From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6CC1423EABF for ; Mon, 24 Nov 2025 21:01:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764018096; cv=none; b=SAIwLlSTVHPv61pm+dCU0frd0euv1WM4ljsm6pNnjnAjPC5vAlIBK22K3kfjoqGj5KqMTgfoTQF04zRAIZkE+4rvgShTuFE2x1tY64QP4mXHhwam9bLxM79oKT8BwKlx5VfHZooJB4EH44T6wTMzrVuWElH/k0NLMJpIwBGJWsQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764018096; c=relaxed/simple; bh=j0MObbyK+FyNy0ZAFnKXwoyzj2Cwemyu2/nA6P+t7ok=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: In-Reply-To:Content-Type:Content-Disposition; b=eVBVJhP7UMquCLl4p9Tfh9+05uLqVULlX9P70gT7X8oYkV/ULjWV5e3hXLdEviCAldyu+IHj4NMOHsgnBOk877K1vL51OOHvKPS4DEc2mzpdKZIgpPI46305zOv+PlWpjpn0UprTf0MgWTSMS1mk8zjxiDBgZ00K7OlJziKNG3w= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=W4Fa7NOF; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="W4Fa7NOF" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1764018093; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=U5Mw/aMLaYte1U3mrEKAPizFP1nx7g/+kQvzP9d09Ew=; b=W4Fa7NOFEm/EaTjEgVryrcHe428dSW8bAqUbY1Nf9X4PSeipkkRSOdN6rjTh4FKn0PGc/K BnFlM3Qcqy38gY7nqnPCMDReHgFksxHDKjljGDXJ/bnJ4SGiEit5IO4Qu7AVsZgOn/UcyR AtWVnwbBTl+DiFcgwpYHlFVOdog5F4E= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-395-B5hOb8I7PuG23DglIAIEvA-1; Mon, 24 Nov 2025 16:01:31 -0500 X-MC-Unique: B5hOb8I7PuG23DglIAIEvA-1 X-Mimecast-MFC-AGG-ID: B5hOb8I7PuG23DglIAIEvA_1764018090 Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-477cf25ceccso12076775e9.0 for ; Mon, 24 Nov 2025 13:01:31 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764018090; x=1764622890; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=U5Mw/aMLaYte1U3mrEKAPizFP1nx7g/+kQvzP9d09Ew=; b=cUgADnfKwRDIjsGQUNwmwZ6ksOa7TTfXjKQNS5hD3yN+DkIelD2uPRot7jz7ZSvwnj owpxcLwwk2ixP7tZRt0z1kr/XuDOz33bWDY8YMLgW09ZpMOXNBxG9P2n/+fJAEPBYVS0 NTBQKbuujTtX/alA6B8HwVoW+jtev70rYzXGY4CC81stBCj7eohzpYQ3QTfxftt0UgbC gkuosYKsmVYUqIfjmvMrUBQizwPr6M0ch6U3wwbi3cY3wSsz7StEbPTxWMKiXuHvruuE XD4pNA1gCBPmZPW2AVg93vc66/3VVJBCe13uuYnTSWKl3JrBVrunWMJtYn+4Lc4JSK2H 7opQ== X-Forwarded-Encrypted: i=1; AJvYcCV9Z90/ULaapGeSwTtCb5AHDSpdgGXdENWJrt3BY52ETlnO68N1Mi5bZF/i261Cyy/ME97hxEFjih+OOEVXlQ==@lists.linux.dev X-Gm-Message-State: AOJu0YwPmDVddOEnY/nO6mJt4i0RLW0WfMFCHn52kXbTnPYSdI4XeKt4 j4gK+T5kvBBijWektr7x760puLoXmZTyYx9F+ed5/qu1sXQY+RU+yw0tYNpRXYUHhx2TkKSWdx9 TqZhlPXppc6pJ0uMH0joIs2K09AKsPXue5YSJn+3ULpS74+aWeeo6IJf/ogwxgB1PEYg8 X-Gm-Gg: ASbGncuO558fqxfpJ07HDTHmkjYRzjiNhuW3jf+BqKWxRdmsVWRAjqq105HGpxTziBJ KEPGw/HZjIIOqcY/y39v822Vc0a3u1CuPB/VU6zJsKj6GrrPZJCQrX8/7OmP/W0OChhrR3KBGUC OhKulziZ7UcekzAbayITspcG0rqeGHIjXtzWQPrlTF6iA6LpxOBtMSZvtOCuYRFmW354PXy5U4x FwXYyeh6v45J5JQRqQ7Kmj1nhekQUJ4UKW8WNsZaNc9bjGsy1937WY6auJBaQP54aZcprilOPBR +4jH3p2oTOmsXtaEFehDDQY/k8uKfk4GiN+jGOnax1NMmNNcS2uQLnyUUCj13m0KIIalHZCcB4V LffJ2QlEQgU3nComcTdYddde7rgqv5g== X-Received: by 2002:a05:600c:474d:b0:477:7c7d:d9b2 with SMTP id 5b1f17b1804b1-47904b290bcmr1919585e9.32.1764018090372; Mon, 24 Nov 2025 13:01:30 -0800 (PST) X-Google-Smtp-Source: AGHT+IGtEAzpeYww+y+LHm+cR1qP4PWDsaV/kYKPhpXCK7mFB/UfSZZo3HJt4ocp7b0DC2JNlxv5jA== X-Received: by 2002:a05:600c:474d:b0:477:7c7d:d9b2 with SMTP id 5b1f17b1804b1-47904b290bcmr1919235e9.32.1764018089906; Mon, 24 Nov 2025 13:01:29 -0800 (PST) Received: from redhat.com (IGLD-80-230-39-63.inter.net.il. [80.230.39.63]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-42cb7fd8d97sm29908017f8f.42.2025.11.24.13.01.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 24 Nov 2025 13:01:29 -0800 (PST) Date: Mon, 24 Nov 2025 16:01:26 -0500 From: "Michael S. Tsirkin" To: Daniel Jurgens Cc: netdev@vger.kernel.org, jasowang@redhat.com, pabeni@redhat.com, virtualization@lists.linux.dev, parav@nvidia.com, shshitrit@nvidia.com, yohadt@nvidia.com, xuanzhuo@linux.alibaba.com, eperezma@redhat.com, jgg@ziepe.ca, kevin.tian@intel.com, kuba@kernel.org, andrew+netdev@lunn.ch, edumazet@google.com Subject: Re: [PATCH net-next v12 05/12] virtio_net: Query and set flow filter caps Message-ID: <20251124155823-mutt-send-email-mst@kernel.org> References: <20251119191524.4572-1-danielj@nvidia.com> <20251119191524.4572-6-danielj@nvidia.com> Precedence: bulk X-Mailing-List: virtualization@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 In-Reply-To: <20251119191524.4572-6-danielj@nvidia.com> X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: Ov5S1RJJOExP5DAsyYF_1fBIYA4ljwCn_O74NOAE7ho_1764018090 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Wed, Nov 19, 2025 at 01:15:16PM -0600, Daniel Jurgens wrote: > When probing a virtnet device, attempt to read the flow filter > capabilities. In order to use the feature the caps must also > be set. For now setting what was read is sufficient. > > This patch adds uapi definitions virtio_net flow filters define in > version 1.4 of the VirtIO spec. > > Signed-off-by: Daniel Jurgens > Reviewed-by: Parav Pandit > Reviewed-by: Shahar Shitrit > > --- > v4: > - Validate the length in the selector caps > - Removed __free usage. > - Removed for(int. > v5: > - Remove unneed () after MAX_SEL_LEN macro (test bot) > v6: > - Fix sparse warning "array of flexible structures" Jakub K/Simon H > - Use new variable and validate ff_mask_size before set_cap. MST > v7: > - Set ff->ff_{caps, mask, actions} NULL in error path. Paolo Abeni > - Return errors from virtnet_ff_init, -ENOTSUPP is not fatal. Xuan > > v8: > - Use real_ff_mask_size when setting the selector caps. Jason Wang > > v9: > - Set err after failed memory allocations. Simon Horman > > v10: > - Return -EOPNOTSUPP in virnet_ff_init before allocing any memory. > Jason/Paolo. > > v11: > - Return -EINVAL if any resource limit is 0. Simon Horman > - Ensure we don't overrun alloced space of ff->ff_mask by moving the > real_ff_mask_size > ff_mask_size check into the loop. Simon Horman > > v12: > - Move uapi includes to virtio_net.c vs header file. MST > - Remove kernel.h header in virtio_net_ff uapi. MST > - WARN_ON_ONCE in error paths validating selectors. MST > - Move includes from .h to .c files. MST > - Add WARN_ON_ONCE if obj_destroy fails. MST > - Comment cleanup in virito_net_ff.h uapi. MST > - Add 2 byte pad to the end of virtio_net_ff_cap_data. > https://lore.kernel.org/virtio-comment/20251119044029-mutt-send-email-mst@kernel.org/T/#m930988a5d3db316c68546d8b61f4b94f6ebda030 > - Cleanup and reinit in the freeze/restore path. MST > --- > drivers/net/virtio_net.c | 221 +++++++++++++++++++++++++ > drivers/virtio/virtio_admin_commands.c | 2 + > include/uapi/linux/virtio_net_ff.h | 88 ++++++++++ > 3 files changed, 311 insertions(+) > create mode 100644 include/uapi/linux/virtio_net_ff.h > > diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c > index cfa006b88688..2d5c1bff879a 100644 > --- a/drivers/net/virtio_net.c > +++ b/drivers/net/virtio_net.c > @@ -26,6 +26,11 @@ > #include > #include > #include > +#include > +#include > +#include > +#include > +#include > > static int napi_weight = NAPI_POLL_WEIGHT; > module_param(napi_weight, int, 0444); > @@ -281,6 +286,14 @@ static const struct virtnet_stat_desc virtnet_stats_tx_speed_desc_qstat[] = { > VIRTNET_STATS_DESC_TX_QSTAT(speed, ratelimit_packets, hw_drop_ratelimits), > }; > > +struct virtnet_ff { > + struct virtio_device *vdev; > + bool ff_supported; > + struct virtio_net_ff_cap_data *ff_caps; > + struct virtio_net_ff_cap_mask_data *ff_mask; > + struct virtio_net_ff_actions *ff_actions; > +}; > + > #define VIRTNET_Q_TYPE_RX 0 > #define VIRTNET_Q_TYPE_TX 1 > #define VIRTNET_Q_TYPE_CQ 2 > @@ -493,6 +506,8 @@ struct virtnet_info { > struct failover *failover; > > u64 device_stats_cap; > + > + struct virtnet_ff ff; > }; > > struct padded_vnet_hdr { > @@ -5760,6 +5775,186 @@ static const struct netdev_stat_ops virtnet_stat_ops = { > .get_base_stats = virtnet_get_base_stats, > }; > > +static size_t get_mask_size(u16 type) > +{ > + switch (type) { > + case VIRTIO_NET_FF_MASK_TYPE_ETH: > + return sizeof(struct ethhdr); > + case VIRTIO_NET_FF_MASK_TYPE_IPV4: > + return sizeof(struct iphdr); > + case VIRTIO_NET_FF_MASK_TYPE_IPV6: > + return sizeof(struct ipv6hdr); > + case VIRTIO_NET_FF_MASK_TYPE_TCP: > + return sizeof(struct tcphdr); > + case VIRTIO_NET_FF_MASK_TYPE_UDP: > + return sizeof(struct udphdr); > + } > + > + return 0; > +} > + > +#define MAX_SEL_LEN (sizeof(struct ipv6hdr)) > + > +static int virtnet_ff_init(struct virtnet_ff *ff, struct virtio_device *vdev) > +{ > + size_t ff_mask_size = sizeof(struct virtio_net_ff_cap_mask_data) + > + sizeof(struct virtio_net_ff_selector) * > + VIRTIO_NET_FF_MASK_TYPE_MAX; > + struct virtio_admin_cmd_query_cap_id_result *cap_id_list; > + struct virtio_net_ff_selector *sel; > + size_t real_ff_mask_size; > + int err; > + int i; > + > + if (!vdev->config->admin_cmd_exec) > + return -EOPNOTSUPP; > + > + cap_id_list = kzalloc(sizeof(*cap_id_list), GFP_KERNEL); > + if (!cap_id_list) > + return -ENOMEM; > + > + err = virtio_admin_cap_id_list_query(vdev, cap_id_list); > + if (err) > + goto err_cap_list; > + > + if (!(VIRTIO_CAP_IN_LIST(cap_id_list, > + VIRTIO_NET_FF_RESOURCE_CAP) && > + VIRTIO_CAP_IN_LIST(cap_id_list, > + VIRTIO_NET_FF_SELECTOR_CAP) && > + VIRTIO_CAP_IN_LIST(cap_id_list, > + VIRTIO_NET_FF_ACTION_CAP))) { > + err = -EOPNOTSUPP; > + goto err_cap_list; > + } > + > + ff->ff_caps = kzalloc(sizeof(*ff->ff_caps), GFP_KERNEL); > + if (!ff->ff_caps) { > + err = -ENOMEM; > + goto err_cap_list; > + } > + > + err = virtio_admin_cap_get(vdev, > + VIRTIO_NET_FF_RESOURCE_CAP, > + ff->ff_caps, > + sizeof(*ff->ff_caps)); > + > + if (err) > + goto err_ff; > + > + if (!ff->ff_caps->groups_limit || > + !ff->ff_caps->classifiers_limit || > + !ff->ff_caps->rules_limit || > + !ff->ff_caps->rules_per_group_limit) { > + err = -EINVAL; > + goto err_ff; > + } > + > + /* VIRTIO_NET_FF_MASK_TYPE start at 1 */ > + for (i = 1; i <= VIRTIO_NET_FF_MASK_TYPE_MAX; i++) > + ff_mask_size += get_mask_size(i); > + > + ff->ff_mask = kzalloc(ff_mask_size, GFP_KERNEL); > + if (!ff->ff_mask) { > + err = -ENOMEM; > + goto err_ff; > + } > + > + err = virtio_admin_cap_get(vdev, > + VIRTIO_NET_FF_SELECTOR_CAP, > + ff->ff_mask, > + ff_mask_size); > + > + if (err) > + goto err_ff_mask; > + > + ff->ff_actions = kzalloc(sizeof(*ff->ff_actions) + > + VIRTIO_NET_FF_ACTION_MAX, > + GFP_KERNEL); > + if (!ff->ff_actions) { > + err = -ENOMEM; > + goto err_ff_mask; > + } > + > + err = virtio_admin_cap_get(vdev, > + VIRTIO_NET_FF_ACTION_CAP, > + ff->ff_actions, > + sizeof(*ff->ff_actions) + VIRTIO_NET_FF_ACTION_MAX); > + > + if (err) > + goto err_ff_action; > + > + err = virtio_admin_cap_set(vdev, > + VIRTIO_NET_FF_RESOURCE_CAP, > + ff->ff_caps, > + sizeof(*ff->ff_caps)); > + if (err) > + goto err_ff_action; > + > + real_ff_mask_size = sizeof(struct virtio_net_ff_cap_mask_data); > + sel = (void *)&ff->ff_mask->selectors; > + > + for (i = 0; i < ff->ff_mask->count; i++) { > + if (sel->length > MAX_SEL_LEN) { > + WARN_ON_ONCE(true); > + err = -EINVAL; > + goto err_ff_action; > + } > + real_ff_mask_size += sizeof(struct virtio_net_ff_selector) + sel->length; > + if (real_ff_mask_size > ff_mask_size) { > + WARN_ON_ONCE(true); > + err = -EINVAL; > + goto err_ff_action; > + } > + sel = (void *)sel + sizeof(*sel) + sel->length; > + } I am trying to figure out whether this is safe with a buggy/malicious device which passes count > VIRTIO_NET_FF_MASK_TYPE_MAX In fact, what if a future device supports more types? There does not need to be a negotiation about what driver needs, right? > + > + err = virtio_admin_cap_set(vdev, > + VIRTIO_NET_FF_SELECTOR_CAP, > + ff->ff_mask, > + real_ff_mask_size); > + if (err) > + goto err_ff_action; > + > + err = virtio_admin_cap_set(vdev, > + VIRTIO_NET_FF_ACTION_CAP, > + ff->ff_actions, > + sizeof(*ff->ff_actions) + VIRTIO_NET_FF_ACTION_MAX); > + if (err) > + goto err_ff_action; > + > + ff->vdev = vdev; > + ff->ff_supported = true; > + > + kfree(cap_id_list); > + > + return 0; > + > +err_ff_action: > + kfree(ff->ff_actions); > + ff->ff_actions = NULL; > +err_ff_mask: > + kfree(ff->ff_mask); > + ff->ff_mask = NULL; > +err_ff: > + kfree(ff->ff_caps); > + ff->ff_caps = NULL; > +err_cap_list: > + kfree(cap_id_list); > + > + return err; > +} > + > +static void virtnet_ff_cleanup(struct virtnet_ff *ff) > +{ > + if (!ff->ff_supported) > + return; > + > + kfree(ff->ff_actions); > + kfree(ff->ff_mask); > + kfree(ff->ff_caps); > + ff->ff_supported = false; > +} > + > static void virtnet_freeze_down(struct virtio_device *vdev) > { > struct virtnet_info *vi = vdev->priv; > @@ -5778,6 +5973,10 @@ static void virtnet_freeze_down(struct virtio_device *vdev) > netif_tx_lock_bh(vi->dev); > netif_device_detach(vi->dev); > netif_tx_unlock_bh(vi->dev); > + > + rtnl_lock(); > + virtnet_ff_cleanup(&vi->ff); > + rtnl_unlock(); > } > > static int init_vqs(struct virtnet_info *vi); > @@ -5804,6 +6003,17 @@ static int virtnet_restore_up(struct virtio_device *vdev) > return err; > } > > + /* Initialize flow filters. Not supported is an acceptable and common > + * return code > + */ > + rtnl_lock(); > + err = virtnet_ff_init(&vi->ff, vi->vdev); > + if (err && err != -EOPNOTSUPP) { > + rtnl_unlock(); > + return err; > + } > + rtnl_unlock(); > + > netif_tx_lock_bh(vi->dev); > netif_device_attach(vi->dev); > netif_tx_unlock_bh(vi->dev); > @@ -7137,6 +7347,15 @@ static int virtnet_probe(struct virtio_device *vdev) > } > vi->guest_offloads_capable = vi->guest_offloads; > > + /* Initialize flow filters. Not supported is an acceptable and common > + * return code > + */ > + err = virtnet_ff_init(&vi->ff, vi->vdev); > + if (err && err != -EOPNOTSUPP) { > + rtnl_unlock(); > + goto free_unregister_netdev; > + } > + > rtnl_unlock(); > > err = virtnet_cpu_notif_add(vi); > @@ -7152,6 +7371,7 @@ static int virtnet_probe(struct virtio_device *vdev) > > free_unregister_netdev: > unregister_netdev(dev); > + virtnet_ff_cleanup(&vi->ff); > free_failover: > net_failover_destroy(vi->failover); > free_vqs: > @@ -7201,6 +7421,7 @@ static void virtnet_remove(struct virtio_device *vdev) > virtnet_free_irq_moder(vi); > > unregister_netdev(vi->dev); > + virtnet_ff_cleanup(&vi->ff); > > net_failover_destroy(vi->failover); > > diff --git a/drivers/virtio/virtio_admin_commands.c b/drivers/virtio/virtio_admin_commands.c > index 4738ffe3b5c6..e84a305d2b2a 100644 > --- a/drivers/virtio/virtio_admin_commands.c > +++ b/drivers/virtio/virtio_admin_commands.c > @@ -161,6 +161,8 @@ int virtio_admin_obj_destroy(struct virtio_device *vdev, > err = vdev->config->admin_cmd_exec(vdev, &cmd); > kfree(data); > > + WARN_ON_ONCE(err); > + > return err; > } > EXPORT_SYMBOL_GPL(virtio_admin_obj_destroy); > diff --git a/include/uapi/linux/virtio_net_ff.h b/include/uapi/linux/virtio_net_ff.h > new file mode 100644 > index 000000000000..1debcf595bdb > --- /dev/null > +++ b/include/uapi/linux/virtio_net_ff.h > @@ -0,0 +1,88 @@ > +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note > + * > + * Header file for virtio_net flow filters > + */ > +#ifndef _LINUX_VIRTIO_NET_FF_H > +#define _LINUX_VIRTIO_NET_FF_H > + > +#include > + > +#define VIRTIO_NET_FF_RESOURCE_CAP 0x800 > +#define VIRTIO_NET_FF_SELECTOR_CAP 0x801 > +#define VIRTIO_NET_FF_ACTION_CAP 0x802 > + > +/** > + * struct virtio_net_ff_cap_data - Flow filter resource capability limits > + * @groups_limit: maximum number of flow filter groups supported by the device > + * @classifiers_limit: maximum number of classifiers supported by the device > + * @rules_limit: maximum number of rules supported device-wide across all groups > + * @rules_per_group_limit: maximum number of rules allowed in a single group > + * @last_rule_priority: priority value associated with the lowest-priority rule > + * @selectors_per_classifier_limit: maximum selectors allowed in one classifier > + */ > +struct virtio_net_ff_cap_data { > + __le32 groups_limit; > + __le32 classifiers_limit; > + __le32 rules_limit; > + __le32 rules_per_group_limit; > + __u8 last_rule_priority; > + __u8 selectors_per_classifier_limit; > + __u8 reserved[2]; > +}; > + > +/** > + * struct virtio_net_ff_selector - Selector mask descriptor > + * @type: selector type, one of VIRTIO_NET_FF_MASK_TYPE_* constants > + * @flags: selector flags, see VIRTIO_NET_FF_MASK_F_* constants > + * @reserved: must be set to 0 by the driver and ignored by the device > + * @length: size in bytes of @mask > + * @reserved1: must be set to 0 by the driver and ignored by the device > + * @mask: variable-length mask payload for @type, length given by @length > + * > + * A selector describes a header mask that a classifier can apply. The format > + * of @mask depends on @type. > + */ > +struct virtio_net_ff_selector { > + __u8 type; > + __u8 flags; > + __u8 reserved[2]; > + __u8 length; > + __u8 reserved1[3]; > + __u8 mask[]; > +}; > + > +#define VIRTIO_NET_FF_MASK_TYPE_ETH 1 > +#define VIRTIO_NET_FF_MASK_TYPE_IPV4 2 > +#define VIRTIO_NET_FF_MASK_TYPE_IPV6 3 > +#define VIRTIO_NET_FF_MASK_TYPE_TCP 4 > +#define VIRTIO_NET_FF_MASK_TYPE_UDP 5 > +#define VIRTIO_NET_FF_MASK_TYPE_MAX VIRTIO_NET_FF_MASK_TYPE_UDP > + > +/** > + * struct virtio_net_ff_cap_mask_data - Supported selector mask formats > + * @count: number of entries in @selectors > + * @reserved: must be set to 0 by the driver and ignored by the device > + * @selectors: packed array of struct virtio_net_ff_selectors. > + */ > +struct virtio_net_ff_cap_mask_data { > + __u8 count; > + __u8 reserved[7]; > + __u8 selectors[]; > +}; > +#define VIRTIO_NET_FF_MASK_F_PARTIAL_MASK (1 << 0) > + > +#define VIRTIO_NET_FF_ACTION_DROP 1 > +#define VIRTIO_NET_FF_ACTION_RX_VQ 2 > +#define VIRTIO_NET_FF_ACTION_MAX VIRTIO_NET_FF_ACTION_RX_VQ > +/** > + * struct virtio_net_ff_actions - Supported flow actions > + * @count: number of supported actions in @actions > + * @reserved: must be set to 0 by the driver and ignored by the device > + * @actions: array of action identifiers (VIRTIO_NET_FF_ACTION_*) > + */ > +struct virtio_net_ff_actions { > + __u8 count; > + __u8 reserved[7]; > + __u8 actions[]; > +}; > +#endif > -- > 2.50.1