On Wed, Nov 19, 2025 at 01:15:21PM -0600, Daniel Jurgens wrote:
> Implement support for IPV6_USER_FLOW type rules.
>
> Example:
> $ ethtool -U ens9 flow-type ip6 src-ip fe80::2 dst-ip fe80::4 action 3
> Added rule with ID 0
>
> The example rule will forward packets with the specified source and
> destination IP addresses to RX ring 3.
>
> Signed-off-by: Daniel Jurgens <[email protected]>
> Reviewed-by: Parav Pandit <[email protected]>
> Reviewed-by: Shahar Shitrit <[email protected]>
> Reviewed-by: Xuan Zhuo <[email protected]>
> ---
> v4: commit message typo
>
> v12:
> - refactor calculate_flow_sizes. MST
> - Move parse_ip6 l3_mask check to TCP/UDP patch. MST
> - Set eth proto to ipv6 as needed. MST
> - Also check l4_4_bytes mask is 0 in setup_ip_key_mask. MST
> - Remove tclass check in setup_ip_key_mask. If it's not suppored it
> will be caught in validate_classifier_selectors. MST
> - Changed error return in setup_ip_key_mask to -EINVAL
> ---
> ---
> drivers/net/virtio_net.c | 92 +++++++++++++++++++++++++++++++++++-----
> 1 file changed, 82 insertions(+), 10 deletions(-)
>
> diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
> index b0b9972fe624..bb8ec4265da5 100644
> --- a/drivers/net/virtio_net.c
> +++ b/drivers/net/virtio_net.c
> @@ -5922,6 +5922,34 @@ static bool validate_ip4_mask(const struct virtnet_ff
> *ff,
> return true;
> }
>
> +static bool validate_ip6_mask(const struct virtnet_ff *ff,
> + const struct virtio_net_ff_selector *sel,
> + const struct virtio_net_ff_selector *sel_cap)
> +{
> + bool partial_mask = !!(sel_cap->flags &
> VIRTIO_NET_FF_MASK_F_PARTIAL_MASK);
> + struct ipv6hdr *cap, *mask;
> +
> + cap = (struct ipv6hdr *)&sel_cap->mask;
> + mask = (struct ipv6hdr *)&sel->mask;
> +
> + if (!ipv6_addr_any(&mask->saddr) &&
> + !check_mask_vs_cap(&mask->saddr, &cap->saddr,
> + sizeof(cap->saddr), partial_mask))
> + return false;
> +
> + if (!ipv6_addr_any(&mask->daddr) &&
> + !check_mask_vs_cap(&mask->daddr, &cap->daddr,
> + sizeof(cap->daddr), partial_mask))
> + return false;
> +
> + if (mask->nexthdr &&
> + !check_mask_vs_cap(&mask->nexthdr, &cap->nexthdr,
> + sizeof(cap->nexthdr), partial_mask))
> + return false;
> +
> + return true;
> +}
> +
> static bool validate_mask(const struct virtnet_ff *ff,
> const struct virtio_net_ff_selector *sel)
> {
> @@ -5936,6 +5964,9 @@ static bool validate_mask(const struct virtnet_ff *ff,
>
> case VIRTIO_NET_FF_MASK_TYPE_IPV4:
> return validate_ip4_mask(ff, sel, sel_cap);
> +
> + case VIRTIO_NET_FF_MASK_TYPE_IPV6:
> + return validate_ip6_mask(ff, sel, sel_cap);
> }
>
> return false;
> @@ -5958,11 +5989,33 @@ static void parse_ip4(struct iphdr *mask, struct
> iphdr *key,
> }
> }
>
> +static void parse_ip6(struct ipv6hdr *mask, struct ipv6hdr *key,
> + const struct ethtool_rx_flow_spec *fs)
> +{
I note logic wise it is different from ipv4, it is looking at the fs.
> + const struct ethtool_usrip6_spec *l3_mask = &fs->m_u.usr_ip6_spec;
> + const struct ethtool_usrip6_spec *l3_val = &fs->h_u.usr_ip6_spec;
> +
> + if (!ipv6_addr_any((struct in6_addr *)l3_mask->ip6src)) {
> + memcpy(&mask->saddr, l3_mask->ip6src, sizeof(mask->saddr));
> + memcpy(&key->saddr, l3_val->ip6src, sizeof(key->saddr));
> + }
> +
> + if (!ipv6_addr_any((struct in6_addr *)l3_mask->ip6dst)) {
> + memcpy(&mask->daddr, l3_mask->ip6dst, sizeof(mask->daddr));
> + memcpy(&key->daddr, l3_val->ip6dst, sizeof(key->daddr));
> + }
Is this enough?
For example, what if user tries to set up a filter by l4_proto ?
> +}
> +
> static bool has_ipv4(u32 flow_type)
> {
> return flow_type == IP_USER_FLOW;
> }
>
> +static bool has_ipv6(u32 flow_type)
> +{
> + return flow_type == IPV6_USER_FLOW;
> +}
> +
> static int setup_classifier(struct virtnet_ff *ff,
> struct virtnet_classifier **c)
> {
> @@ -6099,6 +6152,7 @@ static bool supported_flow_type(const struct
> ethtool_rx_flow_spec *fs)
> switch (fs->flow_type) {
> case ETHER_FLOW:
> case IP_USER_FLOW:
> + case IPV6_USER_FLOW:
> return true;
> }
>
> @@ -6138,6 +6192,8 @@ static void calculate_flow_sizes(struct
> ethtool_rx_flow_spec *fs,
> ++(*num_hdrs);
> if (has_ipv4(fs->flow_type))
> size += sizeof(struct iphdr);
> + else if (has_ipv6(fs->flow_type))
> + size += sizeof(struct ipv6hdr);
> }
>
> BUG_ON(size > 0xff);
> @@ -6165,7 +6221,10 @@ static void setup_eth_hdr_key_mask(struct
> virtio_net_ff_selector *selector,
>
> if (num_hdrs > 1) {
> eth_m->h_proto = cpu_to_be16(0xffff);
> - eth_k->h_proto = cpu_to_be16(ETH_P_IP);
> + if (has_ipv4(fs->flow_type))
> + eth_k->h_proto = cpu_to_be16(ETH_P_IP);
> + else
> + eth_k->h_proto = cpu_to_be16(ETH_P_IPV6);
> } else {
> memcpy(eth_m, &fs->m_u.ether_spec, sizeof(*eth_m));
> memcpy(eth_k, &fs->h_u.ether_spec, sizeof(*eth_k));
> @@ -6176,20 +6235,33 @@ static int setup_ip_key_mask(struct
> virtio_net_ff_selector *selector,
> u8 *key,
> const struct ethtool_rx_flow_spec *fs)
> {
> + struct ipv6hdr *v6_m = (struct ipv6hdr *)&selector->mask;
> struct iphdr *v4_m = (struct iphdr *)&selector->mask;
> + struct ipv6hdr *v6_k = (struct ipv6hdr *)key;
> struct iphdr *v4_k = (struct iphdr *)key;
>
> - selector->type = VIRTIO_NET_FF_MASK_TYPE_IPV4;
> - selector->length = sizeof(struct iphdr);
> + if (has_ipv6(fs->flow_type)) {
> + selector->type = VIRTIO_NET_FF_MASK_TYPE_IPV6;
> + selector->length = sizeof(struct ipv6hdr);
>
> - if (fs->h_u.usr_ip4_spec.l4_4_bytes ||
> - fs->h_u.usr_ip4_spec.ip_ver != ETH_RX_NFC_IP4 ||
> - fs->m_u.usr_ip4_spec.l4_4_bytes ||
> - fs->m_u.usr_ip4_spec.ip_ver ||
> - fs->m_u.usr_ip4_spec.proto)
> - return -EINVAL;
> + if (fs->h_u.usr_ip6_spec.l4_4_bytes ||
> + fs->m_u.usr_ip6_spec.l4_4_bytes)
> + return -EINVAL;
>
> - parse_ip4(v4_m, v4_k, fs);
> + parse_ip6(v6_m, v6_k, fs);
why does ipv6 not check unsupported fields unlike ipv4?
> + } else {
> + selector->type = VIRTIO_NET_FF_MASK_TYPE_IPV4;
> + selector->length = sizeof(struct iphdr);
> +
> + if (fs->h_u.usr_ip4_spec.l4_4_bytes ||
> + fs->h_u.usr_ip4_spec.ip_ver != ETH_RX_NFC_IP4 ||
> + fs->m_u.usr_ip4_spec.l4_4_bytes ||
> + fs->m_u.usr_ip4_spec.ip_ver ||
> + fs->m_u.usr_ip4_spec.proto)
> + return -EINVAL;
> +
> + parse_ip4(v4_m, v4_k, fs);
> + }
>
> return 0;
> }
> --
> 2.50.1
