> -----Original Message----- > From: Intel-wired-lan <[email protected]> On Behalf Of > Marcin Szycik > Sent: Thursday, April 9, 2026 5:00 AM > To: [email protected] > Cc: [email protected]; Penigalapati, Sandeep > <[email protected]>; S, Ananth <[email protected]>; > [email protected]; Marcin Szycik <[email protected]>; > Cao, > Chinh T <[email protected]>; Nguyen, Anthony L > <[email protected]>; Loktionov, Aleksandr > <[email protected]> > Subject: [Intel-wired-lan] [PATCH iwl-next v2 02/10] ice: initialize ACL table > > From: Real Valiquette <[email protected]> > > E8xx hardware provides a Ternary Classifier block for implementing functions > such as ACL (Access Control List). In this series it's simply referred to as > "ACL". > > ACL filtering can be utilized to expand support of ntuple rules by allowing > mask values to be specified for redirect to queue or drop. > > Implement support for specifying the 'm' value of ethtool ntuple command for > currently supported fields (src-ip, dst-ip, src-port, and dst-port). > > For example: > ethtool -N eth0 flow-type tcp4 dst-port 8880 m 0x00ff action 10 or > ethtool -N eth0 flow-type tcp4 src-ip 192.168.0.55 m 0.0.0.255 action -1 > > At this time the following flow-types support mask values: tcp4, udp4, sctp4, > and ip4. > > Begin implementation of ACL filters by setting up structures, AdminQ > commands, and allocation of the ACL table in the hardware. > > Co-developed-by: Chinh Cao <[email protected]> > Signed-off-by: Chinh Cao <[email protected]> > Signed-off-by: Real Valiquette <[email protected]> > Co-developed-by: Tony Nguyen <[email protected]> > Signed-off-by: Tony Nguyen <[email protected]> > Co-developed-by: Marcin Szycik <[email protected]> > Signed-off-by: Marcin Szycik <[email protected]> > Reviewed-by: Aleksandr Loktionov <[email protected]> > --- > v2: > * Return -ERANGE in one branch in ice_aq_alloc_acl_tbl() to differenciate > error > codes > * Use GENMASK() for ICE_AQ_VSI_ACL_DEF_RX_*_M > * Use plain alloc/kfree for hw->acl_tbl > * Call ice_deinit_acl() unconditionally because ICE_FLAG_FD_ENA can be > disabled during operation > * ice_acl_init_tbl(): remove first/last variables > * Merge ice_aq_acl_entry() into ice_aq_program_acl_entry() and > ice_aq_actpair_p_q() into ice_aq_program_actpair() - wrappers with one user > make no sense > * Rename ICE_AQC_ALLOC_ID_LESS_THAN_4K to more sensible ICE_AQC_ALLOC_ID_4K > * Reorder members of struct ice_acl_tbl to minimize holes > * Remove ICE_AQ_VSI_ACL_DEF_RX_*_S - will be unused after switching to > FIELD_PREP() in "ice: program ACL entry" > * Replace memset() with = {} in ice_init_acl() > --- > drivers/net/ethernet/intel/ice/Makefile | 2 + > drivers/net/ethernet/intel/ice/ice.h | 3 + > drivers/net/ethernet/intel/ice/ice_acl.h | 117 +++++++ > .../net/ethernet/intel/ice/ice_adminq_cmd.h | 208 +++++++++++- > drivers/net/ethernet/intel/ice/ice_type.h | 3 + > drivers/net/ethernet/intel/ice/ice_acl.c | 136 ++++++++ > drivers/net/ethernet/intel/ice/ice_acl_ctrl.c | 302 ++++++++++++++++++ > drivers/net/ethernet/intel/ice/ice_main.c | 49 +++ > 8 files changed, 818 insertions(+), 2 deletions(-) create mode 100644 > drivers/net/ethernet/intel/ice/ice_acl.h > create mode 100644 drivers/net/ethernet/intel/ice/ice_acl.c > create mode 100644 drivers/net/ethernet/intel/ice/ice_acl_ctrl.c
Tested-by: Alexander Nowlin <[email protected]>
