> -----Original Message----- > From: Intel-wired-lan <[email protected]> On Behalf Of > Marcin Szycik > Sent: Thursday, May 21, 2026 4:50 AM > To: [email protected] > Cc: [email protected]; Penigalapati, Sandeep > <[email protected]>; S, Ananth <[email protected]>; > [email protected]; Marcin Szycik <[email protected]>; > Cao, Chinh > T <[email protected]>; Nguyen, Anthony L <[email protected]>; > Loktionov, Aleksandr <[email protected]> > Subject: [Intel-wired-lan] [PATCH iwl-next v4 07/10] ice: create ACL entry > > From: Real Valiquette <[email protected]> > > Create an ACL entry for the mask match data and set the desired action. > Generate and program the associated extraction sequence. > > Co-developed-by: Chinh Cao <[email protected]> > Signed-off-by: Chinh Cao <[email protected]> > Signed-off-by: Real Valiquette <[email protected]> > Co-developed-by: Tony Nguyen <[email protected]> > Signed-off-by: Tony Nguyen <[email protected]> > Co-developed-by: Jesse Brandeburg <[email protected]> > Signed-off-by: Jesse Brandeburg <[email protected]> > Co-developed-by: Marcin Szycik <[email protected]> > Signed-off-by: Marcin Szycik <[email protected]> > Reviewed-by: Aleksandr Loktionov <[email protected]> > --- > v4: > * Adjust to using struct ice_acl_hw_prof instead of struct > ice_fd_hw_prof. This gets rid of some redundant checks and an > extra-confusing block of code in ice_acl_add_rule_ethtool(). That > block was storing entry handle in a VSI array, but only for first > entry added on that VSI (in ACL this would always be PF), so only a > single entry per profile. This was also redundant, as entries are kept > in prof->entries, so these VSI arrays are never actually accessed > again in any ACL path. All this nonsense is a leftover from reusing > fdir structures for ACL, which need to track some ADQ-specific stuff. > v3: > * ice_acl_add_rule_ethtool(): add a check against illegal values of > hw_prof->cnt > * ice_flow_acl_check_actions(): check counter action type with > ice_flow_acl_is_cntr_act(). Previously only ICE_FLOW_ACT_FWD_QUEUE was > being accepted in the first loop, leading to an error if other counter > types were used > * ice_flow_acl_frmt_entry(): set err variable when alloc failed to > return correct status > * ice_flow_acl_frmt_entry(): set range_buf = NULL if !range to avoid > double free in error path > * ice_flow_acl_frmt_entry_range(): introduce a temporary variable > (offset_val) to copy data from buffer with offset. Reading it with > cast would lead to byte swap on big endian > * ice_flow_acl_free_act_cntr(): flip condition in loop to reduce indent > v2: > * Fix invalid profile ID passed to ice_flow_add_entry() in > ice_acl_add_rule_ethtool() > * Fix uninitialized cntrs.amount field in ice_aq_dealloc_acl_cntrs() > * Make ice_flow_acl_is_prof_in_use() more readable and return bool > * Add ice_flow_acl_is_cntr_act() helper > * Remove prof_id initialization when it's immediately set by > ice_flow_get_hw_prof() anyway > * Check if src overflows in ice_flow_acl_set_xtrct_seq_fld() > * Adjust error codes in ice_flow_acl_check_actions() to more reasonable > ones > * Add ICE_RX_PKT_DROP_DROP instead of using a magic number > * Reverse condition to decrease indent level in ice_aq_alloc_acl_cntrs() > * Get rid of useless variable in ice_acl_add_rule_ethtool() > * Use plain alloc and kfree instead of devm_ for ice_ntuple_fltr in > ice_acl_add_rule_ethtool(), ice_flow_entry::entry and > ice_flow_entry::range_buf > * Use plain kmemdup and kfree instead of devm_ for ice_flow_entry::acts > * ice_flow_entry members are being deallocated on device unload via > ice_deinit_fdir -> ice_vsi_manage_fdir -> ice_fdir_rem_flow -> > ice_fdir_erase_flow_from_hw -> ice_flow_rem_entry -> > ice_flow_rem_entry_sync > * Add missing entry->range_buf and entry->acts dealloc in > ice_flow_add_entry() unroll > * Remove redundant checks from ice_flow_acl_frmt_entry() unroll > --- > drivers/net/ethernet/intel/ice/ice.h | 3 + > drivers/net/ethernet/intel/ice/ice_acl.h | 24 + > .../net/ethernet/intel/ice/ice_adminq_cmd.h | 123 +++- > .../net/ethernet/intel/ice/ice_flex_pipe.h | 2 + > drivers/net/ethernet/intel/ice/ice_flow.h | 9 +- > .../net/ethernet/intel/ice/ice_lan_tx_rx.h | 3 + > drivers/net/ethernet/intel/ice/ice_acl.c | 183 +++++ > drivers/net/ethernet/intel/ice/ice_acl_main.c | 57 +- > .../ethernet/intel/ice/ice_ethtool_ntuple.c | 37 +- > .../net/ethernet/intel/ice/ice_flex_pipe.c | 5 +- > drivers/net/ethernet/intel/ice/ice_flow.c | 641 +++++++++++++++++- > drivers/net/ethernet/intel/ice/ice_main.c | 2 +- > drivers/net/ethernet/intel/ice/virt/fdir.c | 4 +- > 13 files changed, 1054 insertions(+), 39 deletions(-)
Tested-by: Alexander Nowlin <[email protected]>
