On Tue, May 19, 2020 at 07:26:42PM +0100, Edward Cree wrote:
> On 19/05/2020 18:35, Pablo Neira Ayuso wrote:
[...]
> > Netfilter is a client of this flow offload API, you have to test that
> > your core updates do not break any of existing clients.
>
> Okay, but can we distinguish between "this needs to be tested with
> netfilter before it can be merged" and "this is breaking netfilter"?
> Or do you have a specific reason why you think this is broken, beyond
> merely 'it isn't tested'?
This breaks netfilter in two ways !
#1 Drivers calling flow_action_hw_stats_check() fall within the
second branch (check_allow_bit is set on).
} else if (check_allow_bit &&
@@ -340,11 +342,9 @@ __flow_action_hw_stats_check(const struct flow_action *action,
return false;
action_entry = flow_action_first_entry_get(action);
- if (action_entry->hw_stats == FLOW_ACTION_HW_STATS_DONT_CARE)
- return true;
if (!check_allow_bit &&
- action_entry->hw_stats != FLOW_ACTION_HW_STATS_ANY) {
+ ~action_entry->hw_stats & FLOW_ACTION_HW_STATS_ANY) {
NL_SET_ERR_MSG_MOD(extack, "Driver supports only default HW stats type \"any\"");
return false;
} else if (check_allow_bit && <------ HERE
These drivers are not honoring the _DONT_CARE bit,
__flow_action_hw_stats_check() with check_allow_bit set on does not
honor the _DONT_CARE bit.
#2 Your patch needs to update Netfilter to set hw_stats to
FLOW_ACTION_HW_STATS_DONT_CARE explicitly.
