Re: [PATCH net 0/2] flow_offload hardware priority fixes

Fri, 02 Aug 2019 13:48:07 -0700 

On Fri, 2 Aug 2019 13:00:23 +0200, Pablo Neira Ayuso wrote:
> Hi Jakub,
> 
> If the user specifies 'pref' in the new rule, then tc checks if there
> is a tcf_proto object that matches this priority. If the tcf_proto
> object does not exist, tc creates a tcf_proto object and it adds the
> new rule to this tcf_proto.
> 
> In cls_flower, each tcf_proto only stores one single rule, so if the
> user tries to add another rule with the same 'pref', cls_flower
> returns EEXIST.

😳 

So you're saying this doesn't work?

ip link add type dummy
tc qdisc add dev dummy0 clsact
tc filter add dev dummy0 ingress protocol ipv6 prio 123 flower src_ip 1111::1 
action drop
tc filter add dev dummy0 ingress protocol ipv6 prio 123 flower src_ip 1111::2 
action drop
tc filter add dev dummy0 ingress protocol ipv6 prio 123 flower src_ip 1111::3 
action drop
tc filter add dev dummy0 ingress protocol ipv6 prio 123 flower src_ip 1111::4 
action drop
tc filter add dev dummy0 ingress protocol ipv6 prio 123 flower src_ip 1111::5 
action drop

tc filter show dev dummy0 ingress

filter protocol ipv6 pref 123 flower chain 0 
filter protocol ipv6 pref 123 flower chain 0 handle 0x1 
  eth_type ipv6
  src_ip 1111::1
  not_in_hw
        action order 1: gact action drop
         random type none pass val 0
         index 1 ref 1 bind 1

filter protocol ipv6 pref 123 flower chain 0 handle 0x2 
  eth_type ipv6
  src_ip 1111::2
  not_in_hw
        action order 1: gact action drop
         random type none pass val 0
         index 2 ref 1 bind 1

filter protocol ipv6 pref 123 flower chain 0 handle 0x3 
  eth_type ipv6
  src_ip 1111::3
  not_in_hw
        action order 1: gact action drop
         random type none pass val 0
         index 3 ref 1 bind 1

filter protocol ipv6 pref 123 flower chain 0 handle 0x4 
  eth_type ipv6
  src_ip 1111::4
  not_in_hw
        action order 1: gact action drop
         random type none pass val 0
         index 4 ref 1 bind 1

filter protocol ipv6 pref 123 flower chain 0 handle 0x5 
  eth_type ipv6
  src_ip 1111::5
  not_in_hw
        action order 1: gact action drop
         random type none pass val 0
         index 5 ref 1 bind 1


> I'll prepare a new patchset not to map the priority to the netfilter
> basechain priority, instead the rule priority will be internally
> allocated for each new rule.

In which you're adding fake priorities to rules, AFAICT, 
and continue to baffle me.

Reply via email to