On Wed, Nov 19, 2025 at 01:15:22PM -0600, Daniel Jurgens wrote: > Implement TCP and UDP V4/V6 ethtool flow types. > > Examples: > $ ethtool -U ens9 flow-type udp4 dst-ip 192.168.5.2 dst-port\ > 4321 action 20 > Added rule with ID 4 > > This example directs IPv4 UDP traffic with the specified address and > port to queue 20. > > $ ethtool -U ens9 flow-type tcp6 src-ip 2001:db8::1 src-port 1234 dst-ip\ > 2001:db8::2 dst-port 4321 action 12 > Added rule with ID 5 > > This example directs IPv6 TCP traffic with the specified address and > port to queue 12. > > Signed-off-by: Daniel Jurgens <[email protected]> > Reviewed-by: Parav Pandit <[email protected]> > Reviewed-by: Shahar Shitrit <[email protected]> > Reviewed-by: Xuan Zhuo <[email protected]> > --- > v4: (*num_hdrs)++ to ++(*num_hdrs) > > v12: > - Refactor calculate_flow_sizes. MST > - Refactor build_and_insert to remove goto validate. MST > - Move parse_ip4/6 l3_mask check here. MST > --- > --- > drivers/net/virtio_net.c | 223 +++++++++++++++++++++++++++++++++++++-- > 1 file changed, 212 insertions(+), 11 deletions(-) > > diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c > index bb8ec4265da5..e6c7e8cd4ab4 100644 > --- a/drivers/net/virtio_net.c > +++ b/drivers/net/virtio_net.c > @@ -5950,6 +5950,52 @@ static bool validate_ip6_mask(const struct virtnet_ff > *ff, > return true; > } > > +static bool validate_tcp_mask(const struct virtnet_ff *ff, > + const struct virtio_net_ff_selector *sel, > + const struct virtio_net_ff_selector *sel_cap) > +{ > + bool partial_mask = !!(sel_cap->flags & > VIRTIO_NET_FF_MASK_F_PARTIAL_MASK); > + struct tcphdr *cap, *mask; > + > + cap = (struct tcphdr *)&sel_cap->mask; > + mask = (struct tcphdr *)&sel->mask; > + > + if (mask->source && > + !check_mask_vs_cap(&mask->source, &cap->source, > + sizeof(cap->source), partial_mask)) > + return false; > + > + if (mask->dest && > + !check_mask_vs_cap(&mask->dest, &cap->dest, > + sizeof(cap->dest), partial_mask)) > + return false; > + > + return true; > +} > + > +static bool validate_udp_mask(const struct virtnet_ff *ff, > + const struct virtio_net_ff_selector *sel, > + const struct virtio_net_ff_selector *sel_cap) > +{ > + bool partial_mask = !!(sel_cap->flags & > VIRTIO_NET_FF_MASK_F_PARTIAL_MASK); > + struct udphdr *cap, *mask; > + > + cap = (struct udphdr *)&sel_cap->mask; > + mask = (struct udphdr *)&sel->mask; > + > + if (mask->source && > + !check_mask_vs_cap(&mask->source, &cap->source, > + sizeof(cap->source), partial_mask)) > + return false; > + > + if (mask->dest && > + !check_mask_vs_cap(&mask->dest, &cap->dest, > + sizeof(cap->dest), partial_mask)) > + return false; > + > + return true; > +} > + > static bool validate_mask(const struct virtnet_ff *ff, > const struct virtio_net_ff_selector *sel) > { > @@ -5967,11 +6013,45 @@ static bool validate_mask(const struct virtnet_ff *ff, > > case VIRTIO_NET_FF_MASK_TYPE_IPV6: > return validate_ip6_mask(ff, sel, sel_cap); > + > + case VIRTIO_NET_FF_MASK_TYPE_TCP: > + return validate_tcp_mask(ff, sel, sel_cap); > + > + case VIRTIO_NET_FF_MASK_TYPE_UDP: > + return validate_udp_mask(ff, sel, sel_cap); > } > > return false; > } > > +static void set_tcp(struct tcphdr *mask, struct tcphdr *key, > + __be16 psrc_m, __be16 psrc_k, > + __be16 pdst_m, __be16 pdst_k) > +{ > + if (psrc_m) { > + mask->source = psrc_m; > + key->source = psrc_k; > + } > + if (pdst_m) { > + mask->dest = pdst_m; > + key->dest = pdst_k; > + } > +} > + > +static void set_udp(struct udphdr *mask, struct udphdr *key, > + __be16 psrc_m, __be16 psrc_k, > + __be16 pdst_m, __be16 pdst_k) > +{ > + if (psrc_m) { > + mask->source = psrc_m; > + key->source = psrc_k; > + } > + if (pdst_m) { > + mask->dest = pdst_m; > + key->dest = pdst_k; > + } > +} > + > static void parse_ip4(struct iphdr *mask, struct iphdr *key, > const struct ethtool_rx_flow_spec *fs) > { > @@ -5987,6 +6067,11 @@ static void parse_ip4(struct iphdr *mask, struct iphdr > *key, > mask->daddr = l3_mask->ip4dst; > key->daddr = l3_val->ip4dst; > } > + > + if (l3_mask->proto) { > + mask->protocol = l3_mask->proto; > + key->protocol = l3_val->proto; > + } > } > > static void parse_ip6(struct ipv6hdr *mask, struct ipv6hdr *key, > @@ -6004,16 +6089,35 @@ static void parse_ip6(struct ipv6hdr *mask, struct > ipv6hdr *key, > memcpy(&mask->daddr, l3_mask->ip6dst, sizeof(mask->daddr)); > memcpy(&key->daddr, l3_val->ip6dst, sizeof(key->daddr)); > } > + > + if (l3_mask->l4_proto) { > + mask->nexthdr = l3_mask->l4_proto; > + key->nexthdr = l3_val->l4_proto; > + } > } > > static bool has_ipv4(u32 flow_type) > { > - return flow_type == IP_USER_FLOW; > + return flow_type == TCP_V4_FLOW || > + flow_type == UDP_V4_FLOW || > + flow_type == IP_USER_FLOW; > } > > static bool has_ipv6(u32 flow_type) > { > - return flow_type == IPV6_USER_FLOW; > + return flow_type == TCP_V6_FLOW || > + flow_type == UDP_V6_FLOW || > + flow_type == IPV6_USER_FLOW; > +} > + > +static bool has_tcp(u32 flow_type) > +{ > + return flow_type == TCP_V4_FLOW || flow_type == TCP_V6_FLOW; > +} > + > +static bool has_udp(u32 flow_type) > +{ > + return flow_type == UDP_V4_FLOW || flow_type == UDP_V6_FLOW; > } > > static int setup_classifier(struct virtnet_ff *ff, > @@ -6153,6 +6257,10 @@ static bool supported_flow_type(const struct > ethtool_rx_flow_spec *fs) > case ETHER_FLOW: > case IP_USER_FLOW: > case IPV6_USER_FLOW: > + case TCP_V4_FLOW: > + case TCP_V6_FLOW: > + case UDP_V4_FLOW: > + case UDP_V6_FLOW: > return true; > } > > @@ -6194,6 +6302,12 @@ static void calculate_flow_sizes(struct > ethtool_rx_flow_spec *fs, > size += sizeof(struct iphdr); > else if (has_ipv6(fs->flow_type)) > size += sizeof(struct ipv6hdr); > + > + if (has_tcp(fs->flow_type) || has_udp(fs->flow_type)) { > + ++(*num_hdrs); > + size += has_tcp(fs->flow_type) ? sizeof(struct tcphdr) : > + sizeof(struct udphdr); > + } > } > > BUG_ON(size > 0xff); > @@ -6233,7 +6347,8 @@ static void setup_eth_hdr_key_mask(struct > virtio_net_ff_selector *selector, > > static int setup_ip_key_mask(struct virtio_net_ff_selector *selector, > u8 *key, > - const struct ethtool_rx_flow_spec *fs) > + const struct ethtool_rx_flow_spec *fs, > + int num_hdrs) > { > struct ipv6hdr *v6_m = (struct ipv6hdr *)&selector->mask; > struct iphdr *v4_m = (struct iphdr *)&selector->mask; > @@ -6244,23 +6359,95 @@ static int setup_ip_key_mask(struct > virtio_net_ff_selector *selector, > selector->type = VIRTIO_NET_FF_MASK_TYPE_IPV6; > selector->length = sizeof(struct ipv6hdr); > > - if (fs->h_u.usr_ip6_spec.l4_4_bytes || > - fs->m_u.usr_ip6_spec.l4_4_bytes) > + if (num_hdrs == 2 && (fs->h_u.usr_ip6_spec.l4_4_bytes || > + fs->m_u.usr_ip6_spec.l4_4_bytes)) > return -EINVAL; > > parse_ip6(v6_m, v6_k, fs); > + > + if (num_hdrs > 2) { > + v6_m->nexthdr = 0xff; > + if (has_tcp(fs->flow_type)) > + v6_k->nexthdr = IPPROTO_TCP; > + else > + v6_k->nexthdr = IPPROTO_UDP; > + } > } else { > selector->type = VIRTIO_NET_FF_MASK_TYPE_IPV4; > selector->length = sizeof(struct iphdr); > > - if (fs->h_u.usr_ip4_spec.l4_4_bytes || > - fs->h_u.usr_ip4_spec.ip_ver != ETH_RX_NFC_IP4 || > - fs->m_u.usr_ip4_spec.l4_4_bytes || > - fs->m_u.usr_ip4_spec.ip_ver || > - fs->m_u.usr_ip4_spec.proto) > + if (num_hdrs == 2 && > + (fs->h_u.usr_ip4_spec.l4_4_bytes || > + fs->h_u.usr_ip4_spec.ip_ver != ETH_RX_NFC_IP4 || > + fs->m_u.usr_ip4_spec.l4_4_bytes || > + fs->m_u.usr_ip4_spec.ip_ver || > + fs->m_u.usr_ip4_spec.proto)) > return -EINVAL; > > parse_ip4(v4_m, v4_k, fs); > + > + if (num_hdrs > 2) { > + v4_m->protocol = 0xff; > + if (has_tcp(fs->flow_type)) > + v4_k->protocol = IPPROTO_TCP; > + else > + v4_k->protocol = IPPROTO_UDP; > + } > + } > + > + return 0; > +} > + > +static int setup_transport_key_mask(struct virtio_net_ff_selector *selector, > + u8 *key, > + struct ethtool_rx_flow_spec *fs) > +{ > + struct tcphdr *tcp_m = (struct tcphdr *)&selector->mask; > + struct udphdr *udp_m = (struct udphdr *)&selector->mask; > + const struct ethtool_tcpip6_spec *v6_l4_mask; > + const struct ethtool_tcpip4_spec *v4_l4_mask; > + const struct ethtool_tcpip6_spec *v6_l4_key; > + const struct ethtool_tcpip4_spec *v4_l4_key; > + struct tcphdr *tcp_k = (struct tcphdr *)key; > + struct udphdr *udp_k = (struct udphdr *)key; > + > + if (has_tcp(fs->flow_type)) { > + selector->type = VIRTIO_NET_FF_MASK_TYPE_TCP; > + selector->length = sizeof(struct tcphdr); > + > + if (has_ipv6(fs->flow_type)) { > + v6_l4_mask = &fs->m_u.tcp_ip6_spec; > + v6_l4_key = &fs->h_u.tcp_ip6_spec; > + > + set_tcp(tcp_m, tcp_k, v6_l4_mask->psrc, v6_l4_key->psrc, > + v6_l4_mask->pdst, v6_l4_key->pdst); > + } else { > + v4_l4_mask = &fs->m_u.tcp_ip4_spec; > + v4_l4_key = &fs->h_u.tcp_ip4_spec; > + > + set_tcp(tcp_m, tcp_k, v4_l4_mask->psrc, v4_l4_key->psrc, > + v4_l4_mask->pdst, v4_l4_key->pdst); > + } > + > + } else if (has_udp(fs->flow_type)) { > + selector->type = VIRTIO_NET_FF_MASK_TYPE_UDP; > + selector->length = sizeof(struct udphdr); > + > + if (has_ipv6(fs->flow_type)) { > + v6_l4_mask = &fs->m_u.udp_ip6_spec; > + v6_l4_key = &fs->h_u.udp_ip6_spec; > + > + set_udp(udp_m, udp_k, v6_l4_mask->psrc, v6_l4_key->psrc, > + v6_l4_mask->pdst, v6_l4_key->pdst); > + } else { > + v4_l4_mask = &fs->m_u.udp_ip4_spec; > + v4_l4_key = &fs->h_u.udp_ip4_spec; > + > + set_udp(udp_m, udp_k, v4_l4_mask->psrc, v4_l4_key->psrc, > + v4_l4_mask->pdst, v4_l4_key->pdst); > + } > + } else { > + return -EOPNOTSUPP; > } > > return 0; > @@ -6300,6 +6487,7 @@ static int build_and_insert(struct virtnet_ff *ff, > struct virtio_net_ff_selector *selector; > struct virtnet_classifier *c; > size_t classifier_size; > + size_t key_offset; > int num_hdrs; > u8 key_size; > u8 *key; > @@ -6332,11 +6520,24 @@ static int build_and_insert(struct virtnet_ff *ff, > setup_eth_hdr_key_mask(selector, key, fs, num_hdrs); > > if (num_hdrs != 1) { > + key_offset = selector->length; > selector = next_selector(selector); > > - err = setup_ip_key_mask(selector, key + sizeof(struct ethhdr), > fs); > + err = setup_ip_key_mask(selector, key + key_offset, > + fs, num_hdrs); > if (err) > goto err_classifier; > + > + if (num_hdrs >= 2) {
So elsewhere it is num_hdrs > 2 here it's >= 2 ... all this is confusing. Can you please add some constants so reader can understand why is each condition checked. For example, is this not invoked on ip only filters? num_hdrs will be 2, right? > + key_offset += selector->length; > + selector = next_selector(selector); > + > + err = setup_transport_key_mask(selector, > + key + key_offset, > + fs); > + if (err) > + goto err_classifier; > + } > } > > err = validate_classifier_selectors(ff, classifier, num_hdrs); > -- > 2.50.1
