)
In-Reply-To: <ede77f8a-73d3-b507-5a7d-e8e3004e930d@nbd.name>
On Fri, May 20, 2022 at 08:07:44PM +0200, Felix Fietkau wrote:
>
> On 20.05.22 09:50, Pablo Neira Ayuso wrote:
> > I'm sssuming we relax the requirement as I proposed, ie. allow for not
> > allow devices to support for hardware offload, but at least one.
> >
> > Then, it should be possible to extend the netlink interface to promote
> > a flowtable to support hardware offload, e.g.
> >
> > add flowtable inet x y { hook ingress devices = { eth0, eth1 } priority 0; flags offload; }
> >
> > For an existing flowtable, that will add eth0 and eth1, and it will
> > request to turn hardware offload.
> >
> > This is not supported, these bits are missing in the netlink interface.
> >
> > > I still think the best course of action is to silently accept the offload
> > > flag even if none of the devices support hw offload.
> >
> > Silent means user is asking for something that is actually not
> > supported, there will be no effective way from the control plane to
> > check if what they request is actually being applied.
> >
> > I'd propose two changes:
> >
> > - relax the existing requirement, so if one device support hw offload,
> > then accept the configuration.
> >
> > - allow to update a flowtable to on/off hardware offload from netlink
> > interface without needing to reload your whole ruleset.
>
> I still don't see the value in forcing user space to do the
> failure-and-retry dance if none of the devices support hw offload.
> If this is about notifying user space about the hw offload status, I think
> it's much better to simply accept such configurations as-is and extend the
> netlink api to report which of the member devices hw offload was actually
> enabled for.
> This would be much more valuable to users that actually care about the hw
> offload status than knowing if one of the devices in the list has hw offload
> support, and it would simplify the code as well, for kernel and user space
> alike.
I would suggest to extend the API to expose if the device actually
support for the flowtable hardware offload, then after the listing,
the user knows if the feature is available, so they can turn it on.
next prev parent reply other threads:[~2022-05-20 21:48 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-10 20:27 [RFC] netfilter: nf_tables: ignore errors on flowtable device hw offload setup Felix Fietkau
2022-05-13 7:49 ` Pablo Neira Ayuso
2022-05-13 8:03 ` Felix Fietkau
2022-05-13 8:15 ` Pablo Neira Ayuso
2022-05-13 9:09 ` Felix Fietkau
2022-05-16 0:57 ` Pablo Neira Ayuso
2022-05-19 15:37 ` Felix Fietkau
2022-05-20 7:50 ` Pablo Neira Ayuso
2022-05-20 18:07 ` Felix Fietkau
2022-05-20 21:47 ` Pablo Neira Ayuso [this message]
2022-05-30 16:55 ` Pablo Neira Ayuso
2022-05-30 18:52 ` Felix Fietkau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YogMj4PC/+DXYjQX@salvia \
--to=pablo@netfilter.org \
--cc=jo@mein.io \
--cc=nbd@nbd.name \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).